{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `_phase1` has cognitive complexity 15 (SonarSource scale). Cognitive compl", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `_phase1` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all w"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `codecov/codecov-action` pinned to mutable ref `@v5`", "shortDescription": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "fullDescription": {"text": "`uses: codecov/codecov-action@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_stop_terminates_process", "shortDescription": {"text": "Phantom test coverage: test_stop_terminates_process"}, "fullDescription": {"text": "Test function `test_stop_terminates_process` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.enforcer` used but never assigned in __init__", "shortDescription": {"text": "`self.enforcer` used but never assigned in __init__"}, "fullDescription": {"text": "Method `test_partial_not_satisfied` of class `TestStepEnforcerRecord` reads `self.enforcer`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.CODECOV_TOKEN }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/558"}, "properties": {"repository": "antoinezambelli/forge", "repoUrl": "https://github.com/antoinezambelli/forge.git", "branch": "main"}, "results": [{"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `_phase1` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, for=1, if=4, nested_bonus=8."}, "properties": {"repobilityId": 37077, "scanner": "repobility-threat-engine", "fingerprint": "36b3df62a073f713f39d6b61c151fb5d164f7fc0526a77ec95af16135fe01598", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_phase1", "breakdown": {"if": 4, "for": 1, "continue": 2, "nested_bonus": 8}, "complexity": 15, "correlation_key": "fp|36b3df62a073f713f39d6b61c151fb5d164f7fc0526a77ec95af16135fe01598"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/context/strategies.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37070, "scanner": "repobility-ast-engine", "fingerprint": "20be027860c35fc6fa92739a984ecd288ae6dd655707dc8efae10271b894398b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20be027860c35fc6fa92739a984ecd288ae6dd655707dc8efae10271b894398b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/proxy/server.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37069, "scanner": "repobility-ast-engine", "fingerprint": "aa63e109e9e02567b1b8fa1768bffaef5cfa625ea4d3a1fb004d78494ee6a52e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa63e109e9e02567b1b8fa1768bffaef5cfa625ea4d3a1fb004d78494ee6a52e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/core/runner.py"}, "region": {"startLine": 324}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37068, "scanner": "repobility-ast-engine", "fingerprint": "bd66fe03e952b85bf93df5836dea31b67909fb34b2ab2cca1d5d12d7962ce9b2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd66fe03e952b85bf93df5836dea31b67909fb34b2ab2cca1d5d12d7962ce9b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/core/slot_worker.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37019, "scanner": "repobility-ast-engine", "fingerprint": "407d421e23d576b570abbc681e4583e4b5fcfe5392ab8ee2ec3a247a6c3c7971", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|407d421e23d576b570abbc681e4583e4b5fcfe5392ab8ee2ec3a247a6c3c7971"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/batch_eval.py"}, "region": {"startLine": 473}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37018, "scanner": "repobility-ast-engine", "fingerprint": "afceef641732518541a72bfdb9a6a98fca8ebcf182db10bfd55e3a746c669e1e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afceef641732518541a72bfdb9a6a98fca8ebcf182db10bfd55e3a746c669e1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/eval_runner.py"}, "region": {"startLine": 303}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37017, "scanner": "repobility-ast-engine", "fingerprint": "5e7f31c4eef0d749f42672689dd116a12b48998ec1201573cce4a21ad93f8338", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e7f31c4eef0d749f42672689dd116a12b48998ec1201573cce4a21ad93f8338"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/eval_runner.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37016, "scanner": "repobility-ast-engine", "fingerprint": "9b7a5f87083d6bd0fcef4da4f1c5467d5bd295cb88575d468f86214dca710101", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b7a5f87083d6bd0fcef4da4f1c5467d5bd295cb88575d468f86214dca710101"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/eval_runner.py"}, "region": {"startLine": 613}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 37015, "scanner": "repobility-ast-engine", "fingerprint": "ac1eaf65750a1cd393f67e7c7230599687e9d9212278f975d1824bbfe3efd61d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ac1eaf65750a1cd393f67e7c7230599687e9d9212278f975d1824bbfe3efd61d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/eval_runner.py"}, "region": {"startLine": 338}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `mock_backend_with_health` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, if=4, nested_bonus=2, ternary=1, while=1."