Scan timing: clone 11.56s · analysis 6.71s · 13.6 MB · GitHub API rate-limit (preflight)
https://github.com/ultraworkers/claw-code
· scanned 2026-06-05 04:30 UTC (5 hours, 51 minutes ago)
· 10 languages
179 findings (91 legacy + 88 scanner) 20th percentile · Rust · large (100-500K LoC) Scanner says 72 (lower by 13)
Last scanned 5 hours, 51 minutes ago · v2 · 135 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.
| Component | Sub-score | Weight | Contribution |
|---|---|---|---|
structure_score |
65.0 | 0.15 | 9.75 |
security_score |
35.8 | 0.25 | 8.95 |
testing_score |
51.0 | 0.20 | 10.20 |
documentation_score |
84.0 | 0.15 | 12.60 |
practices_score |
85.0 | 0.15 | 12.75 |
code_quality |
38.9 | 0.10 | 3.89 |
| Overall | 1.00 | 58.1 |
All 663 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
PARITY.md |
software | healthy | PARITY.md |
README.md |
software | healthy | README.md |
CLAUDE.md |
software | healthy | CLAUDE.md |
.claw.json |
software | healthy | .claw.json |
install.sh |
software | healthy | install.sh |
CONTRIBUTING.md |
software | healthy | CONTRIBUTING.md |
how_to_run.md |
software | healthy | how_to_run.md |
PHILOSOPHY.md |
software | healthy | PHILOSOPHY.md |
concept.md |
software | healthy | concept.md |
ROADMAP.md |
software | healthy | ROADMAP.md |
USAGE.md |
software | healthy | USAGE.md |
SUPPORT.md |
software | healthy | SUPPORT.md |
prd.json |
software | healthy | prd.json |
CODE_OF_CONDUCT.md |
software | healthy | CODE_OF_CONDUCT.md |
SECURITY.md |
software | healthy | SECURITY.md |
docker-compose.yml |
software | healthy | docker-compose.yml |
.claude.json |
software | healthy | .claude.json |
__init__.py |
software | healthy | tests/__init__.py |
test_porting_workspace.py |
software | healthy | tests/test_porting_workspace.py |
test_pre_push_hook_contract.py |
software | healthy | tests/test_pre_push_hook_contract.py |
test_security_scope.py |
software | healthy | tests/test_security_scope.py |
test_roadmap_helpers.py |
software | healthy | tests/test_roadmap_helpers.py |
g010-session-hygiene-verification-map.md |
software | healthy | docs/g010-session-hygiene-verification-map.md |
g005-branch-recovery-verification-map.md |
software | healthy | docs/g005-branch-recovery-verification-map.md |
pr-triage-g012-final-gate.json |
software | healthy | docs/pr-triage-g012-final-gate.json |
g010-clone-disambiguation-metadata.md |
software | healthy | docs/g010-clone-disambiguation-metadata.md |
pr-issue-resolution-gate.md |
software | healthy | docs/pr-issue-resolution-gate.md |
g007-plugin-mcp-verification-map.md |
software | healthy | docs/g007-plugin-mcp-verification-map.md |
navigation-file-context.md |
software | healthy | docs/navigation-file-context.md |
g012-final-release-readiness-report.md |
software | healthy | docs/g012-final-release-readiness-report.md |
g007-mcp-lifecycle-mapping.md |
software | healthy | docs/g007-mcp-lifecycle-mapping.md |
g011-acp-json-rpc-status-contract.md |
software | healthy | docs/g011-acp-json-rpc-status-contract.md |
rag-web-ui.md |
software | healthy | docs/rag-web-ui.md |
g013-roadmap-pinpoints-693-695-verification-map.md |
software | healthy | docs/g013-roadmap-pinpoints-693-695-verification-map.md |
personal-assistant-roadmap.md |
software | healthy | docs/personal-assistant-roadmap.md |
anti-slop-triage.md |
software | healthy | docs/anti-slop-triage.md |
roadmap-pr-goals.md |
software | healthy | docs/roadmap-pr-goals.md |
g011-ecosystem-ops-ux-verification-map.md |
software | healthy | docs/g011-ecosystem-ops-ux-verification-map.md |
g002-security-verification-map.md |
software | healthy | docs/g002-security-verification-map.md |
g003-boot-session-verification-map.md |
software | healthy | docs/g003-boot-session-verification-map.md |
g009-windows-docs-release-verification-map.md |
software | healthy | docs/g009-windows-docs-release-verification-map.md |
windows-install-release.md |
software | healthy | docs/windows-install-release.md |
