https://github.com/langchain-ai/open-swe
· scanned 2026-05-15 18:26 UTC (2 weeks, 6 days ago)
· 10 languages
83 findings (24 legacy + 59 scanner) 75th percentile · Python · medium (20-100K LoC) Scanner says 56 (higher by 21)
Last scanned 2 weeks, 6 days ago · v1 · 21 findings from 1 source. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.
| Component | Sub-score | Weight | Contribution |
|---|---|---|---|
structure_score |
75.0 | 0.15 | 11.25 |
security_score |
78.3 | 0.25 | 19.57 |
testing_score |
85.0 | 0.20 | 17.00 |
documentation_score |
68.6 | 0.15 | 10.29 |
practices_score |
75.0 | 0.15 | 11.25 |
code_quality |
76.6 | 0.10 | 7.66 |
| Overall | 1.00 | 77.0 |
All 1285 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
test_returns_messages_after_last_human |
software | healthy | tests/test_ensure_no_empty_msg.py:14 |
test_returns_all_messages_when_no_human |
software | healthy | tests/test_ensure_no_empty_msg.py:29 |
test_returns_empty_when_human_is_last |
software | healthy | tests/test_ensure_no_empty_msg.py:43 |
test_returns_multiple_messages_after_human |
software | healthy | tests/test_ensure_no_empty_msg.py:55 |
test_returns_true_for_slack_thread_reply |
software | healthy | tests/test_ensure_no_empty_msg.py:74 |
test_returns_true_for_linear_comment |
software | healthy | tests/test_ensure_no_empty_msg.py:81 |
test_returns_false_for_other_tools |
software | healthy | tests/test_ensure_no_empty_msg.py:108 |
test_returns_false_for_empty_list |
software | healthy | tests/test_ensure_no_empty_msg.py:115 |
test_returns_true_when_confirming_completion_called |
software | healthy | tests/test_ensure_no_empty_msg.py:101 |
test_finds_confirming_completion_among_other_messages |
software | healthy | tests/test_ensure_no_empty_msg.py:118 |
_make_runtime |
software | healthy | tests/test_ensure_no_empty_msg.py:130 |
test_returns_none_when_user_messaged |
software | healthy | tests/test_ensure_no_empty_msg.py:133 |
test_returns_none_with_linear_comment |
software | healthy | tests/test_ensure_no_empty_msg.py:147 |
test_injects_no_op_when_user_not_messaged |
software | healthy | tests/test_ensure_no_empty_msg.py:161 |
test_returns_none_when_only_user_messaged |
software | healthy | tests/test_ensure_no_empty_msg.py:177 |
test_get_recent_comments_returns_none_for_empty |
software | healthy | tests/test_recent_comments.py:4 |
test_get_recent_comments_returns_none_when_newest_is_bot_me… |
software | healthy | tests/test_recent_comments.py:8 |
test_get_recent_comments_collects_since_last_bot_message |
software | healthy | tests/test_recent_comments.py:17 |
_set_key |
software | healthy | tests/test_encryption.py:15 |
test_single_key |
software | healthy | tests/test_encryption.py:20 |
test_comma_separated |
software | healthy | tests/test_encryption.py:24 |
test_newline_separated |
software | healthy | tests/test_encryption.py:29 |
test_strips_whitespace_and_empties |
software | healthy | tests/test_encryption.py:34 |
test_missing_env_raises |
software | healthy | tests/test_encryption.py:42 |
test_empty_env_raises |
software | healthy | tests/test_encryption.py:47 |
test_whitespace_only_env_raises |
software | healthy | tests/test_encryption.py:52 |
test_encrypt_decrypt |
software | healthy | tests/test_encryption.py:59 |
test_empty_token_returns_empty |
software | healthy | tests/test_encryption.py:67 |
test_invalid_ciphertext_returns_empty |
software | healthy | tests/test_encryption.py:72 |
test_decrypt_without_key_returns_empty |
software | healthy | tests/test_encryption.py:76 |
