{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED124", "name": "[MINED124] requirements.txt: `claude-agent-sdk` has no version pin: Unpinned pip requirement means every fresh install m", "shortDescription": {"text": "[MINED124] requirements.txt: `claude-agent-sdk` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproduci"}, "fullDescription": {"text": "Replace `claude-agent-sdk` with `claude-agent-sdk==<version>` and manage upgrades through PRs / Dependabot."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED109", "name": "[MINED109] Mutable default argument in `new_user` (list): `def new_user(... = []/{}/set())` \u2014 Python's default value is ", "shortDescription": {"text": "[MINED109] Mutable default argument in `new_user` (list): `def new_user(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every f"}, "fullDescription": {"text": "Use None as the default and create the collection inside the function: `def new_user(x=None): x = x or []`"}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "Add /.well-known/security.txt with Contact, Expires, Canonical, Preferred-Languages, and Policy fields. Keep the contact endpoint monitored."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "Set docs_url=None, redoc_url=None, and openapi_url=None for production apps unless the docs are intentionally public and protected by routing, ingress, or an authenticated docs handler."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /{"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /register."}, "fullDescription": {"text": "Define whether this endpoint is admin-only or super_admin-only, then enforce that distinction in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "", "owasp": ""}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 44.4% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 44.4% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Review the access matrix and add explicit framework auth declarations or policy-file exceptions for intentionally public routes."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "DKR002", "name": "Compose service `prometheus` image has no explicit tag", "shortDescription": {"text": "Compose service `prometheus` image has no explicit tag"}, "fullDescription": {"text": "Pin the image to a supported version tag or digest, for example python:3.13-slim or image@sha256:..."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DKC016", "name": "App service does not wait for database health", "shortDescription": {"text": "App service does not wait for database health"}, "fullDescription": {"text": "Give the database a healthcheck and change the dependency to `depends_on: { db: { condition: service_healthy } }`."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Add a non-root USER in the final runtime stage after files and permissions are prepared."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "DKR014", "name": "Dockerfile copies broad context with incomplete .dockerignore", "shortDescription": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "fullDescription": {"text": "Tighten .dockerignore or replace COPY . with explicit COPY statements."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.76, "cwe": "", "owasp": ""}}, {"id": "DKR009", "name": "Dockerfile separates apt update from install", "shortDescription": {"text": "Dockerfile separates apt update from install"}, "fullDescription": {"text": "Combine update and install in the same RUN instruction and clean package indexes in that layer."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "Confirm whether this file is reachable. If not, delete it; if yes, wire it through explicit imports, routes, or entry points and add a test that proves the path executes."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "Merge the intended change into the canonical file, update tests/imports, and delete the parallel implementation if it is not the active entry point."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "SEC046", "name": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supp", "shortDescription": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromis"}, "fullDescription": {"text": "Validate the URL is same-origin or on an explicit allowlist before assignment:\n  const u = new URL(serverUrl, location.href);\n  if (u.origin !== location.origin && !ALLOWED.includes(u.host)) return;\n  location.assign(u);\nEven better: have the server return a path (/checkout/done) instead of a full URL, and only allow same-origin navigation."}, "properties": {"scanner": "repobility-threat-engine", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "cwe": "", "owasp": ""}}, {"id": "SEC041", "name": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noref", "shortDescription": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and"}, "fullDescription": {"text": "Add rel=\"noopener noreferrer\" to every <a target=\"_blank\">:\n  <a href=\"...\" target=\"_blank\" rel=\"noopener noreferrer\">link</a>\nFor dynamically generated links from JS, set rel on the element before appending. Even safe-looking subdomains should harden \u2014 costs nothing."}, "properties": {"scanner": "repobility-threat-engine", "category": "security", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 15 (SonarSource scale). Cognitive complexi", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weig"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 15."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "DKC010", "name": "Compose service lacks no-new-privileges hardening", "shortDescription": {"text": "Compose service lacks no-new-privileges hardening"}, "fullDescription": {"text": "Add `security_opt: [\"no-new-privileges:true\"]` unless the service has a documented need for privilege escalation."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "Set a non-root `user:` in Compose or ensure the final image stage has a non-root USER directive."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR012", "name": "Dockerfile keeps pip download cache", "shortDescription": {"text": "Dockerfile keeps pip download cache"}, "fullDescription": {"text": "Use `pip install --no-cache-dir ...` in container builds."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR011", "name": "Dockerfile installs recommended OS packages", "shortDescription": {"text": "Dockerfile installs recommended OS packages"}, "fullDescription": {"text": "Add `--no-install-recommends` and explicitly list only packages the image needs."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": "Add missing patterns such as .env, .git, private keys, certificates, dependency folders, and local databases."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC005", "name": "Duplicate top-level symbol appears in a patch-style file", "shortDescription": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "fullDescription": {"text": "Keep one authoritative implementation, update imports to point at it, and remove or rename the duplicate symbol."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC009", "name": "Multiple AI-agent scaffold marker files are present", "shortDescription": {"text": "Multiple AI-agent scaffold marker files are present"}, "fullDescription": {"text": "Keep one current agent instruction file if it helps contributors, remove stale progress/completion markers, and make sure the README, tests, and CI describe the real supported behavior."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Remove generated output from version control, add it to .gitignore and .dockerignore where relevant, and regenerate it in CI or release jobs."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED074", "name": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI halluci", "shortDescription": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 11 more): Same pattern found in 11 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 52 more): Same pattern found in 52 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED053", "name": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeh", "shortDescription": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1392,CWE-798 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED063", "name": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use.", "shortDescription": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-367 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 67 more): Same pattern found in 67 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 67 more): Same pattern found in 67 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter (and 2 more): Same pattern found in 2 additional files. Review if n", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[MINED072] Python Pass Only Class (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 9 more): Same pattern found in 9 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED076", "name": "[MINED076] Catch And Reraise Noop (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED076] Catch And Reraise Noop (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 55 more): Same pattern found in 55 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED020", "name": "[MINED020] Logging Credential Via Fstring (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED020] Logging Credential Via Fstring (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 250 more): Same pattern found in 250 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 250 more): Same pattern found in 250 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED049] Print Pii (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 18 more): Same pattern found in 18 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 23 more): Same pattern found in 23 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED077", "name": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles.", "shortDescription": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-772 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED060", "name": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines.", "shortDescription": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-401 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 3 more): Same pattern found in 3 additional files. ", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED064] Python Input Call (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 83 more): Same pattern found in 83 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 83 more): Same pattern found in 83 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 241 more): Same pattern found in 241 ad", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 241 more): Same pattern found in 241 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED118", "name": "[MINED118] Dockerfile FROM `ollama/ollama (no tag)` not pinned by digest: `FROM ollama/ollama (no tag)` resolves the tag", "shortDescription": {"text": "[MINED118] Dockerfile FROM `ollama/ollama (no tag)` not pinned by digest: `FROM ollama/ollama (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Pr"}, "fullDescription": {"text": "Replace with: `FROM ollama/ollama (no tag)@sha256:<digest>`. Get the digest from `docker manifest inspect`. Re-pin via a scheduled bot (Renovate, Dependabot)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "[MINED112] FastAPI PATCH litellm.proxy.proxy_server.litellm.Cache has no auth: Handler `test_load_router_config` is regi", "shortDescription": {"text": "[MINED112] FastAPI PATCH litellm.proxy.proxy_server.litellm.Cache has no auth: Handler `test_load_router_config` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the functi"}, "fullDescription": {"text": "Add Depends(get_current_user) or Security(...) to the handler signature. If the route is truly public, document it with a code comment so the rule knows it's intentional."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "[MINED110] Blocking call `time.sleep` inside async function `test_reset_budget_job`: `time.sleep` is a synchronous (bloc", "shortDescription": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_reset_budget_job`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process"}, "fullDescription": {"text": "Use the async equivalent: `aiohttp` instead of `requests`, `asyncio.sleep` instead of `time.sleep`, `aiofiles` instead of `open`."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_organization_member_flow: Test function `test_organization_member_flow` runs code", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_organization_member_flow: Test function `test_organization_member_flow` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self._normalize_strategy` used but never assigned in __init__: Method `_get_routing_context` of class `Route", "shortDescription": {"text": "[MINED108] `self._normalize_strategy` used but never assigned in __init__: Method `_get_routing_context` of class `Router` reads `self._normalize_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This rais"}, "fullDescription": {"text": "Initialize `self._normalize_strategy = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /sso/cli/poll/{key_id}."}, "fullDescription": {"text": "Add ownership, tenant, relationship, or policy checks before reading or mutating the target object."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "DKC011", "name": "Database service publishes a host port", "shortDescription": {"text": "Database service publishes a host port"}, "fullDescription": {"text": "Use `expose` for service-to-service access, bind to 127.0.0.1 for local-only access, or protect the port with firewall rules."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "high", "confidence": 0.84, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that int", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTM"}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED021", "name": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape.", "shortDescription": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED009", "name": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal.", "shortDescription": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED133", "name": "[MINED133] Hardcoded Slack webhook URL in source: File contains a hardcoded `Slack` webhook URL: `https://hooks.slack.co", "shortDescription": {"text": "[MINED133] Hardcoded Slack webhook URL in source: File contains a hardcoded `Slack` webhook URL: `https://hooks.slack.com/services/T00/B00/xxx...`. Webhook URLs are unauthenticated POST endpoints \u2014 anyone with the URL can send messages. The"}, "fullDescription": {"text": "Move the URL to a secret manager / environment variable. Rotate the webhook immediately if this is a live URL (consider it compromised the moment it landed in git)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "[MINED116] Workflow uses `secrets.GITGUARDIAN_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_requ", "shortDescription": {"text": "[MINED116] Workflow uses `secrets.GITGUARDIAN_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GITGUARDIAN_API_KEY }` lets a PR from any fork exfiltrat"}, "fullDescription": {"text": "Either remove the secret reference, or switch the trigger to `pull_request_target` AND ensure no fork-controlled code runs before the secret is consumed."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. T", "shortDescription": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "fullDescription": {"text": "Add `import http` at the top of the file."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN001", "name": "Token handoff appears to use a callback URL or fragment", "shortDescription": {"text": "Token handoff appears to use a callback URL or fragment"}, "fullDescription": {"text": "Use a server-side one-time authorization code tied to a registered callback allowlist. Do not append access tokens to callback URLs or fragments."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Rotate the value if real. Move it to Docker Compose secrets, a platform secret manager, or an uncommitted environment file."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "MINED019", "name": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates.", "shortDescription": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-94 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. Th", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1148"}, "properties": {"repository": "BerriAI/litellm", "repoUrl": "https://github.com/BerriAI/litellm", "branch": "main"}, "results": [{"ruleId": "MINED124", "level": "warning", "message": {"text": "[MINED124] requirements.txt: `claude-agent-sdk` has no version pin: Unpinned pip requirement means every fresh install may resolve a different version. Newer releases can introduce malicious code (typosquats, account compromises). Reproducible installs need exact pins."}, "properties": {"repobilityId": 114951, "scanner": "repobility-supply-chain", "fingerprint": "bcaffe2838fad18e7481c5cdbb65d2eeee61305cdd71b4f92f7cba06e26c3e6a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "unpinned-pip-requirement", "owasp": null, "cwe_ids": ["CWE-1357"], "languages": ["python"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bcaffe2838fad18e7481c5cdbb65d2eeee61305cdd71b4f92f7cba06e26c3e6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/anthropic_agent_sdk/requirements.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `new_user` (list): `def new_user(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114904, "scanner": "repobility-ast-engine", "fingerprint": "1d249c97b7e5b29225760f1cd2f19c03012d880f266e82a975932b8137e1abfe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d249c97b7e5b29225760f1cd2f19c03012d880f266e82a975932b8137e1abfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_team.py"}, "region": {"startLine": 82}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_key` (list): `def generate_key(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114903, "scanner": "repobility-ast-engine", "fingerprint": "d0e7e792711c3c67da941b01c2781ed8e7c42365ba9467cbed25320283562feb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d0e7e792711c3c67da941b01c2781ed8e7c42365ba9467cbed25320283562feb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_keys.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `new_user` (list): `def new_user(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114902, "scanner": "repobility-ast-engine", "fingerprint": "8f11c7ee41857e44660f45dd86ebd1515eb4d8e0b42295bf847bc10327d5d5b0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8f11c7ee41857e44660f45dd86ebd1515eb4d8e0b42295bf847bc10327d5d5b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_organizations.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_key` (list): `def generate_key(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114895, "scanner": "repobility-ast-engine", "fingerprint": "eb146e036d4a53204bf7d032e24335c3baadacb1db26362ef3adb00c84ce4006", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb146e036d4a53204bf7d032e24335c3baadacb1db26362ef3adb00c84ce4006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_team_logging.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_key` (list): `def generate_key(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114894, "scanner": "repobility-ast-engine", "fingerprint": "b6b0f3d6d5cba800f5609264be4f5a85d310b486239e3e1917f54487c343e557", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b6b0f3d6d5cba800f5609264be4f5a85d310b486239e3e1917f54487c343e557"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_end_users.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_key` (list): `def generate_key(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114892, "scanner": "repobility-ast-engine", "fingerprint": "906a010989ec6d4c73ed28e87ac562bf7fd0f0c4693fab8beff7aea77729375b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|906a010989ec6d4c73ed28e87ac562bf7fd0f0c4693fab8beff7aea77729375b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_key` (list): `def generate_key(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114881, "scanner": "repobility-ast-engine", "fingerprint": "72fc43ecdc237e5f0044cf5bdbe74193a8bd09f56744d5280466562194204eb5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72fc43ecdc237e5f0044cf5bdbe74193a8bd09f56744d5280466562194204eb5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_users.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_key` (list): `def generate_key(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114877, "scanner": "repobility-ast-engine", "fingerprint": "2222148e26ca5fc7ef9f4bc231e337efc4b084c02f21106bbbf9506e99f5604c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2222148e26ca5fc7ef9f4bc231e337efc4b084c02f21106bbbf9506e99f5604c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_models.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `generate_key` (list): `def generate_key(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114874, "scanner": "repobility-ast-engine", "fingerprint": "db078cb74c26806d458b1f46704088da6683d02c4e23f48a45fb5482dd10c3ef", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db078cb74c26806d458b1f46704088da6683d02c4e23f48a45fb5482dd10c3ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_spend_logs.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `embedding` (list): `def embedding(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114870, "scanner": "repobility-ast-engine", "fingerprint": "706a6e754f9bff7678d0c0ef571a02bfe60ecfa56cfef3b71a5ce05db2d3dce9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|706a6e754f9bff7678d0c0ef571a02bfe60ecfa56cfef3b71a5ce05db2d3dce9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/main.py"}, "region": {"startLine": 4771}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `embedding` (list): `def embedding(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114869, "scanner": "repobility-ast-engine", "fingerprint": "ae875b3783ddf739b450e4c893b346212b0eaa968b53170573627d355c597d51", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ae875b3783ddf739b450e4c893b346212b0eaa968b53170573627d355c597d51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/main.py"}, "region": {"startLine": 4744}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `embedding` (list): `def embedding(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114868, "scanner": "repobility-ast-engine", "fingerprint": "a528b566a79bd8d3af01c203e3bb593bb3abb27d72c96ebbc418b2918cdd1851", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a528b566a79bd8d3af01c203e3bb593bb3abb27d72c96ebbc418b2918cdd1851"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/main.py"}, "region": {"startLine": 4718}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `completion` (list): `def completion(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114867, "scanner": "repobility-ast-engine", "fingerprint": "9190c732af3a26620b82f57b3e7bde045caea4b0c9ade2d225951fc50602a4cc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9190c732af3a26620b82f57b3e7bde045caea4b0c9ade2d225951fc50602a4cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/main.py"}, "region": {"startLine": 1085}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `acompletion` (list): `def acompletion(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114866, "scanner": "repobility-ast-engine", "fingerprint": "f17a896882f526b495a6b1fb84b993d87fc3ec0bc2cf58b1659759ace34c037f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f17a896882f526b495a6b1fb84b993d87fc3ec0bc2cf58b1659759ace34c037f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/main.py"}, "region": {"startLine": 394}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114864, "scanner": "repobility-ast-engine", "fingerprint": "fda1f408e4cc663683f7977c89605987fb0262c6822f9b789a3fd99d74526b66", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fda1f408e4cc663683f7977c89605987fb0262c6822f9b789a3fd99d74526b66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 6849}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114863, "scanner": "repobility-ast-engine", "fingerprint": "4a4c53b374eb40f1ba9549d9c741a94f365d03f4f2fbf03f0ee5392385fbf8bc", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4a4c53b374eb40f1ba9549d9c741a94f365d03f4f2fbf03f0ee5392385fbf8bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 6411}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114862, "scanner": "repobility-ast-engine", "fingerprint": "f7af5ba833e397fe35f1d0cb65ed2f9c7aced9bd836243c74a134b52101ba76d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f7af5ba833e397fe35f1d0cb65ed2f9c7aced9bd836243c74a134b52101ba76d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 6326}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114861, "scanner": "repobility-ast-engine", "fingerprint": "c6bb5ddcc1592347b5705bf651450fedcfc851b65f6eca16085b0ea2547aac41", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c6bb5ddcc1592347b5705bf651450fedcfc851b65f6eca16085b0ea2547aac41"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 5667}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114860, "scanner": "repobility-ast-engine", "fingerprint": "9af5c06e8fd735a33f2a35492b41ad693c6557decec025176b4b5c0c2026d694", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9af5c06e8fd735a33f2a35492b41ad693c6557decec025176b4b5c0c2026d694"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 5192}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114859, "scanner": "repobility-ast-engine", "fingerprint": "3c94959f7cfcd908eb40fa658930c0f14fb87c6e6748ed30e30fcdf655d5596a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3c94959f7cfcd908eb40fa658930c0f14fb87c6e6748ed30e30fcdf655d5596a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 2282}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `register_prompt_template` (dict): `def register_prompt_template(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114858, "scanner": "repobility-ast-engine", "fingerprint": "2574cca5595f9e8310e2f3c5eb8d8dfa8e894696fb6f54c5e24d65ad76656644", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2574cca5595f9e8310e2f3c5eb8d8dfa8e894696fb6f54c5e24d65ad76656644"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 6943}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `decode` (list): `def decode(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114857, "scanner": "repobility-ast-engine", "fingerprint": "bffe407b58858909b814689fe5114f1d7eceaa060f41b19ec7fa43d293f6df58", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bffe407b58858909b814689fe5114f1d7eceaa060f41b19ec7fa43d293f6df58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/utils.py"}, "region": {"startLine": 2249}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114856, "scanner": "repobility-ast-engine", "fingerprint": "20cb56fcb3188d5375f4a8ffe3d29097cbea423c3007355b75465f8d847e463a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|20cb56fcb3188d5375f4a8ffe3d29097cbea423c3007355b75465f8d847e463a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/_service_logger.