Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

snapotter-hq/SnapOtter

https://github.com/snapotter-hq/SnapOtter · scanned 2026-05-17 01:37 UTC (14 hours, 45 minutes ago) · 10 languages

708 findings (58 legacy + 650 scanner) 8/10 scanners ran 98th percentile · Typescript · large (100-500K LoC) Scanner says 53 (higher by 34)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 14 hours, 44 minutes ago · v2 · 383 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
67.6
/100
Repobility
82
58 legacy
9-layer
53
100.0% cov · 325 gaps
Critical
38
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: source: scanner × excluding tests × Reset all
Severity: Critical 38 High 16 Medium 47 Low 219 Source: Legacy 58 9-layer 325 Crowd 0 Layer: Security 49 Cicd 13 Quality 149 Software 67 Frontend 43 Hardware 7 Api 55
Scan summary Repository scanned at 53.0/100 with 100.0% coverage. It contains 3614 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 325 findings — concentrated in quality (116), software (64), api (55). Risk profile is high: 35 critical, 7 high, 34 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 324 of 383 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ar.ts:1667 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ar.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ar.ts:1686 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/de.ts:1692 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/de.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/de.ts:1714 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/en.ts:1626 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/en.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/en.ts:1646 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/es.ts:1671 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/es.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/es.ts:1692 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/fr.ts:1690 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/fr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/fr.ts:1712 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/hi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/hi.ts:1663 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/hi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/hi.ts:1683 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/id.ts:1679 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/id.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/id.ts:1699 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/it.ts:1684 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/it.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/it.ts:1705 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ja.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ja.ts:1656 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ko.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ko.ts:1641 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/nl.ts:1682 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/nl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/nl.ts:1702 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/pl.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/pl.ts:1709 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/pt-BR.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/pt-BR.ts:1703 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ru.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ru.ts:1681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/ru.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/ru.ts:1701 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/sv.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/sv.ts:1677 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/sv.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/sv.ts:1697 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/th.ts:1655 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/th.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/th.ts:1674 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/tr.ts:1685 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/tr.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/tr.ts:1706 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/uk.ts:1681 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/uk.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/uk.ts:1702 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/vi.ts:1677 secrets
critical 9-layer security secrets conf 1.00 Possible secret in packages/shared/src/i18n/vi.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/shared/src/i18n/vi.ts:1697 secrets
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/snapotter-hq/snapotter (apps/landing/src/components/navbar.tsx:28)
`apps/landing/src/components/navbar.tsx:28` calls `GET https://api.github.com/repos/snapotter-hq/snapotter` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/snapotter-hq/snapotter` If this …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.imgflip.com/get_memes (scripts/fetch-meme-templates.ts:21)
`scripts/fetch-meme-templates.ts:21` calls `GET https://api.imgflip.com/get_memes` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.imgflip.com/get_memes` If this points at an external API, prefix it with `…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/v1/tools/convert (apps/web/src/components/editor/common/export-dialog.tsx:194)
`apps/web/src/components/editor/common/export-dialog.tsx:194` calls `POST /api/v1/tools/convert` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/v1/tools/convert` If this points at an external API, prefix it with `ht…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/v1/tools/convert (apps/web/src/components/editor/common/export-dialog.tsx:262)
`apps/web/src/components/editor/common/export-dialog.tsx:262` calls `POST /api/v1/tools/convert` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/v1/tools/convert` If this points at an external API, prefix it with `ht…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST /api/v1/tools/convert (apps/web/src/pages/editor-page.tsx:107)
`apps/web/src/pages/editor-page.tsx:107` calls `POST /api/v1/tools/convert` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/v1/tools/convert` If this points at an external API, prefix it with `https://` so the matche…
wiringdangling-fetchfetch
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in packages/ai/python/noise_removal.py:328
Found a known-risky pattern (eval_used). Review and replace if possible.