}, "properties": {"repobilityId": 37076, "scanner": "repobility-threat-engine", "fingerprint": "e5b36ec0a24d74ebbb0fbe61669edbe841c4ed0341461eb58deb173f5c71da0b", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "mock_backend_with_health", "breakdown": {"if": 4, "else": 1, "break": 1, "while": 1, "ternary": 1, "nested_bonus": 2}, "complexity": 10, "correlation_key": "fp|e5b36ec0a24d74ebbb0fbe61669edbe841c4ed0341461eb58deb173f5c71da0b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/smoke_test_proxy.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37012, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd0d67747bdae3b265cfb6506fc61680aa293e57f60d91d80eedf28deb5d6f76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/eval/scenarios/_plumbing.py", "duplicate_line": 7, "correlation_key": "fp|dd0d67747bdae3b265cfb6506fc61680aa293e57f60d91d80eedf28deb5d6f76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/scenarios/_stateful_plumbing.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37011, "scanner": "repobility-ai-code-hygiene", "fingerprint": "626ae92f7f59e7c9f752c03b8a30c1e0820b570218b179d3968820b2419f42c1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/eval/scenarios/_model_quality.py", "duplicate_line": 7, "correlation_key": "fp|626ae92f7f59e7c9f752c03b8a30c1e0820b570218b179d3968820b2419f42c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/scenarios/_stateful_model_quality.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 37010, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a4d776ddf3b84bef9f650db395a28710fdb94ca1699d1a4373b70965d156389", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/eval/batch_eval.py", "duplicate_line": 737, "correlation_key": "fp|3a4d776ddf3b84bef9f650db395a28710fdb94ca1699d1a4373b70965d156389"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/eval_runner.py"}, "region": {"startLine": 424}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 37092, "scanner": "repobility-threat-engine", "fingerprint": "056cfb4fe48b537b6c161a5cf38c7302300de9d61d1ccbdd4e17b9706aa89aec", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|056cfb4fe48b537b6c161a5cf38c7302300de9d61d1ccbdd4e17b9706aa89aec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/proxy/proxy.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 37087, "scanner": "repobility-threat-engine", "fingerprint": "6387d0207ad6fab01fcab789e36d2b1cbf997f70bbf246c1fbe98bbb9cb2ea02", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6387d0207ad6fab01fcab789e36d2b1cbf997f70bbf246c1fbe98bbb9cb2ea02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/context/strategies.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 37086, "scanner": "repobility-threat-engine", "fingerprint": "0fb47d3dbd4b29b147b0535f7b07aa2033e0eed6d443542678798270db5c11ce", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0fb47d3dbd4b29b147b0535f7b07aa2033e0eed6d443542678798270db5c11ce", "aggregated_count": 8}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 37085, "scanner": "repobility-threat-engine", "fingerprint": "1e4655f0f6bf9abc1eac6e6e9df10ce8968cb83bff41035871b633247c1c3366", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1e4655f0f6bf9abc1eac6e6e9df10ce8968cb83bff41035871b633247c1c3366"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/context/manager.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 37084, "scanner": "repobility-threat-engine", "fingerprint": "08ea4f341d8a347b81a901d494dfab4cd0feda22047622f08a7cd8cd8f8dbc29", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|08ea4f341d8a347b81a901d494dfab4cd0feda22047622f08a7cd8cd8f8dbc29"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/context/hardware.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 37083, "scanner": "repobility-threat-engine", "fingerprint": "bdb3c5ecbca385ab3ab83d968d12f67ef6783f213ddb0752abbce9e6cc0b646b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdb3c5ecbca385ab3ab83d968d12f67ef6783f213ddb0752abbce9e6cc0b646b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/clients/base.