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114855, "scanner": "repobility-ast-engine", "fingerprint": "dab573088a2323132184f464ea29e9e5c058a060ff53476f01b78b0ea2dd9105", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dab573088a2323132184f464ea29e9e5c058a060ff53476f01b78b0ea2dd9105"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/_logging.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114854, "scanner": "repobility-ast-engine", "fingerprint": "94e295e62f396f6063443075d3f7d6b4044492c67944deba1b0dfdcdcff68f5d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|94e295e62f396f6063443075d3f7d6b4044492c67944deba1b0dfdcdcff68f5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 5454}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114853, "scanner": "repobility-ast-engine", "fingerprint": "ad90ce57b77e561ecd25aa87d010c5903dfa81f62227662fe8df1e5baad87427", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ad90ce57b77e561ecd25aa87d010c5903dfa81f62227662fe8df1e5baad87427"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 9186}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114852, "scanner": "repobility-ast-engine", "fingerprint": "b1f3e2f762f7b0b21c8325487d3c576a41a4cbd2bbb678c0851d7733481b1ce2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b1f3e2f762f7b0b21c8325487d3c576a41a4cbd2bbb678c0851d7733481b1ce2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 5651}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114851, "scanner": "repobility-ast-engine", "fingerprint": "df04033ebc8bedc969462b62b3b1321ab4ec31246c0261cc01b940c738db6328", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|df04033ebc8bedc969462b62b3b1321ab4ec31246c0261cc01b940c738db6328"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 4802}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114850, "scanner": "repobility-ast-engine", "fingerprint": "237b9eb52cd153ea5bd381a5d9e75229ffa29df12d5a4e6eb14c146a85d975be", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|237b9eb52cd153ea5bd381a5d9e75229ffa29df12d5a4e6eb14c146a85d975be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 4636}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114849, "scanner": "repobility-ast-engine", "fingerprint": "876c54771f04b5137c4dd32b2b05c76cc374680251ef327757f6e28403a6ff42", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|876c54771f04b5137c4dd32b2b05c76cc374680251ef327757f6e28403a6ff42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 4582}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114848, "scanner": "repobility-ast-engine", "fingerprint": "91309710f0f6075bb215a7310076503cc444f8c05d418c50dc5a8fc557ae5014", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|91309710f0f6075bb215a7310076503cc444f8c05d418c50dc5a8fc557ae5014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 3437}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114847, "scanner": "repobility-ast-engine", "fingerprint": "c573714cb66865bc4c933090039f76a036ac322958123a544b8a1816f48466de", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c573714cb66865bc4c933090039f76a036ac322958123a544b8a1816f48466de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 3376}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114846, "scanner": "repobility-ast-engine", "fingerprint": "abdb110eeb66b07bd8986b85bdf6c5a5038fe56b8d4209a8cc5923128def1338", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|abdb110eeb66b07bd8986b85bdf6c5a5038fe56b8d4209a8cc5923128def1338"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 3315}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114845, "scanner": "repobility-ast-engine", "fingerprint": "2fdf303d116e1f36930be57663f65cb584db6b810f7c10fb0fd5de7b8761bd0a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2fdf303d116e1f36930be57663f65cb584db6b810f7c10fb0fd5de7b8761bd0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 3298}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114844, "scanner": "repobility-ast-engine", "fingerprint": "e0fc749449c51adf651edada3dc016e4468c1845ca28541c704e612b7b400b06", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e0fc749449c51adf651edada3dc016e4468c1845ca28541c704e612b7b400b06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 8730}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114843, "scanner": "repobility-ast-engine", "fingerprint": "e9ba8fb297891f58ca01a154cfaf53815f4653aeb02bdb1614169a5c545057cb", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9ba8fb297891f58ca01a154cfaf53815f4653aeb02bdb1614169a5c545057cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 6638}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (list): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114842, "scanner": "repobility-ast-engine", "fingerprint": "f2d55f2e4c1884990480702fe4053bc3d13520d7d2f1487d06e8519d1297cf66", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2d55f2e4c1884990480702fe4053bc3d13520d7d2f1487d06e8519d1297cf66"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `__init__` (dict): `def __init__(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114841, "scanner": "repobility-ast-engine", "fingerprint": "6da6d2310b8a13af67cfaf032b9284d7a3bb274b8134c230fed9c824e74261f4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6da6d2310b8a13af67cfaf032b9284d7a3bb274b8134c230fed9c824e74261f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114815, "scanner": "repobility-ast-engine", "fingerprint": "dbcf0792bb78a117f59eab32a8292de52016263d046bf19a9f3408e77b6f2415", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dbcf0792bb78a117f59eab32a8292de52016263d046bf19a9f3408e77b6f2415"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/cost_calculator.py"}, "region": {"startLine": 2530}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114814, "scanner": "repobility-ast-engine", "fingerprint": "a199bc2698a356df2db04a7bcde9d59a766fbe3a78113ca2e5848656d9a1da25", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a199bc2698a356df2db04a7bcde9d59a766fbe3a78113ca2e5848656d9a1da25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/cost_calculator.py"}, "region": {"startLine": 2289}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114813, "scanner": "repobility-ast-engine", "fingerprint": "d5468fef82f0fac732e55d306dab027820ed8250d11c556b93c8d5f4d271f580", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d5468fef82f0fac732e55d306dab027820ed8250d11c556b93c8d5f4d271f580"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/cost_calculator.py"}, "region": {"startLine": 2053}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114812, "scanner": "repobility-ast-engine", "fingerprint": "4ea6d9e7b631fedc3aeb5562463afd86edbd494a248f05ff987c2cf2506dc7f7", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4ea6d9e7b631fedc3aeb5562463afd86edbd494a248f05ff987c2cf2506dc7f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/cost_calculator.py"}, "region": {"startLine": 1943}}}]}, {"ruleId": "MINED109", "level": "warning", "message": {"text": "[MINED109] Mutable default argument in `completion_cost` (list): `def completion_cost(... = []/{}/set())` \u2014 Python's default value is constructed ONCE at function definition time and shared across all calls. Mutating it in one call mutates it for every future call too."}, "properties": {"repobilityId": 114811, "scanner": "repobility-ast-engine", "fingerprint": "3f8ebb8f4bb17149aaac460da02c2828994fab105d6699d6fdd191f369dc299c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "mutable-default-arg", "owasp": null, "cwe_ids": ["CWE-1023"], "languages": ["python"], "observations_count": 64867}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f8ebb8f4bb17149aaac460da02c2828994fab105d6699d6fdd191f369dc299c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/cost_calculator.py"}, "region": {"startLine": 1139}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 114810, "scanner": "repobility-ast-engine", "fingerprint": "f2e6f3d8bccd67c2a394b86083fa972e73ebcf0f28e977ed543de637831d1ee6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f2e6f3d8bccd67c2a394b86083fa972e73ebcf0f28e977ed543de637831d1ee6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/_version.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 114809, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 114807, "scanner": "repobility-journey-contract", "fingerprint": "15de386288dd66b50907a1c1accb0b9dbb45fdd602e874d569f08db9f4de456d", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/v1/models", "correlation_key": "fp|15de386288dd66b50907a1c1accb0b9dbb45fdd602e874d569f08db9f4de456d", "backend_endpoint_count": 72}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/4c848b12d4ecda3d.js"}, "region": {"startLine": 10}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 114806, "scanner": "repobility-journey-contract", "fingerprint": "764804388a8a216ca2e055619f05aaa33681117c04e3ed3971017d402a37eb2d", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|102|jrn002", "duplicate_count": 1, "duplicate_rule_ids": ["JRN002"], "duplicate_scanners": ["repobility-journey-contract"], "duplicate_fingerprints": ["1b16af0bb3b16661e924e7d3fcf12089335265a30c86ac5f20dbf82784cc76e5", "764804388a8a216ca2e055619f05aaa33681117c04e3ed3971017d402a37eb2d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/user_dashboard.tsx"}, "region": {"startLine": 102}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 114805, "scanner": "repobility-journey-contract", "fingerprint": "c27ecdea8ca78cf0694a0a7931627383212b4aed334176488583d13c688df1bc", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|99|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/user_dashboard.tsx"}, "region": {"startLine": 99}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 114804, "scanner": "repobility-journey-contract", "fingerprint": "0d388a1ac2540b50ed1ee726d0eba4003156f7a5722c983ddee21493c8356266", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|46|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/632b4c8e836bd956.js"}, "region": {"startLine": 46}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 114803, "scanner": "repobility-journey-contract", "fingerprint": "54fdfcec192451eef3218eed76e0a88eccf5aa18cfa35178aeb132d74d822381", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names. Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|1|jrn002", "duplicate_count": 1, "duplicate_rule_ids": ["JRN002"], "duplicate_scanners": ["repobility-journey-contract"], "duplicate_fingerprints": ["278bc0ce6bf09f2257d03236e7b516532ac7851c5a9ea79106e77d185727781e", "54fdfcec192451eef3218eed76e0a88eccf5aa18cfa35178aeb132d74d822381"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/3e42010d48ebfb0e.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 114801, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 60, "file_path": "scripts/mock_bedrock_passthrough_target.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 4, "file_path": "enterprise/litellm_enterprise/enterprise_callbacks/example_logging_api.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 1464, "file_path": "tests/test_litellm/test_video_generation.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 2151, "file_path": "tests/test_litellm/test_video_generation.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 49, "file_path": "tests/load_tests/memory_leak_utils.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /{mcp_server_name}/token."}, "properties": {"repobilityId": 114800, "scanner": "repobility-access-control", "fingerprint": "afde295dbde9ad6d6234a5ac0430023b5f404fbf6bb9dd46f8a03900191a40df", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{mcp_server_name}/token", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|572|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py"}, "region": {"startLine": 572}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /authorize."}, "properties": {"repobilityId": 114799, "scanner": "repobility-access-control", "fingerprint": "8fe21cfba41e3737c9b3fae55afc45d1901f9cc2de1523a0372556ceaa6a866a", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/authorize", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|516|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py"}, "region": {"startLine": 516}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /{mcp_server_name}/authorize."}, "properties": {"repobilityId": 114798, "scanner": "repobility-access-control", "fingerprint": "c28ec976df0b6c39d08a7d44f0073b49fdcc7b83d8371c84e7a45ea9db4d26ee", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{mcp_server_name}/authorize", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|515|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py"}, "region": {"startLine": 515}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /v1/mcp/oauth/token."}, "properties": {"repobilityId": 114797, "scanner": "repobility-access-control", "fingerprint": "1457c037be73b351a2459ec89267411580889449ba85b73b5fc2b6dfebc643c1", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/v1/mcp/oauth/token", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|767|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/mcp_server/byok_oauth_endpoints.py"}, "region": {"startLine": 767}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /jwt/key/mapping/delete."}, "properties": {"repobilityId": 114796, "scanner": "repobility-access-control", "fingerprint": "ccc85868978cf944cb01791f6b11e9161a4bf695f173908af01988a63798668d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/jwt/key/mapping/delete", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|152|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/management_endpoints/jwt_key_mapping_endpoints.py"}, "region": {"startLine": 152}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /sso/key/generate."}, "properties": {"repobilityId": 114795, "scanner": "repobility-access-control", "fingerprint": "bfbc68d63533f666239702ab33ad48b71efc97d4a9406abfa92c6a25de372453", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/sso/key/generate", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|822|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/management_endpoints/ui_sso.py"}, "region": {"startLine": 822}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /onboarding/claim_token."}, "properties": {"repobilityId": 114794, "scanner": "repobility-access-control", "fingerprint": "e445c885dde35181abbc21814b78411010e90e152d9f41397d150a4afaa10fc6", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/onboarding/claim_token", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|13532|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/proxy_server.py"}, "region": {"startLine": 13532}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /onboarding/get_token."}, "properties": {"repobilityId": 114793, "scanner": "repobility-access-control", "fingerprint": "1942ebc53cab41fe16837e58031c66b6c350bc137dc44b1723efff29da0797a0", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/onboarding/get_token", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|13315|auc009", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/proxy_server.py"}, "region": {"startLine": 13315}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /config."}, "properties": {"repobilityId": 114792, "scanner": "repobility-access-control", "fingerprint": "42977b14c2d6a9e40b82124c66431befc9189794d83810f877848f58ca7939b4", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/config", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|469|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/mock_guardrail_server/mock_bedrock_guardrail_server.py"}, "region": {"startLine": 469}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /config/update."}, "properties": {"repobilityId": 114791, "scanner": "repobility-access-control", "fingerprint": "c61a08fe51b8c3f45f07324eceebcad6748d25aa0141bef66f1b2ca1f9c6a48a", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/config/update", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|448|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/mock_guardrail_server/mock_bedrock_guardrail_server.py"}, "region": {"startLine": 448}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /register."}, "properties": {"repobilityId": 114790, "scanner": "repobility-access-control", "fingerprint": "fcb4f9d54065a8845188d0483a3e16d0f359d12951f5ed63f1d7d6f7dabaa102", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/register", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|1062|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py"}, "region": {"startLine": 1062}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /{mcp_server_name}/register."}, "properties": {"repobilityId": 114789, "scanner": "repobility-access-control", "fingerprint": "aa4f6adb4a4139ba7fc424a3b500eeb2a430c2e7c3d9822921c8e006e303648d", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{mcp_server_name}/register", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|1061|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/mcp_server/discoverable_endpoints.py"}, "region": {"startLine": 1061}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /sso/callback."}, "properties": {"repobilityId": 114788, "scanner": "repobility-access-control", "fingerprint": "4fda0a64817dc3f893eb4697382fc0d21a94ce708826238412e6577049a7b80a", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/sso/callback", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|1832|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/management_endpoints/ui_sso.py"}, "region": {"startLine": 1832}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /get_favicon."}, "properties": {"repobilityId": 114787, "scanner": "repobility-access-control", "fingerprint": "3803c7ac80a661fdff38ce8f737d6af3b93c883e54780dad49d111b5334acb22", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/get_favicon", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|13755|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/proxy_server.py"}, "region": {"startLine": 13755}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /get_image."}, "properties": {"repobilityId": 114786, "scanner": "repobility-access-control", "fingerprint": "eee6b370aeab4b6151185ac0c76926989b04a226a320bea32781cbd1f4fe9d4d", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/get_image", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|13687|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/proxy_server.py"}, "region": {"startLine": 13687}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /get_logo_url."}, "properties": {"repobilityId": 114785, "scanner": "repobility-access-control", "fingerprint": "6729b8289dd10dbc955f773b9c0370903ccd83398ee2961c6824e1778941e568", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/get_logo_url", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|13669|auc004", "identity_targets": ["anonymous", "authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/proxy_server.py"}, "region": {"startLine": 13669}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /beta/litellm_prompt_management."}, "properties": {"repobilityId": 114784, "scanner": "repobility-access-control", "fingerprint": "d908824285ece8cc1340b2e7c0dff25984b7dd8dc1f4a0fd350a157f541ef54b", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/beta/litellm_prompt_management", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|165|auc004", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/braintrust_prompt_wrapper_server.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /beta/litellm_prompt_management."}, "properties": {"repobilityId": 114783, "scanner": "repobility-access-control", "fingerprint": "a2b36ae175c6b69fc0a41007486d3b00acff4881125c0045407fbaf7aadf5703", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/beta/litellm_prompt_management", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|197|auc004", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/mock_prompt_management_server/mock_prompt_management_server.py"}, "region": {"startLine": 197}}}]}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 44.4% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 114781, "scanner": "repobility-access-control", "fingerprint": "be0ceec9aa6681a510d5d57aded51e5247a26f45b7b137554b5e9392e5e76636", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 72, "correlation_key": "fp|be0ceec9aa6681a510d5d57aded51e5247a26f45b7b137554b5e9392e5e76636", "auth_visible_percent": 44.4}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 114780, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Compose service `prometheus` image has no explicit tag"}, "properties": {"repobilityId": 114777, "scanner": "repobility-docker", "fingerprint": "d08c00ccbfe5775989f9b342118ec8d515017eac61c5eee0e51f57c08f75875d", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "prom/prometheus", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|d08c00ccbfe5775989f9b342118ec8d515017eac61c5eee0e51f57c08f75875d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "DKC016", "level": "warning", "message": {"text": "App service does not wait for database health"}, "properties": {"repobilityId": 114774, "scanner": "repobility-docker", "fingerprint": "f2eb03f4a94fd6fa0cd6cf1b50327cbce953cb322d3b7cd619b7fee23dea9eab", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Dependency database has a healthcheck but the app does not use condition: service_healthy.", "evidence": {"rule_id": "DKC016", "scanner": "repobility-docker", "service": "litellm", "dependency": "db", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|f2eb03f4a94fd6fa0cd6cf1b50327cbce953cb322d3b7cd619b7fee23dea9eab", "dependency_has_healthcheck": true}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 114771, "scanner": "repobility-docker", "fingerprint": "0e6518ccc9d06256d5adefecc620d46af29d412388ddfa7353079e5a1f398fba", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "nginx:${NGINX_VERSION}", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|0e6518ccc9d06256d5adefecc620d46af29d412388ddfa7353079e5a1f398fba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 114767, "scanner": "repobility-docker", "fingerprint": "e8d67684031826dbd5e21ba171fe05e1d305c4b83febff1cd8f589a16e9eb8cd", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|e8d67684031826dbd5e21ba171fe05e1d305c4b83febff1cd8f589a16e9eb8cd", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "migrations/Dockerfile"}, "region": {"startLine": 62}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 114763, "scanner": "repobility-docker", "fingerprint": "a3ff0382f5b6fc224470aeeebbaa9f685dc5fd4b7b453ac0941062193fa9bc60", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a3ff0382f5b6fc224470aeeebbaa9f685dc5fd4b7b453ac0941062193fa9bc60", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gateway/Dockerfile"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 114760, "scanner": "repobility-docker", "fingerprint": "75ee2a51a0456d94c371c950e45ff995f021a8b168c4c75a492a1daaa2669b2a", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "python:3.13-slim@sha256:739e7213785e88c0f702dcdc12c0973afcbd606dbf021a589cab77d6b00b579d", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|75ee2a51a0456d94c371c950e45ff995f021a8b168c4c75a492a1daaa2669b2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/build_from_pip/Dockerfile.build_from_pip"}, "region": {"startLine": 4}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 114756, "scanner": "repobility-docker", "fingerprint": "a0e62dae28170321810e3ef398b4b1792a1fbf0d007c129450fc1a357758f3d5", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a0e62dae28170321810e3ef398b4b1792a1fbf0d007c129450fc1a357758f3d5", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.non_root"}, "region": {"startLine": 53}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 114751, "scanner": "repobility-docker", "fingerprint": "992d441c65d9679c1693c2c1155b91129b5817dff43a5af27813fa5f0dcea33b", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|992d441c65d9679c1693c2c1155b91129b5817dff43a5af27813fa5f0dcea33b", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.database"}, "region": {"startLine": 47}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 114748, "scanner": "repobility-docker", "fingerprint": "76babc4ffbd59aa3ea9c86490343c82e0faabc17ed1301b1edf7122cf237b2e5", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "ollama/ollama", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|76babc4ffbd59aa3ea9c86490343c82e0faabc17ed1301b1edf7122cf237b2e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm-ollama-docker-image/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 