{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /u"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /users/settings/confir"}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Add `Sitemap: https://your-domain.example/sitemap.xml` to robots.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "Add regression tests for anonymous denial, cross-user object denial, admin role limits, and super_admin-only behavior."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/503"}, "properties": {"repository": "151henry151/romp-crm", "repoUrl": "https://github.com/151henry151/romp-crm/", "branch": "master"}, "results": [{"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /users/log-in."}, "properties": {"repobilityId": 29437, "scanner": "repobility-access-control", "fingerprint": "ca98baeba0b1c7a4612dd2f31bc6f914534ad9f0f7136632058b64bb6ec2bc59", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/users/log-in", "method": "POST", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|97|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 97}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /users/log-in/:token."}, "properties": {"repobilityId": 29436, "scanner": "repobility-access-control", "fingerprint": "279ed49b7a5b74d7619803a021483837a4de7f1088c21c3397af134854aa21c5", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/users/log-in/:token", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|96|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 96}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /users/log-in."}, "properties": {"repobilityId": 29435, "scanner": "repobility-access-control", "fingerprint": "61da6c8851ea8a5471951f2bc603281423c0df63488c03558f2fb681016dcbf5", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/users/log-in", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|95|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 95}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /invitations/:token."}, "properties": {"repobilityId": 29434, "scanner": "repobility-access-control", "fingerprint": "b1c9d99fba82df3af116ea24acbc00ce5a64721d95c136015f7ef97f34c89888", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/invitations/:token", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|93|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 93}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /gift/claim/:token."}, "properties": {"repobilityId": 29433, "scanner": "repobility-access-control", "fingerprint": "676a61d395e157af1b5dca7c46014a58242cd23d3516e0df8c175dde19534788", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/gift/claim/:token", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|91|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 91}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /gift/redeem/:token."}, "properties": {"repobilityId": 29432, "scanner": "repobility-access-control", "fingerprint": "6b0ba716934cc70d9f70ab21bdf1be8a7647151a2b0c1b7bf82a04892066f4dd", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/gift/redeem/:token", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|90|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 90}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /subscribe/paypal/cancel."}, "properties": {"repobilityId": 29431, "scanner": "repobility-access-control", "fingerprint": "c39dfce459be8379158e4b99e5f643a0c756a76e4f9aa900e17dd4244781fc08", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/subscribe/paypal/cancel", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|88|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 88}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /subscribe/paypal/return."}, "properties": {"repobilityId": 29430, "scanner": "repobility-access-control", "fingerprint": "1fa269e029883c2c52232cf7511e1fdb292ab4e3b69335a23a05b6217f630e88", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/subscribe/paypal/return", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|87|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 87}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /subscribe/resume."}, "properties": {"repobilityId": 29429, "scanner": "repobility-access-control", "fingerprint": "65c6db74b00b235469ce73f4aadaf3a3532f278dc6659b1a49c738e16f4e49aa", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/subscribe/resume", "method": "POST", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|86|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 86}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /subscribe."}, "properties": {"repobilityId": 29428, "scanner": "repobility-access-control", "fingerprint": "78a9b4e981e5883292990f3a3ae9b7a5a55a43f31cdac21fbd752e38ed2e2a07", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/subscribe", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|85|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 85}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /users/settings/confirm-email/:token."}, "properties": {"repobilityId": 29427, "scanner": "repobility-access-control", "fingerprint": "a10ad0efa8a1cb14520a4024598357ac38707823a987fd849e3aa28976fd62b6", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/users/settings/confirm-email/:token", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|125|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 125}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: PUT /users/settings."