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 37082, "scanner": "repobility-threat-engine", "fingerprint": "b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|b39288e529a4ab712a2d60436a688220bb6b374d59b0f4dce7184c9dc7729483", "aggregated_count": 2}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 37081, "scanner": "repobility-threat-engine", "fingerprint": "034b018607aff330a1546281db901184b5488b56ab829a7bac7f11b40bca480b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|034b018607aff330a1546281db901184b5488b56ab829a7bac7f11b40bca480b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/core/slot_worker.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 37080, "scanner": "repobility-threat-engine", "fingerprint": "1d82384be4a88aa6ca25fcb5d5d838596d9a43c1ab5a9bf6c8eb840567dfe5d5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1d82384be4a88aa6ca25fcb5d5d838596d9a43c1ab5a9bf6c8eb840567dfe5d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/context/strategies.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 37079, "scanner": "repobility-threat-engine", "fingerprint": "78da2913badb82f1b776bfde2e42ec1997cf16f24b987ceab36f9dea7cf258b5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78da2913badb82f1b776bfde2e42ec1997cf16f24b987ceab36f9dea7cf258b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/clients/base.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 37078, "scanner": "repobility-threat-engine", "fingerprint": "49c7adc690aaef0cba0539e188460f8671984ef7c4ebdb1c821d1535a2aa7f56", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "for": 4, "else": 2, "break": 1, "except": 2, "continue": 1, "nested_bonus": 19}, "aggregated": true, "complexity": 36, "correlation_key": "fp|49c7adc690aaef0cba0539e188460f8671984ef7c4ebdb1c821d1535a2aa7f56", "aggregated_count": 15}}}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 37091, "scanner": "repobility-threat-engine", "fingerprint": "cf471287087b97a4ef5ab13025b8ad3ebb9ab4c7f8103a271b03f948df0fc997", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url (e", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cf471287087b97a4ef5ab13025b8ad3ebb9ab4c7f8103a271b03f948df0fc997"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/proxy/proxy.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 37090, "scanner": "repobility-threat-engine", "fingerprint": "6edfe4c392229e4f81eb6804182427e9568ff78edf243019250d956eb55bbc47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6edfe4c392229e4f81eb6804182427e9568ff78edf243019250d956eb55bbc47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/proxy/__main__.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 37089, "scanner": "repobility-threat-engine", "fingerprint": "589bbcc65b45c0304805d0b3a99bd19bab8d1d0a357075d6cbe7fc0e907071c1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|589bbcc65b45c0304805d0b3a99bd19bab8d1d0a357075d6cbe7fc0e907071c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/prompts/templates.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 37088, "scanner": "repobility-threat-engine", "fingerprint": "06f92cb58e0784a78894c0c751d21541e18cdd8b382e57aa44817730258c95f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|06f92cb58e0784a78894c0c751d21541e18cdd8b382e57aa44817730258c95f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/forge/core/slot_worker.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 36 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, continue=1, else=2, except=2, for=4, if=7, nested_bonus=19."}, "properties": {"repobilityId": 37075, "scanner": "repobility-threat-engine", "fingerprint": "6f456c257adfa8063815663fc955bf6b8737dd2fa835cd4451f2896679529a87", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 36 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 7, "for": 4, "else": 2, "break": 1, "except": 2, "continue": 1, "nested_bonus": 19}, "complexity": 36, "correlation_key": "fp|6f456c257adfa8063815663fc955bf6b8737dd2fa835cd4451f2896679529a87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/run_ablation.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `codecov/codecov-action` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 37073, "scanner": "repobility-supply-chain", "fingerprint": "5ec49eaee0ac349171456d458bce123a802685acd676f582508753d4127cd704", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ec49eaee0ac349171456d458bce123a802685acd676f582508753d4127cd704"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 37072, "scanner": "repobility-supply-chain", "fingerprint": "b6501e1ef790327f607765c0d623a4fe3758d593935b99754a9bf8e57a3bd084", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b6501e1ef790327f607765c0d623a4fe3758d593935b99754a9bf8e57a3bd084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 