114746, "scanner": "repobility-docker", "fingerprint": "4edc4d00e345771f7f5ac61987b25729dc9000d0dca27d293ec1c9a8db7fd697", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4edc4d00e345771f7f5ac61987b25729dc9000d0dca27d293ec1c9a8db7fd697", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm-ollama-docker-image/Dockerfile"}, "region": {"startLine": 19}}}]}, {"ruleId": "DKR009", "level": "warning", "message": {"text": "Dockerfile separates apt update from install"}, "properties": {"repobilityId": 114744, "scanner": "repobility-docker", "fingerprint": "dc04c1ce50681bd94d59a41d4cf3658f905875a0a6d97e86c5c9651b601ab3cd", "category": "docker", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Package index update appears without package installation in the same layer.", "evidence": {"rule_id": "DKR009", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|dc04c1ce50681bd94d59a41d4cf3658f905875a0a6d97e86c5c9651b601ab3cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm-ollama-docker-image/Dockerfile"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR002", "level": "warning", "message": {"text": "Dockerfile base image has no explicit tag"}, "properties": {"repobilityId": 114743, "scanner": "repobility-docker", "fingerprint": "e4c29c2ecd710d7836907f3eeb566b3f8a1713b41cfe5fef6d9b6afaa72a6fe6", "category": "docker", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Image reference has no tag or digest.", "evidence": {"image": "ollama/ollama", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e4c29c2ecd710d7836907f3eeb566b3f8a1713b41cfe5fef6d9b6afaa72a6fe6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm-ollama-docker-image/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 114741, "scanner": "repobility-docker", "fingerprint": "4f1626739f05c9b7400ff839a061c7bcc28425d77ba6479c3db7f7350f0eec32", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|4f1626739f05c9b7400ff839a061c7bcc28425d77ba6479c3db7f7350f0eec32", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 52}}}]}, {"ruleId": "DKR014", "level": "warning", "message": {"text": "Dockerfile copies broad context with incomplete .dockerignore"}, "properties": {"repobilityId": 114735, "scanner": "repobility-docker", "fingerprint": "7399323bf947d8441f2e75d11ebdab33c36e810e6936a7b6b23286ea5c167e8c", "category": "docker", "severity": "medium", "confidence": 0.76, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Broad context copy found and .dockerignore misses sensitive defaults.", "evidence": {"rule_id": "DKR014", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|7399323bf947d8441f2e75d11ebdab33c36e810e6936a7b6b23286ea5c167e8c", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 114700, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b2886e9c5b7758cf5af5fa58fccd43f48bef33eea4d4964fa509545a583c2af", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "copy", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|1b2886e9c5b7758cf5af5fa58fccd43f48bef33eea4d4964fa509545a583c2af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router_load_test/memory_usage/router_memory_usage copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 114699, "scanner": "repobility-ai-code-hygiene", "fingerprint": "55cc5142d32fc6de6f3f562363f19985d7719157319adeae0df6245288f177e4", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "tests/proxy_unit_tests/conftest.py", "correlation_key": "fp|55cc5142d32fc6de6f3f562363f19985d7719157319adeae0df6245288f177e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/conftest copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 114698, "scanner": "repobility-ai-code-hygiene", "fingerprint": "39962f2bd2f202fabeef71700fe6f48571db67700d46a486397c3ade196f4b9b", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "copy", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "cookbook/litellm_router_load_test/memory_usage/router_memory_usage.py", "correlation_key": "fp|39962f2bd2f202fabeef71700fe6f48571db67700d46a486397c3ade196f4b9b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router_load_test/memory_usage/router_memory_usage copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC046", "level": "warning", "message": {"text": "[SEC046] Client-side open redirect \u2014 window.location = server-supplied URL: Assigning window.location from a server-supplied URL trusts the server endpoint to never return a hostile destination. If that endpoint is ever subverted (compromised admin, JSON injection, MITM on a webhook), users get redirected to a phishing site they trust because the original page is yours. CWE-601 (server-side OR client-side). Complement to server-side SEC030."}, "properties": {"repobilityId": 114687, "scanner": "repobility-threat-engine", "fingerprint": "912871e0b7bea497ed88a788f9d3e8747f17d5d77223bd21c8f14f8dcb8d2028", "category": "open_redirect", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "location.href = proxyBaseUrl", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC046", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|912871e0b7bea497ed88a788f9d3e8747f17d5d77223bd21c8f14f8dcb8d2028"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/onboarding/OnboardingForm.tsx"}, "region": {"startLine": 56}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 114675, "scanner": "repobility-threat-engine", "fingerprint": "942aa341d302231edccc337ceeaa25ae26043cf86baabee287db0a5268285d25", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL=\"https://www.example.com", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|942aa341d302231edccc337ceeaa25ae26043cf86baabee287db0a5268285d25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/e2e_tests/run_e2e.sh"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC001", "level": "warning", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 114674, "scanner": "repobility-threat-engine", "fingerprint": "07388c8cf93911e114c405c56bfa16bbda3438f6312c3b9caf6ae4f5d73fb99a", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (4.1 bits) \u2014 may be placeholder or common string", "evidence": {"match": "PASSWORD=\"<redacted> rand -hex 32)\"", "reason": "Low entropy value (4.1 bits) \u2014 may be placeholder or common string", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|6|password redacted rand -hex 32"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/e2e_tests/run_e2e.sh"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 114670, "scanner": "repobility-threat-engine", "fingerprint": "06488fbc2f701e189fc251f8649b459a8274cb09d515802e1dc61ecf083bbfc7", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|134|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/types/llms/openai_evals.py"}, "region": {"startLine": 134}}}]}, {"ruleId": "SEC002", "level": "warning", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 114668, "scanner": "repobility-threat-engine", "fingerprint": "8b185ca5af24f899eae7b941280223d6c9c059731fd9e499a274c7ec4b38cb2b", "category": "credential_exposure", "severity": "medium", "confidence": 0.3, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Low entropy value (3.3 bits) \u2014 may be placeholder or common string", "evidence": {"match": "api_key=\"<redacted>\"", "reason": "Low entropy value (3.3 bits) \u2014 may be placeholder or common string", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.3, "correlation_key": "secret|token|1|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/example_config_yaml/custom_auth_basic.py"}, "region": {"startLine": 9}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 114665, "scanner": "repobility-threat-engine", "fingerprint": "55a8d2f388f4a012506883c60adbc9c9a1d7d4af5dbcd44bb59d3fdeb0a38a6a", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "window.open(\"\", \"_blank\")", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|67|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/CostTrackingSettings/pricing_calculator/multi_export_utils.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 114664, "scanner": "repobility-threat-engine", "fingerprint": "42a6ebdc741450d8e63c29b63dff71f01d4deed73ea91a40994eba6f053889df", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"https://docs.litellm.ai/docs/proxy/ui\" target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|245|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/common_utils/html_forms/ui_login.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "SEC041", "level": "warning", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\": <a target=\"_blank\"> without rel=\"noopener noreferrer\" leaks window.opener to the opened page. The opened page can then run window.opener.location = 'phishing-site' and the parent tab quietly navigates to attacker-controlled content (reverse tabnabbing). OWASP-classic; modern browsers default rel='noopener' for new windows but explicit attribute is still required for compatibility."}, "properties": {"repobilityId": 114663, "scanner": "repobility-threat-engine", "fingerprint": "ab07faae4b86a5be614fc00ee3ce9bacdc0587eb76a6a9ea050be1edd75117ea", "category": "security", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "<a href=\"https://discord.com/invite/wuPM9dRgDw\" target=\"_blank\">", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|security|token|90|sec041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/common_utils/admin_ui_utils.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 114661, "scanner": "repobility-threat-engine", "fingerprint": "8ea47e18d7c8240148be2bdb67ba7de9dcdaf3fb51cd95eac6db01ededf857eb", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8ea47e18d7c8240148be2bdb67ba7de9dcdaf3fb51cd95eac6db01ededf857eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/e2e_tests/helpers/navigation.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 114660, "scanner": "repobility-threat-engine", "fingerprint": "93b00b3dde514e7bbb669b5874facf6325e82821b7f93296ea6ff0e4d169460a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(()=>{})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|93b00b3dde514e7bbb669b5874facf6325e82821b7f93296ea6ff0e4d169460a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/turbopack-9174386be434c873.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 114659, "scanner": "repobility-threat-engine", "fingerprint": "657ab5c005d9340b9420528d43b1a50e6457804475d40b3872ff2c50a8b9cbac", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch(e){}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|657ab5c005d9340b9420528d43b1a50e6457804475d40b3872ff2c50a8b9cbac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/fc5911e3a3caa8aa.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 114649, "scanner": "repobility-threat-engine", "fingerprint": "75896360b0af82aef494e1ac478aabe522cff9b924f2601f07fa528015846fe0", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def generate_iam_auth_token", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|162|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/auth/rds_iam_token.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 114648, "scanner": "repobility-threat-engine", "fingerprint": "dbaad6c3cd50dde60714da5e5e8280b47c3e6e20d90d42c818d3a70922a1671c", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_client_session", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|litellm/llms/base.py|54|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/base.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 114636, "scanner": "repobility-threat-engine", "fingerprint": "fab82b7ec16e254f46a248bc8d353d4630524ede8cdc5f70f538b91f5c3f2468", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        current_span_fn = getattr(tracer, \"current_span\", None)\n        if callable(current_spa", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fab82b7ec16e254f46a248bc8d353d4630524ede8cdc5f70f538b91f5c3f2468"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/litellm_core_utils/dd_tracing.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 114635, "scanner": "repobility-threat-engine", "fingerprint": "f2fd6416d8a58ba9ff1216082bda754dd7bfff6a96388710877d46cef0564570", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        return json.dumps(value, default=str)\n    except Exception:\n        return None", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f2fd6416d8a58ba9ff1216082bda754dd7bfff6a96388710877d46cef0564570"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/otel/mappers/utils.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 114634, "scanner": "repobility-threat-engine", "fingerprint": "a6d199b812138001abbd382dacdef16c7230a0bb7487c5acd29689b12d7849ac", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n                # Parse date string and set to midnight UTC for daily aggregation", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a6d199b812138001abbd382dacdef16c7230a0bb7487c5acd29689b12d7849ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/cloudzero/transform.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 114628, "scanner": "repobility-threat-engine", "fingerprint": "1b334751df88eefcd3963863ecc055b511d4aa69882d61e5ebf2584f45d69f85", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def transform_create_vector_store_request(\n        self,\n        vector_store_create_optional_params", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b334751df88eefcd3963863ecc055b511d4aa69882d61e5ebf2584f45d69f85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/azure_ai/vector_stores/transformation.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 114627, "scanner": "repobility-threat-engine", "fingerprint": "6cb443f2587dbd00ccb422418380eba4d770608a3949e2b132d5f38a08a9f609", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def _compile_prompt_helper(\n        self,\n        prompt_id: Optional[str],\n        prompt_spec: Opt", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6cb443f2587dbd00ccb422418380eba4d770608a3949e2b132d5f38a08a9f609"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/custom_prompt_management.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 114626, "scanner": "repobility-threat-engine", "fingerprint": "fddb7ba26f3437f79d87ae39f91dde6baa6f30a4eaaac434b5deac3bf2af1b0a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def set_cache(self, key, value, **kwargs):\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fddb7ba26f3437f79d87ae39f91dde6baa6f30a4eaaac434b5deac3bf2af1b0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/caching/base_cache.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 114624, "scanner": "repobility-threat-engine", "fingerprint": "c50f9cfe0f0b66c16420710b2bced4843592ba60f87a2db28c247113d2ad87bc", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.debug(f\"Transformed request: {req", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c50f9cfe0f0b66c16420710b2bced4843592ba60f87a2db28c247113d2ad87bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/anthropic/count_tokens/handler.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 114623, "scanner": "repobility-threat-engine", "fingerprint": "a5fc14c17509c4c728cb29f1dc000e889342540f99cb59e28cc8cc258168db36", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.info(f\"A2A completion bridge completed: request_id={req", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a5fc14c17509c4c728cb29f1dc000e889342540f99cb59e28cc8cc258168db36"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/a2a_protocol/litellm_completion_bridge/handler.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 114622, "scanner": "repobility-threat-engine", "fingerprint": "de8bf5ccd2cbbc5cdf465a13d8e296b39ab19ecb29bc46b58de52f9537cfa477", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.warning(\n        f\"A2A {req", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|de8bf5ccd2cbbc5cdf465a13d8e296b39ab19ecb29bc46b58de52f9537cfa477"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/a2a_protocol/exception_mapping_utils.py"}, "region": {"startLine": 190}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 114619, "scanner": "repobility-threat-engine", "fingerprint": "755f2ce180b2fe5b909cefb1453b64877020c41bd9ee7ff923986ef8fce2eeb3", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|755f2ce180b2fe5b909cefb1453b64877020c41bd9ee7ff923986ef8fce2eeb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/litellm_enterprise/enterprise_callbacks/llm_guard.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 114618, "scanner": "repobility-threat-engine", "fingerprint": "c3d1ad39649b0f6fce22bbcadcf5117a5e55348fd5495e1ab4bbdedaa8d3ede7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c3d1ad39649b0f6fce22bbcadcf5117a5e55348fd5495e1ab4bbdedaa8d3ede7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/litellm_enterprise/enterprise_callbacks/llama_guard.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 114617, "scanner": "repobility-threat-engine", "fingerprint": "87d19cee2aa96744d263da6be554c58ebad982cb9d2082b1fe599b01be239d33", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|87d19cee2aa96744d263da6be554c58ebad982cb9d2082b1fe599b01be239d33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/enterprise_hooks/google_text_moderation.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 15 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, if=4, nested_bonus=4, or=1, ternary=5."}, "properties": {"repobilityId": 114552, "scanner": "repobility-threat-engine", "fingerprint": "5d9ff26721a2f613dcf2f5e124a54048edfedf21ad50cb3f92c9c66108fd12f9", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 15 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 4, "or": 1, "else": 1, "ternary": 5, "nested_bonus": 4}, "complexity": 15, "correlation_key": "fp|5d9ff26721a2f613dcf2f5e124a54048edfedf21ad50cb3f92c9c66108fd12f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/scan_keywords.py"}, "region": {"startLine": 77}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 114779, "scanner": "repobility-docker", "fingerprint": "ea98ff1d18e3b422cf98e004dff40272c10c64579b2222713df05deeb44e41de", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|ea98ff1d18e3b422cf98e004dff40272c10c64579b2222713df05deeb44e41de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 114778, "scanner": "repobility-docker", "fingerprint": "b988d3e1921ff39ff28592d1227e9dbd2f6f10e858956d29b039f20713817568", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "prometheus", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|b988d3e1921ff39ff28592d1227e9dbd2f6f10e858956d29b039f20713817568"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 55}}}]}, {"ruleId": "DKC010", "level": "note", "message": {"text": "Compose service lacks no-new-privileges hardening"}, "properties": {"repobilityId": 114773, "scanner": "repobility-docker", "fingerprint": "7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d", "category": "docker", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "App-like service has no security_opt no-new-privileges setting.", "evidence": {"rule_id": "DKC010", "scanner": "repobility-docker", "service": "litellm", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|7f80983f54868d8bec198a3977b7dcbe8bfb5f2291356d590fb078148e91780d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 114772, "scanner": "repobility-docker", "fingerprint": "2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "litellm", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|2ae03d2ca68f689d193058b7c353aabad57bc3d37942d6a7c1406762df909513"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 114759, "scanner": "repobility-docker", "fingerprint": "a2854e221837e441197e4bf26ff750a15efbaa27cfe2ee5bfcd9ac15e8841768", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|a2854e221837e441197e4bf26ff750a15efbaa27cfe2ee5bfcd9ac15e8841768"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/build_from_pip/Dockerfile.build_from_pip"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR012", "level": "note", "message": {"text": "Dockerfile keeps pip download cache"}, "properties": {"repobilityId": 114747, "scanner": "repobility-docker", "fingerprint": "0a3dd1713f1d67e250f0652616199a88a5b43ee00bd5e5cdcc6ca4c3eb6ef1aa", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "pip install appears without --no-cache-dir.", "evidence": {"rule_id": "DKR012", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|0a3dd1713f1d67e250f0652616199a88a5b43ee00bd5e5cdcc6ca4c3eb6ef1aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm-ollama-docker-image/Dockerfile"}, "region": {"startLine": 23}}}]}, {"ruleId": "DKR011", "level": "note", "message": {"text": "Dockerfile installs recommended OS packages"}, "properties": {"repobilityId": 114745, "scanner": "repobility-docker", "fingerprint": "e841b4389f0b7278dc8c411593da1ef1be3f9cb3115697c74b4a3d5508052d11", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "apt install appears without --no-install-recommends.", "evidence": {"rule_id": "DKR011", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|e841b4389f0b7278dc8c411593da1ef1be3f9cb3115697c74b4a3d5508052d11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm-ollama-docker-image/Dockerfile"}, "region": {"startLine": 13}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 114738, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 114732, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e0706e5c21f30e03b4569c8937ab4ca7e69c710214fff9fa8c75c31a2a8efcea", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "router_acompletion", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "cookbook/litellm_router_load_test/memory_usage/router_endpoint.py", "correlation_key": "fp|e0706e5c21f30e03b4569c8937ab4ca7e69c710214fff9fa8c75c31a2a8efcea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router_load_test/memory_usage/router_memory_usage copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC005", "level": "note", "message": {"text": "Duplicate top-level symbol appears in a patch-style file"}, "properties": {"repobilityId": 114731, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96fa487db990d72ab07eafa9452b21be0cf3d82fb7ca90e827969fb20374c094", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Patch-style file defines a top-level symbol also defined in another source file.", "evidence": {"symbol": "pytest_collection_modifyitems", "rule_id": "AIC005", "scanner": "repobility-ai-code-hygiene", "references": ["https://github.com/jendrikseipp/vulture", "https://knip.dev/"], "duplicate_file": "tests/audio_tests/conftest.py", "correlation_key": "fp|96fa487db990d72ab07eafa9452b21be0cf3d82fb7ca90e827969fb20374c094"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/conftest copy.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114730, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51ebdcc4ce02149c12baa4aaf5e19d1286c947716a3009710eeb02eeabf25581", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|51ebdcc4ce02149c12baa4aaf5e19d1286c947716a3009710eeb02eeabf25581"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/litellm_agent/litellm_agent_model_resolver.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114729, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4ace8e0e5f3b858aea9ceb4ed180b4c87b78c16a6b67d558e5accacb12b9b5e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/argilla.py", "duplicate_line": 208, "correlation_key": "fp|c4ace8e0e5f3b858aea9ceb4ed180b4c87b78c16a6b67d558e5accacb12b9b5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/langsmith.py"}, "region": {"startLine": 233}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114728, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a1ed27009ec2881b69d527429898f48b7615a783bd448ed69dd609e9618059b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/arize/arize_phoenix_prompt_manager.py", "duplicate_line": 380, "correlation_key": "fp|6a1ed27009ec2881b69d527429898f48b7615a783bd448ed69dd609e9618059b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/langfuse/langfuse_prompt_management.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114727, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65317d74764049304e8e22fdaf356feb41e5745e8b7ac1f1d9eb965496067aa0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 172, "correlation_key": "fp|65317d74764049304e8e22fdaf356feb41e5745e8b7ac1f1d9eb965496067aa0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/langfuse/langfuse_prompt_management.py"}, "region": {"startLine": 143}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114726, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a4754f29916975964680c3b34b89976bf46cdd85333d72aa8d31ba53f9a37ae0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|a4754f29916975964680c3b34b89976bf46cdd85333d72aa8d31ba53f9a37ae0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/humanloop.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114725, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35f739895f7ca319b0842fd77a70e4a1db2482e0b987130094f7948ae6a1d981", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|35f739895f7ca319b0842fd77a70e4a1db2482e0b987130094f7948ae6a1d981"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/gitlab/gitlab_prompt_manager.py"}, "region": {"startLine": 460}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114724, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0c080f13eef1bc03a03a7ac3e0c445297bfde6d93358b4c30c13134c4b9021d1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/arize/arize_phoenix_prompt_manager.py", "duplicate_line": 257, "correlation_key": "fp|0c080f13eef1bc03a03a7ac3e0c445297bfde6d93358b4c30c13134c4b9021d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/gitlab/gitlab_prompt_manager.py"}, "region": {"startLine": 312}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114723, "scanner": "repobility-ai-code-hygiene", "fingerprint": "71d25b561dc6bf7322dbd1d8a976b13bbf239c25710b15e2f4e62e5aa0876834", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/bitbucket/bitbucket_prompt_manager.py", "duplicate_line": 25, "correlation_key": "fp|71d25b561dc6bf7322dbd1d8a976b13bbf239c25710b15e2f4e62e5aa0876834"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/gitlab/gitlab_prompt_manager.