g006-task-policy-board-verification-map.md |
software | healthy | docs/g006-task-policy-board-verification-map.md |
g004-events-reports-verification-map.md |
software | healthy | docs/g004-events-reports-verification-map.md |
local-openai-compatible-providers.md |
software | healthy | docs/local-openai-compatible-providers.md |
container.md |
software | healthy | docs/container.md |
MODEL_COMPATIBILITY.md |
software | healthy | docs/MODEL_COMPATIBILITY.md |
g004-events-reports-contract.md |
software | healthy | docs/g004-events-reports-contract.md |
generate_cc2_board.py |
software | healthy | scripts/generate_cc2_board.py |
roadmap-next-id.sh |
software | healthy | scripts/roadmap-next-id.sh |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
test_manifest_counts_python_files |
software | healthy | tests/test_porting_workspace.py:16 |
test_query_engine_summary_mentions_workspace |
software | healthy | tests/test_porting_workspace.py:21 |
test_cli_summary_runs |
software | healthy | tests/test_porting_workspace.py:27 |
test_parity_audit_runs |
software | healthy | tests/test_porting_workspace.py:36 |
test_root_file_coverage_is_complete_when_local_archive_exis… |
software | healthy | tests/test_porting_workspace.py:45 |
test_command_and_tool_snapshots_are_nontrivial |
software | healthy | tests/test_porting_workspace.py:53 |
test_commands_and_tools_cli_run |
software | healthy | tests/test_porting_workspace.py:57 |
test_subsystem_packages_expose_archive_metadata |
software | healthy | tests/test_porting_workspace.py:73 |
test_route_and_show_entry_cli_run |
software | healthy | tests/test_porting_workspace.py:81 |
test_bootstrap_cli_runs |
software | healthy | tests/test_porting_workspace.py:104 |
test_bootstrap_session_tracks_turn_state |
software | healthy | tests/test_porting_workspace.py:115 |
test_exec_command_and_tool_cli_run |
software | healthy | tests/test_porting_workspace.py:123 |
test_setup_report_and_registry_filters_run |
software | healthy | tests/test_porting_workspace.py:139 |
test_plugin_command_filter_excludes_plugin_sources |
software | healthy | tests/test_porting_workspace.py:162 |
test_plugin_command_aliases_execute_as_local_commands |
software | healthy | tests/test_porting_workspace.py:173 |
test_route_plugin_slash_commands_match_commands |
software | healthy | tests/test_porting_workspace.py:186 |
test_plugin_command_stream_emits_command_match |
software | healthy | tests/test_porting_workspace.py:201 |
test_turn_loop_plugin_commands_are_not_prompt_only |
software | healthy | tests/test_porting_workspace.py:214 |
test_load_session_cli_runs |
software | healthy | tests/test_porting_workspace.py:236 |
test_tool_permission_filtering_cli_runs |
software | healthy | tests/test_porting_workspace.py:250 |
test_turn_loop_cli_runs |
software | healthy | tests/test_porting_workspace.py:260 |
test_remote_mode_clis_run |
software | healthy | tests/test_porting_workspace.py:270 |
test_flush_transcript_cli_runs |
software | healthy | tests/test_porting_workspace.py:278 |
test_command_graph_and_tool_pool_cli_run |
software | healthy | tests/test_porting_workspace.py:287 |
test_setup_report_mentions_deferred_init |
software | healthy | tests/test_porting_workspace.py:293 |
test_execution_registry_runs |
software | healthy | tests/test_porting_workspace.py:303 |
test_bootstrap_graph_and_direct_modes_run |
software | healthy | tests/test_porting_workspace.py:312 |
test_skip_escape_hatch_exits_successfully_with_stderr_notice |
software | healthy | tests/test_pre_push_hook_contract.py:14 |
test_default_build_gate_uses_workspace_locked_cargo_build |
software | healthy | tests/test_pre_push_hook_contract.py:31 |
test_direct_parent_escape_is_denied |
software | healthy | tests/test_security_scope.py:16 |
test_issue_3007_symlink_escape_is_denied |
software | healthy | tests/test_security_scope.py:24 |
test_glob_expansion_must_stay_inside_workspace |
software | healthy | tests/test_security_scope.py:40 |
