Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

leyu-data-collection-platform/leyu-backend

https://github.com/leyu-data-collection-platform/leyu-backend.git · scanned 2026-05-16 17:59 UTC (1 day, 3 hours ago) · 10 languages

350 findings (80 legacy + 270 scanner) 8th percentile · Typescript · medium (20-100K LoC) Scanner says 68 (lower by 12)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 1 day, 3 hours ago · v2 · 215 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
67.8
/100
Repobility
68
80 legacy
9-layer
68
100.0% cov · 135 gaps
Critical
2
click to filter
Agents
6
0 votes
Crowd
0
reported
{# ── 2026-05-17 R27 #5: score breakdown panel ────────────────────── Surfaces the score_breakdown JSON that's been silently stored on Repository for months. Turns hidden math into a trust signal. #}
Severity distribution — click a segment to filter
Active filters: source: scanner × excluding tests × Reset all
Severity: Critical 2 High 17 Medium 31 Low 141 Source: Legacy 80 9-layer 135 Crowd 0 Layer: Quality 61 Security 36 Cicd 11 Software 30 Frontend 23 Hardware 4 Api 50
Scan summary Repository scanned at 68.0/100 with 100.0% coverage. It contains 1119 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 135 findings — concentrated in api (50), quality (28), software (27). Risk profile is high: 2 critical, 0 high, 3 medium. Recommended next step: open the api layer findings first — that's where the highest-impact wins live.

Showing 135 of 215 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical 9-layer security secrets conf 1.00 Possible secret in src/auth/service/User.service.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/auth/service/User.service.ts:348 secrets
critical 9-layer security secrets conf 1.00 Possible secret in src/utils/constants/ActivityLog.actions.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
src/utils/constants/ActivityLog.actions.ts:3 secrets
medium 9-layer hardware security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
securitycontainer
medium 9-layer cicd coverage conf 1.00 No CI/CD pipelines detected
No GitHub Actions, GitLab CI, or CircleCI configs found. Without CI you can't gate deploys on tests/lints.
coverage
medium 9-layer quality tests conf 1.00 Very low test-to-source ratio
2 test file(s) for 266 source file(s) (ratio 0.01). Consider adding integration or unit tests for critical paths.
testscoverage
low 9-layer quality integrity conf 1.00 16 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `AFRO_SMS_API_KEY`, `AFRO_SMS_API_SECRET`, `AFRO_SMS_BASE_URL`, `AFRO_SMS_IDENTIFIER`, `AFRO_SMS_SENDER`, `AFRO_TOKEN`, `CHAPA_AUTHENTICATION_KEY`, `CHAPA_BASE_URL` + 8 more. Add them (with a placeholder/comment) to .env.example so onboarding doesn…
integrityconfig-drift
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:22-alpine
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:2 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:22-alpine
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:21 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/app.controller.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/auth/decorators/get-user.decorator.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/auth/decorators/roles.enum.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/config/configuration.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/config/minio.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/data_set/controller/RejectionReason.controller.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/database/data-source.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/email/email.service.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/generated/i18n.generated.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/health/health.controller.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/project/controller/TaskInstruction.controller.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/project/dto/TaskType.dto.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/sms/sms.service.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/ActionScore.contant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/ActivityLog.actions.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/ContributorMicroTasks.constant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/DataSetStatus.constant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/Gender.constant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/Language.constant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/Roles.constant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/Task.constant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/constants/UserScoreAction.constant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/events/ActionEvents.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/queryOption.util.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/utils/types/MinioFileType.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: src/yc-i18n/yc-i18n.service.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: test/app.e2e-spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/common/interceptors/activity-loggging.interceptor.ts:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/common/service/Notification.service.ts:29
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/common/service/pagination.service.ts:81
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/common/service/RabbitPublish.service.ts:67
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/data_set/service/DataSet.service.ts:213
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/finance/service/ChapaPayment.service.ts:97
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/finance/service/SantimPay.service.ts:106
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/middleware/logger.middleware.ts:35
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/project/service/Task.service.ts:801
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/project/service/TaskRequirement.service.ts:54
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/project/service/UserTask.service.ts:451
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/seeders/run-seeder.ts:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/sms/sms.service.ts:27
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/statistics/controllers/ProjectStatistics.controller.ts:91
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/statistics/services/ProjectStatistics.service.ts:31
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/task_distribution/controllers/ReviewerTask.controller.ts:404