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114722, "scanner": "repobility-ai-code-hygiene", "fingerprint": "87aceb2ad8b3a67512baba7aa9d9d7854fe44209ca550e8c060f151f74ff3290", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|87aceb2ad8b3a67512baba7aa9d9d7854fe44209ca550e8c060f151f74ff3290"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/generic_prompt_management/generic_prompt_manager.py"}, "region": {"startLine": 379}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114721, "scanner": "repobility-ai-code-hygiene", "fingerprint": "85f670cc0c402f0624603bf1e6c59a20e884dc5bf864b45043b63674613e24a2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/arize/arize_phoenix_prompt_manager.py", "duplicate_line": 360, "correlation_key": "fp|85f670cc0c402f0624603bf1e6c59a20e884dc5bf864b45043b63674613e24a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/generic_prompt_management/generic_prompt_manager.py"}, "region": {"startLine": 378}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114720, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c7cfd047ebdd2692c0ad27dd44f3d64533321239a70c164174abaaca858d4fda", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/bitbucket/bitbucket_prompt_manager.py", "duplicate_line": 462, "correlation_key": "fp|c7cfd047ebdd2692c0ad27dd44f3d64533321239a70c164174abaaca858d4fda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/generic_prompt_management/generic_prompt_manager.py"}, "region": {"startLine": 352}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114719, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b59d0789f3985f2d5d7973c3f22a2ecaba59c072e22b8d489dae585bc585554", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/cloudzero/database.py", "duplicate_line": 24, "correlation_key": "fp|6b59d0789f3985f2d5d7973c3f22a2ecaba59c072e22b8d489dae585bc585554"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/focus/database.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114718, "scanner": "repobility-ai-code-hygiene", "fingerprint": "532fb5ae373aabd98111ad027459e97bccdc0d6c11636a006e22391455064129", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/email_templates/key_created_email.py", "duplicate_line": 11, "correlation_key": "fp|532fb5ae373aabd98111ad027459e97bccdc0d6c11636a006e22391455064129"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/email_templates/key_rotated_email.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114717, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b21d39a8537c987e27c9d114163ddf8c6c412972258e0dd9ee00a34d8e170218", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|b21d39a8537c987e27c9d114163ddf8c6c412972258e0dd9ee00a34d8e170218"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/dotprompt/dotprompt_manager.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114716, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7e9097d48e2490e552890cbd110fc1f96fc432141e5b1b63e70d8633b07fd0c7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/arize/arize_phoenix_prompt_manager.py", "duplicate_line": 332, "correlation_key": "fp|7e9097d48e2490e552890cbd110fc1f96fc432141e5b1b63e70d8633b07fd0c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/dotprompt/dotprompt_manager.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114715, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eba85ba5e254da40142ac1f14be191714e4b145effb4d7858838f1f47a8e20c0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/bitbucket/bitbucket_prompt_manager.py", "duplicate_line": 383, "correlation_key": "fp|eba85ba5e254da40142ac1f14be191714e4b145effb4d7858838f1f47a8e20c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/dotprompt/dotprompt_manager.py"}, "region": {"startLine": 123}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114714, "scanner": "repobility-ai-code-hygiene", "fingerprint": "989e333ae67870b815ea2ef958e20e0e18e3113d8a2f4fe47f649563b2fcd611", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/datadog/datadog_cost_management.py", "duplicate_line": 6, "correlation_key": "fp|989e333ae67870b815ea2ef958e20e0e18e3113d8a2f4fe47f649563b2fcd611"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/datadog/datadog_metrics.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114713, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8dc39c3ff42ecfdb5589618b6f48ac714e2b26e04b1698f0ec1a7eabbdce9bbb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|8dc39c3ff42ecfdb5589618b6f48ac714e2b26e04b1698f0ec1a7eabbdce9bbb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/custom_prompt_management.py"}, "region": {"startLine": 20}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114712, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9cef309a787a798fcc9c204a944c204612e5a2fca72ae2a6220fd51103f6b5b0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/arize/arize_phoenix_prompt_manager.py", "duplicate_line": 360, "correlation_key": "fp|9cef309a787a798fcc9c204a944c204612e5a2fca72ae2a6220fd51103f6b5b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/custom_prompt_management.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114711, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e6740f6f274972b3fe980dde2bc41bd0483adb088cce405e8e1b3f7c4ac1ba11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|e6740f6f274972b3fe980dde2bc41bd0483adb088cce405e8e1b3f7c4ac1ba11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/bitbucket/bitbucket_prompt_manager.py"}, "region": {"startLine": 415}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114710, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cebf96b4660ac856cae8dc103dbf97679052c3a1029854226450b8aa81d11c23", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/arize/arize_phoenix_prompt_manager.py", "duplicate_line": 230, "correlation_key": "fp|cebf96b4660ac856cae8dc103dbf97679052c3a1029854226450b8aa81d11c23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/bitbucket/bitbucket_prompt_manager.py"}, "region": {"startLine": 215}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114709, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c0eae05cb4f646d0c26d2887118bb9abe48896377048391004d75a0744bb479b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/integrations/anthropic_cache_control_hook.py", "duplicate_line": 24, "correlation_key": "fp|c0eae05cb4f646d0c26d2887118bb9abe48896377048391004d75a0744bb479b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/arize/arize_phoenix_prompt_manager.py"}, "region": {"startLine": 361}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114708, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3dae31662807c2a285dd95d1c225febd634ade5a7f3cc2b6b2e88b8094a8978c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/compression/scoring/bm25.py", "duplicate_line": 12, "correlation_key": "fp|3dae31662807c2a285dd95d1c225febd634ade5a7f3cc2b6b2e88b8094a8978c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/compression/scoring/embedding_scorer.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114707, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0ccaed8a0a5995af1c1352c5e432b3a59bea39eb8265ddbb54e3caf554c5197e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "litellm/caching/disk_cache.py", "duplicate_line": 39, "correlation_key": "fp|0ccaed8a0a5995af1c1352c5e432b3a59bea39eb8265ddbb54e3caf554c5197e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/caching/in_memory_cache.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114706, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a6b9e447c49531bb0623feb7f1f99e80c8290688029857f83764ba523140738", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cookbook/litellm_router_load_test/memory_usage/router_memory_usage copy.py", "duplicate_line": 5, "correlation_key": "fp|5a6b9e447c49531bb0623feb7f1f99e80c8290688029857f83764ba523140738"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router_load_test/memory_usage/router_memory_usage.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114705, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d449a2d0011bc668b739fbb939b867d16bd6f0e000ea4543500696ba07fc606e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cookbook/litellm_router_load_test/memory_usage/router_memory_usage copy.py", "duplicate_line": 18, "correlation_key": "fp|d449a2d0011bc668b739fbb939b867d16bd6f0e000ea4543500696ba07fc606e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router_load_test/memory_usage/router_endpoint.py"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114704, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c88a50a74e061683383304963c288199da5788a104c53b7ae933aa4428c9774d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cookbook/litellm_router/load_test_proxy.py", "duplicate_line": 1, "correlation_key": "fp|c88a50a74e061683383304963c288199da5788a104c53b7ae933aa4428c9774d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_router.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114703, "scanner": "repobility-ai-code-hygiene", "fingerprint": "edeec0678e6bcebaec1c66c72f5ebb897e301f283eeacf301117f3bc6bce80e8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cookbook/litellm_router/load_test_proxy.py", "duplicate_line": 12, "correlation_key": "fp|edeec0678e6bcebaec1c66c72f5ebb897e301f283eeacf301117f3bc6bce80e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_queuing.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114702, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f388b48ee80bf9d53abce6e18b2759369e532cb8135e83cca5341d816aab7ff8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cookbook/gollem_go_agent_framework/basic/main.go", "duplicate_line": 1, "correlation_key": "fp|f388b48ee80bf9d53abce6e18b2759369e532cb8135e83cca5341d816aab7ff8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/gollem_go_agent_framework/streaming/main.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 114701, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4dec8ceac279776f479f001e6a2b88c07805c46769195f9e4fdf4af5e24b12cf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "cookbook/anthropic_agent_sdk/agent_with_mcp.py", "duplicate_line": 66, "correlation_key": "fp|4dec8ceac279776f479f001e6a2b88c07805c46769195f9e4fdf4af5e24b12cf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/anthropic_agent_sdk/main.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC009", "level": "note", "message": {"text": "Multiple AI-agent scaffold marker files are present"}, "properties": {"repobilityId": 114697, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff6e1d5f8944c42e18d355d72dd1be436aa8bed440cc2a7bce2c8a8fb4706ed6", "category": "quality", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains several AI-agent scaffold marker files.", "evidence": {"markers": ["AGENTS.md", "CLAUDE.md", "GEMINI.md"], "rule_id": "AIC009", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|ff6e1d5f8944c42e18d355d72dd1be436aa8bed440cc2a7bce2c8a8fb4706ed6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "AGENTS.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 114696, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6069b1ec53cf974ec6e25b94b13d24116a19565dae3d82ce5bcc320c773215fd", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "dist", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|6069b1ec53cf974ec6e25b94b13d24116a19565dae3d82ce5bcc320c773215fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dist"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 114669, "scanner": "repobility-threat-engine", "fingerprint": "7597c2185c485864797d6ea33391b3ffcf8f5d80042ef9fc7e1d8861e0c6b93a", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"deployment:\" + model_id + \":cooldown\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7597c2185c485864797d6ea33391b3ffcf8f5d80042ef9fc7e1d8861e0c6b93a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router_utils/cooldown_cache.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `detect_keywords` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, for=2, if=3, nested_bonus=3."}, "properties": {"repobilityId": 114553, "scanner": "repobility-threat-engine", "fingerprint": "239a0d5e825fa68c753984d30f4b4568a655148712b3f1ef827b8bc09cfc8669", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "detect_keywords", "breakdown": {"if": 3, "for": 2, "continue": 1, "nested_bonus": 3}, "complexity": 9, "correlation_key": "fp|239a0d5e825fa68c753984d30f4b4568a655148712b3f1ef827b8bc09cfc8669"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/scan_keywords.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `fetch_open_issues` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, else=2, for=1, if=3, nested_bonus=2."}, "properties": {"repobilityId": 114551, "scanner": "repobility-threat-engine", "fingerprint": "a884e3ae989babb85275f55bf43f57391a38522b48c6d9eaa4f082c1e9402f8f", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "fetch_open_issues", "breakdown": {"if": 3, "for": 1, "else": 2, "continue": 1, "nested_bonus": 2}, "complexity": 9, "correlation_key": "fp|a884e3ae989babb85275f55bf43f57391a38522b48c6d9eaa4f082c1e9402f8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/close_duplicate_issues.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114770, "scanner": "repobility-docker", "fingerprint": "6b7a57f7c1e386e235f0d8b887dfb7453629f7ec91114024868feb70144cc366", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "nginx:${NGINX_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|6b7a57f7c1e386e235f0d8b887dfb7453629f7ec91114024868feb70144cc366"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114769, "scanner": "repobility-docker", "fingerprint": "715832cc350e1507eb031e79cbe02691b77bc2424a7e4c7e10305d1e7b503df9", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "node:${NODE_VERSION}", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|715832cc350e1507eb031e79cbe02691b77bc2424a7e4c7e10305d1e7b503df9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/Dockerfile"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114768, "scanner": "repobility-docker", "fingerprint": "0cd07152501a34ccfb6dc1a6ca015076fdd794544ac99915edcf3dc2391b686c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_RUNTIME_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|0cd07152501a34ccfb6dc1a6ca015076fdd794544ac99915edcf3dc2391b686c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "migrations/Dockerfile"}, "region": {"startLine": 85}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114766, "scanner": "repobility-docker", "fingerprint": "2b0e17e351ce211dad1a29e7f21f230fbd3dab7e3c57ff6e990074f53123a46d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_BUILD_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|2b0e17e351ce211dad1a29e7f21f230fbd3dab7e3c57ff6e990074f53123a46d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "migrations/Dockerfile"}, "region": {"startLine": 27}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114765, "scanner": "repobility-docker", "fingerprint": "9faa74c826eca5d254f2e99897cd613267daead6be8e424143ead30773004a7f", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$UV_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|9faa74c826eca5d254f2e99897cd613267daead6be8e424143ead30773004a7f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "migrations/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114764, "scanner": "repobility-docker", "fingerprint": "6e6c2cc08dee26f1583c653dd47a9ac4fa30c4852bc606b3e00c4462aad09a57", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_RUNTIME_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|6e6c2cc08dee26f1583c653dd47a9ac4fa30c4852bc606b3e00c4462aad09a57"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gateway/Dockerfile"}, "region": {"startLine": 67}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114762, "scanner": "repobility-docker", "fingerprint": "0bae1ca8a0ba9639da3effc99de0ca1e99507b4872ea7ed2c18b4e1c19e81cc7", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_BUILD_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|0bae1ca8a0ba9639da3effc99de0ca1e99507b4872ea7ed2c18b4e1c19e81cc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gateway/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114761, "scanner": "repobility-docker", "fingerprint": "3a6271668e6e7a56015b7fea01727b9807afb5f606e817c95f0ecafa10dd0913", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$UV_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|3a6271668e6e7a56015b7fea01727b9807afb5f606e817c95f0ecafa10dd0913"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gateway/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114758, "scanner": "repobility-docker", "fingerprint": "fc8f00d8afb0734cdf6e71dc0081a02cda714fdaad8e6d6cc295236098c27db0", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$UV_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|fc8f00d8afb0734cdf6e71dc0081a02cda714fdaad8e6d6cc295236098c27db0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/build_from_pip/Dockerfile.build_from_pip"}, "region": {"startLine": 2}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114757, "scanner": "repobility-docker", "fingerprint": "a080f279a417efa1a8a80612351cd6716f63dd16fd13fcaeebe9f06f73f53d00", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_RUNTIME_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|a080f279a417efa1a8a80612351cd6716f63dd16fd13fcaeebe9f06f73f53d00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.non_root"}, "region": {"startLine": 86}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114755, "scanner": "repobility-docker", "fingerprint": "d7537eafe0fc6de2167dc52833df40b5b45acde655ab6785e1f3b1498062d395", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_BUILD_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d7537eafe0fc6de2167dc52833df40b5b45acde655ab6785e1f3b1498062d395"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.non_root"}, "region": {"startLine": 9}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114754, "scanner": "repobility-docker", "fingerprint": "29c5c0db7bddce02ccfae44f07ae6a3cf09a0f7141624f1e637eb23e86418b8d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$UV_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|29c5c0db7bddce02ccfae44f07ae6a3cf09a0f7141624f1e637eb23e86418b8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.non_root"}, "region": {"startLine": 7}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114752, "scanner": "repobility-docker", "fingerprint": "b3c896d8797ce69388ecbecf30b850b459d3c8a990dcd1d732e915b3a0279473", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_RUNTIME_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|b3c896d8797ce69388ecbecf30b850b459d3c8a990dcd1d732e915b3a0279473"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.database"}, "region": {"startLine": 65}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114750, "scanner": "repobility-docker", "fingerprint": "f3baec4d09f3c66f806240b61eff539fd1f31f367f626ef16bd9909b178f8f9d", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_BUILD_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|f3baec4d09f3c66f806240b61eff539fd1f31f367f626ef16bd9909b178f8f9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.database"}, "region": {"startLine": 10}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114749, "scanner": "repobility-docker", "fingerprint": "b6a9cfecd4fa27ee0abb73c52dd8025b7cac751efed965d09438c6e3174b7bd0", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$UV_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|b6a9cfecd4fa27ee0abb73c52dd8025b7cac751efed965d09438c6e3174b7bd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.database"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114742, "scanner": "repobility-docker", "fingerprint": "de6d1dc727ef4b8cdc2569c06514ad0a0821bed3115c8259fbcff58e7282e866", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_RUNTIME_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|de6d1dc727ef4b8cdc2569c06514ad0a0821bed3115c8259fbcff58e7282e866"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 67}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114740, "scanner": "repobility-docker", "fingerprint": "6fff839228624976877bb1679980bbeb5541f7b36ded900a3f98e3b71ea1206c", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_BUILD_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|6fff839228624976877bb1679980bbeb5541f7b36ded900a3f98e3b71ea1206c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114739, "scanner": "repobility-docker", "fingerprint": "07bb7490b485e0b65bed0a544409ae2cf7599e38064534f18c0d9e21de3c9567", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$UV_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|07bb7490b485e0b65bed0a544409ae2cf7599e38064534f18c0d9e21de3c9567"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "backend/Dockerfile"}, "region": {"startLine": 5}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114736, "scanner": "repobility-docker", "fingerprint": "1813dcfad5453abeed2e88d94a52c967e627697f8741b0a05befaf143225811e", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_RUNTIME_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|1813dcfad5453abeed2e88d94a52c967e627697f8741b0a05befaf143225811e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 67}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114734, "scanner": "repobility-docker", "fingerprint": "33e5926f369d09a73d266c64c190135af66fd49411e0528c51e40fe039917cb1", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$LITELLM_BUILD_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|33e5926f369d09a73d266c64c190135af66fd49411e0528c51e40fe039917cb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 11}}}]}, {"ruleId": "DKR002", "level": "none", "message": {"text": "Dockerfile base image is selected through a build variable"}, "properties": {"repobilityId": 114733, "scanner": "repobility-docker", "fingerprint": "d4573e9f5d51f1dd6d7fa3673009b7ffb3dd4273fe6ca38604505431758cc477", "category": "docker", "severity": "info", "confidence": 0.48, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Base image contains a variable; manual review is needed to avoid false positives.", "evidence": {"image": "$UV_IMAGE", "rule_id": "DKR002", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://docs.docker.com/scout/policy/"], "correlation_key": "fp|d4573e9f5d51f1dd6d7fa3673009b7ffb3dd4273fe6ca38604505431758cc477"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 8}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 114695, "scanner": "repobility-threat-engine", "fingerprint": "ce6897a8c5d8502e48fa6eaafa9963282c531d4990e4fc522a63fd86cb68cc76", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "crypto.randomUUID", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|103|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/chat/useChatHistory.ts"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED074", "level": "none", "message": {"text": "[MINED074] Ai Tell Fake Citation: Plausible-looking but non-existent URLs (e.g., docs.example.com/v2). Common AI hallucination."}, "properties": {"repobilityId": 114694, "scanner": "repobility-threat-engine", "fingerprint": "3a9aedbfc54d63920242b2a80c748bead94484a15364081cbfa937b91fc0bf4a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ai-tell-fake-citation", "owasp": null, "cwe_ids": [], "languages": ["python", "javascript", "typescript", "markdown"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348074+00:00", "triaged_in_corpus": 10, "observations_count": 12281, "ai_coder_pattern_id": 176}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a9aedbfc54d63920242b2a80c748bead94484a15364081cbfa937b91fc0bf4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/agents/agent_config.ts"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 114693, "scanner": "repobility-threat-engine", "fingerprint": "bdd2b114eb70b38655ff1851cc6e45cf81c506ff0525fef325da0637983631bd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdd2b114eb70b38655ff1851cc6e45cf81c506ff0525fef325da0637983631bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/guardrails/content_filter/CategoryTable.tsx"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 114692, "scanner": "repobility-threat-engine", "fingerprint": "838eda67db3f4be353039584d1f86f0de7f329d2666567d429f03e5d66ef3f3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|838eda67db3f4be353039584d1f86f0de7f329d2666567d429f03e5d66ef3f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/agent_management/AgentSelector.tsx"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 114686, "scanner": "repobility-threat-engine", "fingerprint": "f4ed12bb207f649b775befa9d4b4a86d024048e2d742b2772e8a67b5491e6e18", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f4ed12bb207f649b775befa9d4b4a86d024048e2d742b2772e8a67b5491e6e18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/Navbar/UserDropdown/UserDropdown.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 114685, "scanner": "repobility-threat-engine", "fingerprint": "865ffbf15b60d2c11626aed50368624892176c8fc59b9b80beb6eb1b319151c3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|865ffbf15b60d2c11626aed50368624892176c8fc59b9b80beb6eb1b319151c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/(dashboard)/organizations/OrganizationFilters.tsx"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 11 more): Same pattern found in 11 additional files. Review if needed."