test_decrypt_old_ciphertext_after_prepending_new_key |
software | healthy | tests/test_encryption.py:82 |
test_encrypts_under_first_key |
software | healthy | tests/test_encryption.py:95 |
test_decrypt_fails_when_no_key_matches |
software | healthy | tests/test_encryption.py:105 |
test_newline_separated_keys |
software | healthy | tests/test_encryption.py:114 |
test_full_rotation_lifecycle |
software | healthy | tests/test_encryption.py:126 |
_addr_info |
software | healthy | tests/test_http_security.py:24 |
__init__ |
software | healthy | tests/test_http_security.py:117 |
is_redirect |
software | healthy | tests/test_http_security.py:51 |
is_permanent_redirect |
software | healthy | tests/test_http_security.py:55 |
json |
software | healthy | tests/test_http_security.py:58 |
raise_for_status |
software | healthy | tests/test_http_security.py:63 |
test_fetch_url_blocks_private_ip_without_issuing_a_request |
software | healthy | tests/test_http_security.py:68 |
fail_request |
software | healthy | tests/test_http_security.py:193 |
test_fetch_url_blocks_redirects_to_private_ips |
software | healthy | tests/test_http_security.py:83 |
fake_getaddrinfo |
software | healthy | tests/test_http_security.py:188 |
fake_request |
software | healthy | tests/test_http_security.py:166 |
settimeout |
software | healthy | tests/test_http_security.py:127 |
setsockopt |
software | healthy | tests/test_http_security.py:130 |
bind |
software | healthy | tests/test_http_security.py:133 |
connect |
software | healthy | tests/test_http_security.py:136 |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
langgraph.json |
software | healthy | langgraph.json |
README.md |
software | healthy | README.md |
CLAUDE.md |
software | healthy | CLAUDE.md |
INSTALLATION.md |
software | healthy | INSTALLATION.md |
Dockerfile |
software | healthy | Dockerfile |
pyproject.toml |
software | healthy | pyproject.toml |
Makefile |
software | healthy | Makefile |
REVIEWER_DESIGN.md |
software | healthy | REVIEWER_DESIGN.md |
SECURITY.md |
software | healthy | SECURITY.md |
CUSTOMIZATION.md |
software | healthy | CUSTOMIZATION.md |
AGENTS.md |
software | healthy | AGENTS.md |
default_prompt.md |
software | healthy | default_prompt.md |
test_ensure_no_empty_msg.py |
software | healthy | tests/test_ensure_no_empty_msg.py |
test_recent_comments.py |
software | healthy | tests/test_recent_comments.py |
test_encryption.py |
software | healthy | tests/test_encryption.py |
test_http_security.py |
software | healthy | tests/test_http_security.py |
test_model_fallback_middleware.py |
software | healthy | tests/test_model_fallback_middleware.py |
test_reviewer_findings.py |
software | healthy | tests/test_reviewer_findings.py |
test_reviewer_watch.py |
software | healthy | tests/test_reviewer_watch.py |
test_reviewer.py |
software | healthy | tests/test_reviewer.py |
test_proxy_auth.py |
software | healthy | tests/test_proxy_auth.py |
test_reviewer_tools.py |
software | healthy | tests/test_reviewer_tools.py |
test_github_comment_prompts.py |
software | healthy | tests/test_github_comment_prompts.py |
test_auth_sources.py |
software | healthy | tests/test_auth_sources.py |
test_multimodal.py |
software | healthy | tests/test_multimodal.py |
test_github_token_ttl.py |
software | healthy | tests/test_github_token_ttl.py |
test_daytona_integration.py |
software | healthy | tests/test_daytona_integration.py |
test_sanitize_tool_inputs.py |
software | healthy | tests/test_sanitize_tool_inputs.py |
test_slack_feedback.py |