test_shell_environment_expansion_is_validated |
software | healthy | tests/test_security_scope.py:54 |
test_explicit_worktree_roots_are_allowed |
software | healthy | tests/test_security_scope.py:75 |
test_windows_absolute_paths_are_denied_for_posix_workspace |
software | healthy | tests/test_security_scope.py:88 |
test_file_and_shell_tools_use_workspace_scope_context |
software | healthy | tests/test_security_scope.py:101 |
test_permission_denial_stream_events_expose_status_and_reas… |
software | healthy | tests/test_security_scope.py:120 |
run_next_id |
software | healthy | tests/test_roadmap_helpers.py:17 |
run_dogfood_probe |
software | healthy | tests/test_roadmap_helpers.py:27 |
test_roadmap_next_id_prints_only_next_id_after_duplicate_ch… |
software | healthy | tests/test_roadmap_helpers.py:38 |
test_roadmap_next_id_fails_fast_on_helper_era_duplicate |
software | healthy | tests/test_roadmap_helpers.py:49 |
test_roadmap_next_id_fails_when_explicit_roadmap_path_is_mi… |
software | healthy | tests/test_roadmap_helpers.py:62 |
test_roadmap_next_id_fails_closed_when_checker_is_unavailab… |
software | healthy | tests/test_roadmap_helpers.py:73 |
test_dogfood_probe_runs_explicit_argv_and_separates_channels |
software | healthy | tests/test_roadmap_helpers.py:89 |
test_dogfood_probe_labels_timeout_separately_from_product_e… |
software | healthy | tests/test_roadmap_helpers.py:126 |
test_dogfood_probe_labels_probe_construction_failure |
software | healthy | tests/test_roadmap_helpers.py:139 |
test_dogfood_probe_labels_stdout_json_prefix_failure_as_pro… |
software | healthy | tests/test_roadmap_helpers.py:149 |
sha256_prefix |
software | healthy | scripts/generate_cc2_board.py:87 |
slugify |
software | healthy | scripts/generate_cc2_board.py:91 |
find_source_omx |
software | healthy | scripts/generate_cc2_board.py:96 |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
tests |
software | healthy | tests |
docs |
software | healthy | docs |
scripts |
software | healthy | scripts |
rust |
software | healthy | rust |
scripts |
software | healthy | rust/scripts |
crates |
software | healthy | rust/crates |
compat-harness |
software | healthy | rust/crates/compat-harness |
src |
software | healthy | rust/crates/compat-harness/src |
api |
software | healthy | rust/crates/api |
tests |
software | healthy | rust/crates/api/tests |
src |
software | healthy | rust/crates/api/src |
providers |
software | healthy | rust/crates/api/src/providers |
benches |
software | healthy | rust/crates/api/benches |
commands |
software | healthy | rust/crates/commands |
src |
software | healthy | rust/crates/commands/src |
mock-anthropic-service |
software | healthy | rust/crates/mock-anthropic-service |
src |
software | healthy | rust/crates/mock-anthropic-service/src |
claw-rag-service |
software | healthy | rust/crates/claw-rag-service |
static |
software | healthy | rust/crates/claw-rag-service/static |
src |
software | healthy | rust/crates/claw-rag-service/src |
runtime |
software | healthy | rust/crates/runtime |
tests |
software | healthy | rust/crates/runtime/tests |
fixtures |
software | healthy | rust/crates/runtime/tests/fixtures |
report_schema_v1 |
software | healthy | rust/crates/runtime/tests/fixtures/report_schema_v1 |
src |
software | healthy | rust/crates/runtime/src |
tools |
software | healthy | rust/crates/tools |
tests |
software | healthy | rust/crates/tools/tests |
src |
software | healthy | rust/crates/tools/src |
rusty-claude-cli |
software | healthy | rust/crates/rusty-claude-cli |
tests |
software | healthy | rust/crates/rusty-claude-cli/tests |
src |
software | healthy | rust/crates/rusty-claude-cli/src |
claw-analog |
software | healthy | rust/crates/claw-analog |
src |
software | healthy | rust/crates/claw-analog/src |
telemetry |
software | healthy | rust/crates/telemetry |
src |
software | healthy | rust/crates/telemetry/src |
plugins |
software | healthy | rust/crates/plugins |
