{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexit", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 8."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 12 more): Same pattern found in 12 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workfl", "shortDescription": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise ("}, "fullDescription": {"text": "Replace with: `uses: actions/setup-python@<40-char-sha>  # v6` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED131", "name": "[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.15.12`: `.pre-commit", "shortDescription": {"text": "[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.15.12`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.15.12`. If `{rev}` is a branch or ve"}, "fullDescription": {"text": "Pin to a commit SHA: `rev: <40-char-sha>` and bump it through `pre-commit autoupdate` (which writes to PRs that are reviewed)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `time.sleep` inside async function `test_fetch_tokens_with_domains_save_does_not_block_event_lo", "shortDescription": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_fetch_tokens_with_domains_save_does_not_block_event_loop`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, prevent"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_allow_null_suppresses_enrichment_for_clie", "shortDescription": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_allow_null_suppresses_enrichment_for_client_error_codes` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in"}, "fullDescription": {"text": "Initialize `self._build_raw = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_generate_infographic_default: Test function `test_generate_infographic_default` r", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_generate_infographic_default: Test function `test_generate_infographic_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without v"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inje", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.NAME` on a `pull_request` trigger: This workflow triggers on `pull_request`, which che", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.NAME` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.NAME }` lets a PR from any fork exfiltrate the secret (modify a script,"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`", "shortDescription": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import email` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED018", "name": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/fi", "shortDescription": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-502 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC116", "name": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrar", "shortDescription": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "fullDescription": {"text": "Use `YAML.safe_load(input, permitted_classes: [Date])` \u2014 explicit class allowlist. Never use `Marshal.load` on untrusted data; serialize as JSON instead."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC079", "name": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python obje", "shortDescription": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "fullDescription": {"text": "Use `yaml.safe_load(data)` or `yaml.load(data, Loader=yaml.SafeLoader)`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/557"}, "properties": {"repository": "teng-lin/notebooklm-py", "repoUrl": "https://github.com/teng-lin/notebooklm-py.git", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36979, "scanner": "repobility-ast-engine", "fingerprint": "3b1fe043d18ca6ec203f017903d72f488c34e5bce2df6932fbbbebdb2ff3c81f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3b1fe043d18ca6ec203f017903d72f488c34e5bce2df6932fbbbebdb2ff3c81f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/bulk-import.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36978, "scanner": "repobility-ast-engine", "fingerprint": "f88b1ace91f6cb7cbdeba1ddea881bab0f072f43e7473cabe411e7b0dcc1c5ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f88b1ace91f6cb7cbdeba1ddea881bab0f072f43e7473cabe411e7b0dcc1c5ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/bulk-import.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36977, "scanner": "repobility-ast-engine", "fingerprint": "e05d414bf2b07acec773cb2e6d8002aa391e6d9df505c5cb3e9d40e902a9fee6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e05d414bf2b07acec773cb2e6d8002aa391e6d9df505c5cb3e9d40e902a9fee6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/notes.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36976, "scanner": "repobility-ast-engine", "fingerprint": "48ef3a9c1a06c172ef237a2c5c0dcf25c19be363290059843e4c9b18c55f86a8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48ef3a9c1a06c172ef237a2c5c0dcf25c19be363290059843e4c9b18c55f86a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/chat.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36972, "scanner": "repobility-ast-engine", "fingerprint": "29b397b9697a5772f9f9a70e912144f07940f4880f4bd0950e44aa921ff5f487", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|29b397b9697a5772f9f9a70e912144f07940f4880f4bd0950e44aa921ff5f487"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/concurrency/test_add_file_toctou.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36971, "scanner": "repobility-ast-engine", "fingerprint": "a025cd40f108bccf67defe3afccb372e7350923b27dd50376105fac0587b5152", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a025cd40f108bccf67defe3afccb372e7350923b27dd50376105fac0587b5152"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/concurrency/helpers.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36970, "scanner": "repobility-ast-engine", "fingerprint": "760134789d55eea685f46cd079b4eff426ec031cedf72955791a38763982ea48", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|760134789d55eea685f46cd079b4eff426ec031cedf72955791a38763982ea48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_chat_multi_source_vcr.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36969, "scanner": "repobility-ast-engine", "fingerprint": "008edd2827c3cf217337a338c76e286e3c33890430c44ed0289f1bba724ab5b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|008edd2827c3cf217337a338c76e286e3c33890430c44ed0289f1bba724ab5b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_chat_delete_conversation_vcr.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36966, "scanner": "repobility-ast-engine", "fingerprint": "04406cd2b5725864ccac93d11da20da373d3d15f6c864385d285385dd07f474f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04406cd2b5725864ccac93d11da20da373d3d15f6c864385d285385dd07f474f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_windows_compatibility.py"}, "region": {"startLine": 312}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36964, "scanner": "repobility-ast-engine", "fingerprint": "a65b5de0b3108e34e9df9161e35b0e269b7a353854eb971508e9e7947a53392a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a65b5de0b3108e34e9df9161e35b0e269b7a353854eb971508e9e7947a53392a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_migration_lock.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36963, "scanner": "repobility-ast-engine", "fingerprint": "19a38b1223cd7802d70b6b5981398077465a718cbc2e071920dc05f169c13d02", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|19a38b1223cd7802d70b6b5981398077465a718cbc2e071920dc05f169c13d02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_cookie_persistence.py"}, "region": {"startLine": 120}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36961, "scanner": "repobility-ast-engine", "fingerprint": "36f5f315eefa8072609db92bae862541d5c75d481b95beca1fddf911cef0cbf7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36f5f315eefa8072609db92bae862541d5c75d481b95beca1fddf911cef0cbf7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_refresh_lock_registry.py"}, "region": {"startLine": 343}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36934, "scanner": "repobility-ast-engine", "fingerprint": "70fe7bf02520fb987a598687bc9354ae73d6b364a58f9ee148815102035a9815", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70fe7bf02520fb987a598687bc9354ae73d6b364a58f9ee148815102035a9815"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/scripts/setup-generation-notebook.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36906, "scanner": "repobility-ast-engine", "fingerprint": "ebe5d78dd207f02d05cf69ce22e0fcbdc6656b1beb2c867f53e225a761b257a9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ebe5d78dd207f02d05cf69ce22e0fcbdc6656b1beb2c867f53e225a761b257a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_downloads.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36905, "scanner": "repobility-ast-engine", "fingerprint": "246888011249138ef9ca361d281bee2fea369fbe5ade0b3f7f198d3d555f2a6b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|246888011249138ef9ca361d281bee2fea369fbe5ade0b3f7f198d3d555f2a6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/conftest.