software | healthy | tests/test_slack_feedback.py |
test_repo_extraction.py |
software | healthy | tests/test_repo_extraction.py |
test_refresh_slack_status_middleware.py |
software | healthy | tests/test_refresh_slack_status_middleware.py |
test_notify_step_limit_middleware.py |
software | healthy | tests/test_notify_step_limit_middleware.py |
test_langsmith_sandbox_config.py |
software | healthy | tests/test_langsmith_sandbox_config.py |
test_slack_assistants_status.py |
software | healthy | tests/test_slack_assistants_status.py |
test_slack_context.py |
software | healthy | tests/test_slack_context.py |
test_reviewer_publish.py |
software | healthy | tests/test_reviewer_publish.py |
test_sandbox_paths.py |
software | healthy | tests/test_sandbox_paths.py |
test_public_repo_org_gate.py |
software | healthy | tests/test_public_repo_org_gate.py |
test_github_issue_webhook.py |
software | healthy | tests/test_github_issue_webhook.py |
test_reviewer_diff.py |
software | healthy | tests/test_reviewer_diff.py |
test_sandbox_recovery.py |
software | healthy | tests/middleware/test_sandbox_recovery.py |
vite.config.ts |
software | warning | ui/vite.config.ts |
README.md |
software | healthy | ui/README.md |
package.json |
software | healthy | ui/package.json |
components.json |
software | healthy | ui/components.json |
eslint.config.js |
software | warning | ui/eslint.config.js |
tsconfig.json |
software | healthy | ui/tsconfig.json |
.cta.json |
software | healthy | ui/.cta.json |
manifest.json |
software | healthy | ui/public/manifest.json |
styles.css |
software | healthy | ui/src/styles.css |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
TestGetEveryMessageSinceLastHuman |
software | healthy | tests/test_ensure_no_empty_msg.py:13 |
TestCheckIfModelMessagedUser |
software | healthy | tests/test_ensure_no_empty_msg.py:73 |
TestCheckIfConfirmingCompletion |
software | healthy | tests/test_ensure_no_empty_msg.py:100 |
TestEnsureNoEmptyMsgNotify |
software | healthy | tests/test_ensure_no_empty_msg.py:129 |
TestParseEncryptionKeys |
software | healthy | tests/test_encryption.py:19 |
TestGetEncryptionKeys |
software | healthy | tests/test_encryption.py:41 |
TestSingleKeyRoundtrip |
software | healthy | tests/test_encryption.py:58 |
TestMultiKeyDecrypt |
software | healthy | tests/test_encryption.py:81 |
TestRotationRoundtrip |
software | healthy | tests/test_encryption.py:125 |
FakeResponse |
software | healthy | tests/test_http_security.py:34 |
_FakeSocket |
software | healthy | tests/test_http_security.py:112 |
TestShouldFallback |
software | healthy | tests/test_model_fallback_middleware.py:42 |
TestModelFallbackMiddleware |
software | healthy | tests/test_model_fallback_middleware.py:65 |
_DummyAgent |
software | healthy | tests/test_reviewer.py:11 |
TestConfigureGithubProxy |
software | healthy | tests/test_proxy_auth.py:15 |
TestCreateSandboxWithProxy |
software | healthy | tests/test_proxy_auth.py:122 |
_DummyAgent |
software | healthy | tests/test_proxy_auth.py:184 |
TestRefreshProxyOnSandboxReuse |
software | healthy | tests/test_proxy_auth.py:189 |
_MockResponse |
software | healthy | tests/test_github_token_ttl.py:132 |
_MockHttpxClient |
software | healthy | tests/test_github_token_ttl.py:141 |
_FakeCreateSandboxFromSnapshotParams |
software | healthy | tests/test_daytona_integration.py:9 |
_FakeDaytonaConfig |
software | healthy | tests/test_daytona_integration.py:14 |
_FakeDaytonaSandbox |
software | healthy | tests/test_daytona_integration.py:19 |