37071, "scanner": "repobility-supply-chain", "fingerprint": "94467b8d7ca9dcd64022a84d82b405e3c7443cf617f3ecaf98f75b27a7d0fe2e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|94467b8d7ca9dcd64022a84d82b405e3c7443cf617f3ecaf98f75b27a7d0fe2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_stop_terminates_process"}, "properties": {"repobilityId": 37067, "scanner": "repobility-ast-engine", "fingerprint": "ced990f62a9f4f234f35eaab2ee54871f6bcd730a7f438e60a65325efe7e3da4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ced990f62a9f4f234f35eaab2ee54871f6bcd730a7f438e60a65325efe7e3da4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_server.py"}, "region": {"startLine": 382}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_start_llamafile_no_runtime_raises"}, "properties": {"repobilityId": 37066, "scanner": "repobility-ast-engine", "fingerprint": "70bd35f0bd9b3e3ecb249b2667b3d96fb44fc376cec1330e04ab047eb5094aca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70bd35f0bd9b3e3ecb249b2667b3d96fb44fc376cec1330e04ab047eb5094aca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_server.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_start_noop_for_ollama"}, "properties": {"repobilityId": 37065, "scanner": "repobility-ast-engine", "fingerprint": "c16cb80afeb58d53c641716bb1a9bd6ebec233fdc4f67ba6d32dfa21d25b9935", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c16cb80afeb58d53c641716bb1a9bd6ebec233fdc4f67ba6d32dfa21d25b9935"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_server.py"}, "region": {"startLine": 229}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_is_frozen"}, "properties": {"repobilityId": 37064, "scanner": "repobility-ast-engine", "fingerprint": "16ec219275289376932c61955c6b1043e2d380f216123378a0753f19dbfdc193", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|16ec219275289376932c61955c6b1043e2d380f216123378a0753f19dbfdc193"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_messages.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_strict_unknown_model_raises"}, "properties": {"repobilityId": 37063, "scanner": "repobility-ast-engine", "fingerprint": "4576725b910e740f6a0bb60efa04b3bc64a9dbea40dca75ac68c0c467f2807ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4576725b910e740f6a0bb60efa04b3bc64a9dbea40dca75ac68c0c467f2807ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_ollama_client.py"}, "region": {"startLine": 862}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_frozen"}, "properties": {"repobilityId": 37062, "scanner": "repobility-ast-engine", "fingerprint": "2969c24558989a9809e9640d5db86344152d174d61be2c11dd93f54e59ac38b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2969c24558989a9809e9640d5db86344152d174d61be2c11dd93f54e59ac38b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_response_validator.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37061, "scanner": "repobility-ast-engine", "fingerprint": "bc80c5700837148fbb995522aec0c46a73dfde005b895c7f6ce5d1d0db353084", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc80c5700837148fbb995522aec0c46a73dfde005b895c7f6ce5d1d0db353084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37060, "scanner": "repobility-ast-engine", "fingerprint": "369ec6a56429120dc3a475f19cd55b939622fcb1cabca4da8a54717db96ae730", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|369ec6a56429120dc3a475f19cd55b939622fcb1cabca4da8a54717db96ae730"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37059, "scanner": "repobility-ast-engine", "fingerprint": "d79f27bf85a94cd163c0ef9faafe2cf917f337cdfba5526c22c4d99f7b5683af", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d79f27bf85a94cd163c0ef9faafe2cf917f337cdfba5526c22c4d99f7b5683af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37058, "scanner": "repobility-ast-engine", "fingerprint": "322b1861b46e776d70dd639ed3410216f3b8a23c07924ecdc59ef95a95e8ab09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|322b1861b46e776d70dd639ed3410216f3b8a23c07924ecdc59ef95a95e8ab09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37057, "scanner": "repobility-ast-engine", "fingerprint": "ab160117c68c28d785096ed75f73e4548e3b8f62e6c2140db741cb9b10275b7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab160117c68c28d785096ed75f73e4548e3b8f62e6c2140db741cb9b10275b7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37056, "scanner": "repobility-ast-engine", "fingerprint": "91989a1edad369b60cbe930ab3e95fa862d2f4d2c8d74dccf10666a9adf4e05a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91989a1edad369b60cbe930ab3e95fa862d2f4d2c8d74dccf10666a9adf4e05a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37055, "scanner": "repobility-ast-engine", "fingerprint": "2409f9fedbf9e222e07ac3c584b90d7574412ac6a8f8634f7d06647595cc3fdb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2409f9fedbf9e222e07ac3c584b90d7574412ac6a8f8634f7d06647595cc3fdb