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36904, "scanner": "repobility-ast-engine", "fingerprint": "49b341368f586fa7e5c939becd4bb5908e0574dc4fd6be00e5e98fd96e58a02f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49b341368f586fa7e5c939becd4bb5908e0574dc4fd6be00e5e98fd96e58a02f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/conftest.py"}, "region": {"startLine": 815}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36903, "scanner": "repobility-ast-engine", "fingerprint": "974cd660b4d7c20f26feaa2a55ce1b41dd5051b1088964a8f8642bacb132cde9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|974cd660b4d7c20f26feaa2a55ce1b41dd5051b1088964a8f8642bacb132cde9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/conftest.py"}, "region": {"startLine": 645}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36902, "scanner": "repobility-ast-engine", "fingerprint": "0c5bd31e830fe17f34c86329915f6ac45b400d49a7c5b5f6acfe6213a7b1e2b3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c5bd31e830fe17f34c86329915f6ac45b400d49a7c5b5f6acfe6213a7b1e2b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/conftest.py"}, "region": {"startLine": 619}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36901, "scanner": "repobility-ast-engine", "fingerprint": "c5c2e2d62fac08333c86e932d10dcdf7cd10f03718216523529f3b579a4b890e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c5c2e2d62fac08333c86e932d10dcdf7cd10f03718216523529f3b579a4b890e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/conftest.py"}, "region": {"startLine": 426}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36900, "scanner": "repobility-ast-engine", "fingerprint": "3be6019b82a0f4647abfaefcfb4f6e76d3ccb70cd52e93f46b81d945fc63d0f6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3be6019b82a0f4647abfaefcfb4f6e76d3ccb70cd52e93f46b81d945fc63d0f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/conftest.py"}, "region": {"startLine": 550}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36899, "scanner": "repobility-ast-engine", "fingerprint": "e96805551a121b483c028c3b66b6ef8b8ce7c90faf2dcd027f409159879d7792", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e96805551a121b483c028c3b66b6ef8b8ce7c90faf2dcd027f409159879d7792"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/diagnose_get_notebook.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36898, "scanner": "repobility-ast-engine", "fingerprint": "cde87c766f8e2a89cf8e549971adad057aa89cb98107c96aec4694b773a76a09", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cde87c766f8e2a89cf8e549971adad057aa89cb98107c96aec4694b773a76a09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_rpc_health.py"}, "region": {"startLine": 941}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36897, "scanner": "repobility-ast-engine", "fingerprint": "b10cee0c249ab5b1cf3a662b6b0a47783d48a0bfd9e1f2ad82f6b7d5810f4624", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b10cee0c249ab5b1cf3a662b6b0a47783d48a0bfd9e1f2ad82f6b7d5810f4624"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_rpc_health.py"}, "region": {"startLine": 925}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36896, "scanner": "repobility-ast-engine", "fingerprint": "04d44a7f32a5853059bdb3d6c05f32fdbae34269aab98647a9280a798cd430cf", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04d44a7f32a5853059bdb3d6c05f32fdbae34269aab98647a9280a798cd430cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_rpc_health.py"}, "region": {"startLine": 909}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 36895, "scanner": "repobility-ast-engine", "fingerprint": "63a69e629072f55f96d88bb2079320e3900b338b8eef54bd8544235ea2d402bc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|63a69e629072f55f96d88bb2079320e3900b338b8eef54bd8544235ea2d402bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_rpc_health.py"}, "region": {"startLine": 950}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 36891, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 36890, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 36882, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d7655c3b9f54014d0b0c491157b1efb27a078b092c610a2653359e899a88171f", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "clean", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|d7655c3b9f54014d0b0c491157b1efb27a078b092c610a2653359e899a88171f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/scripts/check_cassettes_clean.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 36874, "scanner": "repobility-threat-engine", "fingerprint": "8bb54cafc50c143d92caa221f6230273d37c448ca5604c8e12806fe624b54264", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8bb54cafc50c143d92caa221f6230273d37c448ca5604c8e12806fe624b54264"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/completion.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 36873, "scanner": "repobility-threat-engine", "fingerprint": "ad225d665cb90dee4b5cb373e45859b512d15d3ad3f89d298fdd7e887be9dfc5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n            params = getattr(cur, \"params\", None)\n            notebook_id = params.get(\"noteboo", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ad225d665cb90dee4b5cb373e45859b512d15d3ad3f89d298fdd7e887be9dfc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/completion.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 36870, "scanner": "repobility-threat-engine", "fingerprint": "fad4c65299a982754d5060dbc1c4c7c62e5e818d41d535b23fe5e0166a4ad4d1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"user@example.com\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fad4c65299a982754d5060dbc1c4c7c62e5e818d41d535b23fe5e0166a4ad4d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_sharing.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 36892, "scanner": "repobility-web-presence", "fingerprint": "2922a3ede365381e00848aa5c8f712e9852d32389d2d37ead295e5a8b6eea47b", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|2922a3ede365381e00848aa5c8f712e9852d32389d2d37ead295e5a8b6eea47b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/cassettes/artifacts_delete.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36889, "scanner": "repobility-ai-code-hygiene", "fingerprint": "daae5eb948348167c5b8c5cf0af19bbeb3eb49c4c46ee0f11016c0f3e5f6824d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/integration/conftest.py", "duplicate_line": 249, "correlation_key": "fp|daae5eb948348167c5b8c5cf0af19bbeb3eb49c4c46ee0f11016c0f3e5f6824d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/conftest.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0334fb6a71b5c5f6373daf6680fc94c642a343d9aa27137f5bb0d0fa3691c86", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/integration/concurrency/conftest.py", "duplicate_line": 62, "correlation_key": "fp|e0334fb6a71b5c5f6373daf6680fc94c642a343d9aa27137f5bb0d0fa3691c86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/conftest.py"}, "region": {"startLine": 33}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d2791ee7b17e39c2c0bcc796fd929393584d002f13fa66f88f2c5598d5044c3e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "tests/integration/concurrency/conftest.py", "duplicate_line": 56, "correlation_key": "fp|d2791ee7b17e39c2c0bcc796fd929393584d002f13fa66f88f2c5598d5044c3e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/conftest.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36886, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b5c356e5f4bf5b6c0d48f9cfc2cb657f7fb66ba865ffa14d3aacbd7a82d74f74", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/notebooklm/__init__.py", "duplicate_line": 129, "correlation_key": "fp|b5c356e5f4bf5b6c0d48f9cfc2cb657f7fb66ba865ffa14d3aacbd7a82d74f74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/types.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36885, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a20a38bda33a9154705d16950a9b79568096e5e0ebd429b0465728d60288c852", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/notebooklm/rpc/__init__.py", "duplicate_line": 28, "correlation_key": "fp|a20a38bda33a9154705d16950a9b79568096e5e0ebd429b0465728d60288c852"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/types.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36884, "scanner": "repobility-ai-code-hygiene", "fingerprint": "262178dd798d2c4ea12072c74f68a56d2450f2ef25f646024219076c173404f6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/notebooklm/__init__.py", "duplicate_line": 185, "correlation_key": "fp|262178dd798d2c4ea12072c74f68a56d2450f2ef25f646024219076c173404f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/rpc/__init__.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36883, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9cc34477533453da89f568a0da972dd4ae620d5e4e123dfebebaa2b22c7904ff", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/check_workflow_permissions.py", "duplicate_line": 22, "correlation_key": "fp|9cc34477533453da89f568a0da972dd4ae620d5e4e123dfebebaa2b22c7904ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_workflow_secret_gates.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 36881, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bd5c4bef7acf37b9b03f6698bfe03d54d0cab28a162e814cad2da4db148851e3", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "clean", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|bd5c4bef7acf37b9b03f6698bfe03d54d0cab28a162e814cad2da4db148851e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/scripts/check_cassettes_clean.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 36880, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3a5eb65308e912e7cf0459f170e08e35c0180b67eef1d95cef7db92daf81d046", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "clean", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|3a5eb65308e912e7cf0459f170e08e35c0180b67eef1d95cef7db92daf81d046"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/services/source_clean.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 36856, "scanner": "repobility-threat-engine", "fingerprint": "70d111b658d70a826b6440823813e463fd03340413b6570d167adc51c3d3dd76", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"\\n  Fix: either copy the block verbatim into \"\n            + str(contributing_path)\n            + \"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|70d111b658d70a826b6440823813e463fd03340413b6570d167adc51c3d3dd76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_ci_install_parity.