TestCoerceInt |
software | healthy | tests/test_sanitize_tool_inputs.py:13 |
TestSanitizeReadFileArgs |
software | healthy | tests/test_sanitize_tool_inputs.py:39 |
_FakeStore |
software | healthy | tests/test_slack_feedback.py:14 |
_FakeClient |
software | healthy | tests/test_slack_feedback.py:25 |
_FakeBackgroundTasks |
software | healthy | tests/test_slack_feedback.py:30 |
_FakeRequest |
software | healthy | tests/test_slack_feedback.py:38 |
TestExtractRepoFromText |
software | healthy | tests/test_repo_extraction.py:11 |
TestLinearWebhookRepoOverride |
software | healthy | tests/test_repo_extraction.py:57 |
TestSlackAssistantStatusMiddleware |
software | healthy | tests/test_refresh_slack_status_middleware.py:16 |
TestNotifyStepLimitReached |
software | healthy | tests/test_notify_step_limit_middleware.py:9 |
_FakeNotFoundError |
software | healthy | tests/test_slack_context.py:22 |
_FakeThreadsClient |
software | healthy | tests/test_slack_context.py:26 |
_FakeClient |
software | healthy | tests/test_slack_context.py:41 |
_FakeRunsClient |
software | healthy | tests/test_slack_context.py:706 |
_FakeThreadsClientForProcess |
software | healthy | tests/test_slack_context.py:710 |
_FakeLangGraphClientForProcess |
software | healthy | tests/test_slack_context.py:714 |
_FakeProvider |
software | healthy | tests/test_sandbox_paths.py:14 |
_FakeSandboxBackend |
software | healthy | tests/test_sandbox_paths.py:30 |
_FakeAsyncClient |
software | healthy | tests/test_public_repo_org_gate.py:353 |
_FakeResponse |
software | healthy | tests/test_public_repo_org_gate.py:367 |
_FakeRunsClient |
software | healthy | tests/test_github_issue_webhook.py:1011 |
_FakeThreadsClient |
software | healthy | tests/test_github_issue_webhook.py:778 |
_FakeLangGraphClient |
software | healthy | tests/test_github_issue_webhook.py:1015 |
FakeSandboxBackend |
software | healthy | tests/middleware/test_sandbox_recovery.py:18 |
ApiError |
software | healthy | ui/src/lib/api.ts:ApiError |
PullRequestRef |
software | healthy | scripts/check_pr_merge_status.py:33 |
Finding |
software | healthy | agent/reviewer_findings.py:55 |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
tests |
software | healthy | tests |
middleware |
software | healthy | tests/middleware |
ui |
software | healthy | ui |
public |
software | healthy | ui/public |
src |
software | healthy | ui/src |
components |
software | healthy | ui/src/components |
ui |
software | healthy | ui/src/components/ui |
lib |
software | healthy | ui/src/lib |
routes |
software | healthy | ui/src/routes |
scripts |
software | healthy | scripts |
agent |
software | healthy | agent |
integrations |
software | healthy | agent/integrations |
middleware |
software | healthy | agent/middleware |
dashboard |
software | healthy | agent/dashboard |
utils |
software | healthy | agent/utils |
tools |
software | healthy | agent/tools |
evals |
software | healthy | evals |
reviewer |
software | healthy | evals/reviewer |
golden_comments |
software | healthy | evals/reviewer/golden_comments |
.github |
software | healthy | .github |
workflows |
software | healthy | .github/workflows |
| Label | Layer | Status | Path |
|---|---|---|---|
POST /webhooks/linear |
api | healthy | agent/webapp.py |
GET /webhooks/linear |
api | healthy | agent/webapp.py |
POST /webhooks/slack |
api | healthy | agent/webapp.py |
GET /webhooks/slack |
api | healthy | agent/webapp.py |
GET /health |
api | healthy | agent/webapp.py |
POST /webhooks/github |
api | healthy | agent/webapp.py |