}, "properties": {"repobilityId": 114684, "scanner": "repobility-threat-engine", "fingerprint": "ed5c888e07b2aa347c385214ce80be1d78475610869aff676d3a103a028dc34f", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 11 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ed5c888e07b2aa347c385214ce80be1d78475610869aff676d3a103a028dc34f", "aggregated_count": 11}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 114683, "scanner": "repobility-threat-engine", "fingerprint": "6ce9059cc0d80b630e72abeb3c5d40b64170fda520e04f8ca48f894617ed2d12", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6ce9059cc0d80b630e72abeb3c5d40b64170fda520e04f8ca48f894617ed2d12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/AIHub/marketplace_table_columns.tsx"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 114682, "scanner": "repobility-threat-engine", "fingerprint": "368efc285f1eb9f83044eb39d7957d897ada3964d173f6e86459bac4cc10208c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|368efc285f1eb9f83044eb39d7957d897ada3964d173f6e86459bac4cc10208c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/AIHub/forms/MakeMCPPublicForm.tsx"}, "region": {"startLine": 181}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 114681, "scanner": "repobility-threat-engine", "fingerprint": "b29f635b20d529d638ecaca8e18b9fdf3e6307953a0bc927577d60a221ea2de1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b29f635b20d529d638ecaca8e18b9fdf3e6307953a0bc927577d60a221ea2de1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/(dashboard)/models-and-endpoints/components/ModelRetrySettingsTab.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 52 more): Same pattern found in 52 additional files. Review if needed."}, "properties": {"repobilityId": 114680, "scanner": "repobility-threat-engine", "fingerprint": "149a8139004867b1c61ee63e4f81de53fd54a7def1d7c5f1627bdc82925f881c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 52 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|149a8139004867b1c61ee63e4f81de53fd54a7def1d7c5f1627bdc82925f881c", "aggregated_count": 52}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 114679, "scanner": "repobility-threat-engine", "fingerprint": "5f3b0e1b9aa057e5af471687bc93dc7897bcad045ae0e9879a53426815fb7d06", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f3b0e1b9aa057e5af471687bc93dc7897bcad045ae0e9879a53426815fb7d06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/(dashboard)/hooks/cloudzero/useCloudZeroExport.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 114678, "scanner": "repobility-threat-engine", "fingerprint": "6a19e9d989818a84d062fd5d51f05b3f59789d3b49b6d063b25167c3d4099746", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6a19e9d989818a84d062fd5d51f05b3f59789d3b49b6d063b25167c3d4099746"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/(dashboard)/hooks/cloudzero/useCloudZeroDryRun.ts"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 114677, "scanner": "repobility-threat-engine", "fingerprint": "56707668c47df55aca956d3fba033dcfdb92ea7afe78b63b4b939014ef5ecf09", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|56707668c47df55aca956d3fba033dcfdb92ea7afe78b63b4b939014ef5ecf09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/(dashboard)/hooks/cloudzero/useCloudZeroCreate.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 114676, "scanner": "repobility-threat-engine", "fingerprint": "fc72d38ae13bfcf059b07cf9670c2e7fccafab6dc29397a91f03544352482f81", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc72d38ae13bfcf059b07cf9670c2e7fccafab6dc29397a91f03544352482f81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/e2e_tests/run_e2e.sh"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED053", "level": "none", "message": {"text": "[MINED053] Placeholder Default Username: foo@bar.com / john.doe@example.com / admin/admin / changeme \u2014 typical AI placeholder credentials."}, "properties": {"repobilityId": 114667, "scanner": "repobility-threat-engine", "fingerprint": "073d4136da09639ca36769a4eba13d35d8747d444841854d704529d3e132f981", "category": "quality", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'test\\b' detected on same line", "evidence": {"mined": true, "mining": {"slug": "placeholder-default-username", "owasp": null, "cwe_ids": ["CWE-1392", "CWE-798"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348025+00:00", "triaged_in_corpus": 10, "observations_count": 456953, "ai_coder_pattern_id": 44}, "scanner": "repobility-threat-engine", "correlation_key": "fp|073d4136da09639ca36769a4eba13d35d8747d444841854d704529d3e132f981"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/custom_hooks/custom_ui_sso_hook.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC041", "level": "none", "message": {"text": "[SEC041] Tabnabbing \u2014 target=\"_blank\" without rel=\"noopener noreferrer\" (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 114666, "scanner": "repobility-threat-engine", "fingerprint": "be1de572e8dfca8563b4873dc72949759dd4f7533f2e1000b193ce51b81a5bba", "category": "security", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC041", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|be1de572e8dfca8563b4873dc72949759dd4f7533f2e1000b193ce51b81a5bba"}}}, {"ruleId": "MINED063", "level": "none", "message": {"text": "[MINED063] Toctou Os Path Exists: if os.path.exists(p): open(p) \u2014 file can be replaced/deleted between check and use."}, "properties": {"repobilityId": 114662, "scanner": "repobility-threat-engine", "fingerprint": "70c6854d206398395ce0ec102faefd7396de87abb1209a14b2fe6dd6a8473dcc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "toctou-os-path-exists", "owasp": null, "cwe_ids": ["CWE-367"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348048+00:00", "triaged_in_corpus": 12, "observations_count": 90754, "ai_coder_pattern_id": 41}, "scanner": "repobility-threat-engine", "correlation_key": "fp|70c6854d206398395ce0ec102faefd7396de87abb1209a14b2fe6dd6a8473dcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/auth/litellm_license.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 114658, "scanner": "repobility-threat-engine", "fingerprint": "dc5d911076c833507adfd19f0ae65ef8f72d9457539f43597f0195eac58b628c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dc5d911076c833507adfd19f0ae65ef8f72d9457539f43597f0195eac58b628c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/3f7acc7b23e100ab.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 67 more): Same pattern found in 67 additional files. Review if needed."}, "properties": {"repobilityId": 114657, "scanner": "repobility-threat-engine", "fingerprint": "2b5e7f7b697068d10f8331304bbc89aec59a8e1fb13b52b2c9b15d6cd533faf4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 67 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2b5e7f7b697068d10f8331304bbc89aec59a8e1fb13b52b2c9b15d6cd533faf4", "aggregated_count": 67}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 114656, "scanner": "repobility-threat-engine", "fingerprint": "62f753c5c891aa6668ecfebd581fea98875102036fe6c89f2f57a460f2dce425", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|62f753c5c891aa6668ecfebd581fea98875102036fe6c89f2f57a460f2dce425"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/(dashboard)/components/SidebarProvider.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 114655, "scanner": "repobility-threat-engine", "fingerprint": "cba7987c1802eaaeae25177cd0f8aa2aa16f3ebb1bf96668e191087fa9022231", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cba7987c1802eaaeae25177cd0f8aa2aa16f3ebb1bf96668e191087fa9022231"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/e2e_tests/globalSetup.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 114654, "scanner": "repobility-threat-engine", "fingerprint": "e764e764431867b7dfe24ddf0dc4cd99c0ffcbe0e670d3dc2327f7321328ec86", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e764e764431867b7dfe24ddf0dc4cd99c0ffcbe0e670d3dc2327f7321328ec86"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/3f7acc7b23e100ab.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC103", "level": "none", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 114653, "scanner": "repobility-threat-engine", "fingerprint": "0edbeffb250228c25ea7248a70ed5a8dd2a5b09f7f3943fdb9d9c2db8f28df16", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|0edbeffb250228c25ea7248a70ed5a8dd2a5b09f7f3943fdb9d9c2db8f28df16"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 114647, "scanner": "repobility-threat-engine", "fingerprint": "5e0fb761aae8b5dc0f86e0e2528ec3c491df168531b901409bb64476fcd95e17", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|5e0fb761aae8b5dc0f86e0e2528ec3c491df168531b901409bb64476fcd95e17", "aggregated_count": 18}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 114646, "scanner": "repobility-threat-engine", "fingerprint": "d8b9c541a4bd811682d2783fdda4b992f1d994041103ebdb1fcef222efb967d0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d8b9c541a4bd811682d2783fdda4b992f1d994041103ebdb1fcef222efb967d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/chatgpt/common_utils.py"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 114645, "scanner": "repobility-threat-engine", "fingerprint": "37c4d8aea168acd7abf4826341e23e06d2b808a2284a0e0f07d685387f82673e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|37c4d8aea168acd7abf4826341e23e06d2b808a2284a0e0f07d685387f82673e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/azure/audio_transcription/transformation.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 114644, "scanner": "repobility-threat-engine", "fingerprint": "f1c7331e0878e424b3582877e5ebb81a72615e66dc4cc02a25123b6a93b51062", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f1c7331e0878e424b3582877e5ebb81a72615e66dc4cc02a25123b6a93b51062"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/vector_store_integrations/base_vector_store.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 114641, "scanner": "repobility-threat-engine", "fingerprint": "686b7aaa514641d4f320121e895cb3507c66431db0d74ea12c6ac180de33f0c8", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|686b7aaa514641d4f320121e895cb3507c66431db0d74ea12c6ac180de33f0c8", "aggregated_count": 9}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 114640, "scanner": "repobility-threat-engine", "fingerprint": "15a2559c0eaa098ec00d1f0d3a9b696f86a693a31411e00d862238e239b85eb1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|15a2559c0eaa098ec00d1f0d3a9b696f86a693a31411e00d862238e239b85eb1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/opik/opik_payload_builder/types.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 114639, "scanner": "repobility-threat-engine", "fingerprint": "d95437c8988aeade9ade5a2f817cf7af87d067bb8cc1b9b67bedee2f6a1f3a46", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d95437c8988aeade9ade5a2f817cf7af87d067bb8cc1b9b67bedee2f6a1f3a46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/mock_client_factory.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 114638, "scanner": "repobility-threat-engine", "fingerprint": "1b1b9ce55ba779d6ddc7b75b5159d3fa8ab53e702b0b6cf44810618c831b57fa", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b1b9ce55ba779d6ddc7b75b5159d3fa8ab53e702b0b6cf44810618c831b57fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/focus/destinations/base.py"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC136", "level": "none", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 114637, "scanner": "repobility-threat-engine", "fingerprint": "4774ecb00a934a895c0219b7adc1741e54024e2aba289316b7f56c17db3d14b0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4774ecb00a934a895c0219b7adc1741e54024e2aba289316b7f56c17db3d14b0"}}}, {"ruleId": "MINED076", "level": "none", "message": {"text": "[MINED076] Catch And Reraise Noop (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 114633, "scanner": "repobility-threat-engine", "fingerprint": "d8035fc12b017771d6d5bd94e4be3874ba4e5fad0a2ba6ab9ec643e26af6873d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "catch-and-reraise-noop", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348079+00:00", "triaged_in_corpus": 10, "observations_count": 8333, "ai_coder_pattern_id": 45}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d8035fc12b017771d6d5bd94e4be3874ba4e5fad0a2ba6ab9ec643e26af6873d", "aggregated_count": 3}}}, {"ruleId": "MINED076", "level": "none", "message": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "properties": {"repobilityId": 114632, "scanner": "repobility-threat-engine", "fingerprint": "88d8962e3058723e14973d715638435b34b2fce705ae352d9c698e9611ea472e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "catch-and-reraise-noop", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348079+00:00", "triaged_in_corpus": 10, "observations_count": 8333, "ai_coder_pattern_id": 45}, "scanner": "repobility-threat-engine", "correlation_key": "fp|88d8962e3058723e14973d715638435b34b2fce705ae352d9c698e9611ea472e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/databricks/streaming_utils.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED076", "level": "none", "message": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "properties": {"repobilityId": 114631, "scanner": "repobility-threat-engine", "fingerprint": "e2bc0640e342fcb97fa8b47f62488bbff18f230dcf1f316ff0bc9c8f87a0dfac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "catch-and-reraise-noop", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348079+00:00", "triaged_in_corpus": 10, "observations_count": 8333, "ai_coder_pattern_id": 45}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e2bc0640e342fcb97fa8b47f62488bbff18f230dcf1f316ff0bc9c8f87a0dfac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/base_llm/base_model_iterator.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED076", "level": "none", "message": {"text": "[MINED076] Catch And Reraise Noop: except X: raise X \u2014 adds no value, hides traceback if AI accidentally changes message."}, "properties": {"repobilityId": 114630, "scanner": "repobility-threat-engine", "fingerprint": "96d7eb33d7836336d0a74d0bb08ce29295889330d1cbfa72d0dca6366e5e3277", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "catch-and-reraise-noop", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348079+00:00", "triaged_in_corpus": 10, "observations_count": 8333, "ai_coder_pattern_id": 45}, "scanner": "repobility-threat-engine", "correlation_key": "fp|96d7eb33d7836336d0a74d0bb08ce29295889330d1cbfa72d0dca6366e5e3277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/google_genai/streaming_iterator.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "SEC127", "level": "none", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body (and 12 more): Same pattern found in 12 additional files. Review if needed."}, "properties": {"repobilityId": 114629, "scanner": "repobility-threat-engine", "fingerprint": "429d4007a54b834c603c48fbd421186f5de31e32bdd3e8ebf87a0b6a0c7cd023", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 12 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|429d4007a54b834c603c48fbd421186f5de31e32bdd3e8ebf87a0b6a0c7cd023"}}}, {"ruleId": "SEC034", "level": "none", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 114625, "scanner": "repobility-threat-engine", "fingerprint": "813fd36ccc56a85831ab55f721023e5790febf67c9109e3810a1f1b67fd0e87e", "category": "log_injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|813fd36ccc56a85831ab55f721023e5790febf67c9109e3810a1f1b67fd0e87e"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 114620, "scanner": "repobility-threat-engine", "fingerprint": "51d68306e442b6d4aba4a106259bb406a0ffa8ceb8b0e38b2339b484383bb46a", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|51d68306e442b6d4aba4a106259bb406a0ffa8ceb8b0e38b2339b484383bb46a"}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "properties": {"repobilityId": 114614, "scanner": "repobility-threat-engine", "fingerprint": "0ebf0ff4891e823ff136c148d9ac35d64b67d70404b8d5a8e5158b1a5ab92f7b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 55 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0ebf0ff4891e823ff136c148d9ac35d64b67d70404b8d5a8e5158b1a5ab92f7b", "aggregated_count": 55}}}, {"ruleId": "MINED020", "level": "none", "message": {"text": "[MINED020] Logging Credential Via Fstring (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 114607, "scanner": "repobility-threat-engine", "fingerprint": "8a89312b17d157a78c1a87325dff0eca5f72bb065fd761be3e7e08277caf84e9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|8a89312b17d157a78c1a87325dff0eca5f72bb065fd761be3e7e08277caf84e9", "aggregated_count": 3}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 250 more): Same pattern found in 250 additional files. Review if needed."}, "properties": {"repobilityId": 114603, "scanner": "repobility-threat-engine", "fingerprint": "69cb28892a9936f03c5634ed9a0c44b5bf931a2f264a455c7683755b947b4115", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 250 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|69cb28892a9936f03c5634ed9a0c44b5bf931a2f264a455c7683755b947b4115", "aggregated_count": 250}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 114602, "scanner": "repobility-threat-engine", "fingerprint": "7d0481b5743aa3e5f03319cac586a7058f25a1a69947ce1f97c9c2f1b8fe7ae7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7d0481b5743aa3e5f03319cac586a7058f25a1a69947ce1f97c9c2f1b8fe7ae7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/enterprise_hooks/aporia_ai.py"}, "region": {"startLine": 164}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 114601, "scanner": "repobility-threat-engine", "fingerprint": "c27ea7d74b433f8682562d5830596b1e3ba16b2f2bb2b042f446354ff522f86f", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c27ea7d74b433f8682562d5830596b1e3ba16b2f2bb2b042f446354ff522f86f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/livekit_agent_sdk/main.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 114600, "scanner": "repobility-threat-engine", "fingerprint": "2e4c29ab0c49f501ea476839792b6bbff9e16f206b59efab95cfd8174b733510", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2e4c29ab0c49f501ea476839792b6bbff9e16f206b59efab95cfd8174b733510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/braintrust_prompt_wrapper_server.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 114599, "scanner": "repobility-threat-engine", "fingerprint": "6a18ab7a9e98c274da2376be7d4db90ac5c0793ef3977493da2ca34a4a66e837", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|6a18ab7a9e98c274da2376be7d4db90ac5c0793ef3977493da2ca34a4a66e837", "aggregated_count": 5}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 114598, "scanner": "repobility-threat-engine", "fingerprint": "f392ae77542e09d0f27de81fe796f4760f0b00a57c417e4e9412bbb925764130", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f392ae77542e09d0f27de81fe796f4760f0b00a57c417e4e9412bbb925764130"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/secret_manager/my_secret_manager.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 114597, "scanner": "repobility-threat-engine", "fingerprint": "e71d24f836e36303a6146be602772cd7acf99933beeb83955587cbba120707ad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e71d24f836e36303a6146be602772cd7acf99933beeb83955587cbba120707ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/cli_token_usage.py"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 114596, "scanner": "repobility-threat-engine", "fingerprint": "082fc4a5df503df85e8c6cac816403f0c9439be6a6dd99ecda8c5a7eb8f51f37", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|082fc4a5df503df85e8c6cac816403f0c9439be6a6dd99ecda8c5a7eb8f51f37"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/braintrust_prompt_wrapper_server.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 18 more): Same pattern found in 18 additional files. Review if needed."}, "properties": {"repobilityId": 114595, "scanner": "repobility-threat-engine", "fingerprint": "360682972d748d4e9b8f4cd70e828491a9ee3c14672ad9b1ba021b723bb5f4a2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 18 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|360682972d748d4e9b8f4cd70e828491a9ee3c14672ad9b1ba021b723bb5f4a2", "aggregated_count": 18}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 114594, "scanner": "repobility-threat-engine", "fingerprint": "6829fd2fdab85a4c0a382c7acb651f62693578b29e32e2e0ec02e4f3f8dda740", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6829fd2fdab85a4c0a382c7acb651f62693578b29e32e2e0ec02e4f3f8dda740"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/otel/plumbing/providers.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 114593, "scanner": "repobility-threat-engine", "fingerprint": "ead5af04f80a7b6a6a3fd11ddbcf7078643250c37f6185ed1d49341e4a2679a4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ead5af04f80a7b6a6a3fd11ddbcf7078643250c37f6185ed1d49341e4a2679a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/livekit_agent_sdk/main.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 114592, "scanner": "repobility-threat-engine", "fingerprint": "c931cbba51fc74f8e39045dbb50ced30ebc406cee83cd7810304d527bc444d92", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c931cbba51fc74f8e39045dbb50ced30ebc406cee83cd7810304d527bc444d92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/braintrust_prompt_wrapper_server.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 23 more): Same pattern found in 23 additional files. Review if needed."}, "properties": {"repobilityId": 114591, "scanner": "repobility-threat-engine", "fingerprint": "31c2bde8259a439a58df84e0d6229e40e59c553cd5a92257a1d8b9643838d66c", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 23 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|31c2bde8259a439a58df84e0d6229e40e59c553cd5a92257a1d8b9643838d66c"}}}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 114587, "scanner": "repobility-threat-engine", "fingerprint": "dfb8033f9f22db60e9011a32d18cb0e0f2ff2078d08d2ef8d5c1126cba378e8c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dfb8033f9f22db60e9011a32d18cb0e0f2ff2078d08d2ef8d5c1126cba378e8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/auth/rds_iam_token.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED077", "level": "none", "message": {"text": "[MINED077] Python Open No Context: fp = open(path) outside with-block leaks file handles."}, "properties": {"repobilityId": 114586, "scanner": "repobility-threat-engine", "fingerprint": "684dacac249780cf15dfd7cd3af9f90855e4c81b9307ef6f3876ed971c43a77c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-open-no-context", "owasp": null, "cwe_ids": ["CWE-772"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348081+00:00", "triaged_in_corpus": 12, "observations_count": 7864, "ai_coder_pattern_id": 123}, "scanner": "repobility-threat-engine", "correlation_key": "fp|684dacac249780cf15dfd7cd3af9f90855e4c81b9307ef6f3876ed971c43a77c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/batch_api/bedrock/bedrock.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 114585, "scanner": "repobility-threat-engine", "fingerprint": "5f22260938e542d6781e5aad6f4142f1ad00db603e76373227d658eb7551f488", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5f22260938e542d6781e5aad6f4142f1ad00db603e76373227d658eb7551f488"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/gollem_go_agent_framework/tools/main.go"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 114584, "scanner": "repobility-threat-engine", "fingerprint": "c2bba02c3c42862877288c8061205df80960187fc9c3949028e746c369ed20a3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c2bba02c3c42862877288c8061205df80960187fc9c3949028e746c369ed20a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/gollem_go_agent_framework/streaming/main.go"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED060", "level": "none", "message": {"text": "[MINED060] Go Context No Cancel: context.Background() at request handler boundary leaks goroutines."}, "properties": {"repobilityId": 114583, "scanner": "repobility-threat-engine", "fingerprint": "bf2ea80b2ea100e8dc6e16ac30dd86f1f888f4819081ebfa54ecc04149338f5e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "go-context-no-cancel", "owasp": null, "cwe_ids": ["CWE-401"], "languages": ["go"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348041+00:00", "triaged_in_corpus": 12, "observations_count": 132905, "ai_coder_pattern_id": 110}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bf2ea80b2ea100e8dc6e16ac30dd86f1f888f4819081ebfa54ecc04149338f5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/gollem_go_agent_framework/basic/main.go"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 114582, "scanner": "repobility-threat-engine", "fingerprint": "22c0d567d696a6862689f7c9fd8c307213fa0bf7df0ff8c77916ef3d9279f800", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|22c0d567d696a6862689f7c9fd8c307213fa0bf7df0ff8c77916ef3d9279f800", "aggregated_count": 3}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 114581, "scanner": "repobility-threat-engine", "fingerprint": "ea2dc784bb518207b373058e94dea333df167ef72259843a9ae92ade3cb9d7f3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ea2dc784bb518207b373058e94dea333df167ef72259843a9ae92ade3cb9d7f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/misc/add_new_models.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 114580, "scanner": "repobility-threat-engine", "fingerprint": "a17cdde576caec1511c04c01e402c3da0383d1314f899214a4521df20ed9b741", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a17cdde576caec1511c04c01e402c3da0383d1314f899214a4521df20ed9b741"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_queuing.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 114579, "scanner": "repobility-threat-engine", "fingerprint": "d3710bd2b956abd54d2114913d8064e64411bae04595f1333efca1be8bae9625", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d3710bd2b956abd54d2114913d8064e64411bae04595f1333efca1be8bae9625"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/community-resources/get_hf_models.