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: break=1, else=1, for=1, if=3, nested_bonus=1, ternary=1."}, "properties": {"repobilityId": 36847, "scanner": "repobility-threat-engine", "fingerprint": "9754c8974b45c171665c0aa37d3a1e5ccac3d63363cd7ae4fedd484930f64597", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 3, "for": 1, "else": 1, "break": 1, "ternary": 1, "nested_bonus": 1}, "complexity": 8, "correlation_key": "fp|9754c8974b45c171665c0aa37d3a1e5ccac3d63363cd7ae4fedd484930f64597"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/research-to-podcast.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=3, for=4, if=1, nested_bonus=4."}, "properties": {"repobilityId": 36845, "scanner": "repobility-threat-engine", "fingerprint": "36b3213bdaf4d1ecc173d659470e71021290f7959d8d89dd39167678b61f7839", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 1, "for": 4, "except": 3, "nested_bonus": 4}, "complexity": 12, "correlation_key": "fp|36b3213bdaf4d1ecc173d659470e71021290f7959d8d89dd39167678b61f7839"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/bulk-import.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36879, "scanner": "repobility-threat-engine", "fingerprint": "7636af460668dd4aa1a055ccd896ac9e2e1e6eb147bce03218b2c25eccca25b3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7636af460668dd4aa1a055ccd896ac9e2e1e6eb147bce03218b2c25eccca25b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/research.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 36878, "scanner": "repobility-threat-engine", "fingerprint": "237bff5e4e938ed0aa7c941be8126abf1d3b935076313ecee57ea5c9f0a43d24", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|237bff5e4e938ed0aa7c941be8126abf1d3b935076313ecee57ea5c9f0a43d24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/services/source_add.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 36877, "scanner": "repobility-threat-engine", "fingerprint": "0334a271f634c6f3b16b404c2d6eab8c4585ebd4deabab4c7ccae03211525307", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0334a271f634c6f3b16b404c2d6eab8c4585ebd4deabab4c7ccae03211525307"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/language.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC007", "level": "none", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 36864, "scanner": "repobility-threat-engine", "fingerprint": "af6bb27f7ee3a480d4fbbce2026af9db750bfb07d397c076315fea1d9e062e33", "category": "deserialization", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe loader ('safeloader') found in surrounding code \u2014 yaml.load() is using safe deserialization", "evidence": {"match": "yaml.load(", "reason": "Safe loader ('safeloader') found in surrounding code \u2014 yaml.load() is using safe deserialization", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|deserialization|token|178|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/rescrub-cassettes.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 36863, "scanner": "repobility-threat-engine", "fingerprint": "f4621d342d189d4eb9ca3c17881676e5a18881301e0582675c78343929d4554a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f4621d342d189d4eb9ca3c17881676e5a18881301e0582675c78343929d4554a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/diagnose_get_notebook.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 36862, "scanner": "repobility-threat-engine", "fingerprint": "ffecf1e51079d5ffeb71f62f987da333d268904adb0005d3bcedaec6f5098cf6", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.warning(\"Token refresh failed: %s\", refresh_error)", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|21|logger.warning token refresh failed: s refresh_error"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_middleware_auth_refresh.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 36861, "scanner": "repobility-threat-engine", "fingerprint": "d7e20098a5fd22a0ab22fbb8fc7c65d794f229c6fed8fb931c3aa8b0a0e0d6b5", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"Fetching auth tokens...\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|13|print fetching auth tokens..."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/diagnose_get_notebook.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 36860, "scanner": "repobility-threat-engine", "fingerprint": "a438bc863a4695ac2aba7be1d05a87a6da22bd64119cedb075ce04cd78bfada2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a438bc863a4695ac2aba7be1d05a87a6da22bd64119cedb075ce04cd78bfada2", "aggregated_count": 11}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 36859, "scanner": "repobility-threat-engine", "fingerprint": "5737f92ef3fa48ccc14c21bbf32f99be1bd38c8057178960df269b3d528fa63b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5737f92ef3fa48ccc14c21bbf32f99be1bd38c8057178960df269b3d528fa63b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_request_types.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 36858, "scanner": "repobility-threat-engine", "fingerprint": "210d6b21ae23acc1b6c72bc341ddb06bd73a35a6ccaf57417b2bc308136d8aa1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|210d6b21ae23acc1b6c72bc341ddb06bd73a35a6ccaf57417b2bc308136d8aa1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_middleware.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 36857, "scanner": "repobility-threat-engine", "fingerprint": "b852fe96a44eb6d37cea58a197bc71ca4028ce493d09eaf1308eea56f11fe0c7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b852fe96a44eb6d37cea58a197bc71ca4028ce493d09eaf1308eea56f11fe0c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_ci_install_parity.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 36855, "scanner": "repobility-threat-engine", "fingerprint": "50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|50406309e3101c911d59a3045c7bd41e083f0c20641ab6d2cbf99c80311d7d9e", "aggregated_count": 7}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 36854, "scanner": "repobility-threat-engine", "fingerprint": "cd54f4c742361488424d1ecc9e2c643a35dd500e12d44fbcba655d1acb943663", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd54f4c742361488424d1ecc9e2c643a35dd500e12d44fbcba655d1acb943663"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/agent.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 36853, "scanner": "repobility-threat-engine", "fingerprint": "8117a02f35e11fe2a4783828f690168f65a70622d63ff8a78866557022b92eea", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8117a02f35e11fe2a4783828f690168f65a70622d63ff8a78866557022b92eea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_auth/session.py"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 36852, "scanner": "repobility-threat-engine", "fingerprint": "b57280f4d639141b0dafdbf2340b5d38ce2cb71c4c9cbee31d95ae76e40dd7aa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b57280f4d639141b0dafdbf2340b5d38ce2cb71c4c9cbee31d95ae76e40dd7aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/notes.py"}, "region": {"startLine": 137}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 61 more): Same pattern found in 61 additional files. Review if needed."}, "properties": {"repobilityId": 36848, "scanner": "repobility-threat-engine", "fingerprint": "e6ffd8dac35215126fe44a131681c4ff601b22310456d26c77f0be77a3143c7c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 61 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 1, "for": 4, "except": 3, "nested_bonus": 4}, "aggregated": true, "complexity": 12, "correlation_key": "fp|e6ffd8dac35215126fe44a131681c4ff601b22310456d26c77f0be77a3143c7c", "aggregated_count": 61}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 36844, "scanner": "repobility-threat-engine", "fingerprint": "7b990c59a59a231ab74545553785eddf6010f76184455cdb20a0912964580127", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7b990c59a59a231ab74545553785eddf6010f76184455cdb20a0912964580127", "aggregated_count": 1}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 36843, "scanner": "repobility-threat-engine", "fingerprint": "4fa88f446871f69b1e10e9c100d872babe90d3638e2d9b3b49a5fc026e6d9433", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4fa88f446871f69b1e10e9c100d872babe90d3638e2d9b3b49a5fc026e6d9433"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/research-to-podcast.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 36842, "scanner": "repobility-threat-engine", "fingerprint": "380bd7636ea4fbb274439adccc77d777f69ea00e737a2a57876522885e54818f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|380bd7636ea4fbb274439adccc77d777f69ea00e737a2a57876522885e54818f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/quickstart.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 36841, "scanner": "repobility-threat-engine", "fingerprint": "acc3e75bbfc8c7767cd2268ea6d5d574451f0adf0c086ccc898e9065d11d93ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|acc3e75bbfc8c7767cd2268ea6d5d574451f0adf0c086ccc898e9065d11d93ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/bulk-import.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 36840, "scanner": "repobility-threat-engine", "fingerprint": "2dd7741d048fa4125233f4d38169b7b6bfcf254bfbcc6b391ac104e43dd71249", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2dd7741d048fa4125233f4d38169b7b6bfcf254bfbcc6b391ac104e43dd71249"}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37009, "scanner": "repobility-supply-chain", "fingerprint": "ac3d625a2480fdabbab8aa693c2642fe12af9bf4975be07e18f31813ea4daa8f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ac3d625a2480fdabbab8aa693c2642fe12af9bf4975be07e18f31813ea4daa8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verify-package.