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37054, "scanner": "repobility-ast-engine", "fingerprint": "a49498367ba82ae30de06e9ee9e75593431edc1b1170426ecde504c51f63f3cf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a49498367ba82ae30de06e9ee9e75593431edc1b1170426ecde504c51f63f3cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37053, "scanner": "repobility-ast-engine", "fingerprint": "c023fd32c88907ab550f14e975dcebe0459ceb510d4d285d130d19793aa68f2e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c023fd32c88907ab550f14e975dcebe0459ceb510d4d285d130d19793aa68f2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37052, "scanner": "repobility-ast-engine", "fingerprint": "5ac623d33521f70b00f2329bed2e150c91814bb31811f8bc59f2a9b87fceb5b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5ac623d33521f70b00f2329bed2e150c91814bb31811f8bc59f2a9b87fceb5b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37051, "scanner": "repobility-ast-engine", "fingerprint": "fb93554888b2b5abdbd7a9bec4efc22c1c8ffd18b64e314a3e0fa6859ed22917", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb93554888b2b5abdbd7a9bec4efc22c1c8ffd18b64e314a3e0fa6859ed22917"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37050, "scanner": "repobility-ast-engine", "fingerprint": "9b7715c1892eedef60da5afc1c92ae2a9ca3320e0f4030a7fb43084d48f369a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b7715c1892eedef60da5afc1c92ae2a9ca3320e0f4030a7fb43084d48f369a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37049, "scanner": "repobility-ast-engine", "fingerprint": "7ac61de9de533ce1449207af62c60ee13461078bf8a0cf774f7a567eeb09f65d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7ac61de9de533ce1449207af62c60ee13461078bf8a0cf774f7a567eeb09f65d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37048, "scanner": "repobility-ast-engine", "fingerprint": "b5e731923f26ef8685f3ceb2c2a76126b21db8e336106eb9e6d653898aa3c24c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5e731923f26ef8685f3ceb2c2a76126b21db8e336106eb9e6d653898aa3c24c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37047, "scanner": "repobility-ast-engine", "fingerprint": "28caa3aeefc442943ea87899a96e07bc3f038caa9314f5f8c33de74588e6fd98", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28caa3aeefc442943ea87899a96e07bc3f038caa9314f5f8c33de74588e6fd98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37046, "scanner": "repobility-ast-engine", "fingerprint": "85b971a8b77b90e02a614ed767aee9615413b2c22ffe462208c94202feb7f08d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|85b971a8b77b90e02a614ed767aee9615413b2c22ffe462208c94202feb7f08d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37045, "scanner": "repobility-ast-engine", "fingerprint": "8f858125a82c2ff0dd5f4de388292000291da2a8774dc568498816e21e6a986e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f858125a82c2ff0dd5f4de388292000291da2a8774dc568498816e21e6a986e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37044, "scanner": "repobility-ast-engine", "fingerprint": "f4115bd9813e60db51d3c036f9e6a917e8dda093054138c6e17d12c81e210ff2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4115bd9813e60db51d3c036f9e6a917e8dda093054138c6e17d12c81e210ff2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.enforcer` used but never assigned in __init__"}, "properties": {"repobilityId": 37043, "scanner": "repobility-ast-engine", "fingerprint": "24464717e0e26daeb8aee1a9a3171b5a298462f6ceec2c2af3ff37f82b7ebca2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|24464717e0e26daeb8aee1a9a3171b5a298462f6ceec2c2af3ff37f82b7ebca2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_step_enforcer.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_is_frozen"}, "properties": {"repobilityId": 37042, "scanner": "repobility-ast-engine", "fingerprint": "764a1b2771863be9897e13b634a51a1c857c35fdaf3c9b178698ed2b55039fd9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|764a1b2771863be9897e13b634a51a1c857c35fdaf3c9b178698ed2b55039fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_guardrails.py"}, "region": {"startLine": 160}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validates_on_construction"}, "properties": {"repobilityId": 37041, "scanner": "repobility-ast-engine", "fingerprint": "02be5bcc71cc825c5df5ef89a7780474c1a3d87a47e2d7dec8a3f4c75c369075", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02be5bcc71cc825c5df5ef89a7780474c1a3d87a47e2d7dec8a3f4c75c369075"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 200}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_validates_on_construction"}, "properties": {"repobilityId": 