packages/ai/python/noise_removal.py:328 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/ai/python/dispatcher.py:235
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/ai/python/dispatcher.py:235 owaspexec_used
medium 9-layer frontend frontend-quality conf 1.00 `dangerouslySetInnerHTML` used in a React component — apps/landing/src/components/json-ld.tsx:6
Open XSS surface unless the input is provably trusted. Replace with explicit JSX or sanitize via a vetted library. Why: OWASP basics. Already partially flagged by the security analyzer. Rule id: fq.dangerous-html
frontend-qualityfq.dangerous-html
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/api/src/lib/ssrf.ts:185
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/editor/common/export-dialog.tsx:253
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/files/file-details.tsx:109
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/layout/ai-install-indicator.tsx:9
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/layout/tool-panel.tsx:17
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/tools/bulk-rename-settings.tsx:28
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/tools/image-enhancement-settings.tsx:184
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/tools/optimize-for-web-settings.tsx:103
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/tools/remove-bg-settings.tsx:579
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/components/tools/split-settings.tsx:125
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/hooks/use-auth.ts:85
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/pages/automate-page.tsx:199
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/pages/editor-page.tsx:111
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/stores/connection-store.ts:86
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — apps/web/src/stores/meme-store.ts:315
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — scripts/fetch-meme-templates.ts:21
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer hardware supply-chain conf 1.00 Docker base image uses a mutable or implicit tag: base-${TARGETOS}-${TARGETARCH}
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/Dockerfile:125 supply-chaindockerpinned-dependencies
medium 9-layer quality integrity conf 1.00 Frontend route `/:toolId` has no Link/navigate to it — apps/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `/brightness-contrast` has no Link/navigate to it — apps/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `/color-channels` has no Link/navigate to it — apps/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `/color-effects` has no Link/navigate to it — apps/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer quality integrity conf 1.00 Frontend route `/saturation` has no Link/navigate to it — apps/web/src/App.tsx
The route is registered but no `<Link to=…>` or `navigate(…)` in the codebase navigates here. Either it's reachable only via direct URL (intentional), it's dead, or the link broke during a refactor.
integrityorphan-pagewiring
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/release.yml supply-chaingithub-actionsleast-privilege
medium 9-layer security owasp conf 1.00 Insecure pattern 'dangerous_innerhtml' in apps/landing/src/components/json-ld.tsx:6
Found a known-risky pattern (dangerous_innerhtml). Review and replace if possible.
apps/landing/src/components/json-ld.tsx:6 owaspdangerous_innerhtml
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/detect_faces.py:31
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/enhance_faces.py:61
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/face_landmarks.py:98
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/inpaint.py:37
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/install_feature.py:137
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/noise_removal.py:46
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/outpaint.py:40
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/red_eye_removal.py:31
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/ai/python/restore.py:174
`urllib.request.urlretrieve(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
low 9-layer quality integrity conf 1.00 27 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `API_URL`, `BASE_URL`, `CAIRE_PATH`, `CI`, `CODEFORMER_MODEL_DIR`, `CODEFORMER_MODEL_PATH`, `DATA_DIR`, `DDCOLOR_MODEL_PATH` + 19 more. Add them (with a placeholder/comment) to .env.example so onboarding doesn't break.
integrityconfig-drift
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: golang:1.23-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/Dockerfile:50 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:22-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/Dockerfile:13 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:22-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/Dockerfile:113 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: node:22-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/Dockerfile:118 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: nvidia/cuda:12.6.3-cudnn-runtime-ubuntu24.04
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
docker/Dockerfile:114 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: playwright.analytics-local.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: playwright.analytics.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: playwright.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: playwright.docs.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: playwright.editor.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: playwright.landing.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/e2e-docs/content.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/e2e-docs/homepage.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/e2e-docs/search-and-theme.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/e2e-docs/sidebar.spec.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/ai-canvas-expand.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/anonymous-mode.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/api-key-scoping.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/audit-log.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/barcode-read.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/blur-faces.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/border.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/colorize.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/compare.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/compose.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/content-aware-resize.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/custom-roles.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/docs.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/edge-cases.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/enhance-faces.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/erase-object.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/favicon.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/find-duplicates.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/meme-generator.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/noise-removal.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/ocr.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/passport-photo.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/permissions.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/progress.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/qr-generate.