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37008, "scanner": "repobility-supply-chain", "fingerprint": "7d0d23a48970d82cf8fe49b2b1c213dadcb82aeda938f944facc2f43eb0c647a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d0d23a48970d82cf8fe49b2b1c213dadcb82aeda938f944facc2f43eb0c647a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/verify-package.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37007, "scanner": "repobility-supply-chain", "fingerprint": "d37ff5329c8d57219f494b52ee22571e6cb05be58c39fa4883f62a964d97f0aa", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d37ff5329c8d57219f494b52ee22571e6cb05be58c39fa4883f62a964d97f0aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37006, "scanner": "repobility-supply-chain", "fingerprint": "14f0071e2321349ca90725edca5a44b3a8489c50831132c37ea815ba71fd1c4f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|14f0071e2321349ca90725edca5a44b3a8489c50831132c37ea815ba71fd1c4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37005, "scanner": "repobility-supply-chain", "fingerprint": "50ef2b4450f2412e15433433bf73350d2377ca1f0f79ce52414db7373d2d1543", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|50ef2b4450f2412e15433433bf73350d2377ca1f0f79ce52414db7373d2d1543"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/nightly.yml"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37004, "scanner": "repobility-supply-chain", "fingerprint": "96b85070fa27beb5039c088151ccf5c7389de59c24f10d9b921443041c8be2d5", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|96b85070fa27beb5039c088151ccf5c7389de59c24f10d9b921443041c8be2d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/claude.yml"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/download-artifact` pinned to mutable ref `@v7`: `uses: actions/download-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37003, "scanner": "repobility-supply-chain", "fingerprint": "227512f73b859113a46695bb540900a62a7dff8e3675916960e0a41b0efcfdf9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|227512f73b859113a46695bb540900a62a7dff8e3675916960e0a41b0efcfdf9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/testpypi-publish.yml"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37002, "scanner": "repobility-supply-chain", "fingerprint": "ccd3f20e2e88447732352aedc49c3b35fc14f7e832607735f7f5e604c9682522", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ccd3f20e2e88447732352aedc49c3b35fc14f7e832607735f7f5e604c9682522"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/testpypi-publish.yml"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37001, "scanner": "repobility-supply-chain", "fingerprint": "20fa72db1db03d9c4ce844cd10761aa3ea243ac78a9288d9bd97318c69159554", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|20fa72db1db03d9c4ce844cd10761aa3ea243ac78a9288d9bd97318c69159554"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/testpypi-publish.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 37000, "scanner": "repobility-supply-chain", "fingerprint": "dd23b39580a3acf64bd685ecb348420b16233fc7f06642dc74f87de15777a5d3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dd23b39580a3acf64bd685ecb348420b16233fc7f06642dc74f87de15777a5d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/testpypi-publish.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v7`: `uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36999, "scanner": "repobility-supply-chain", "fingerprint": "7fd1287389fd50105701ff9fef37f3783a7df13296bb02601c4a4cee79639835", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7fd1287389fd50105701ff9fef37f3783a7df13296bb02601c4a4cee79639835"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependency-audit.yml"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36998, "scanner": "repobility-supply-chain", "fingerprint": "f11293f6b53d188cb63b355c014690ce2b5967a34581916f86a23401d7f08596", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f11293f6b53d188cb63b355c014690ce2b5967a34581916f86a23401d7f08596"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/dependency-audit.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36997, "scanner": "repobility-supply-chain", "fingerprint": "7d896590a7d5299e644f1e96d46be61c557a0992448e3804e09ab9c95dfffc61", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d896590a7d5299e644f1e96d46be61c557a0992448e3804e09ab9c95dfffc61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rpc-health.yml"}, "region": {"startLine": 217}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36996, "scanner": "repobility-supply-chain", "fingerprint": "efd7bb947e239586fe4a9114e8e5f6d79d0d7c815ea8c95b091753f5a0aa9b63", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|efd7bb947e239586fe4a9114e8e5f6d79d0d7c815ea8c95b091753f5a0aa9b63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rpc-health.yml"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36995, "scanner": "repobility-supply-chain", "fingerprint": "f2d4c73bfba205f37e65dbdaf0d1077eaeeb78f11516960120ad53b6c7c7fe16", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f2d4c73bfba205f37e65dbdaf0d1077eaeeb78f11516960120ad53b6c7c7fe16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/rpc-health.yml"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v5`: `uses: actions/cache@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36993, "scanner": "repobility-supply-chain", "fingerprint": "93469876eab9537076eb6c1ed921cf6966c2260338950fbd639b235027c6336c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|93469876eab9537076eb6c1ed921cf6966c2260338950fbd639b235027c6336c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v7`: `uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36992, "scanner": "repobility-supply-chain", "fingerprint": "5b0f2e8a5d6d9294a03697f173a6ca34e8af5d3ee8751323c622390328b566d6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5b0f2e8a5d6d9294a03697f173a6ca34e8af5d3ee8751323c622390328b566d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36991, "scanner": "repobility-supply-chain", "fingerprint": "e8f4c41c4ea508bf3a18e4d82ec373704ca08f26844d63f873ec85697fe16e87", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e8f4c41c4ea508bf3a18e4d82ec373704ca08f26844d63f873ec85697fe16e87"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36990, "scanner": "repobility-supply-chain", "fingerprint": "2d7331dc347a796e73b4619e77909f396ce89bbd20c51a70b5480c67d522167c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2d7331dc347a796e73b4619e77909f396ce89bbd20c51a70b5480c67d522167c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 101}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `astral-sh/setup-uv` pinned to mutable ref `@v7`: `uses: astral-sh/setup-uv@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36989, "scanner": "repobility-supply-chain", "fingerprint": "5aae433ea65df1345c31be25e4c8df168f98c19e2b8bcb112aa5fdd0e868d629", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5aae433ea65df1345c31be25e4c8df168f98c19e2b8bcb112aa5fdd0e868d629"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-python` pinned to mutable ref `@v6`: `uses: actions/setup-python@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36988, "scanner": "repobility-supply-chain", "fingerprint": "a180700f635d2a70146fbc88c2e59266c7bf1dbecd55ed499bb7cad96f3a847b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a180700f635d2a70146fbc88c2e59266c7bf1dbecd55ed499bb7cad96f3a847b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36987, "scanner": "repobility-supply-chain", "fingerprint": "331b117672fe459b502a49f7f278584f7396277380ab38c4a0244d5e7c9dde73", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|331b117672fe459b502a49f7f278584f7396277380ab38c4a0244d5e7c9dde73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `github/codeql-action/analyze` pinned to mutable ref `@v4`: `uses: github/codeql-action/analyze@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36986, "scanner": "repobility-supply-chain", "fingerprint": "51d0729c2bb03d8fed7c10653bd95655e33d685cd08543cbad11cc109865cf9e", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|51d0729c2bb03d8fed7c10653bd95655e33d685cd08543cbad11cc109865cf9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `github/codeql-action/init` pinned to mutable ref `@v4`: `uses: github/codeql-action/init@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36985, "scanner": "repobility-supply-chain", "fingerprint": "222fcf4d4eceb2b3fcfe8ce3d13cb3f4df44b83d83f8cb847481030dc0590579", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|222fcf4d4eceb2b3fcfe8ce3d13cb3f4df44b83d83f8cb847481030dc0590579"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 36984, "scanner": "repobility-supply-chain", "fingerprint": "ad37ccbda4e21bc234450fe0de213940f8f71a825b1b9b79fa83cd219061b4c9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ad37ccbda4e21bc234450fe0de213940f8f71a825b1b9b79fa83cd219061b4c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/codeql.yml"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED131", "level": "error", "message": {"text": "[MINED131] pre-commit hook `https://github.com/astral-sh/ruff-pre-commit` pinned to mutable rev `v0.15.12`: `.pre-commit-config.yaml` references `https://github.com/astral-sh/ruff-pre-commit` at `rev: v0.15.12`. If `{rev}` is a branch or version tag, the repo owner can push new code there and `pre-commit install --install-hooks` will fetch it on every developer's machine."