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC078", "level": "none", "message": {"text": "[SEC078] Python: requests without timeout (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 114578, "scanner": "repobility-threat-engine", "fingerprint": "4ad6f55494afe619cae3e4cf741803a5646a33d13c8bf832506da6d5a11f8beb", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4ad6f55494afe619cae3e4cf741803a5646a33d13c8bf832506da6d5a11f8beb"}}}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 114574, "scanner": "repobility-threat-engine", "fingerprint": "b25ee310249da2ffc6da99e224bbd8d1769f7974ef7e6622c105e71bd7dd26fa", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b25ee310249da2ffc6da99e224bbd8d1769f7974ef7e6622c105e71bd7dd26fa"}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 114570, "scanner": "repobility-threat-engine", "fingerprint": "a65e44a05937527ec2a1e15d006d956f8d1cd92e1e922a6d1854e9a9ab9eea69", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a65e44a05937527ec2a1e15d006d956f8d1cd92e1e922a6d1854e9a9ab9eea69", "aggregated_count": 6}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 114569, "scanner": "repobility-threat-engine", "fingerprint": "349bee41499b497d5dc724268d4e33d533c3bd5556e614e8a5c4781a95992efc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|349bee41499b497d5dc724268d4e33d533c3bd5556e614e8a5c4781a95992efc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/anthropic_agent_sdk/main.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 114568, "scanner": "repobility-threat-engine", "fingerprint": "4de45d7a16cd58965fe05457162b67bc5dfed6fc1716d9947f112244b1d12878", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4de45d7a16cd58965fe05457162b67bc5dfed6fc1716d9947f112244b1d12878"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/anthropic_agent_sdk/common.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 114567, "scanner": "repobility-threat-engine", "fingerprint": "033e44fd31bc086560ae961ca2eb17ee4c77b7be475b7419090e9fefd94c77eb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|033e44fd31bc086560ae961ca2eb17ee4c77b7be475b7419090e9fefd94c77eb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/anthropic_agent_sdk/agent_with_mcp.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 114566, "scanner": "repobility-threat-engine", "fingerprint": "d893dda26b2d27c0ed81d6fe563b76c9cf50cd02b6dabddf522c04cef8f9598b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d893dda26b2d27c0ed81d6fe563b76c9cf50cd02b6dabddf522c04cef8f9598b", "aggregated_count": 3}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 83 more): Same pattern found in 83 additional files. Review if needed."}, "properties": {"repobilityId": 114562, "scanner": "repobility-threat-engine", "fingerprint": "bd7ddc4c66664b3c12c7fd4da5ee7a0e6b30713f858ef965e95487c62c5c253d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 83 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 83 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bd7ddc4c66664b3c12c7fd4da5ee7a0e6b30713f858ef965e95487c62c5c253d"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 241 more): Same pattern found in 241 additional files. Review if needed."}, "properties": {"repobilityId": 114558, "scanner": "repobility-threat-engine", "fingerprint": "ff7923d35e234530522d53fe3418e25117206243685206bc1fbd25703d7595a5", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 241 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 241 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ff7923d35e234530522d53fe3418e25117206243685206bc1fbd25703d7595a5"}}}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 617 more): Same pattern found in 617 additional files. Review if needed."}, "properties": {"repobilityId": 114554, "scanner": "repobility-threat-engine", "fingerprint": "ff81a1331da848df69773746260021095cec18cf0ac025de42d637ef976e80b7", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 617 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "fetch_open_issues", "breakdown": {"if": 3, "for": 1, "else": 2, "continue": 1, "nested_bonus": 2}, "aggregated": true, "complexity": 9, "correlation_key": "fp|ff81a1331da848df69773746260021095cec18cf0ac025de42d637ef976e80b7", "aggregated_count": 617}}}, {"ruleId": "MINED118", "level": "error", "message": {"text": "[MINED118] Dockerfile FROM `ollama/ollama (no tag)` not pinned by digest: `FROM ollama/ollama (no tag)` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity."}, "properties": {"repobilityId": 114950, "scanner": "repobility-supply-chain", "fingerprint": "dba6878b8bcbc599474fa5cc81c2c01c4448fe422b90486e8ce735e46b18e30a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "docker-from-unpinned", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["dockerfile"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|dba6878b8bcbc599474fa5cc81c2c01c4448fe422b90486e8ce735e46b18e30a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm-ollama-docker-image/Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH litellm.proxy.proxy_server.litellm.Cache has no auth: Handler `test_load_router_config` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114949, "scanner": "repobility-route-auth", "fingerprint": "767bcc0caaac5f47b7085c10f6ca53693fb78b5ebf967b9400f2e57e8c4f887b", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|767bcc0caaac5f47b7085c10f6ca53693fb78b5ebf967b9400f2e57e8c4f887b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_proxy_server.py"}, "region": {"startLine": 941}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH litellm.proxy.proxy_server.llm_router.acompletion has no auth: Handler `test_chat_completion_exception_azure_context_window` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114948, "scanner": "repobility-route-auth", "fingerprint": "da041c885af05f36286c7ad076e157cb85757aff5f006691c01222b040128ce9", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|da041c885af05f36286c7ad076e157cb85757aff5f006691c01222b040128ce9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_proxy_exception_mapping.py"}, "region": {"startLine": 281}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH litellm.proxy.proxy_server.llm_router.aembedding has no auth: Handler `test_embedding_auth_exception_azure` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114947, "scanner": "repobility-route-auth", "fingerprint": "238173e325d6f7ae128a56c0c537c3a60b99e103981541304d5092b5f6714b5f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|238173e325d6f7ae128a56c0c537c3a60b99e103981541304d5092b5f6714b5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_proxy_exception_mapping.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH litellm.proxy.proxy_server.llm_router.acompletion has no auth: Handler `test_chat_completion_exception_azure` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114946, "scanner": "repobility-route-auth", "fingerprint": "13af89fba3a7a73bd71115d8e8a136b2fe1e7bce8865deb003c96572c7f1d463", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|13af89fba3a7a73bd71115d8e8a136b2fe1e7bce8865deb003c96572c7f1d463"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_proxy_exception_mapping.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH litellm.secret_managers.aws_secret_manager_v2.AWSSecretsManagerV2.async_write_secret has no auth: Handler `test_key_generate_with_secret_manager_call` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114945, "scanner": "repobility-route-auth", "fingerprint": "098fc2e47048cee7871253c8083ae13749266568342ff5fe85d8af358ede0cfd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|098fc2e47048cee7871253c8083ae13749266568342ff5fe85d8af358ede0cfd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_key_generate_prisma.py"}, "region": {"startLine": 3897}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH httpx.AsyncClient has no auth: Handler `test_async_http_handler_force_ipv4` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114944, "scanner": "repobility-route-auth", "fingerprint": "38ce76977426758fdfccf59f5a03ca66b3d3c2e3bfda17cfd5c07967991cc7d8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|38ce76977426758fdfccf59f5a03ca66b3d3c2e3bfda17cfd5c07967991cc7d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/litellm_utils_tests/test_utils.py"}, "region": {"startLine": 1198}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH httpx.AsyncClient has no auth: Handler `test_async_http_handler` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114943, "scanner": "repobility-route-auth", "fingerprint": "1744b7174d53bb6e029b7dfc746d0ed45fe3f5d9db076a6b335d4bbf7dae6424", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|1744b7174d53bb6e029b7dfc746d0ed45fe3f5d9db076a6b335d4bbf7dae6424"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/litellm_utils_tests/test_utils.py"}, "region": {"startLine": 1166}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /v1/chat/completions has no auth: Handler `chat_completions` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114942, "scanner": "repobility-route-auth", "fingerprint": "233941144b2fba245621665feaad702713b3484e8dd8f20e7c3e151827cb5df9", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|233941144b2fba245621665feaad702713b3484e8dd8f20e7c3e151827cb5df9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/load_tests/memory_leak_utils.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH litellm.llms.ollama.completion.handler.ollama_aembeddings has no auth: Handler `test_ollama_aembeddings` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114941, "scanner": "repobility-route-auth", "fingerprint": "3887a21219df6602c8d49be537f7ae4cd397c0cbc6df97554c89f9b18f135878", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|3887a21219df6602c8d49be537f7ae4cd397c0cbc6df97554c89f9b18f135878"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_ollama.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI PATCH litellm.llms.ollama.completion.handler.ollama_embeddings has no auth: Handler `test_ollama_embeddings` is registered with router/app.patch(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114940, "scanner": "repobility-route-auth", "fingerprint": "4adfa15acc7bae29b5eefbddd1aefe92a8888f40d5b4dcb764dc05c62fb64e70", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|4adfa15acc7bae29b5eefbddd1aefe92a8888f40d5b4dcb764dc05c62fb64e70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_ollama.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /log-event has no auth: Handler `log_event` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114939, "scanner": "repobility-route-auth", "fingerprint": "accc191cd69d7174511bd33140fb5e2cb76755cd8b14252f3e34e9fa1c1d0393", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|accc191cd69d7174511bd33140fb5e2cb76755cd8b14252f3e34e9fa1c1d0393"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/litellm_enterprise/enterprise_callbacks/example_logging_api.py"}, "region": {"startLine": 8}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /model/{model_path:path}/invoke-with-response-stream has no auth: Handler `invoke_with_response_stream` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114938, "scanner": "repobility-route-auth", "fingerprint": "bd55144770ce9e87cd2bfee0d39be28204880fbef37597360de4c1cb4782e3b9", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|bd55144770ce9e87cd2bfee0d39be28204880fbef37597360de4c1cb4782e3b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/mock_bedrock_passthrough_target.py"}, "region": {"startLine": 250}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /model/{model_path:path}/invoke has no auth: Handler `invoke` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114937, "scanner": "repobility-route-auth", "fingerprint": "b79bb9227d635b8fcd082b9d7d727736e454739e0238ffa34656b4a475c45911", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|b79bb9227d635b8fcd082b9d7d727736e454739e0238ffa34656b4a475c45911"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/mock_bedrock_passthrough_target.py"}, "region": {"startLine": 244}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /model/{model_path:path}/converse-stream has no auth: Handler `converse_stream` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114936, "scanner": "repobility-route-auth", "fingerprint": "d7f7657c1b8d5811ba450f500e713fbbfee16adb3b0dc631d604ff9b6fcfd9c8", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d7f7657c1b8d5811ba450f500e713fbbfee16adb3b0dc631d604ff9b6fcfd9c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/mock_bedrock_passthrough_target.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "[MINED112] FastAPI POST /model/{model_path:path}/converse has no auth: Handler `converse` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"repobilityId": 114935, "scanner": "repobility-route-auth", "fingerprint": "d0517169e425d65ed5ca4fe363e38a6c0bea3adc69bedd11cabaaa89ab594097", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d0517169e425d65ed5ca4fe363e38a6c0bea3adc69bedd11cabaaa89ab594097"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/mock_bedrock_passthrough_target.py"}, "region": {"startLine": 224}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_reset_budget_job`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114931, "scanner": "repobility-ast-engine", "fingerprint": "0d11ac1a6dd449e394fb30ee571a675ae5c2dbff98172923afcfd1adee1c3cb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d11ac1a6dd449e394fb30ee571a675ae5c2dbff98172923afcfd1adee1c3cb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_key_generate_prisma.py"}, "region": {"startLine": 4355}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_basic_s3_logging`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114928, "scanner": "repobility-ast-engine", "fingerprint": "ec0bee804f1ebaa57264bd499c74c95259222a90b35e317d73054ba06f063523", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ec0bee804f1ebaa57264bd499c74c95259222a90b35e317d73054ba06f063523"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/logging_callback_tests/test_amazing_s3_logs.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.get` inside async function `test_vision_with_custom_model`: `requests.get` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114927, "scanner": "repobility-ast-engine", "fingerprint": "dbd471e29c283638ff3791bd3f4ce520a36d40480333a868fe626ce455eda1f3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dbd471e29c283638ff3791bd3f4ce520a36d40480333a868fe626ce455eda1f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/llm_translation/test_openai.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_openai_prediction_param_with_caching`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114926, "scanner": "repobility-ast-engine", "fingerprint": "ef3be30a23c7f272724c30c3e89b753fb43311332dc2f410a0bd61cdcc550350", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef3be30a23c7f272724c30c3e89b753fb43311332dc2f410a0bd61cdcc550350"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/llm_translation/test_openai.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.get` inside async function `test_audio_input_to_model`: `requests.get` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114925, "scanner": "repobility-ast-engine", "fingerprint": "dd2506e1a1ddba0114acb4cefdbc30c340b104dfe40631bc5a2735a0593b7137", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dd2506e1a1ddba0114acb4cefdbc30c340b104dfe40631bc5a2735a0593b7137"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/llm_translation/test_gpt4o_audio.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.get` inside async function `test_vertexai_multimodal_embedding_base64image_in_input`: `requests.get` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114924, "scanner": "repobility-ast-engine", "fingerprint": "ca3430d1400556af1034b06b4edcfc9ad5ff16575deed9a4c7f4388592bb1e09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ca3430d1400556af1034b06b4edcfc9ad5ff16575deed9a4c7f4388592bb1e09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_amazing_vertex_completion.py"}, "region": {"startLine": 2010}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_logging_turn_off_message_logging_streaming`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114923, "scanner": "repobility-ast-engine", "fingerprint": "55225348a1bb0809d96fb7232176742ba7652c21efda885a439d8aab54959a15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|55225348a1bb0809d96fb7232176742ba7652c21efda885a439d8aab54959a15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_caching.py"}, "region": {"startLine": 2198}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_s3_cache_acompletion_azure`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114922, "scanner": "repobility-ast-engine", "fingerprint": "e3cc9fe53532e5f809d137f1c9e70b7eac3659cf488a9a33dd7ab5886bc350b9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e3cc9fe53532e5f809d137f1c9e70b7eac3659cf488a9a33dd7ab5886bc350b9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_caching.py"}, "region": {"startLine": 1426}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_s3_cache_stream_azure`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114921, "scanner": "repobility-ast-engine", "fingerprint": "4797b92c280eb8545f5184d96cd2cf445928c6119007ec77470477a3d6761041", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4797b92c280eb8545f5184d96cd2cf445928c6119007ec77470477a3d6761041"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_caching.py"}, "region": {"startLine": 1336}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_throttling_prevents_duplicate_redis_calls`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114920, "scanner": "repobility-ast-engine", "fingerprint": "ffb4026f9fa22a392f0fa4322eb078097d7bf20213dc45f1e72fefd4829d1e48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ffb4026f9fa22a392f0fa4322eb078097d7bf20213dc45f1e72fefd4829d1e48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_redis_batch_optimizations.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `requests.append` inside async function `test_pass_through_endpoint_sequential_rpm_limit`: `requests.append` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114919, "scanner": "repobility-ast-engine", "fingerprint": "bc95c243f08cc39ae54a34b9f14ccbe7f361466b8c5e72e87712046591d37f59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc95c243f08cc39ae54a34b9f14ccbe7f361466b8c5e72e87712046591d37f59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_pass_through_endpoints.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_standard_logging_payload_stream_usage`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114918, "scanner": "repobility-ast-engine", "fingerprint": "cf49790d41acb88ff70e5441c85ab35e7881eaaff597af7193222827c03b694a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf49790d41acb88ff70e5441c85ab35e7881eaaff597af7193222827c03b694a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_custom_callback_input.py"}, "region": {"startLine": 1461}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_text_completion_openai_stream`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114917, "scanner": "repobility-ast-engine", "fingerprint": "1b56b9308f1848ec0a953f09eb851815b41683c94d98bdf0cd414eddd795720f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1b56b9308f1848ec0a953f09eb851815b41683c94d98bdf0cd414eddd795720f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_custom_callback_input.py"}, "region": {"startLine": 760}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_text_completion_bedrock`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114916, "scanner": "repobility-ast-engine", "fingerprint": "3f73b14f92a17743451b17e17305eccc6e4702cfd883269165e975563d93be48", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f73b14f92a17743451b17e17305eccc6e4702cfd883269165e975563d93be48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_custom_callback_input.py"}, "region": {"startLine": 717}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_chat_sagemaker_stream`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114915, "scanner": "repobility-ast-engine", "fingerprint": "2bb880a6b988db4e70c87c0a2ef3783418b496e2414d15c523afe8cac2d36020", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bb880a6b988db4e70c87c0a2ef3783418b496e2414d15c523afe8cac2d36020"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_custom_callback_input.py"}, "region": {"startLine": 593}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_chat_openai_stream`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114914, "scanner": "repobility-ast-engine", "fingerprint": "1365d67df98ebb297e6c8e8e18656f1f1fe947ca547c88acbb7b2fccac728f1d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1365d67df98ebb297e6c8e8e18656f1f1fe947ca547c88acbb7b2fccac728f1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_custom_callback_input.py"}, "region": {"startLine": 436}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_router_get_available_deployments`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114913, "scanner": "repobility-ast-engine", "fingerprint": "d96e7738cf87d20ba9ad9e2410682253458920667166d8e38618883e845d5b3f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d96e7738cf87d20ba9ad9e2410682253458920667166d8e38618883e845d5b3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_least_busy_routing.py"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_async_langsmith_logging_with_streaming_and_metadata`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114912, "scanner": "repobility-ast-engine", "fingerprint": "4fe0ad8b7b2eb1f78e1fdc0b2c809fae34e03b09520416a1712633bc6c5470ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4fe0ad8b7b2eb1f78e1fdc0b2c809fae34e03b09520416a1712633bc6c5470ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_langsmith.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_failure_completion_cost`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114911, "scanner": "repobility-ast-engine", "fingerprint": "74a465bf2d1c970de095f0a869ed17f3f9ab88fdf908b40fdc1f47a648958687", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74a465bf2d1c970de095f0a869ed17f3f9ab88fdf908b40fdc1f47a648958687"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_completion_cost.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_custom_pricing`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114910, "scanner": "repobility-ast-engine", "fingerprint": "8376836c793d7986e780127db2bbc50c823f6c5d396f2c466373d2c55a5e5080", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8376836c793d7986e780127db2bbc50c823f6c5d396f2c466373d2c55a5e5080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_completion_cost.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_lowest_latency_routing_buffer`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114909, "scanner": "repobility-ast-engine", "fingerprint": "64c4bd33a5382e78686f97eb1a2db281f747b898527aa0d6d3c161848af1459b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|64c4bd33a5382e78686f97eb1a2db281f747b898527aa0d6d3c161848af1459b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_lowest_latency_routing.py"}, "region": {"startLine": 795}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_lowest_latency_routing_buffer`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114908, "scanner": "repobility-ast-engine", "fingerprint": "3412d8bf827e1ab352af22eeb678956757cc9e236ba4b8f11da1543cb016d054", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3412d8bf827e1ab352af22eeb678956757cc9e236ba4b8f11da1543cb016d054"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_lowest_latency_routing.py"}, "region": {"startLine": 775}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_latency_memory_leak`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114907, "scanner": "repobility-ast-engine", "fingerprint": "46f2b57f22e87b5a8e28db835d7bf5c821e193dc64af615176cee7e6f7befb80", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|46f2b57f22e87b5a8e28db835d7bf5c821e193dc64af615176cee7e6f7befb80"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_lowest_latency_routing.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `test_helicone_logging_metadata`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114906, "scanner": "repobility-ast-engine", "fingerprint": "04addbd777b04bef7a873da422d792f7e112ecaccf9445b7837aaf01f7c5f66c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|04addbd777b04bef7a873da422d792f7e112ecaccf9445b7837aaf01f7c5f66c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_helicone_integration.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "[MINED110] Blocking call `time.sleep` inside async function `_deploy`: `time.sleep` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"repobilityId": 114905, "scanner": "repobility-ast-engine", "fingerprint": "6eceb2f0c1745cfa6c424a0393f8149f7408088cb78f1884b4e8cc0e1e7d4538", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6eceb2f0c1745cfa6c424a0393f8149f7408088cb78f1884b4e8cc0e1e7d4538"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/local_testing/test_lowest_cost_routing.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_organization_member_flow: Test function `test_organization_member_flow` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114901, "scanner": "repobility-ast-engine", "fingerprint": "dffe58a56172e732273204555fb8bd4433872d642e0feb6899fa217774d462a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dffe58a56172e732273204555fb8bd4433872d642e0feb6899fa217774d462a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_organizations.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_organization_delete: Test function `test_organization_delete` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114900, "scanner": "repobility-ast-engine", "fingerprint": "6153c581fb5db8e3b3f841cd08278ad347bdecc95d6d3351e0eccbc31d965cf5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6153c581fb5db8e3b3f841cd08278ad347bdecc95d6d3351e0eccbc31d965cf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_organizations.