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/task_distribution/service/GetTask.service.ts:219
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/task_distribution/service/ReviewerTaskDistribution.service.ts:54
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/task_distribution/service/ReviewerTasks.service.ts:106
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/task_distribution/service/TaskDistribution.service.ts:503
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/task_distribution/service/TaskDistributionMonitoring.service.ts:138
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/task_distribution/service/TaskSubmission.service.ts:72
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — src/utils/MicroTask.util.ts:139
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /setting/annotation/:id
`src/base_data/controller/DataSetAnnotation.controller.ts` declares `DELETE /setting/annotation/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or docume…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /setting/country/:id
`src/base_data/controller/Country.controller.ts` declares `DELETE /setting/country/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /setting/dialect/:id
`src/base_data/controller/Dialect.controller.ts` declares `DELETE /setting/dialect/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /setting/language/:id
`src/base_data/controller/Language.controller.ts` declares `DELETE /setting/language/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who c…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /setting/organization/:id
`src/base_data/controller/Organization.controller.ts` declares `DELETE /setting/organization/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenti…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /setting/rejection-type/:id
`src/base_data/controller/RejectionType.controller.ts` declares `DELETE /setting/rejection-type/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or docume…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /hello
`src/app.controller.ts` declares `GET /hello` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /image/:path
`src/app.controller.ts` declares `GET /image/:path` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/annotation/:id
`src/base_data/controller/DataSetAnnotation.controller.ts` declares `GET /setting/annotation/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenti…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/annotation/paginate
`src/base_data/controller/DataSetAnnotation.controller.ts` declares `GET /setting/annotation/paginate` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or docu…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/country
`src/base_data/controller/Country.controller.ts` declares `GET /setting/country` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes i…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/country/:id
`src/base_data/controller/Country.controller.ts` declares `GET /setting/country/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/country/all
`src/base_data/controller/Country.controller.ts` declares `GET /setting/country/all` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/dialect
`src/base_data/controller/Dialect.controller.ts` declares `GET /setting/dialect` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes i…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/dialect/:id
`src/base_data/controller/Dialect.controller.ts` declares `GET /setting/dialect/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/dialect/all
`src/base_data/controller/Dialect.controller.ts` declares `GET /setting/dialect/all` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/dialect/language/:language_id
`src/base_data/controller/Dialect.controller.ts` declares `GET /setting/dialect/language/:language_id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or docu…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/language
`src/base_data/controller/Language.controller.ts` declares `GET /setting/language` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/language/:id
`src/base_data/controller/Language.controller.ts` declares `GET /setting/language/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who cons…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/language/all
`src/base_data/controller/Language.controller.ts` declares `GET /setting/language/all` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who cons…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/organization
`src/base_data/controller/Organization.controller.ts` declares `GET /setting/organization` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/organization/:id
`src/base_data/controller/Organization.controller.ts` declares `GET /setting/organization/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/organization/all
`src/base_data/controller/Organization.controller.ts` declares `GET /setting/organization/all` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/rejection-type/:id
`src/base_data/controller/RejectionType.controller.ts` declares `GET /setting/rejection-type/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenti…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/rejection-type/paginate
`src/base_data/controller/RejectionType.controller.ts` declares `GET /setting/rejection-type/paginate` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or docu…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/sector
`src/base_data/controller/Sector.controller.ts` declares `GET /setting/sector` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/sector/:id
`src/base_data/controller/Sector.controller.ts` declares `GET /setting/sector/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /setting/sector/all
`src/base_data/controller/Sector.controller.ts` declares `GET /setting/sector/all` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /setting/annotation/add-alternative-name/:id
`src/base_data/controller/DataSetAnnotation.controller.ts` declares `POST /setting/annotation/add-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /setting/country/add-alternative-name/:id
`src/base_data/controller/Country.controller.ts` declares `POST /setting/country/add-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /setting/dialect/add-alternative-name/:id
`src/base_data/controller/Dialect.controller.ts` declares `POST /setting/dialect/add-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /setting/language/add-alternative-name/:id
`src/base_data/controller/Language.controller.ts` declares `POST /setting/language/add-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing o…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /setting/organization/add-alternative-name/:id