}, "properties": {"repobilityId": 36983, "scanner": "repobility-supply-chain", "fingerprint": "26d0b4bc899a2365ee180e619d43b5f52e09b2c1286b36e19e95840e0541e9a8", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "precommit-untrusted-repo", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|26d0b4bc899a2365ee180e619d43b5f52e09b2c1286b36e19e95840e0541e9a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".pre-commit-config.yaml"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_fetch_tokens_with_domains_save_does_not_block_event_loop`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 36975, "scanner": "repobility-ast-engine", "fingerprint": "498df88b8eeeeb4dd3fdc55c8db6b42c83289648c4b418bec761e310cd3b2084", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|498df88b8eeeeb4dd3fdc55c8db6b42c83289648c4b418bec761e310cd3b2084"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/concurrency/test_auth_load_blocks_loop.py"}, "region": {"startLine": 169}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_from_storage_save_does_not_block_event_loop`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 36974, "scanner": "repobility-ast-engine", "fingerprint": "36887fdf05550a5be028aad7a5b47810cfcbe312de63323181500340b6a73a22", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|36887fdf05550a5be028aad7a5b47810cfcbe312de63323181500340b6a73a22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/concurrency/test_auth_load_blocks_loop.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `test_refresh_auth_session_selected_account_uses_authuser_url`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 36959, "scanner": "repobility-ast-engine", "fingerprint": "ddd350bb1459b2c19d5106cb2bbca30802f0ddc05cdf43111bbf38f604255494", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ddd350bb1459b2c19d5106cb2bbca30802f0ddc05cdf43111bbf38f604255494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_auth_session.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `test_refresh_auth_session_selected_account_uses_account_email_url`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 36958, "scanner": "repobility-ast-engine", "fingerprint": "4eee1f3301d40094fdd61c0f944b98ac4ae6d1c91a1c5135f1b886ee21a071f4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4eee1f3301d40094fdd61c0f944b98ac4ae6d1c91a1c5135f1b886ee21a071f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_auth_session.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `test_refresh_auth_session_default_account_uses_bare_base_url`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 36957, "scanner": "repobility-ast-engine", "fingerprint": "d00d7712be069f3dcc1e8620b1bed655cbb70e654e6e88a74254087ae393b434", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d00d7712be069f3dcc1e8620b1bed655cbb70e654e6e88a74254087ae393b434"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_auth_session.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_allow_null_suppresses_enrichment_for_client_error_codes` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36955, "scanner": "repobility-ast-engine", "fingerprint": "f468939a983ca91dec37baff52754efb9ff7760743a2335f1fc30978095afd79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f468939a983ca91dec37baff52754efb9ff7760743a2335f1fc30978095afd79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 703}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_multi_element_error_info_falls_through` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36954, "scanner": "repobility-ast-engine", "fingerprint": "ee7d1fb1b72283ffc50ad575daaed21facf4f6ce63ee0a5fbb6b7cdad638d921", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee7d1fb1b72283ffc50ad575daaed21facf4f6ce63ee0a5fbb6b7cdad638d921"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 688}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_out_of_range_code_falls_through_to_generic_error` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36953, "scanner": "repobility-ast-engine", "fingerprint": "de160d37f5c16f21961dd626b45b35cccb32c344f07dc3731db09154a868da7a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de160d37f5c16f21961dd626b45b35cccb32c344f07dc3731db09154a868da7a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 677}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_unauthenticated_code_does_not_become_auth_error` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36952, "scanner": "repobility-ast-engine", "fingerprint": "9a2b3c0f3df3a35dd20f301d0a5c8081258a7081a78d8f6539a4f9846ec7066b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9a2b3c0f3df3a35dd20f301d0a5c8081258a7081a78d8f6539a4f9846ec7066b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 665}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._assert_no_auth_patterns` used but never assigned in __init__: Method `test_unauthenticated_code_does_not_become_auth_error` of class `TestNullResultStatusCodeEnrichment` reads `self._assert_no_auth_patterns`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36951, "scanner": "repobility-ast-engine", "fingerprint": "4c0aff105ec4ce1a8aa406d7c42b43235864aef11d150741299f67a0430da1c8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4c0aff105ec4ce1a8aa406d7c42b43235864aef11d150741299f67a0430da1c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 672}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_internal_code_raises_plain_rpc_error` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36950, "scanner": "repobility-ast-engine", "fingerprint": "091e0199fba3b65825e1d8dfb617af9e3fdcc9e1ea7a145fc4c76e18b3affb2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|091e0199fba3b65825e1d8dfb617af9e3fdcc9e1ea7a145fc4c76e18b3affb2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 647}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._assert_no_auth_patterns` used but never assigned in __init__: Method `test_internal_code_raises_plain_rpc_error` of class `TestNullResultStatusCodeEnrichment` reads `self._assert_no_auth_patterns`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36949, "scanner": "repobility-ast-engine", "fingerprint": "f785da8d1eb41d06435468cc6acbb68c4fa3daea67a10474befb753f894e2930", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f785da8d1eb41d06435468cc6acbb68c4fa3daea67a10474befb753f894e2930"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 656}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_permission_denied_raises_client_error` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36948, "scanner": "repobility-ast-engine", "fingerprint": "fecc74f759f027a789890c584df3179077bd7e1fe247980611baf98497c1be66", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fecc74f759f027a789890c584df3179077bd7e1fe247980611baf98497c1be66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 631}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._assert_no_auth_patterns` used but never assigned in __init__: Method `test_permission_denied_raises_client_error` of class `TestNullResultStatusCodeEnrichment` reads `self._assert_no_auth_patterns`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36947, "scanner": "repobility-ast-engine", "fingerprint": "521c44c40a11b6309a9b869db0f52db96be6887a7b5a884f0f45bd5de13d6ac6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|521c44c40a11b6309a9b869db0f52db96be6887a7b5a884f0f45bd5de13d6ac6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 637}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_not_found_raises_client_error` of class `TestNullResultStatusCodeEnrichment` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36946, "scanner": "repobility-ast-engine", "fingerprint": "d6aefcc48503b2ce32c23bd92666465e9122173ed767745196dbf25810277fa8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d6aefcc48503b2ce32c23bd92666465e9122173ed767745196dbf25810277fa8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 616}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._assert_no_auth_patterns` used but never assigned in __init__: Method `test_not_found_raises_client_error` of class `TestNullResultStatusCodeEnrichment` reads `self._assert_no_auth_patterns`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36945, "scanner": "repobility-ast-engine", "fingerprint": "1ccf29a2675da28cf0e4e69a7484591c5b9cfe2035b5db962b8b8ccf5130c4b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1ccf29a2675da28cf0e4e69a7484591c5b9cfe2035b5db962b8b8ccf5130c4b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 626}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_null_result_includes_found_ids` of class `TestIssue114Reproduction` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36944, "scanner": "repobility-ast-engine", "fingerprint": "53e5622639b979038525dbbd8f4192d2174ecc0a2ab856c1ab2a7823cc83a83b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53e5622639b979038525dbbd8f4192d2174ecc0a2ab856c1ab2a7823cc83a83b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 579}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_all_scenarios_include_method_id` of class `TestIssue114Reproduction` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36943, "scanner": "repobility-ast-engine", "fingerprint": "094ed44a925f3abaf2f5d0b854103255d75576812bc92de739b3f62876b49f88", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|094ed44a925f3abaf2f5d0b854103255d75576812bc92de739b3f62876b49f88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 570}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_scenario_d_short_item` of class `TestIssue114Reproduction` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36942, "scanner": "repobility-ast-engine", "fingerprint": "3f5beaff577e4d7d9c33dbb35a6ce9b7d77795c6ef76594746d60b39eea8622e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f5beaff577e4d7d9c33dbb35a6ce9b7d77795c6ef76594746d60b39eea8622e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 562}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_scenario_c_null_result_data` of class `TestIssue114Reproduction` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36941, "scanner": "repobility-ast-engine", "fingerprint": "e7aed5607f346220bb8a571c2ce00a5b0a2dd5c50eb140156d0148250ede712e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7aed5607f346220bb8a571c2ce00a5b0a2dd5c50eb140156d0148250ede712e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 553}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_scenario_b_non_rpc_json` of class `TestIssue114Reproduction` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36940, "scanner": "repobility-ast-engine", "fingerprint": "d3eab4677fc18fe9aaf434b2a4f44af94e1ece12458694e0f6e644a2224abe97", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d3eab4677fc18fe9aaf434b2a4f44af94e1ece12458694e0f6e644a2224abe97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 544}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_raw` used but never assigned in __init__: Method `test_scenario_a_empty_response` of class `TestIssue114Reproduction` reads `self._build_raw`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36939, "scanner": "repobility-ast-engine", "fingerprint": "de90da9c2b8da6a75d30cdad0fd5e0116a58cf4b5a4f3022102d2ae17ef49699", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de90da9c2b8da6a75d30cdad0fd5e0116a58cf4b5a4f3022102d2ae17ef49699"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 535}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._chunk_record` used but never assigned in __init__: Method `test_skips_extra_non_json_lines_before_and_after_valid_chunk` of class `TestParseChunkedResponse` reads `self._chunk_record`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36938, "scanner": "repobility-ast-engine", "fingerprint": "f74667e625410786da60529f4b82c6d347a0aebff653eb765ce594c3570a31cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f74667e625410786da60529f4b82c6d347a0aebff653eb765ce594c3570a31cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._chunk_record` used but never assigned in __init__: Method `test_skips_payload_split_across_lines_below_threshold` of class `TestParseChunkedResponse` reads `self._chunk_record`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36937, "scanner": "repobility-ast-engine", "fingerprint": "6e42e7dd9d0eb7d58b5821fcd6e8d3125ea0c4bd0744e47c3c4aa0c5bb94aa15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6e42e7dd9d0eb7d58b5821fcd6e8d3125ea0c4bd0744e47c3c4aa0c5bb94aa15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._chunk_record` used but never assigned in __init__: Method `test_skips_byte_count_without_payload_below_threshold` of class `TestParseChunkedResponse` reads `self._chunk_record`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36936, "scanner": "repobility-ast-engine", "fingerprint": "f128ca36f3fee4c436c9f9653abed9d19a8a6a3fe0e472c33e639b05af9449a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f128ca36f3fee4c436c9f9653abed9d19a8a6a3fe0e472c33e639b05af9449a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 144}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._chunk_record` used but never assigned in __init__: Method `test_logs_debug_but_parses_mismatched_byte_count_with_valid_json` of class `TestParseChunkedResponse` reads `self._chunk_record`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36935, "scanner": "repobility-ast-engine", "fingerprint": "8a38dcdd77d0e1396c7e82105f731df497f9c1de497b65099eeba5895e83d71b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a38dcdd77d0e1396c7e82105f731df497f9c1de497b65099eeba5895e83d71b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_decoder.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.generic_visit` used but never assigned in __init__: Method `visit_Call` of class `_OffenderCollector` reads `self.generic_visit`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36933, "scanner": "repobility-ast-engine", "fingerprint": "881ed6465879a228e8c4d3d9dc24880aaa1bd40b7c451ca3d427e6ad879614b6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|881ed6465879a228e8c4d3d9dc24880aaa1bd40b7c451ca3d427e6ad879614b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/_lint/test_no_deprecated_public_rpc_call_kwargs.py"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._visit_function` used but never assigned in __init__: Method `visit_AsyncFunctionDef` of class `_OffenderCollector` reads `self._visit_function`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36932, "scanner": "repobility-ast-engine", "fingerprint": "98cf195f2b9d446208b16b86925c833cb3219fb9fa84513f126c1908c0da1adc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98cf195f2b9d446208b16b86925c833cb3219fb9fa84513f126c1908c0da1adc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/_lint/test_no_deprecated_public_rpc_call_kwargs.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._visit_function` used but never assigned in __init__: Method `visit_FunctionDef` of class `_OffenderCollector` reads `self._visit_function`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36931, "scanner": "repobility-ast-engine", "fingerprint": "978c5e23259c6ff1cebd680ff976683f8b44e4d57c1c9e9f116fb1634fad3c54", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|978c5e23259c6ff1cebd680ff976683f8b44e4d57c1c9e9f116fb1634fad3c54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/_lint/test_no_deprecated_public_rpc_call_kwargs.py"}, "region": {"startLine": 102}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.generic_visit` used but never assigned in __init__: Method `_visit_function` of class `_OffenderCollector` reads `self.generic_visit`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 36930, "scanner": "repobility-ast-engine", "fingerprint": "abe97edf570961557638f0a1f6429177ee30f004f66642d2117d7698c2227a69", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|abe97edf570961557638f0a1f6429177ee30f004f66642d2117d7698c2227a69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/_lint/test_no_deprecated_public_rpc_call_kwargs.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_infographic_default: Test function `test_generate_infographic_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36929, "scanner": "repobility-ast-engine", "fingerprint": "ff35867774fd59e3e5f5ab2a903be552cae7e2ca90cf01ca2463d332cfc79d80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff35867774fd59e3e5f5ab2a903be552cae7e2ca90cf01ca2463d332cfc79d80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_flashcards_with_options: Test function `test_generate_flashcards_with_options` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36928, "scanner": "repobility-ast-engine", "fingerprint": "cf23f7de0cab28036156a630776e3417a461cb838e5808d044a834a962d8843a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf23f7de0cab28036156a630776e3417a461cb838e5808d044a834a962d8843a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 256}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_flashcards_default: Test function `test_generate_flashcards_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36927, "scanner": "repobility-ast-engine", "fingerprint": "aa7dcf27ff9f7c553439572bf60f99adf92f9556ad7a6ea454a468c7ca2b320e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa7dcf27ff9f7c553439572bf60f99adf92f9556ad7a6ea454a468c7ca2b320e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_quiz_fewer_easy: Test function `test_generate_quiz_fewer_easy` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36926, "scanner": "repobility-ast-engine", "fingerprint": "eaf1bbbbe4933a8811a84e721f59c7f4c942e8adf6bb53f67e598360c07b5f80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eaf1bbbbe4933a8811a84e721f59c7f4c942e8adf6bb53f67e598360c07b5f80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_quiz_with_options: Test function `test_generate_quiz_with_options` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36925, "scanner": "repobility-ast-engine", "fingerprint": "034b1b9dee5ab6fc05ee7f9046959ba8988f0cc40b787c5be4e808781e26f677", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|034b1b9dee5ab6fc05ee7f9046959ba8988f0cc40b787c5be4e808781e26f677"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 221}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_quiz_default: Test function `test_generate_quiz_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36924, "scanner": "repobility-ast-engine", "fingerprint": "8bf08e0fc4ef3bc24efc611a39d5f9f9d977e9fc3696c4d4e999a54f0faa989b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bf08e0fc4ef3bc24efc611a39d5f9f9d977e9fc3696c4d4e999a54f0faa989b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_cinematic_video_with_language: Test function `test_generate_cinematic_video_with_language` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36923, "scanner": "repobility-ast-engine", "fingerprint": "a0cc2cd48aac1d3f0a343008229e85e00f6353108e0fcee8b002ef26894689a3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0cc2cd48aac1d3f0a343008229e85e00f6353108e0fcee8b002ef26894689a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_cinematic_video_with_instructions: Test function `test_generate_cinematic_video_with_instructions` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36922, "scanner": "repobility-ast-engine", "fingerprint": "e89b223d156ddaa5b9f6eb2ee3ab5c187d009f6e3580aa32ad60b42fb6cacf8d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e89b223d156ddaa5b9f6eb2ee3ab5c187d009f6e3580aa32ad60b42fb6cacf8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_cinematic_video_default: Test function `test_generate_cinematic_video_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36921, "scanner": "repobility-ast-engine", "fingerprint": "c631c9e9a1b1ebb7f2afb1dcc13d204ad7fa9a18e32ef8eb2381660cd8b0f205", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c631c9e9a1b1ebb7f2afb1dcc13d204ad7fa9a18e32ef8eb2381660cd8b0f205"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_video_auto_style: Test function `test_generate_video_auto_style` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36920, "scanner": "repobility-ast-engine", "fingerprint": "799d8e79d7ac01c83bce84414b87585206cbfbac7b9ee90f5141929bb6c48bff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|799d8e79d7ac01c83bce84414b87585206cbfbac7b9ee90f5141929bb6c48bff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 163}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_video_watercolor_style: Test function `test_generate_video_watercolor_style` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36919, "scanner": "repobility-ast-engine", "fingerprint": "2a2f3429dc382353b0a9a09c691ae4dac177d260aaeef5e7eeb9f2a8700a4085", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2a2f3429dc382353b0a9a09c691ae4dac177d260aaeef5e7eeb9f2a8700a4085"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_video_kawaii_style: Test function `test_generate_video_kawaii_style` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36918, "scanner": "repobility-ast-engine", "fingerprint": "d5cf578c5a5ff98920aeb43bd534de86d2f4b81a19f6fafcafff2a9e8d04ec47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5cf578c5a5ff98920aeb43bd534de86d2f4b81a19f6fafcafff2a9e8d04ec47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_video_with_instructions: Test function `test_generate_video_with_instructions` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36917, "scanner": "repobility-ast-engine", "fingerprint": "d828cf98251954209521492fdcd317295255a160d1905fe36ef1403c73c47750", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d828cf98251954209521492fdcd317295255a160d1905fe36ef1403c73c47750"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_video_brief_whiteboard: Test function `test_generate_video_brief_whiteboard` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36916, "scanner": "repobility-ast-engine", "fingerprint": "335ce7eebd9cd08117e9507927c6340edc8e9e805447785326bf3851ff6c5606", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|335ce7eebd9cd08117e9507927c6340edc8e9e805447785326bf3851ff6c5606"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_video_explainer_anime: Test function `test_generate_video_explainer_anime` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36915, "scanner": "repobility-ast-engine", "fingerprint": "c9c2559813c50b9e4e19c1a02ef8590fc9620b9bb3d35cc233aeabd19b61c6b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c9c2559813c50b9e4e19c1a02ef8590fc9620b9bb3d35cc233aeabd19b61c6b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 114}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_video_default: Test function `test_generate_video_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36914, "scanner": "repobility-ast-engine", "fingerprint": "5dee8768566560c63a7db2a08189706ce60e9b26c84c17fc695be10a1ffb4115", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5dee8768566560c63a7db2a08189706ce60e9b26c84c17fc695be10a1ffb4115"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_audio_with_language: Test function `test_generate_audio_with_language` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36913, "scanner": "repobility-ast-engine", "fingerprint": "5a6156879ff698c4bac56475bc0a6d6a367f1fa8e492c7274ec521dc4b57860e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5a6156879ff698c4bac56475bc0a6d6a367f1fa8e492c7274ec521dc4b57860e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 91}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_audio_debate: Test function `test_generate_audio_debate` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36912, "scanner": "repobility-ast-engine", "fingerprint": "45a1af11cfbbd0ce2b5d5d6a9d81e581b0392a4a06fd60f2248d29bba761a994", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45a1af11cfbbd0ce2b5d5d6a9d81e581b0392a4a06fd60f2248d29bba761a994"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_audio_critique: Test function `test_generate_audio_critique` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36911, "scanner": "repobility-ast-engine", "fingerprint": "191f06de50a680b30d855f8a0581a9f1cc1c6e693e6ef1d4d1a2bbd45abe8620", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|191f06de50a680b30d855f8a0581a9f1cc1c6e693e6ef1d4d1a2bbd45abe8620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_audio_brief_short: Test function `test_generate_audio_brief_short` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36910, "scanner": "repobility-ast-engine", "fingerprint": "f51ce89e4d1cb297b0b4046f16e49f245371b38ce84a8e5b540370fff00c8047", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f51ce89e4d1cb297b0b4046f16e49f245371b38ce84a8e5b540370fff00c8047"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_audio_deep_dive_long: Test function `test_generate_audio_deep_dive_long` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36909, "scanner": "repobility-ast-engine", "fingerprint": "294258a5c4853308bd50e4e7cae2c7e1b720db8cd1d15b7f64832a0478a0fefc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|294258a5c4853308bd50e4e7cae2c7e1b720db8cd1d15b7f64832a0478a0fefc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_audio_brief: Test function `test_generate_audio_brief` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36908, "scanner": "repobility-ast-engine", "fingerprint": "2d7dc3eb7c8e4d69163e1685a94cf12a327e4b63a6306218881bbddf560bb0b1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2d7dc3eb7c8e4d69163e1685a94cf12a327e4b63a6306218881bbddf560bb0b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_generate_audio_default: Test function `test_generate_audio_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36907, "scanner": "repobility-ast-engine", "fingerprint": "97bc3385021bb2763838c7ac69e8ac6bb78fc5478b16624ce114344cbcf8dbf0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97bc3385021bb2763838c7ac69e8ac6bb78fc5478b16624ce114344cbcf8dbf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/e2e/test_generation.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rpc_method_with_data: Test function `test_rpc_method_with_data` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36894, "scanner": "repobility-ast-engine", "fingerprint": "20d566d0df0299918f41f736b71b83e8065c47819fbaad8529a080b1fc247953", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20d566d0df0299918f41f736b71b83e8065c47819fbaad8529a080b1fc247953"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_rpc_health.py"}, "region": {"startLine": 352}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rpc_method: Test function `test_rpc_method` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 36893, "scanner": "repobility-ast-engine", "fingerprint": "468247749ba3b1f055054d14da728d92d1de62dabe830f26843bf02ce36f89a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|468247749ba3b1f055054d14da728d92d1de62dabe830f26843bf02ce36f89a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/check_rpc_health.py"}, "region": {"startLine": 311}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36876, "scanner": "repobility-threat-engine", "fingerprint": "964cb40a4a645c3c4c7ba8f2180fdadbc31521d9dd11aa4bec7ffeb258fca299", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "response.update(extra)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|964cb40a4a645c3c4c7ba8f2180fdadbc31521d9dd11aa4bec7ffeb258fca299"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/rendering.py"}, "region": {"startLine": 87}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 36875, "scanner": "repobility-threat-engine", "fingerprint": "6809d4412bfb95baf6d04a732d4678b945ddc2cda9a320777b094779c7830731", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "response.update(extra)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6809d4412bfb95baf6d04a732d4678b945ddc2cda9a320777b094779c7830731"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/error_handler.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 36872, "scanner": "repobility-threat-engine", "fingerprint": "25ea4a2defa7f789446724a27d46111f5c6f6a113eeb81149e0c8ce255188b1f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|25ea4a2defa7f789446724a27d46111f5c6f6a113eeb81149e0c8ce255188b1f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/error_handler.py"}, "region": {"startLine": 133}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 36871, "scanner": "repobility-threat-engine", "fingerprint": "a924499fd8f17eabb3c386b74a6c68b6d693af1722859103cfea4f0bd49c8b07", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a924499fd8f17eabb3c386b74a6c68b6d693af1722859103cfea4f0bd49c8b07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_source_polling.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 36869, "scanner": "repobility-threat-engine", "fingerprint": "3a1069b84a14199384d751311e421308102be047a53eb81df5026f1acaf40407", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"notebooklm-py v([\\d.]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|src/notebooklm/cli/skill.py|51|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/skill.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 36868, "scanner": "repobility-threat-engine", "fingerprint": "9bd522fea05d51ef7a13730772881b75020972d9b270035d748f5a93156a87df", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'data-app-data=\"([^\"]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|35|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_artifact_formatters.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 36851, "scanner": "repobility-threat-engine", "fingerprint": "0a60eb266d45a59c000a1d1e3c7d9640a38d3ea38e8cc4e758ba3093b688eae3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a60eb266d45a59c000a1d1e3c7d9640a38d3ea38e8cc4e758ba3093b688eae3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/migration.