bundled |
software | healthy | rust/crates/plugins/bundled |
example-bundled |
software | healthy | rust/crates/plugins/bundled/example-bundled |
hooks |
software | healthy | rust/crates/plugins/bundled/example-bundled/hooks |
sample-hooks |
software | healthy | rust/crates/plugins/bundled/sample-hooks |
hooks |
software | healthy | rust/crates/plugins/bundled/sample-hooks/hooks |
src |
software | healthy | rust/crates/plugins/src |
.github |
software | healthy | .github |
ISSUE_TEMPLATE |
software | healthy | .github/ISSUE_TEMPLATE |
scripts |
software | healthy | .github/scripts |
workflows |
software | healthy | .github/workflows |
src |
software | healthy | src |
types |
software | healthy | src/types |
state |
software | healthy | src/state |
outputStyles |
software | healthy | src/outputStyles |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
PortingWorkspaceTests |
software | healthy | tests/test_porting_workspace.py:15 |
PrePushHookContractTests |
software | healthy | tests/test_pre_push_hook_contract.py:13 |
WorkspacePathScopeTests |
software | healthy | tests/test_security_scope.py:15 |
RoadmapHelperTests |
software | healthy | tests/test_roadmap_helpers.py:37 |
RoadmapRecord |
software | healthy | scripts/generate_cc2_board.py:78 |
ProbeResult |
software | healthy | scripts/dogfood-probe.py:14 |
ToolPool |
software | healthy | src/tool_pool.py:11 |
HistoryEvent |
software | healthy | src/history.py:7 |
HistoryLog |
software | healthy | src/history.py:13 |
DeferredInitResult |
software | healthy | src/deferred_init.py:7 |
DialogLauncher |
software | healthy | src/dialogLaunchers.py:7 |
QueryRequest |
software | healthy | src/query.py:7 |
QueryResponse |
software | healthy | src/query.py:12 |
PrefetchResult |
software | healthy | src/prefetch.py:8 |
QueryEngineConfig |
software | healthy | src/query_engine.py:16 |
TurnResult |
software | healthy | src/query_engine.py:25 |
QueryEnginePort |
software | healthy | src/query_engine.py:36 |
DirectModeReport |
software | healthy | src/direct_modes.py:7 |
RuntimeModeReport |
software | healthy | src/remote_runtime.py:7 |
QueryEngineRuntime |
software | healthy | src/QueryEngine.py:7 |
MirroredCommand |
software | healthy | src/execution_registry.py:10 |
MirroredTool |
software | healthy | src/execution_registry.py:19 |
ExecutionRegistry |
software | healthy | src/execution_registry.py:28 |
CommandExecution |
software | healthy | src/commands.py:14 |
ToolExecution |
software | healthy | src/tools.py:15 |
CostTracker |
software | healthy | src/cost_tracker.py:7 |
PortContext |
software | healthy | src/context.py:8 |
ParityAuditResult |
software | healthy | src/parity_audit.py:74 |
CommandGraph |
software | healthy | src/command_graph.py:10 |
PortManifest |
software | healthy | src/port_manifest.py:13 |
ToolDefinition |
software | healthy | src/Tool.py:7 |
WorkspaceSetup |
software | healthy | src/setup.py:13 |
SetupReport |
software | healthy | src/setup.py:31 |
Subsystem |
software | healthy | src/models.py:7 |
PortingModule |
software | healthy | src/models.py:15 |
PermissionDenial |
software | healthy | src/models.py:23 |
UsageSummary |
software | healthy | src/models.py:30 |
PortingBacklog |
software | healthy | src/models.py:42 |
BootstrapGraph |
software | healthy | src/bootstrap_graph.py:7 |
TranscriptStore |
software | healthy | src/transcript.py:7 |
StoredSession |
software | healthy | src/session_store.py:9 |
ProjectOnboardingState |
software | healthy | src/projectOnboardingState.py:7 |
PathScopeDecision |
software | healthy | src/path_scope.py:17 |
WorkspacePathScope |
software | healthy | src/path_scope.py:25 |
ToolPermissionContext |
software | healthy | src/permissions.py:10 |
RoutedMatch |
software | healthy | src/runtime.py:17 |
RuntimeSession |
software | healthy | src/runtime.py:25 |
PortRuntime |
software | healthy | src/runtime.py:89 |
| Label | Layer | Status | Path |
|---|---|---|---|
auth::rust/crates/tools/src/lib.rs |