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/rbac-matrix-full.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/rbac-matrix.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/red-eye-removal.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/remove-background.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/restore-photo.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/settings-phase1.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/smart-crop.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/split.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/stitch.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/svg-to-raster.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/text-overlay.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/upscale.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/user-files.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/integration/watermark-text.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: vitest.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer quality integrity conf 1.00 Legacy-named symbol `colorization_deploy_v2` in docker/download_models.py:173
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `colorization_deploy_v2` in packages/ai/python/colorize.py:35
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `photo_v2` in tests/unit/api/filename.test.ts:101
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `photo_v2` in tests/unit/api/utilities.test.ts:1373
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/ai/python/remove_bg.py:name, packages/ai/python/remove_bg.py:name This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/ai/python/red_eye_removal.py:emit_progress, packages/ai/python/detect_faces.py:emit_progress This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they'…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/ai/python/outpaint.py:emit_progress, packages/ai/python/inpaint.py:emit_progress This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: docker/download_models.py:predict, packages/ai/python/remove_bg.py:predict, packages/ai/python/install_feature.py:predict This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate o…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: packages/ai/python/install_feature.py:download_models, packages/ai/python/install_feature.py:download_models, packages/ai/python/install_feature.py:download_models This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see htt…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: docker/download_models.py:download_models, docker/download_models.py:download_models, packages/ai/python/remove_bg.py:download_models, packages/ai/python/remove_bg.py:download_models This is *the* AI-coder failure mode (4× more duplication in vibe-co…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: docker/download_models.py:name, docker/download_models.py:name, packages/ai/python/install_feature.py:name, packages/ai/python/install_feature.py:name This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: packages/ai/python/noise_removal.py:emit_progress, packages/ai/python/colorize.py:emit_progress, packages/ai/python/upscale.py:emit_progress, packages/ai/python/enhance_faces.py:emit_progress This is *the* AI-coder failure mode (4× more duplication i…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: packages/ai/python/models/scunet_arch.py:forward, packages/ai/python/models/scunet_arch.py:forward, packages/ai/python/models/scunet_arch.py:forward, packages/ai/python/models/scunet_arch.py:forward This is *the* AI-coder failure mode (4× more duplic…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 5 places
Functions with the same first-5-line body hash: packages/ai/python/models/nafnet_arch.py:forward, packages/ai/python/models/nafnet_arch.py:forward, packages/ai/python/models/nafnet_arch.py:forward, packages/ai/python/models/nafnet_arch.py:forward This is *the* AI-coder failure mode (4× more duplic…
integrityduplicatedry
low 9-layer cicd supply-chain conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
package.json supply-chainnpminstall-scripts
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_codeformer_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:336 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_codeformer_onnx_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:381 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_ddcolor_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:350 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_facexlib_models
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:469 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_gfpgan_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:322 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_lama_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:300 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_mediapipe_task_models
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:525 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_nafnet_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:456 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_opencv_colorize_models
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:495 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_paddleocr_models
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:410 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_paddleocr_vl_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:432 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_realesrgan_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:308 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_rembg_models
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:285 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: download_scunet_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
docker/download_models.py:444 dead-code
low 9-layer frontend frontend-quality conf 1.00 React Flow <MiniMap> without dark background — apps/web/src/components/tools/strip-metadata-settings.tsx:336
A bare <MiniMap> renders with the vendor's white default in dark themes. Wrap the canvas in a class that overrides `.react-flow__minimap` background, or pass an explicit `style`/`maskColor`/`bgColor`. Why: P1 in CHECKLIST.md — vendor defaults bleed light through. Rule id: fq.minimap.no-bg
frontend-qualityfq.minimap.no-bg
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — apps/api/scripts/generate-frames.ts:106
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — apps/api/src/index.ts:47
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — apps/api/src/lib/cleanup.ts:73
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — apps/api/src/plugins/auth.ts:176
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — apps/api/src/routes/progress.ts:154
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/src/bridge.ts:177
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — scripts/fetch-meme-templates.ts:55
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — scripts/generate-meme-thumbs.ts:18
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/v1/api-keys/:id
`apps/api/src/routes/api-keys.ts` declares `DELETE /api/v1/api-keys/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/v1/roles/:id
`apps/api/src/routes/roles.ts` declares `DELETE /api/v1/roles/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/v1/teams/:id
`apps/api/src/routes/teams.ts` declares `DELETE /api/v1/teams/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/admin/features/disk-usage