GET /auth/login |
api | healthy | agent/dashboard/routes.py |
GET /auth/callback |
api | healthy | agent/dashboard/routes.py |
POST /auth/logout |
api | healthy | agent/dashboard/routes.py |
GET /me |
api | healthy | agent/dashboard/routes.py |
GET /options |
api | healthy | agent/dashboard/routes.py |
GET /profile |
api | healthy | agent/dashboard/routes.py |
PUT /profile |
api | healthy | agent/dashboard/routes.py |
GET /admin/profiles |
api | healthy | agent/dashboard/routes.py |
PUT /admin/profiles/{login} |
api | healthy | agent/dashboard/routes.py |
GET /repos |
api | healthy | agent/dashboard/routes.py |
| Label | Layer | Status | Path |
|---|---|---|---|
auth::agent/dashboard/oauth.py |
security | healthy | agent/dashboard/oauth.py |
auth::agent/webapp.py |
security | healthy | agent/webapp.py |
auth::agent/dashboard/__init__.py |
security | healthy | agent/dashboard/__init__.py |
auth::evals/reviewer/golden_comments/keycloak.json |
security | healthy | evals/reviewer/golden_comments/keycloak.json |
auth::agent/utils/github_app.py |
security | healthy | agent/utils/github_app.py |
auth::agent/dashboard/profiles.py |
security | healthy | agent/dashboard/profiles.py |
auth::agent/utils/auth.py |
security | healthy | agent/utils/auth.py |
auth::tests/test_github_token_ttl.py |
security | healthy | tests/test_github_token_ttl.py |
auth::agent/dashboard/routes.py |
security | healthy | agent/dashboard/routes.py |
auth::evals/reviewer/golden_comments/cal_dot_com.json |
security | healthy | evals/reviewer/golden_comments/cal_dot_com.json |
auth::ui/src/lib/api.ts |
security | healthy | ui/src/lib/api.ts |
auth::evals/reviewer/golden_comments/sentry.json |
security | healthy | evals/reviewer/golden_comments/sentry.json |
auth::agent/tools/publish_review.py |
security | healthy | agent/tools/publish_review.py |
| Label | Layer | Status | Path |
|---|---|---|---|
lint |
cicd | healthy | .github/workflows/ci.yml |
format |
cicd | healthy | .github/workflows/ci.yml |
unit-tests |
cicd | healthy | .github/workflows/ci.yml |
promote |
cicd | healthy | .github/workflows/promote_main_to_prod.yml |
lint-pr-title |
cicd | healthy | .github/workflows/pr_lint.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
/profile |
frontend | healthy | ui/src/routeTree.gen.ts |
/login |
frontend | healthy | ui/src/routeTree.gen.ts |
/admin |
frontend | healthy | ui/src/routeTree.gen.ts |
/ |
frontend | healthy | ui/src/routeTree.gen.ts |
| Label | Layer | Status | Path |
|---|---|---|---|
169.254.169.254 |
network | healthy | tests/test_http_security.py |
93.184.216.34 |
network | healthy | tests/test_http_security.py |
127.0.0.1 |
network | healthy | tests/test_http_security.py |
| Label | Layer | Status | Path |
|---|---|---|---|
gha::ci |
cicd | healthy | .github/workflows/ci.yml |
gha::promote_main_to_prod |
cicd | healthy | .github/workflows/promote_main_to_prod.yml |
gha::pr_lint |
cicd | healthy | .github/workflows/pr_lint.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-pgksiw1b |
software | healthy | /tmp/repobility-clone-pgksiw1b |
| Label | Layer | Status | Path |
|---|---|---|---|
image::Dockerfile |
hardware | healthy | Dockerfile |
| Label | Layer | Status | Path |
|---|---|---|---|
GITHUB_TOKEN |
cicd | healthy | — |
This page is publicly accessible at:
https://repobility.com/scan/84185a6f-2eeb-46e0-bfee-d2783a33b5d6/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/84185a6f-2eeb-46e0-bfee-d2783a33b5d6/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.