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_organization_list: Test function `test_organization_list` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114899, "scanner": "repobility-ast-engine", "fingerprint": "a0106372398bc3a54306b4ae309f6c622abe0e965231bf7aab607a95185db4e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a0106372398bc3a54306b4ae309f6c622abe0e965231bf7aab607a95185db4e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_organizations.py"}, "region": {"startLine": 212}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_organization_new: Test function `test_organization_new` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114898, "scanner": "repobility-ast-engine", "fingerprint": "3f02d3d4510c88569c917f13b80f769cc5299e4040f81b1cc1f9e1c0411a6a59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3f02d3d4510c88569c917f13b80f769cc5299e4040f81b1cc1f9e1c0411a6a59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_organizations.py"}, "region": {"startLine": 196}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_restructure_ui_html_files_NOT_skipped_locally: Test function `test_restructure_ui_html_files_NOT_skipped_locally` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114897, "scanner": "repobility-ast-engine", "fingerprint": "2fb47b2b8d076ac3edf18575f261760e82fe6d430dbc9ad37cd30574de2086b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2fb47b2b8d076ac3edf18575f261760e82fe6d430dbc9ad37cd30574de2086b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proxy_server_non_root.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_restructure_ui_html_files_skipped_in_non_root: Test function `test_restructure_ui_html_files_skipped_in_non_root` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114896, "scanner": "repobility-ast-engine", "fingerprint": "e5a1179cf52d1b1a1f37cae7aca13e5c50fcac81e3f3ddc6fc40fa2d9208ce33", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e5a1179cf52d1b1a1f37cae7aca13e5c50fcac81e3f3ddc6fc40fa2d9208ce33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_proxy_server_non_root.py"}, "region": {"startLine": 6}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_end_user_new: Test function `test_end_user_new` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114893, "scanner": "repobility-ast-engine", "fingerprint": "680de826b43836c43b38097ff2cb5230c9b10a21f4d9d915e512ee9622e60974", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|680de826b43836c43b38097ff2cb5230c9b10a21f4d9d915e512ee9622e60974"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_end_users.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_proxy_all_models: Test function `test_proxy_all_models` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114891, "scanner": "repobility-ast-engine", "fingerprint": "97a70e6897ca7c33db2c20ff30d03a5994b98e526390dcd0dbd03901ac18d689", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|97a70e6897ca7c33db2c20ff30d03a5994b98e526390dcd0dbd03901ac18d689"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 542}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_openai_wildcard_chat_completion: Test function `test_openai_wildcard_chat_completion` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114890, "scanner": "repobility-ast-engine", "fingerprint": "cd50401241e8ea5e95cc4f6b85a34afc8cea0df91d307dfd1804b30b9315c082", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd50401241e8ea5e95cc4f6b85a34afc8cea0df91d307dfd1804b30b9315c082"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 526}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_image_generation: Test function `test_image_generation` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114889, "scanner": "repobility-ast-engine", "fingerprint": "3cf2dd94dc102a30dc5e2ba315cbc599b4515c72d304f3d9d8497b804bfb316e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3cf2dd94dc102a30dc5e2ba315cbc599b4515c72d304f3d9d8497b804bfb316e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 509}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_embeddings: Test function `test_embeddings` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114888, "scanner": "repobility-ast-engine", "fingerprint": "dec4f5132d5c762419111ecf03660089cef8ebfb1d2e2c9d23337724431f9326", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dec4f5132d5c762419111ecf03660089cef8ebfb1d2e2c9d23337724431f9326"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 488}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_completion: Test function `test_completion` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114887, "scanner": "repobility-ast-engine", "fingerprint": "4b7e28b606f616f7da79a455948c8880cc4cc31c02f8118a4aa58ae3ea7ffb11", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b7e28b606f616f7da79a455948c8880cc4cc31c02f8118a4aa58ae3ea7ffb11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 461}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_chat_completion_anthropic_structured_output: Test function `test_chat_completion_anthropic_structured_output` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114886, "scanner": "repobility-ast-engine", "fingerprint": "ab3674c4e0faa8bd329df421e3940415175e3083bf7363623c0319f9b381c34f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ab3674c4e0faa8bd329df421e3940415175e3083bf7363623c0319f9b381c34f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 428}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_chat_completion_streaming: Test function `test_chat_completion_streaming` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114885, "scanner": "repobility-ast-engine", "fingerprint": "fc51e0dd5a257049c4ab7cf4aa562a15ed23089604ff41e4fcfc027894b79fc1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc51e0dd5a257049c4ab7cf4aa562a15ed23089604ff41e4fcfc027894b79fc1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_openai_endpoints.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_routes: Test function `test_routes` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114884, "scanner": "repobility-ast-engine", "fingerprint": "b5053908301575d4c9bcc1b9fbef067307ba76759070094af74a5c85a25cc8be", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5053908301575d4c9bcc1b9fbef067307ba76759070094af74a5c85a25cc8be"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_health.py"}, "region": {"startLine": 121}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_health_liveliness: Test function `test_health_liveliness` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114883, "scanner": "repobility-ast-engine", "fingerprint": "2476697fa8032a30a22b5cd98af9f027b8dfd3932d439a7b82d6555c2f8da040", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2476697fa8032a30a22b5cd98af9f027b8dfd3932d439a7b82d6555c2f8da040"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_health.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_error_handling: Test function `test_error_handling` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114882, "scanner": "repobility-ast-engine", "fingerprint": "6cbe996ce507892e40bae557b60ed5d88ef238ea2078e185a1bc6b50c2f9bf43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6cbe996ce507892e40bae557b60ed5d88ef238ea2078e185a1bc6b50c2f9bf43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_team_members.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_user_model_access: Test function `test_user_model_access` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114880, "scanner": "repobility-ast-engine", "fingerprint": "3a2fa943cdac5ca211a89dd360d842e7efa09505bdbd00d401d1ebf013f90f79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3a2fa943cdac5ca211a89dd360d842e7efa09505bdbd00d401d1ebf013f90f79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_users.py"}, "region": {"startLine": 265}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_user_update: Test function `test_user_update` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114879, "scanner": "repobility-ast-engine", "fingerprint": "48f956e8c2c2223f37a92cf168545db424cbacf38660b8cee17d6f2955226387", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|48f956e8c2c2223f37a92cf168545db424cbacf38660b8cee17d6f2955226387"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_users.py"}, "region": {"startLine": 159}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_user_new: Test function `test_user_new` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114878, "scanner": "repobility-ast-engine", "fingerprint": "43d1138c49d17f82132fb93b7f50743f24d942f811a3c146c45784600630e0b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|43d1138c49d17f82132fb93b7f50743f24d942f811a3c146c45784600630e0b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_users.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_team_model_e2e: Test function `test_team_model_e2e` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114876, "scanner": "repobility-ast-engine", "fingerprint": "852821e731e146bf9cea82696e3bb1607ea52bc5d1c479828a1ad71677e451b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|852821e731e146bf9cea82696e3bb1607ea52bc5d1c479828a1ad71677e451b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_models.py"}, "region": {"startLine": 512}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_chat_completion: Test function `test_chat_completion` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114875, "scanner": "repobility-ast-engine", "fingerprint": "2b1401a11d79d197e2a951e85316f52530b175a0eef35980fc591cb29dce022c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2b1401a11d79d197e2a951e85316f52530b175a0eef35980fc591cb29dce022c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_fallbacks.py"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_spend_logs: Test function `test_spend_logs` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114873, "scanner": "repobility-ast-engine", "fingerprint": "0d1d7447bce6f5a8ffeea07961a151f302e7186affe396542436e3ccad84d8ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0d1d7447bce6f5a8ffeea07961a151f302e7186affe396542436e3ccad84d8ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_spend_logs.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_check_tools_allowlist: Test function `test_check_tools_allowlist` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114872, "scanner": "repobility-ast-engine", "fingerprint": "87c19adc15c1a34360d08b23f9f19ba5f6c069147bcabd94c00c12eccc579812", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87c19adc15c1a34360d08b23f9f19ba5f6c069147bcabd94c00c12eccc579812"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_tool_allowlist_script.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_extraction: Test function `test_extraction` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 114871, "scanner": "repobility-ast-engine", "fingerprint": "db8b774f2c4866b721fb5ae8304169d43435ddda75e0334406c94bdabed90c09", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|db8b774f2c4866b721fb5ae8304169d43435ddda75e0334406c94bdabed90c09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/test_tool_allowlist_script.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._normalize_strategy` used but never assigned in __init__: Method `_get_routing_context` of class `Router` reads `self._normalize_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114840, "scanner": "repobility-ast-engine", "fingerprint": "1422f5eccd1d1c733fd5e69068c222ab1e37888c99624de3725f78826e59b51f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1422f5eccd1d1c733fd5e69068c222ab1e37888c99624de3725f78826e59b51f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1074}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._model_to_group` used but never assigned in __init__: Method `_get_routing_context` of class `Router` reads `self._model_to_group`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114839, "scanner": "repobility-ast-engine", "fingerprint": "e9dac1bf069029583f7ab3aaf3de5f4a4dc8e10c1a9c58f0580943b8eeaf1806", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e9dac1bf069029583f7ab3aaf3de5f4a4dc8e10c1a9c58f0580943b8eeaf1806"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1072}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._normalize_strategy` used but never assigned in __init__: Method `_get_routing_context` of class `Router` reads `self._normalize_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114838, "scanner": "repobility-ast-engine", "fingerprint": "32ade6634ad1896721e40c5e385977d77068f3037bf51d65255d1a51643e6252", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32ade6634ad1896721e40c5e385977d77068f3037bf51d65255d1a51643e6252"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1083}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._routing_groups` used but never assigned in __init__: Method `_get_routing_context` of class `Router` reads `self._routing_groups`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114837, "scanner": "repobility-ast-engine", "fingerprint": "dcc63fb475d071a9a51194e519384aa4d148d5b1e93914cb7ec4d660e02b42b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dcc63fb475d071a9a51194e519384aa4d148d5b1e93914cb7ec4d660e02b42b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1082}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._model_to_group` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._model_to_group`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114836, "scanner": "repobility-ast-engine", "fingerprint": "c90e3c34c5ae4106ad1d54682365d459d94fafdc2147404f75d335d4d6456700", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c90e3c34c5ae4106ad1d54682365d459d94fafdc2147404f75d335d4d6456700"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1035}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._normalize_strategy` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._normalize_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114835, "scanner": "repobility-ast-engine", "fingerprint": "c63e17d7e3339dc0a3d95954a13117b527af9dcf70eeb59d9f6d4344678856cd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c63e17d7e3339dc0a3d95954a13117b527af9dcf70eeb59d9f6d4344678856cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1050}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._model_to_group` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._model_to_group`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114834, "scanner": "repobility-ast-engine", "fingerprint": "e1cf785a4949df9bcd5a352559bda752cd8d7815d0513ec23e19b9e77f140a02", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1cf785a4949df9bcd5a352559bda752cd8d7815d0513ec23e19b9e77f140a02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1046}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._model_to_group` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._model_to_group`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114833, "scanner": "repobility-ast-engine", "fingerprint": "51b87c27ff9e4b7c412a8b1eb12ff6056b9854a5646491b575da90afaa4c5918", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|51b87c27ff9e4b7c412a8b1eb12ff6056b9854a5646491b575da90afaa4c5918"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1032}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._group_selectors` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._group_selectors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114832, "scanner": "repobility-ast-engine", "fingerprint": "d8ba002ae6dead5423e5add2b1c1569d63fe2dc856222e5597a49ae7ad5603e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d8ba002ae6dead5423e5add2b1c1569d63fe2dc856222e5597a49ae7ad5603e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1055}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_strategy_selector` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._build_strategy_selector`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114831, "scanner": "repobility-ast-engine", "fingerprint": "b96eec4e89ddca2206f4cb4aff54a3294a894c462b641ac7d308cfc5e0814488", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b96eec4e89ddca2206f4cb4aff54a3294a894c462b641ac7d308cfc5e0814488"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1051}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._routing_groups` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._routing_groups`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114830, "scanner": "repobility-ast-engine", "fingerprint": "0df8c72860edea30e07cd48c75911eb31cb1ec639c28c9ca5bb09c4074c4fd50", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0df8c72860edea30e07cd48c75911eb31cb1ec639c28c9ca5bb09c4074c4fd50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1048}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._validate_routing_strategy` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._validate_routing_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114829, "scanner": "repobility-ast-engine", "fingerprint": "eb97aa15387fa706000b0e8e93dd227bb22324cb9d3b41084ed418e46a15d2e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb97aa15387fa706000b0e8e93dd227bb22324cb9d3b41084ed418e46a15d2e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1029}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._unregister_router_selectors` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._unregister_router_selectors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114828, "scanner": "repobility-ast-engine", "fingerprint": "c0a8d2bab7449ef5e1455e71edbde6889a0d23af3e284f8e8cb3e5ae96f6e5b4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c0a8d2bab7449ef5e1455e71edbde6889a0d23af3e284f8e8cb3e5ae96f6e5b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 994}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._group_selectors` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._group_selectors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114827, "scanner": "repobility-ast-engine", "fingerprint": "49bbd55dec07b388ca9ad52dc39f3ac916928d62a744002add9ce14a9c97ce6b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|49bbd55dec07b388ca9ad52dc39f3ac916928d62a744002add9ce14a9c97ce6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1004}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._model_to_group` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._model_to_group`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114826, "scanner": "repobility-ast-engine", "fingerprint": "6027ef548aa74704feb7e4ffd6a85b01cf2a5193ac018865bce3b99a94e1486a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6027ef548aa74704feb7e4ffd6a85b01cf2a5193ac018865bce3b99a94e1486a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1003}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._routing_groups` used but never assigned in __init__: Method `_init_routing_groups` of class `Router` reads `self._routing_groups`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114825, "scanner": "repobility-ast-engine", "fingerprint": "8e67c357111b454d0ca82eaa51a8c432769925ed7747a630f6ba969ae4466aef", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e67c357111b454d0ca82eaa51a8c432769925ed7747a630f6ba969ae4466aef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 1002}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._normalize_strategy` used but never assigned in __init__: Method `routing_strategy_init` of class `Router` reads `self._normalize_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114824, "scanner": "repobility-ast-engine", "fingerprint": "4b6d602ce763d509e5789f3729be2e7890b43fc4f2f4696a8108bf0ce13716ae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b6d602ce763d509e5789f3729be2e7890b43fc4f2f4696a8108bf0ce13716ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 972}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._build_strategy_selector` used but never assigned in __init__: Method `routing_strategy_init` of class `Router` reads `self._build_strategy_selector`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114823, "scanner": "repobility-ast-engine", "fingerprint": "0c1a838f4100d62e0e5e3f7af52d2f843bb8988782a5d8f10d305673c80b1b2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0c1a838f4100d62e0e5e3f7af52d2f843bb8988782a5d8f10d305673c80b1b2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 967}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._unregister_router_selectors` used but never assigned in __init__: Method `routing_strategy_init` of class `Router` reads `self._unregister_router_selectors`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114822, "scanner": "repobility-ast-engine", "fingerprint": "957c40c8b17da76f08876b35ab1714e0e92da9a52c2c0065d3dbca61e8b795a4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|957c40c8b17da76f08876b35ab1714e0e92da9a52c2c0065d3dbca61e8b795a4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 954}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._validate_routing_strategy` used but never assigned in __init__: Method `routing_strategy_init` of class `Router` reads `self._validate_routing_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114821, "scanner": "repobility-ast-engine", "fingerprint": "a5f1ed451245dc7e40f9761d40c33c31409ceb5c03ae59963f02a44edd1e9601", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a5f1ed451245dc7e40f9761d40c33c31409ceb5c03ae59963f02a44edd1e9601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 952}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.lowestcost_logger` used but never assigned in __init__: Method `routing_strategy_init` of class `Router` reads `self.lowestcost_logger`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114820, "scanner": "repobility-ast-engine", "fingerprint": "358f7f2def9c42fc30840af974a0f6fe68036c28170b2b97ac5fa528ed0010bb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|358f7f2def9c42fc30840af974a0f6fe68036c28170b2b97ac5fa528ed0010bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 965}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.lowestlatency_logger` used but never assigned in __init__: Method `routing_strategy_init` of class `Router` reads `self.lowestlatency_logger`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114819, "scanner": "repobility-ast-engine", "fingerprint": "acbe42acd982de9c4f0c280f0c4c04b9b73d75972fbbbb2d25600920810372fd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|acbe42acd982de9c4f0c280f0c4c04b9b73d75972fbbbb2d25600920810372fd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 964}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.lowesttpm_logger_v2` used but never assigned in __init__: Method `routing_strategy_init` of class `Router` reads `self.lowesttpm_logger_v2`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114818, "scanner": "repobility-ast-engine", "fingerprint": "5faef57f246fa775350a7189afd464d2e8d6d44d63a0932bf9812e1bb1d2b905", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5faef57f246fa775350a7189afd464d2e8d6d44d63a0932bf9812e1bb1d2b905"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 963}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._normalize_strategy` used but never assigned in __init__: Method `_build_strategy_selector` of class `Router` reads `self._normalize_strategy`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114817, "scanner": "repobility-ast-engine", "fingerprint": "432d85abd38881380f9c908789c23795a00d7a637c622eae20110009bc29af17", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|432d85abd38881380f9c908789c23795a00d7a637c622eae20110009bc29af17"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 891}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.add_optional_pre_call_checks` used but never assigned in __init__: Method `apply_default_settings` of class `Router` reads `self.add_optional_pre_call_checks`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 114816, "scanner": "repobility-ast-engine", "fingerprint": "3317fde5e403393a965b0b9f8eb782090818cec3e317e50f01c09d73ccf7d811", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3317fde5e403393a965b0b9f8eb782090818cec3e317e50f01c09d73ccf7d811"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/router.py"}, "region": {"startLine": 769}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 114808, "scanner": "repobility-journey-contract", "fingerprint": "e42dc5edd6b809dc228fb3d2bfe5534efea7c6d92324d9c384032d3c79832142", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|462|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/WebRTCTester.jsx"}, "region": {"startLine": 462}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /sso/cli/poll/{key_id}."}, "properties": {"repobilityId": 114782, "scanner": "repobility-access-control", "fingerprint": "c7ae4ab71125f428797cb59fda0660fd2b2e006c55532db882f29b6b6cbf9027", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/sso/cli/poll/{key_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|2149|auc003", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/management_endpoints/ui_sso.py"}, "region": {"startLine": 2149}}}]}, {"ruleId": "DKC011", "level": "error", "message": {"text": "Database service publishes a host port"}, "properties": {"repobilityId": 114776, "scanner": "repobility-docker", "fingerprint": "9e5ca81efa804c9b6d2e6ccc0ff089a110370918835b09ef91ddad03d7380661", "category": "docker", "severity": "high", "confidence": 0.84, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like image publishes host ports without a loopback-only bind.", "evidence": {"ports": [{"raw": "5432:5432", "target": "5432", "host_ip": "", "published": "5432"}], "rule_id": "DKC011", "scanner": "repobility-docker", "service": "db", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "exposure_scope": "public", "correlation_key": "fp|9e5ca81efa804c9b6d2e6ccc0ff089a110370918835b09ef91ddad03d7380661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 114753, "scanner": "repobility-docker", "fingerprint": "90a6f394e4f3734138df9b56b6cd85536a29404fb7c2e445266cc6b54c58c7bf", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|90a6f394e4f3734138df9b56b6cd85536a29404fb7c2e445266cc6b54c58c7bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker/Dockerfile.database"}, "region": {"startLine": 67}}}]}, {"ruleId": "DKR001", "level": "error", "message": {"text": "Docker final stage runs as root"}, "properties": {"repobilityId": 114737, "scanner": "repobility-docker", "fingerprint": "40d14129f329be83843c5abc2b12764beb738d906911c580482263597563f23a", "category": "docker", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Final Dockerfile USER resolves to root.