`apps/api/src/routes/features.ts` declares `GET /api/v1/admin/features/disk-usage` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/admin/health
`apps/api/src/index.ts` declares `GET /api/v1/admin/health` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/api-keys
`apps/api/src/routes/api-keys.ts` declares `GET /api/v1/api-keys` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/audit-log
`apps/api/src/routes/audit-log.ts` declares `GET /api/v1/audit-log` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/download/:jobId/:filename
`apps/api/src/routes/files.ts` declares `GET /api/v1/download/:jobId/:filename` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/features
`apps/api/src/routes/features.ts` declares `GET /api/v1/features` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/files
`apps/api/src/routes/user-files.ts` declares `GET /api/v1/files` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/files/:id
`apps/api/src/routes/user-files.ts` declares `GET /api/v1/files/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/files/:id/download
`apps/api/src/routes/user-files.ts` declares `GET /api/v1/files/:id/download` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/files/:id/thumbnail
`apps/api/src/routes/user-files.ts` declares `GET /api/v1/files/:id/thumbnail` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/jobs/:jobId/progress
`apps/api/src/routes/progress.ts` declares `GET /api/v1/jobs/:jobId/progress` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/meme-templates/fonts/:filename
`apps/api/src/routes/meme-templates.ts` declares `GET /api/v1/meme-templates/fonts/:filename` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting w…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/meme-templates/full/:filename
`apps/api/src/routes/meme-templates.ts` declares `GET /api/v1/meme-templates/full/:filename` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting wh…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/meme-templates/thumbs/:filename
`apps/api/src/routes/meme-templates.ts` declares `GET /api/v1/meme-templates/thumbs/:filename` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/openapi.yaml
`apps/api/src/routes/docs.ts` declares `GET /api/v1/openapi.yaml` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/pipeline/tools
`apps/api/src/routes/pipeline.ts` declares `GET /api/v1/pipeline/tools` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/roles
`apps/api/src/routes/roles.ts` declares `GET /api/v1/roles` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/settings
`apps/api/src/routes/settings.ts` declares `GET /api/v1/settings` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/settings/:key
`apps/api/src/routes/settings.ts` declares `GET /api/v1/settings/:key` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/v1/teams
`apps/api/src/routes/teams.ts` declares `GET /api/v1/teams` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /llms-full.txt
`apps/api/src/routes/docs.ts` declares `GET /llms-full.txt` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /llms.txt
`apps/api/src/routes/docs.ts` declares `GET /llms.txt` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/admin/features/:bundleId/install
`apps/api/src/routes/features.ts` declares `POST /api/v1/admin/features/:bundleId/install` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/admin/features/:bundleId/uninstall
`apps/api/src/routes/features.ts` declares `POST /api/v1/admin/features/:bundleId/uninstall` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting wh…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/api-keys
`apps/api/src/routes/api-keys.ts` declares `POST /api/v1/api-keys` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/files/save-result
`apps/api/src/routes/user-files.ts` declares `POST /api/v1/files/save-result` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/pipeline/execute
`apps/api/src/routes/pipeline.ts` declares `POST /api/v1/pipeline/execute` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/roles
`apps/api/src/routes/roles.ts` declares `POST /api/v1/roles` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/teams
`apps/api/src/routes/teams.ts` declares `POST /api/v1/teams` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/barcode-read
`apps/api/src/routes/tools/barcode-read.ts` declares `POST /api/v1/tools/barcode-read` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who cons…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/blur-faces
`apps/api/src/routes/tools/blur-faces.ts` declares `POST /api/v1/tools/blur-faces` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/erase-object
`apps/api/src/routes/tools/erase-object.ts` declares `POST /api/v1/tools/erase-object` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who cons…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/favicon
`apps/api/src/routes/tools/favicon.ts` declares `POST /api/v1/tools/favicon` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/find-duplicates
`apps/api/src/routes/tools/find-duplicates.ts` declares `POST /api/v1/tools/find-duplicates` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting wh…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/noise-removal
`apps/api/src/routes/tools/noise-removal.ts` declares `POST /api/v1/tools/noise-removal` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/ocr
`apps/api/src/routes/tools/ocr.ts` declares `POST /api/v1/tools/ocr` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/passport-photo
`apps/api/src/routes/tools/passport-photo.ts` declares `POST /api/v1/tools/passport-photo` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/pdf-to-image/info
`apps/api/src/routes/tools/pdf-to-image.ts` declares `POST /api/v1/tools/pdf-to-image/info` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/red-eye-removal
`apps/api/src/routes/tools/red-eye-removal.ts` declares `POST /api/v1/tools/red-eye-removal` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting wh…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/remove-background
`apps/api/src/routes/tools/remove-background.ts` declares `POST /api/v1/tools/remove-background` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documentin…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/restore-photo
`apps/api/src/routes/tools/restore-photo.ts` declares `POST /api/v1/tools/restore-photo` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who co…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/svg-to-raster/batch
`apps/api/src/routes/tools/svg-to-raster.ts` declares `POST /api/v1/tools/svg-to-raster/batch` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting …
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/transparency-fixer
`apps/api/src/routes/tools/transparency-fixer.ts` declares `POST /api/v1/tools/transparency-fixer` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or document…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: POST /api/v1/tools/vectorize
`apps/api/src/routes/tools/vectorize.ts` declares `POST /api/v1/tools/vectorize` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes i…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /api/v1/roles/:id
`apps/api/src/routes/roles.ts` declares `PUT /api/v1/roles/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /api/v1/settings
`apps/api/src/routes/settings.ts` declares `PUT /api/v1/settings` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: PUT /api/v1/teams/:id