37040, "scanner": "repobility-ast-engine", "fingerprint": "e6822bcd19f84d22a42184764de91fe7a3404b18892e9a0b1f31719022b963ed", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e6822bcd19f84d22a42184764de91fe7a3404b18892e9a0b1f31719022b963ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_callable_raises_keyerror_for_unknown"}, "properties": {"repobilityId": 37039, "scanner": "repobility-ast-engine", "fingerprint": "237ea45d2a728c21a4e4f1b8595b70a07ae432ee03e34f283f7683e87bf66f2d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|237ea45d2a728c21a4e4f1b8595b70a07ae432ee03e34f283f7683e87bf66f2d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_on_unknown_prerequisite_arg_matched"}, "properties": {"repobilityId": 37038, "scanner": "repobility-ast-engine", "fingerprint": "a5f5c395ecd3577c90c85a841e516ffc88843af5caf7096eca4ff41635835311", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5f5c395ecd3577c90c85a841e516ffc88843af5caf7096eca4ff41635835311"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_on_unknown_prerequisite_name_only"}, "properties": {"repobilityId": 37037, "scanner": "repobility-ast-engine", "fingerprint": "96c6ac0048bbb511021fe2db877aca4daf88e65637467a89e23d6b0b704f99f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96c6ac0048bbb511021fe2db877aca4daf88e65637467a89e23d6b0b704f99f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_when_any_terminal_tool_in_required_steps"}, "properties": {"repobilityId": 37036, "scanner": "repobility-ast-engine", "fingerprint": "69958d4fc94caa91c1ac933f33263325dfce79b4de189736d5e9ab9c7bc26b63", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69958d4fc94caa91c1ac933f33263325dfce79b4de189736d5e9ab9c7bc26b63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_on_unknown_terminal_tool_in_list"}, "properties": {"repobilityId": 37035, "scanner": "repobility-ast-engine", "fingerprint": "1ae5a6b5902a5447feef9a976f4cce504112a4746600c058fefcda41d96307ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ae5a6b5902a5447feef9a976f4cce504112a4746600c058fefcda41d96307ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_when_terminal_tool_in_required_steps"}, "properties": {"repobilityId": 37034, "scanner": "repobility-ast-engine", "fingerprint": "9d3046d0b49999c5433d31bba6e79e189ac6c758fb136b0529c54b434be06dc7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9d3046d0b49999c5433d31bba6e79e189ac6c758fb136b0529c54b434be06dc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_on_key_name_mismatch"}, "properties": {"repobilityId": 37033, "scanner": "repobility-ast-engine", "fingerprint": "94dcc01e92276989bded58392821e67717cb3701821545c9c46e02e299118506", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94dcc01e92276989bded58392821e67717cb3701821545c9c46e02e299118506"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_on_unknown_terminal_tool"}, "properties": {"repobilityId": 37032, "scanner": "repobility-ast-engine", "fingerprint": "e08bcc94c7573df5f2a961e43ff0c18563148ad2c36e6feaff36457b5ffe778a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e08bcc94c7573df5f2a961e43ff0c18563148ad2c36e6feaff36457b5ffe778a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_raises_on_unknown_required_step"}, "properties": {"repobilityId": 37031, "scanner": "repobility-ast-engine", "fingerprint": "c30cb92b4c3033487e99e453fdb8b6675d579d6be6a5f7267b549963569ded72", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c30cb92b4c3033487e99e453fdb8b6675d579d6be6a5f7267b549963569ded72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_workflow.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._next` used but never assigned in __init__"}, "properties": {"repobilityId": 37030, "scanner": "repobility-ast-engine", "fingerprint": "7569067c8b2cde3221ba992a59d50787196beb0901e67bdb3bce1701394200fe", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7569067c8b2cde3221ba992a59d50787196beb0901e67bdb3bce1701394200fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._next` used but never assigned in __init__"}, "properties": {"repobilityId": 37029, "scanner": "repobility-ast-engine", "fingerprint": "e9c5fa0f4b59f1ba47fae57ba1c3801edf557d426411bcee830e9520f71fcdff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9c5fa0f4b59f1ba47fae57ba1c3801edf557d426411bcee830e9520f71fcdff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_prereq_exhaustion_raises"}, "properties": {"repobilityId": 37028, "scanner": "repobility-ast-engine", "fingerprint": "7d29499daaf7a4f662f2414bfea867a0362436640945a8135cc0dafe019f7a3f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d29499daaf7a4f662f2414bfea867a0362436640945a8135cc0dafe019f7a3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 1817}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_resolution_error_does_not_increment_consecutive_tool_errors"}, "properties": {"repobilityId": 