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 36850, "scanner": "repobility-threat-engine", "fingerprint": "952025ccbb8f3528c44227a23aafcb3c556bdbf23c0456bf4197809ed92c6187", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|952025ccbb8f3528c44227a23aafcb3c556bdbf23c0456bf4197809ed92c6187"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/completion.py"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 36849, "scanner": "repobility-threat-engine", "fingerprint": "b6b9218b1da0afd956a09dfcc1d1189b51c341ec2834bf883f7649c54b4b41da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b6b9218b1da0afd956a09dfcc1d1189b51c341ec2834bf883f7649c54b4b41da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/notes.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 32 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: and=1, else=1, except=2, for=6, if=6, nested_bonus=13, ternary=3."}, "properties": {"repobilityId": 36846, "scanner": "repobility-threat-engine", "fingerprint": "1a41b5c6d5da766f0a2a4bf6298d41b0c39cb07ee2cc4701659267541d9a8180", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 32 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "and": 1, "for": 6, "else": 1, "except": 2, "ternary": 3, "nested_bonus": 13}, "complexity": 32, "correlation_key": "fp|1a41b5c6d5da766f0a2a4bf6298d41b0c39cb07ee2cc4701659267541d9a8180"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/notes.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36839, "scanner": "repobility-threat-engine", "fingerprint": "be58bbddd42b9eb8715f254340494c7e09108afa9e8935ff155f609d75393277", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n            n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|be58bbddd42b9eb8715f254340494c7e09108afa9e8935ff155f609d75393277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/notes.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36838, "scanner": "repobility-threat-engine", "fingerprint": "1b05db094d19107e7490924a58ef390f239a27a6bec8550a35227cad03a5df6f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(\n            n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b05db094d19107e7490924a58ef390f239a27a6bec8550a35227cad03a5df6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/chat.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 36837, "scanner": "repobility-threat-engine", "fingerprint": "1ab148c6b92a29c3cd358d1ef0d47640c889ba107e0627dd91c665ee4dee4c82", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(n", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1ab148c6b92a29c3cd358d1ef0d47640c889ba107e0627dd91c665ee4dee4c82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/examples/bulk-import.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.NAME` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.NAME }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 36994, "scanner": "repobility-supply-chain", "fingerprint": "1a06389c7d9f15c9347f06c6aa9c7194b0cfb3276f2e46456f21dfa471b54602", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1a06389c7d9f15c9347f06c6aa9c7194b0cfb3276f2e46456f21dfa471b54602"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36982, "scanner": "repobility-ast-engine", "fingerprint": "60afcd13c70fc310bdddf5151d96f5a40ce5668c44ed77b27f2ea8ff3c1ad96d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|60afcd13c70fc310bdddf5151d96f5a40ce5668c44ed77b27f2ea8ff3c1ad96d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/services/login.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `warnings` used but not imported: The file uses `warnings.something(...)` but never imports `warnings`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36981, "scanner": "repobility-ast-engine", "fingerprint": "f4f258186486fefe0a89a1d5642382738330c4b5df5973b14f507b0932641265", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f4f258186486fefe0a89a1d5642382738330c4b5df5973b14f507b0932641265"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/cli/services/source_add.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `email` used but not imported: The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36980, "scanner": "repobility-ast-engine", "fingerprint": "f60155e0eee4a8e43234666c76231d56a6ba0f8887ed3ee7fcabfab4ffdc7dfb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f60155e0eee4a8e43234666c76231d56a6ba0f8887ed3ee7fcabfab4ffdc7dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/notebooklm/_auth/account.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36973, "scanner": "repobility-ast-engine", "fingerprint": "a03e2bccaf946a4fb15f62265c1fb160c4d5349d0ac62037db02c02345a795e0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a03e2bccaf946a4fb15f62265c1fb160c4d5349d0ac62037db02c02345a795e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/concurrency/test_auth_load_blocks_loop.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36968, "scanner": "repobility-ast-engine", "fingerprint": "7728804825fc1788d26bef4ad59e34fdb6b6e4487c80c37c92a67be4de13648a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7728804825fc1788d26bef4ad59e34fdb6b6e4487c80c37c92a67be4de13648a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/integration/test_session_integration.py"}, "region": {"startLine": 498}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36967, "scanner": "repobility-ast-engine", "fingerprint": "ed5649cce4b4ecd196a8302dccd1bc85cba702e6080c9a28df78e9ac7b1bd77a", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed5649cce4b4ecd196a8302dccd1bc85cba702e6080c9a28df78e9ac7b1bd77a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_client.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36965, "scanner": "repobility-ast-engine", "fingerprint": "b14f7d35c823bb8ef5f7a838541a103a0fda4bedc6c0f461315a7fb92418cec2", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b14f7d35c823bb8ef5f7a838541a103a0fda4bedc6c0f461315a7fb92418cec2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_auth_refresh.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36962, "scanner": "repobility-ast-engine", "fingerprint": "5676a0872edc2341c192026e1e4f2802785711c083a5d8db23dc3efbe3b8b9ee", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5676a0872edc2341c192026e1e4f2802785711c083a5d8db23dc3efbe3b8b9ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_auth_storage.py"}, "region": {"startLine": 331}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `enum` used but not imported: The file uses `enum.something(...)` but never imports `enum`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36960, "scanner": "repobility-ast-engine", "fingerprint": "e7fcd619e46bd235b0dc73c4958364ec5d74f4921974c1a285891a9fbdacf1af", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7fcd619e46bd235b0dc73c4958364ec5d74f4921974c1a285891a9fbdacf1af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_cookie_domain_split.py"}, "region": {"startLine": 610}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `html` used but not imported: The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 36956, "scanner": "repobility-ast-engine", "fingerprint": "82283020bd7e7a1f4107ba7bf4eebe9289255f7ed8254209557e36ea6084dc82", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82283020bd7e7a1f4107ba7bf4eebe9289255f7ed8254209557e36ea6084dc82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_docstrings.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED018", "level": "error", "message": {"text": "[MINED018] Unsafe Deserialization Pickle: pickle.loads / yaml.load (without Loader=SafeLoader) / unmarshal of network/file data \u2014 RCE."}, "properties": {"repobilityId": 36867, "scanner": "repobility-threat-engine", "fingerprint": "c18052f42132f04cdaac27e7e0264dc415a533462dacbf0cc5d952c4e675f6a7", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "unsafe-deserialization-pickle", "owasp": "A08:2021", "cwe_ids": ["CWE-502"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347940+00:00", "triaged_in_corpus": 20, "observations_count": 58759, "ai_coder_pattern_id": 32}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c18052f42132f04cdaac27e7e0264dc415a533462dacbf0cc5d952c4e675f6a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/rescrub-cassettes.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC116", "level": "error", "message": {"text": "[SEC116] Ruby YAML.load / Marshal.load on untrusted input: `YAML.load` (pre-3.1) and `Marshal.load` instantiate arbitrary Ruby classes \u2014 direct RCE on untrusted input. `unsafe_load` is even more dangerous."}, "properties": {"repobilityId": 36866, "scanner": "repobility-threat-engine", "fingerprint": "fb9443d1a0a53a1ad09a8c56ecfff14cf9e687145ff349d3c8d7a3a2c01c6d93", "category": "deserialization", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC116", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|178|sec116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/rescrub-cassettes.py"}, "region": {"startLine": 178}}}]}, {"ruleId": "SEC079", "level": "error", "message": {"text": "[SEC079] Python: yaml.load without SafeLoader: yaml.load() without explicit SafeLoader can execute arbitrary Python objects (CVE-2017-18342). Ported from bandit B506 / dlint DUO109 (Apache-2.0 / BSD-3)."}, "properties": {"repobilityId": 36865, "scanner": "repobility-threat-engine", "fingerprint": "28878108e712532f3e4af7ce33cae4c3bcea38484dfa87c842a5e9cd57125cdf", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(raw, Loader=Loader)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC079", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|28878108e712532f3e4af7ce33cae4c3bcea38484dfa87c842a5e9cd57125cdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/rescrub-cassettes.py"}, "region": {"startLine": 178}}}]}]}]}