`src/base_data/controller/Organization.controller.ts` declares `POST /setting/organization/add-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider re…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /setting/rejection-type/add-alternative-name/:id
`src/base_data/controller/RejectionType.controller.ts` declares `POST /setting/rejection-type/add-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /setting/sector/add-alternative-name/:id
`src/base_data/controller/Sector.controller.ts` declares `POST /setting/sector/add-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or do…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/annotation/:id
`src/base_data/controller/DataSetAnnotation.controller.ts` declares `PUT /setting/annotation/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenti…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/annotation/update-alternative-name/:id
`src/base_data/controller/DataSetAnnotation.controller.ts` declares `PUT /setting/annotation/update-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consid…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/country/:id
`src/base_data/controller/Country.controller.ts` declares `PUT /setting/country/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/country/update-alternative-name/:id
`src/base_data/controller/Country.controller.ts` declares `PUT /setting/country/update-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing o…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/dialect/:id
`src/base_data/controller/Dialect.controller.ts` declares `PUT /setting/dialect/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consum…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/dialect/update-alternative-name/:id
`src/base_data/controller/Dialect.controller.ts` declares `PUT /setting/dialect/update-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing o…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/language/:id
`src/base_data/controller/Language.controller.ts` declares `PUT /setting/language/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who cons…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/language/update-alternative-name/:id
`src/base_data/controller/Language.controller.ts` declares `PUT /setting/language/update-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/organization/:id
`src/base_data/controller/Organization.controller.ts` declares `PUT /setting/organization/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/organization/update-alternative-name/:id
`src/base_data/controller/Organization.controller.ts` declares `PUT /setting/organization/update-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/rejection-type/:id
`src/base_data/controller/RejectionType.controller.ts` declares `PUT /setting/rejection-type/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenti…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/rejection-type/update-alternative-name/:id
`src/base_data/controller/RejectionType.controller.ts` declares `PUT /setting/rejection-type/update-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consid…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/sector/:id
`src/base_data/controller/Sector.controller.ts` declares `PUT /setting/sector/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /setting/sector/update-alternative-name/:id
`src/base_data/controller/Sector.controller.ts` declares `PUT /setting/sector/update-alternative-name/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: USE /admin/queues
`src/main.ts` declares `USE /admin/queues` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer quality complexity conf 1.00 Very large file: src/project/service/Task.service.ts (1611 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: src/task_distribution/service/GetTask.service.ts (2965 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/Country.controller.ts:117
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/DataSetAnnotation.controller.ts:125
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/Dialect.controller.ts:108
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/FlagType.controller.ts:110
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/Language.controller.ts:115
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/Region.controller.ts:157
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/RejectionType.controller.ts:108
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (11 lines) in src/base_data/controller/Zone.controller.ts:139
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (12 lines) in src/base_data/controller/Organization.controller.ts:107
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (12 lines) in src/base_data/controller/Sector.controller.ts:105
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (15 lines) in src/communication/controller/ContactUs.controller.ts:1
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (18 lines) in src/communication/dto/ContactUs.dto.ts:1
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (20 lines) in src/communication/dto/Blog.dto.ts:4
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (21 lines) in src/communication/controller/Blog.controller.ts:1
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in src/auth/service/auth.service.ts:143
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in src/task_distribution/controllers/ReviewerTask.controller.ts:50
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in src/task_distribution/controllers/TaskDistribution.controller.ts:289
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in src/task_distribution/service/GetTask.service.ts:227
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in src/task_distribution/service/TaskSubmission.service.ts:126
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (6 lines) in src/common/service/pagination.service.ts:132
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (7 lines) in src/base_data/controller/AnnotationType.controller.ts:114
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (8 lines) in src/task_distribution/service/TaskDistribution.service.ts:134
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (9 lines) in src/data_set/service/DataSet.service.ts:386
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (9 lines) in src/utils/constants/Roles.constant.ts:1
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/6c5a106f-90dc-4a48-8512-e9510a7801a0/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/6c5a106f-90dc-4a48-8512-e9510a7801a0/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.