37027, "scanner": "repobility-ast-engine", "fingerprint": "57150ee1d12a96be2cc702897fbaa488aa6a75d12bb820343da3207cc4820d58", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|57150ee1d12a96be2cc702897fbaa488aa6a75d12bb820343da3207cc4820d58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 1617}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_stream_without_final_chunk_raises_stream_error"}, "properties": {"repobilityId": 37026, "scanner": "repobility-ast-engine", "fingerprint": "338678aec45bd0b0aa4b9477a8c8b3287decbd8a0997b6b48cd73e871b98a946", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|338678aec45bd0b0aa4b9477a8c8b3287decbd8a0997b6b48cd73e871b98a946"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 776}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_tool_error_consumes_iteration"}, "properties": {"repobilityId": 37025, "scanner": "repobility-ast-engine", "fingerprint": "300a8a0278edb18c02ae7e83234d027fa52f5ec1e7dca23a1d0eab7f4a7a0477", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|300a8a0278edb18c02ae7e83234d027fa52f5ec1e7dca23a1d0eab7f4a7a0477"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 647}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unknown_tool_and_text_response_share_retry_counter"}, "properties": {"repobilityId": 37024, "scanner": "repobility-ast-engine", "fingerprint": "26af0d56905f490f898bd8ab5edc858ccd33c10ecb690abd0e9737ad9928fe5e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26af0d56905f490f898bd8ab5edc858ccd33c10ecb690abd0e9737ad9928fe5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 472}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unknown_tool_exhausts_retries"}, "properties": {"repobilityId": 37023, "scanner": "repobility-ast-engine", "fingerprint": "d913ac39b5269620eb3c0a224f84f330875b2fede82c2276d5c13c5a91aa4066", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d913ac39b5269620eb3c0a224f84f330875b2fede82c2276d5c13c5a91aa4066"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 459}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unknown_tool_consumes_iteration"}, "properties": {"repobilityId": 37022, "scanner": "repobility-ast-engine", "fingerprint": "1e9a7ed4e21df85fa8e2ecb222a76ef3dbb61261d796b8fe007902a75c858619", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1e9a7ed4e21df85fa8e2ecb222a76ef3dbb61261d796b8fe007902a75c858619"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_runner.py"}, "region": {"startLine": 447}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._tag` used but never assigned in __init__"}, "properties": {"repobilityId": 37021, "scanner": "repobility-ast-engine", "fingerprint": "cbfc4dff90471e8cc289e3ddac98ce27df114e39273878b666a614ee70aead81", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cbfc4dff90471e8cc289e3ddac98ce27df114e39273878b666a614ee70aead81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/report.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._tag` used but never assigned in __init__"}, "properties": {"repobilityId": 37020, "scanner": "repobility-ast-engine", "fingerprint": "7dd9c16fe3dfc10ad9a05c61430823f4abe64affa468240d647ed9e62f69dfc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7dd9c16fe3dfc10ad9a05c61430823f4abe64affa468240d647ed9e62f69dfc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/report.py"}, "region": {"startLine": 127}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._collect_usage` used but never assigned in __init__"}, "properties": {"repobilityId": 37014, "scanner": "repobility-ast-engine", "fingerprint": "0421bc43890642cb97a092d0ed594107574970a3dc07b6603ac03a155c768053", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0421bc43890642cb97a092d0ed594107574970a3dc07b6603ac03a155c768053"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/eval_runner.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._collect_usage` used but never assigned in __init__"}, "properties": {"repobilityId": 37013, "scanner": "repobility-ast-engine", "fingerprint": "6f91ee9d45f1d948fa39a58b265b2994c22609c9d6736fb795ae0935001062f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f91ee9d45f1d948fa39a58b265b2994c22609c9d6736fb795ae0935001062f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/eval/eval_runner.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` trigger"}, "properties": {"repobilityId": 37074, "scanner": "repobility-supply-chain", "fingerprint": "514aa7ed0c919ed8ccbbbfc0311887448c92b3ae47d7eddcec627b0dc5a98997", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|514aa7ed0c919ed8ccbbbfc0311887448c92b3ae47d7eddcec627b0dc5a98997"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/tests.yml"}, "region": {"startLine": 34}}}]}]}]}