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_user": "root", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|40d14129f329be83843c5abc2b12764beb738d906911c580482263597563f23a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 69}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 114691, "scanner": "repobility-threat-engine", "fingerprint": "3bcb7dae86ab2112c6efa25f695d512d5116d6161289fd6112bfc247cc154982", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((g) => `group:${g}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3bcb7dae86ab2112c6efa25f695d512d5116d6161289fd6112bfc247cc154982"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/agent_management/AgentSelector.tsx"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 114690, "scanner": "repobility-threat-engine", "fingerprint": "863195f9fb0ec2dc9a31ac173412e9fb20beb72fab4cc0517f8b72ad1169a273", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((line) => `  ${line}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|863195f9fb0ec2dc9a31ac173412e9fb20beb72fab4cc0517f8b72ad1169a273"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/add_model/model_connection_test.tsx"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 114689, "scanner": "repobility-threat-engine", "fingerprint": "275a6ebaf854ba65df8e364feb83268e3d3ef3ee1f9d3a4883a2993e577591f6", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((cell) => `\"${cell}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|275a6ebaf854ba65df8e364feb83268e3d3ef3ee1f9d3a4883a2993e577591f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/CostTrackingSettings/pricing_calculator/multi_export_utils.ts"}, "region": {"startLine": 306}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 114688, "scanner": "repobility-threat-engine", "fingerprint": "a06ed0d1ff24208d25c93aee97d6f19b7858f47be35870496c3cece258eacf08", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "document.write(h", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|243|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/CostTrackingSettings/pricing_calculator/multi_export_utils.ts"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 114673, "scanner": "repobility-threat-engine", "fingerprint": "52a13d2d7a3604cd30ec90b1cda5c9684afdf245093a6feb3543a341ae2562f0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|52a13d2d7a3604cd30ec90b1cda5c9684afdf245093a6feb3543a341ae2562f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "terraform/litellm/aws/rds.tf"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED021", "level": "error", "message": {"text": "[MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain \"../\" \u2014 directory escape."}, "properties": {"repobilityId": 114672, "scanner": "repobility-threat-engine", "fingerprint": "666b842ed6ff406c7bebe4d231727d725d0ad264b96d0124174de534b0a6d7a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "path-traversal-os-join", "owasp": "A01:2021", "cwe_ids": ["CWE-22"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347947+00:00", "triaged_in_corpus": 15, "observations_count": 45678, "ai_coder_pattern_id": 31}, "scanner": "repobility-threat-engine", "correlation_key": "fp|666b842ed6ff406c7bebe4d231727d725d0ad264b96d0124174de534b0a6d7a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "terraform/litellm/aws/ecs.tf"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 114671, "scanner": "repobility-threat-engine", "fingerprint": "623a1bfa73707e56bbab3a3a4107e6374667a8ac8679c606448ffee148998192", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|623a1bfa73707e56bbab3a3a4107e6374667a8ac8679c606448ffee148998192"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/install.sh"}, "region": {"startLine": 99}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 114652, "scanner": "repobility-threat-engine", "fingerprint": "1980f1628deb1ca97abeaa7dc5e9f31a5388677aa19bee17abb8616c4c5d4de7", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|31|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/fireworks_ai/cost_calculator.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 114651, "scanner": "repobility-threat-engine", "fingerprint": "ee5419df3e2fcc718ea6f9d24af470157d4e90205b2737d873bd5531b3b84672", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"/model/([^/]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|51|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/bedrock/passthrough/transformation.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 114650, "scanner": "repobility-threat-engine", "fingerprint": "827a2a13629c74fe35e85eb9062704d83d5c989c81073495a74a47da4601ec34", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"target_model_names,([^;]+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|105|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/llms/base_llm/managed_resources/utils.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 114643, "scanner": "repobility-threat-engine", "fingerprint": "9bcc7a6245af5144fd4f777252716d037fb61b07653eb943ff6a4b3acca21680", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9bcc7a6245af5144fd4f777252716d037fb61b07653eb943ff6a4b3acca21680"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/hooks/max_budget_per_session_limiter.py"}, "region": {"startLine": 235}}}]}, {"ruleId": "MINED009", "level": "error", "message": {"text": "[MINED009] Floats For Money: Variable named price/amount/cost typed as float instead of Decimal."}, "properties": {"repobilityId": 114642, "scanner": "repobility-threat-engine", "fingerprint": "23c458ea719808391f465d11bb019bcc05b4be250a928b9173002be6b6184a6c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "floats-for-money", "owasp": null, "cwe_ids": ["CWE-682"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347918+00:00", "triaged_in_corpus": 15, "observations_count": 208571, "ai_coder_pattern_id": 20}, "scanner": "repobility-threat-engine", "correlation_key": "fp|23c458ea719808391f465d11bb019bcc05b4be250a928b9173002be6b6184a6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/prometheus_services.py"}, "region": {"startLine": 173}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 114613, "scanner": "repobility-threat-engine", "fingerprint": "c26cc5823d7c37ba8192f1c6d6ca52c8720d35f1f56e8bf17d492323f73c09d9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c26cc5823d7c37ba8192f1c6d6ca52c8720d35f1f56e8bf17d492323f73c09d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/litellm_enterprise/enterprise_callbacks/llama_guard.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 114612, "scanner": "repobility-threat-engine", "fingerprint": "bd31aae21e2a02ba86c9c831e8a1a75847ec7ea54a0a88fca61c752104e4f05c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd31aae21e2a02ba86c9c831e8a1a75847ec7ea54a0a88fca61c752104e4f05c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/enterprise_hooks/google_text_moderation.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 114611, "scanner": "repobility-threat-engine", "fingerprint": "e678c5ff95578e10a5d01082377bb84bb82b9de70b2fe973b5035cb7fbbaef5e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e678c5ff95578e10a5d01082377bb84bb82b9de70b2fe973b5035cb7fbbaef5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/livekit_agent_sdk/main.py"}, "region": {"startLine": 92}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 114610, "scanner": "repobility-threat-engine", "fingerprint": "22dc46f316b4a952afc930f8e793d96df6014148d9f0ba9994010326f0335658", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|95|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_router.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 114609, "scanner": "repobility-threat-engine", "fingerprint": "2ba7620bcc6dd56076ccc010e81eef95d919b886202086e3ade23633c309eedd", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|97|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_queuing.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 114608, "scanner": "repobility-threat-engine", "fingerprint": "ffb04ac8e735e01ebb5b1037283fa5ae50d24435e27dea028ab03abc41d6f5ab", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(\"request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|100|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_proxy.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 114606, "scanner": "repobility-threat-engine", "fingerprint": "b3f47037298cc7c651fa94b25b3a745b3608e234e0b9fceb1650778e2d499ffa", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b3f47037298cc7c651fa94b25b3a745b3608e234e0b9fceb1650778e2d499ffa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/integrations/custom_secret_manager.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 114605, "scanner": "repobility-threat-engine", "fingerprint": "fbbdfc7fcc0657f377d60e8391cdd38aebb84ccb69a4fb3dab4fc8b99941860a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fbbdfc7fcc0657f377d60e8391cdd38aebb84ccb69a4fb3dab4fc8b99941860a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/a2a_protocol/streaming_iterator.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED020", "level": "error", "message": {"text": "[MINED020] Logging Credential Via Fstring: logger.error(f\"failed for {api_key}\") \u2014 secrets end up in log aggregators / sentry."}, "properties": {"repobilityId": 114604, "scanner": "repobility-threat-engine", "fingerprint": "3cf1806b0b6bdb8ba52d8f92744bf416717cf18a5ee34f062c07a595e800d892", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "logging-credential-via-fstring", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347945+00:00", "triaged_in_corpus": 15, "observations_count": 46100, "ai_coder_pattern_id": 38}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3cf1806b0b6bdb8ba52d8f92744bf416717cf18a5ee34f062c07a595e800d892"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/secret_manager/my_secret_manager.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 114590, "scanner": "repobility-threat-engine", "fingerprint": "d805ecb10761dce0cbc96d1441379c04408bbaf3db49f73f67021d9398d8448c", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.log(\"PublicModelHubTable accessToken:\", accessToken)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|1|console.log publicmodelhubtable accesstoken: accesstoken"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/app/model_hub_table/page.tsx"}, "region": {"startLine": 10}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 114589, "scanner": "repobility-threat-engine", "fingerprint": "457a3bf4853efac62c119f9d46f066bf1d11b5e5ac77221566605ee2dbb7c4cf", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.log(\"PublicModelHubTable accessToken:\",t)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|1|console.log publicmodelhubtable accesstoken: t"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/_experimental/out/_next/static/chunks/3f7acc7b23e100ab.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 114588, "scanner": "repobility-threat-engine", "fingerprint": "e09f6b233b8cdf81b4ea74041badc3851ba5045810efbd052f9e8b7a956c2e21", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"braintrust_token: <redacted>}\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|20|print f braintrust_token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_proxy_server/braintrust_prompt_wrapper_server.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 114577, "scanner": "repobility-threat-engine", "fingerprint": "cd47eddf0923b71da453c7fabd7b6c184b27ecf55335186a133c3f766691ca0a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cd47eddf0923b71da453c7fabd7b6c184b27ecf55335186a133c3f766691ca0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/misc/add_new_models.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 114576, "scanner": "repobility-threat-engine", "fingerprint": "2916a642cc60d9584dd5e7bfdba99296f4be7e8d99e12296777806cde4ac1f1c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2916a642cc60d9584dd5e7bfdba99296f4be7e8d99e12296777806cde4ac1f1c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_queuing.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 114575, "scanner": "repobility-threat-engine", "fingerprint": "695279a88cf73ee4f85605f41937af73e9637377d148c517513590ba1dec6e8b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|695279a88cf73ee4f85605f41937af73e9637377d148c517513590ba1dec6e8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/community-resources/get_hf_models.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 114573, "scanner": "repobility-threat-engine", "fingerprint": "40190c5d16d38e0c90694714082680fc2f425864c56561b224e1ed86bb82a26a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/log-event\")\nasync def log_event(request: Request)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|40190c5d16d38e0c90694714082680fc2f425864c56561b224e1ed86bb82a26a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/litellm_enterprise/enterprise_callbacks/example_logging_api.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 114572, "scanner": "repobility-threat-engine", "fingerprint": "cb80e0d71817b51a3a51b13440b199ede5961a352c484707bc78046cf032c470", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/router_acompletion\")\nasync def router_acompletion()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cb80e0d71817b51a3a51b13440b199ede5961a352c484707bc78046cf032c470"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router_load_test/memory_usage/router_endpoint.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 114571, "scanner": "repobility-threat-engine", "fingerprint": "7367c00a54bbdd7edd2bb310a924375cb13b9a2e00b962d24a9ed70697797d9a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.route(\"/chat/completions\", methods=[\"POST\"])", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7367c00a54bbdd7edd2bb310a924375cb13b9a2e00b962d24a9ed70697797d9a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/codellama-server/main.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 114565, "scanner": "repobility-threat-engine", "fingerprint": "daf05a8ed725bd37d0306b8428236a33268a6d273deee07119f25776f9271b3b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|daf05a8ed725bd37d0306b8428236a33268a6d273deee07119f25776f9271b3b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/livekit_agent_sdk/main.py"}, "region": {"startLine": 112}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 114564, "scanner": "repobility-threat-engine", "fingerprint": "0ccc124d360e492f4dd9302ea74da6ec08cf42f7b027856d6ffba232a51d91cc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ccc124d360e492f4dd9302ea74da6ec08cf42f7b027856d6ffba232a51d91cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/anthropic_agent_sdk/main.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 114563, "scanner": "repobility-threat-engine", "fingerprint": "535ebeacc1b83e703167722c9b3a06c32b4cdb201d6bfc2b479f6fa875435eba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|535ebeacc1b83e703167722c9b3a06c32b4cdb201d6bfc2b479f6fa875435eba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/anthropic_agent_sdk/agent_with_mcp.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 114561, "scanner": "repobility-threat-engine", "fingerprint": "e317767bef96c17a9e6e6b66bfa54e0e96657e37e9e7e86ebd46420347350511", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "completion_params.update(litellm_params_to_add)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e317767bef96c17a9e6e6b66bfa54e0e96657e37e9e7e86ebd46420347350511"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/a2a_protocol/litellm_completion_bridge/handler.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 114560, "scanner": "repobility-threat-engine", "fingerprint": "20b82412902b8192c270b16cfc07d029d6c87caeaa488a0d606c4dec780ce703", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "pbar.update(1)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|20b82412902b8192c270b16cfc07d029d6c87caeaa488a0d606c4dec780ce703"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/benchmark/benchmark.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 114559, "scanner": "repobility-threat-engine", "fingerprint": "bdf277ab1117867eea9358b10a7d56568f6dc64bc03838998788fb346a44842f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "obj.update({\n            \"litellm_provider\": \"openrouter\",\n            \"mode\": \"chat\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bdf277ab1117867eea9358b10a7d56568f6dc64bc03838998788fb346a44842f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/auto_update_price_and_context_window_file.py"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 114557, "scanner": "repobility-threat-engine", "fingerprint": "c5c2feda0ef61a84bfe83fb49e48382edc0ca19de20cc9238720c7e4e74d8ee4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.get(polling_url", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c5c2feda0ef61a84bfe83fb49e48382edc0ca19de20cc9238720c7e4e74d8ee4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/litellm_router/load_test_queuing.py"}, "region": {"startLine": 107}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 114556, "scanner": "repobility-threat-engine", "fingerprint": "dead52cac5acdfc921f742ed18839804a17e6c315225d310eda8911021b71c78", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "url(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|dead52cac5acdfc921f742ed18839804a17e6c315225d310eda8911021b71c78"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "cookbook/community-resources/get_hf_models.py"}, "region": {"startLine": 4}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 114555, "scanner": "repobility-threat-engine", "fingerprint": "5ca8410d066b53e61f624fdd174ac4d5272c27b2ceb9ed544f13d0d2c38e061d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5ca8410d066b53e61f624fdd174ac4d5272c27b2ceb9ed544f13d0d2c38e061d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/scripts/scan_keywords.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED133", "level": "error", "message": {"text": "[MINED133] Hardcoded Slack webhook URL in source: File contains a hardcoded `Slack` webhook URL: `https://hooks.slack.com/services/T00/B00/xxx...`. Webhook URLs are unauthenticated POST endpoints \u2014 anyone with the URL can send messages. They are also a common data-exfiltration channel for compromised packages (malicious post-install collects env vars + POSTs them)."}, "properties": {"repobilityId": 114953, "scanner": "repobility-supply-chain", "fingerprint": "f86786e1247275e2c4b0668fd799a4681bcf48ebf6f6afadde42d001e16809e0", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "exfil-webhook-url", "owasp": null, "cwe_ids": ["CWE-200", "CWE-540"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f86786e1247275e2c4b0668fd799a4681bcf48ebf6f6afadde42d001e16809e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_litellm/test_secret_redaction.py"}, "region": {"startLine": 234}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "[MINED116] Workflow uses `secrets.GITGUARDIAN_API_KEY` on a `pull_request` trigger: This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.GITGUARDIAN_API_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"repobilityId": 114952, "scanner": "repobility-supply-chain", "fingerprint": "b003cdb9ddfd202ddc1fc447371e19f504461c9dcedde99dc19bc648c66eb515", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b003cdb9ddfd202ddc1fc447371e19f504461c9dcedde99dc19bc648c66eb515"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/test-linting.yml"}, "region": {"startLine": 118}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `http` used but not imported: The file uses `http.something(...)` but never imports `http`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 114934, "scanner": "repobility-ast-engine", "fingerprint": "2c7a84385ebc38d24a1528456bf930657d89b3797f1333dcb4a6334667bda217", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c7a84385ebc38d24a1528456bf930657d89b3797f1333dcb4a6334667bda217"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_litellm/llms/vertex_ai/test_vertex_gemini_gcs_uri_mime.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 114933, "scanner": "repobility-ast-engine", "fingerprint": "1a0049c77ea0dcc7727c6703b81e55f6cfad52fa882a7211193900ae7fd0e789", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1a0049c77ea0dcc7727c6703b81e55f6cfad52fa882a7211193900ae7fd0e789"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_litellm/proxy/db/db_transaction_queue/test_base_update_queue.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `json` used but not imported: The file uses `json.something(...)` but never imports `json`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 114932, "scanner": "repobility-ast-engine", "fingerprint": "95955371666a2de6652988ef0ae5efc48ec12849fc0d8fe6ed34ce9453efe4af", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95955371666a2de6652988ef0ae5efc48ec12849fc0d8fe6ed34ce9453efe4af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_custom_callback_input.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `queue` used but not imported: The file uses `queue.something(...)` but never imports `queue`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 114930, "scanner": "repobility-ast-engine", "fingerprint": "a52e727ffaf81fa9ff3217ffb312690ceeacfd7bbad582bc8db49c4924ff62d0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a52e727ffaf81fa9ff3217ffb312690ceeacfd7bbad582bc8db49c4924ff62d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/proxy_unit_tests/test_e2e_pod_lock_manager.py"}, "region": {"startLine": 413}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `logging` used but not imported: The file uses `logging.something(...)` but never imports `logging`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 114929, "scanner": "repobility-ast-engine", "fingerprint": "22c6b678a78385fba300ccfc434ed8d010e1a0380e9b6cd9bfd4a06a06397bfb", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22c6b678a78385fba300ccfc434ed8d010e1a0380e9b6cd9bfd4a06a06397bfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/logging_callback_tests/test_unit_test_litellm_logging.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "[MINED107] Missing import: `logging` used but not imported: The file uses `logging.something(...)` but never imports `logging`. This raises NameError at runtime the first time the line executes."}, "properties": {"repobilityId": 114865, "scanner": "repobility-ast-engine", "fingerprint": "bad7a9dca5cccd2c09cdcd7230aa089f8d7a307fd9ad96e819f84bfc583db1d4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bad7a9dca5cccd2c09cdcd7230aa089f8d7a307fd9ad96e819f84bfc583db1d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/main.py"}, "region": {"startLine": 4905}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 114802, "scanner": "repobility-journey-contract", "fingerprint": "a70c5b78693a562c7f24afd41d2a347e237145732475f586a847116517b14b94", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|9417|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ui/litellm-dashboard/src/components/networking.tsx"}, "region": {"startLine": 9417}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 114775, "scanner": "repobility-docker", "fingerprint": "f2bcdf07645dfad882db65d03fb93bf5c59e43738416bb8f4ce4593a4a595998", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "db", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|f2bcdf07645dfad882db65d03fb93bf5c59e43738416bb8f4ce4593a4a595998", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED019", "level": "error", "message": {"text": "[MINED019] Ssti Jinja From String: jinja2.Environment().from_string(user_input) \u2014 full RCE via templates."}, "properties": {"repobilityId": 114621, "scanner": "repobility-threat-engine", "fingerprint": "0f33efab04c10b7f54180627c053659dcaa122837c3cc7dcb1b6e91d4b5ac5a3", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ssti-jinja-from-string", "owasp": "A03:2021", "cwe_ids": ["CWE-94"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347943+00:00", "triaged_in_corpus": 20, "observations_count": 47984, "ai_coder_pattern_id": 34}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0f33efab04c10b7f54180627c053659dcaa122837c3cc7dcb1b6e91d4b5ac5a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "enterprise/litellm_enterprise/enterprise_callbacks/llama_guard.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 114616, "scanner": "repobility-threat-engine", "fingerprint": "757cee56da7776f68536bef6f24fa30f131fb7639175627baaec325a1f8845d9", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://{user}:{token}@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|13|postgresql:// user : token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "litellm/proxy/db/db_url_settings.py"}, "region": {"startLine": 140}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 114615, "scanner": "repobility-threat-engine", "fingerprint": "87553edaac85cb170214bdb49b4f49d312699e10e254840c6e4d1f6ebbd2ad0d", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgresql://llmproxy:dbpassword9090@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|docker-compose.yml|1|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 18}}}]}]}]}