`apps/api/src/routes/teams.ts` declares `PUT /api/v1/teams/:id` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer quality complexity conf 1.00 Very large file: apps/web/src/components/settings/settings-dialog.tsx (2756 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/ar.ts (1961 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/de.ts (1992 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/en.ts (1932 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/es.ts (1970 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/fr.ts (1991 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/hi.ts (1958 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/id.ts (1976 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/it.ts (1984 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/ja.ts (1935 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/ko.ts (1919 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/nl.ts (1979 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/pl.ts (1987 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/pt-BR.ts (1980 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/ru.ts (1978 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/sv.ts (1973 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/th.ts (1949 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/tr.ts (1984 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/uk.ts (1979 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/vi.ts (1973 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/zh-CN.ts (1899 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: packages/shared/src/i18n/zh-TW.ts (1900 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/e2e-docker/batch-processing.spec.ts (1225 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/e2e-docker/essential-tools.spec.ts (1543 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/e2e-docker/utility-tools.spec.ts (1407 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/e2e/gui-accessibility.spec.ts (1815 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/e2e/gui-tools-ai.spec.ts (1238 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/integration/adversarial-extended.test.ts (1743 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/integration/api.test.ts (4094 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/integration/collage.test.ts (1924 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/integration/format-matrix-expanded.test.ts (1985 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/integration/split.test.ts (1656 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/integration/stitch.test.ts (1832 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/integration/vectorize.test.ts (1456 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/unit/ai/bridge.test.ts (3078 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/unit/ai/tools.test.ts (2002 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/unit/api/ai-tools.test.ts (1437 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/unit/api/utilities.test.ts (1441 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/unit/image-engine/operations.test.ts (2316 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/unit/web/editor-store.test.ts (1895 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
low 9-layer quality complexity conf 1.00 Very large file: tests/unit/web/zustand-stores.test.ts (2872 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
complexity
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/common/dropzone.tsx:327
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/common/file-library-modal.tsx:230
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/common/image-viewer.tsx:310
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/common/progress-card.tsx:31
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/common/review-panel.tsx:90
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/common/url-import-modal.tsx:144
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/editor/common/slider-row.tsx:26
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/editor/options/text-options.tsx:174
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/editor/panels/history-panel.tsx:218
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/features/feature-install-prompt.tsx:146
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/files/file-list-item.tsx:59
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/layout/ai-install-indicator.tsx:27
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/settings/ai-features-section.tsx:237
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/settings/settings-dialog.tsx:1281
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/barcode-read-settings.tsx:332
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/beautify-settings.tsx:771
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/bulk-rename-settings.tsx:110
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/collage-preview.tsx:635
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/edit-metadata-settings.tsx:779
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/find-duplicates-results.tsx:106
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/image-to-base64-results.tsx:117
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/meme-generator-settings.tsx:96
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/passport-photo-settings.tsx:579
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/pdf-to-image-settings.tsx:97
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/pipeline-builder.tsx:120
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/qr-generate-settings.tsx:682
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/remove-bg-settings.tsx:362
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/components/tools/tool-palette.tsx:133
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/pages/automate-page.tsx:399
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/pages/fullscreen-grid-page.tsx:220
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/pages/home-page.tsx:101
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer frontend frontend-quality conf 1.00 `truncate` class without `title=` for hover reveal — apps/web/src/pages/tool-page.tsx:117
A truncated value should reveal the full text on hover. Pass the full string via `title={...}` so the user can read it. Why: P2 in CHECKLIST.md — truncate without hover-reveal. Rule id: fq.truncate.no-title
frontend-qualityfq.truncate.no-title
info 9-layer quality integrity conf 1.00 Commented-code block (13 lines) in tests/e2e/gui-settings-rbac.spec.ts:100
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in apps/web/src/components/editor/tools/brush-tool.tsx:85
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in apps/web/src/components/editor/tools/eraser-tool.tsx:85
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in apps/web/src/stores/editor-store.ts:1245
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in docker/download_models.py:73
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in packages/ai/python/models/scunet_arch.py:1
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code
info 9-layer quality integrity conf 1.00 Commented-code block (5 lines) in tests/e2e-docker/ai-tools.spec.ts:10
A long run of `//` or `#` lines usually means abandoned code. Delete or move to git history. Keeps the canvas + dead-code detection honest.
integritycommented-codedead-code

Showing first 300 of 324. Refine filters or use the legacy findings page for deep search.

{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/74b4c143-ebfb-420c-bd4a-ca532718732c/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/74b4c143-ebfb-420c-bd4a-ca532718732c/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.