security | healthy | rust/crates/tools/src/lib.rs |
auth::rust/crates/runtime/src/config.rs |
security | healthy | rust/crates/runtime/src/config.rs |
auth::rust/crates/rusty-claude-cli/src/main.rs |
security | healthy | rust/crates/rusty-claude-cli/src/main.rs |
auth::docs/pr-triage-g012-final-gate.json |
security | healthy | docs/pr-triage-g012-final-gate.json |
auth::rust/crates/runtime/src/config_validate.rs |
security | healthy | rust/crates/runtime/src/config_validate.rs |
auth::rust/crates/commands/src/lib.rs |
security | healthy | rust/crates/commands/src/lib.rs |
auth::rust/crates/api/src/error.rs |
security | healthy | rust/crates/api/src/error.rs |
auth::rust/crates/runtime/src/mcp_client.rs |
security | healthy | rust/crates/runtime/src/mcp_client.rs |
auth::rust/crates/runtime/src/mcp.rs |
security | healthy | rust/crates/runtime/src/mcp.rs |
auth::src/reference_data/commands_snapshot.json |
security | healthy | src/reference_data/commands_snapshot.json |
auth::src/reference_data/subsystems/constants.json |
security | healthy | src/reference_data/subsystems/constants.json |
auth::rust/crates/runtime/src/mcp_stdio.rs |
security | healthy | rust/crates/runtime/src/mcp_stdio.rs |
auth::rust/crates/runtime/src/lib.rs |
security | healthy | rust/crates/runtime/src/lib.rs |
auth::install.sh |
security | healthy | install.sh |
auth::rust/crates/runtime/src/oauth.rs |
security | healthy | rust/crates/runtime/src/oauth.rs |
auth::rust/crates/api/src/providers/anthropic.rs |
security | healthy | rust/crates/api/src/providers/anthropic.rs |
| Label | Layer | Status | Path |
|---|---|---|---|
build |
cicd | healthy | .github/workflows/rust.yml |
build |
cicd | healthy | .github/workflows/release.yml |
doc-source-of-truth |
cicd | healthy | .github/workflows/rust-ci.yml |
fmt |
cicd | healthy | .github/workflows/rust-ci.yml |
test-workspace |
cicd | healthy | .github/workflows/rust-ci.yml |
clippy-workspace |
cicd | healthy | .github/workflows/rust-ci.yml |
windows-smoke |
cicd | healthy | .github/workflows/rust-ci.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
127.0.0.1 |
network | healthy | rust/crates/api/tests/client_integration.rs |
169.254.0.0 |
network | healthy | rust/crates/runtime/src/remote.rs |
10.0.0.0 |
network | healthy | rust/crates/runtime/src/remote.rs |
172.16.0.0 |
network | healthy | rust/crates/runtime/src/remote.rs |
192.168.0.0 |
network | healthy | rust/crates/runtime/src/remote.rs |
| Label | Layer | Status | Path |
|---|---|---|---|
image::rust/crates/claw-rag-service/Dockerfile |
hardware | healthy | rust/crates/claw-rag-service/Dockerfile |
qdrant |
hardware | healthy | docker-compose.yml |
rag-serve |
hardware | healthy | docker-compose.yml |
rag-ingest |
hardware | healthy | docker-compose.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
port:6333 |
network | healthy | docker-compose.yml |
port:6334 |
network | healthy | docker-compose.yml |
port:8787 |
network | healthy | docker-compose.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
gha::rust |
cicd | healthy | .github/workflows/rust.yml |
gha::release |
cicd | healthy | .github/workflows/release.yml |
gha::rust-ci |
cicd | healthy | .github/workflows/rust-ci.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-knam1n7x |
software | healthy | /tmp/repobility-clone-knam1n7x |
| Label | Layer | Status | Path |
|---|---|---|---|
sqlite |
data | healthy | docker-compose.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
__init__.py |
data | healthy | src/migrations/__init__.py |
| Label | Layer | Status | Path |
|---|---|---|---|
generic_api_key::rust/crates/api/src/providers/anthropic.rs |
security | healthy | rust/crates/api/src/providers/anthropic.rs |
This page is publicly accessible at:
https://repobility.com/scan/8cfe9283-d3dd-47e9-97dc-f9c53760eeed/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/8cfe9283-d3dd-47e9-97dc-f9c53760eeed/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.