}, "properties": {"repobilityId": 29426, "scanner": "repobility-access-control", "fingerprint": "714103ea5aad441d78b596ab0b4efa0d3efa7e29c4f8bd6343abf1e4ed81bd21", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/users/settings", "method": "PUT", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|124|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 124}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /users/settings."}, "properties": {"repobilityId": 29425, "scanner": "repobility-access-control", "fingerprint": "632aaf25868c9153d47c42791cfb876223b352580eb77248fff1dfc9be36b422", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/users/settings", "method": "GET", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|123|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 123}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /gift/redeem/:token."}, "properties": {"repobilityId": 29424, "scanner": "repobility-access-control", "fingerprint": "e2619dfcea59e6a87de9a9296b227b0d7bb992cfe3ddb64230a17f7e65241ce8", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/gift/redeem/:token", "method": "POST", "scanner": "repobility-access-control", "framework": "Phoenix", "correlation_key": "code|auth|lib/romp_crm_web/router.ex|104|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/router.ex"}, "region": {"startLine": 104}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 29423, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Phoenix"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "CORE_NO_CI", "level": "warning", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 29405, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_NO_CI", "scanner": "repobility-core", "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 29440, "scanner": "repobility-web-presence", "fingerprint": "f888b759b813198e25d9853a2b40cd33a41ceb82bd231d7beb550dc127da6232", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|f888b759b813198e25d9853a2b40cd33a41ceb82bd231d7beb550dc127da6232"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "priv/static/robots-9e2c81b0855bbff2baa8371bc4a78186.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 29438, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Phoenix"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29422, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3beed39f66f5c1d48a2a8599aa89885cef69f6eb447ccec45fb06478ac9d01f6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "test/romp_crm/ai/sms_job_extractor_test.exs", "duplicate_line": 72, "correlation_key": "fp|3beed39f66f5c1d48a2a8599aa89885cef69f6eb447ccec45fb06478ac9d01f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "test/romp_crm_web/controllers/twilio_webhook_controller_test.exs"}, "region": {"startLine": 185}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29421, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df6607a0b2395cff338fa5d64edbabb3bad4568fa7eeadecf2aaa72be0da4fd9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm_web/live/employee_detail_live.ex", "duplicate_line": 40, "correlation_key": "fp|df6607a0b2395cff338fa5d64edbabb3bad4568fa7eeadecf2aaa72be0da4fd9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/live/time_log_live.ex"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29420, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5cb9fdfacaf87ab3a9bfad2a630a89ce3e2ee8c84cdaa66f0e5258ec2b51ee72", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm_web/live/employee_detail_live.ex", "duplicate_line": 40, "correlation_key": "fp|5cb9fdfacaf87ab3a9bfad2a630a89ce3e2ee8c84cdaa66f0e5258ec2b51ee72"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm_web/live/my_timeclock_live.ex"}, "region": {"startLine": 122}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29419, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f02dd3746a043371a957468f68f0dde38c2980636a95dddd0ff3dd5a18f51631", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/employees/employee_time_entry.ex", "duplicate_line": 50, "correlation_key": "fp|f02dd3746a043371a957468f68f0dde38c2980636a95dddd0ff3dd5a18f51631"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/time_tracking/time_entry.ex"}, "region": {"startLine": 46}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29418, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fbb70bf7c40a84804faedd5561d8ebf02339b7dd8cf92bcad2dbc11fac871a5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/data_export_scheduler.ex", "duplicate_line": 8, "correlation_key": "fp|fbb70bf7c40a84804faedd5561d8ebf02339b7dd8cf92bcad2dbc11fac871a5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/reminder_scheduler.ex"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29417, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1545d3ef165667708dc47901387ed524cc11df1dd60ce2deed34dfa9a139f934", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/accounts/user_notifier.ex", "duplicate_line": 5, "correlation_key": "fp|1545d3ef165667708dc47901387ed524cc11df1dd60ce2deed34dfa9a139f934"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/businesses/notifier.ex"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29416, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4932181a77601c8f76f7ef39ea3d6124a4bf748ec50be2f0930a15abbbf899f4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_job_extractor/deterministic_stub.ex", "duplicate_line": 59, "correlation_key": "fp|4932181a77601c8f76f7ef39ea3d6124a4bf748ec50be2f0930a15abbbf899f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_unified_inbound_extractor/deterministic_stub.ex"}, "region": {"startLine": 215}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29415, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0336bb11fe5a9bb3bc857ddcd3f20e55e01e2393539706bbe6dcf97d0a854c81", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_job_extractor/anthropic.ex", "duplicate_line": 42, "correlation_key": "fp|0336bb11fe5a9bb3bc857ddcd3f20e55e01e2393539706bbe6dcf97d0a854c81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_unified_inbound_extractor/anthropic.ex"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29414, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b815d2c829f8ad4d39b353b332406e5f76dbc6b713df6b200cf2068ad77689ec", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_employee_time_extractor/anthropic.ex", "duplicate_line": 20, "correlation_key": "fp|b815d2c829f8ad4d39b353b332406e5f76dbc6b713df6b200cf2068ad77689ec"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_unified_inbound_extractor/anthropic.ex"}, "region": {"startLine": 56}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29413, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0d9fabe3a60a9c5fd87eb4d0a43d051e06c4f96de91d9cbcb8e495af73898b9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_time_extractor/anthropic.ex", "duplicate_line": 22, "correlation_key": "fp|b0d9fabe3a60a9c5fd87eb4d0a43d051e06c4f96de91d9cbcb8e495af73898b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_unified_inbound_extractor/anthropic.ex"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29412, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c7d5ac77662c4c3ebac2a36f1b68c2ea7f9ce337b84a05c6695ef7c72c89a18", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_employee_time_extractor/deterministic_stub.ex", "duplicate_line": 61, "correlation_key": "fp|2c7d5ac77662c4c3ebac2a36f1b68c2ea7f9ce337b84a05c6695ef7c72c89a18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_time_extractor/deterministic_stub.ex"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29411, "scanner": "repobility-ai-code-hygiene", "fingerprint": "145d48f4ac3cac96d03adcfc353b8c53cc3c1fc7b12062b849f5b339c20833b7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_employee_time_extractor/anthropic.ex", "duplicate_line": 20, "correlation_key": "fp|145d48f4ac3cac96d03adcfc353b8c53cc3c1fc7b12062b849f5b339c20833b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_time_extractor/anthropic.ex"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29410, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c5e9e3fa4bcd8d116e2da16ca90ceabb4eea09db67e746b145691752236f028b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_job_extractor.ex", "duplicate_line": 148, "correlation_key": "fp|c5e9e3fa4bcd8d116e2da16ca90ceabb4eea09db67e746b145691752236f028b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_time_extractor.ex"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29409, "scanner": "repobility-ai-code-hygiene", "fingerprint": "047c2e306f605dd69bc8fcbf4cd4194b3a65f7bcee3658151943cf596ead51f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_employee_time_extractor.ex", "duplicate_line": 35, "correlation_key": "fp|047c2e306f605dd69bc8fcbf4cd4194b3a65f7bcee3658151943cf596ead51f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_time_extractor.ex"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29408, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff9c1eaafc803762ee0973f980cac6d2d34691b7cbfac24098215b8ade9ade84", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_employee_time_extractor/anthropic.ex", "duplicate_line": 20, "correlation_key": "fp|ff9c1eaafc803762ee0973f980cac6d2d34691b7cbfac24098215b8ade9ade84"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_job_extractor/anthropic.ex"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29407, "scanner": "repobility-ai-code-hygiene", "fingerprint": "93fb2e0e9c5bfd775bdf3d4c7aa5d1de03cd7a96260bb379363d841a99d32bd7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/romp_crm/ai/sms_employee_time_extractor.ex", "duplicate_line": 54, "correlation_key": "fp|93fb2e0e9c5bfd775bdf3d4c7aa5d1de03cd7a96260bb379363d841a99d32bd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/romp_crm/ai/sms_job_extractor.ex"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 29406, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4341facc01649d5666235150c9b7ce55a74bd7a87f4ddb3dcdcf28f2448270b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "lib/mix/tasks/twilio.configure_sms.ex", "duplicate_line": 51, "correlation_key": "fp|a4341facc01649d5666235150c9b7ce55a74bd7a87f4ddb3dcdcf28f2448270b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "lib/mix/tasks/twilio.configure_voice.ex"}, "region": {"startLine": 55}}}]}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 29439, "scanner": "repobility-journey-contract", "fingerprint": "04ec7df07f7b45e17494443f4d6b934bdf42054962866168ba5eca8109ce73bf", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|token|69|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 0}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "deploy/legal/privacy-policy.html"}, "region": {"startLine": 69}}}]}]}]}