{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "AIC009", "name": "Multiple AI-agent scaffold marker files are present", "shortDescription": {"text": "Multiple AI-agent scaffold marker files are present"}, "fullDescription": {"text": "Repositories with several agent instruction, progress, or completion marker files are often generated scaffolds. They are not automatically wrong, but they deserve a reachability and ownership review before users treat the code as production-ready."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC018", "name": "[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents ", "shortDescription": {"text": "[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but they can leak live secrets through logs, she"}, "fullDescription": {"text": "Remove the command, use a secret manager or CI masked secret, and rotate any credential that may have been printed."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/359"}, "properties": {"repository": "affaan-m/everything-claude-code", "repoUrl": "https://github.com/affaan-m/everything-claude-code.git", "branch": "main"}, "results": [{"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 11386, "scanner": "repobility-threat-engine", "fingerprint": "ede792666cc97a00818daf155ec7d6cdfe14b5e59d8390c24470ecddc2a3c222", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ede792666cc97a00818daf155ec7d6cdfe14b5e59d8390c24470ecddc2a3c222"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/instinct-cli.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11379, "scanner": "repobility-ai-code-hygiene", "fingerprint": "308725070062f493313aa620430d7c9a5eabe2279cd9a11f3c1c62ab0708fe69", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/catalog.js", "duplicate_line": 77, "correlation_key": "fp|308725070062f493313aa620430d7c9a5eabe2279cd9a11f3c1c62ab0708fe69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/install-plan.js"}, "region": {"startLine": 103}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11378, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6bb34d6a60288a4be50433c0bfdb38b31373d47c62b24f2e0604ac8bf7883b31", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/session-activity-tracker.js", "duplicate_line": 517, "correlation_key": "fp|6bb34d6a60288a4be50433c0bfdb38b31373d47c62b24f2e0604ac8bf7883b31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/session-end-marker.js"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11377, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdf22ef67b0a37d1d9044d3197730c08dd2fb85c1b37e4f51cb14d08ceae6fb2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/mcp-health-check.js", "duplicate_line": 78, "correlation_key": "fp|cdf22ef67b0a37d1d9044d3197730c08dd2fb85c1b37e4f51cb14d08ceae6fb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/run-with-flags.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11376, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7da866c2c0454a77aa5562d3702319c4e295afa0b9d285344134ba0c8e806d0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/governance-capture.js", "duplicate_line": 210, "correlation_key": "fp|b7da866c2c0454a77aa5562d3702319c4e295afa0b9d285344134ba0c8e806d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/run-with-flags.js"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11375, "scanner": "repobility-ai-code-hygiene", "fingerprint": "91c1932f20fb185975beb1f24838129f106d8e24cc643bbf33882e6e60ccc85c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/post-bash-build-complete.js", "duplicate_line": 12, "correlation_key": "fp|91c1932f20fb185975beb1f24838129f106d8e24cc643bbf33882e6e60ccc85c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/pre-bash-tmux-reminder.js"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bd45cdedd9ef1cd06a224e920b86e692d20d80d011a34d13151a9b661f16af5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/pre-bash-git-push-reminder.js", "duplicate_line": 14, "correlation_key": "fp|4bd45cdedd9ef1cd06a224e920b86e692d20d80d011a34d13151a9b661f16af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/pre-bash-tmux-reminder.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06152f4dc08dfb51a28bea5669b0931e24b1079179d04695df4eec7511fbd7ee", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/post-bash-build-complete.js", "duplicate_line": 12, "correlation_key": "fp|06152f4dc08dfb51a28bea5669b0931e24b1079179d04695df4eec7511fbd7ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/pre-bash-git-push-reminder.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d539f63de460e29166ad1589b99bf6c3a8cd2970cc531650c04c33be0d700dc", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/ecc-metrics-bridge.js", "duplicate_line": 130, "correlation_key": "fp|2d539f63de460e29166ad1589b99bf6c3a8cd2970cc531650c04c33be0d700dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/post-edit-accumulator.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11371, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fada5d63b9b953a299109d2972e993f5a87797829bc4be7969c3d2144efe8d76", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/post-bash-build-complete.js", "duplicate_line": 14, "correlation_key": "fp|fada5d63b9b953a299109d2972e993f5a87797829bc4be7969c3d2144efe8d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/post-bash-pr-created.js"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11370, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37e47363a17518b732fa9cc18dde2250f2e89e5455cb0734e00186d8701feab2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/observe-runner.js", "duplicate_line": 18, "correlation_key": "fp|37e47363a17518b732fa9cc18dde2250f2e89e5455cb0734e00186d8701feab2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/plugin-hook-bootstrap.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11369, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f078f0046cb5d45586953c993484bfad0908ae5744118641d3e3255e214a732", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/governance-capture.js", "duplicate_line": 208, "correlation_key": "fp|5f078f0046cb5d45586953c993484bfad0908ae5744118641d3e3255e214a732"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/mcp-health-check.js"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11368, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2988f6330b7a77e10036dadd6f59f91e752279ceecc72c130c679ff6b0ebba22", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".codebuddy/install.js", "duplicate_line": 94, "correlation_key": "fp|2988f6330b7a77e10036dadd6f59f91e752279ceecc72c130c679ff6b0ebba22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codebuddy/uninstall.js"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 11367, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d56a4f7d0ce84454a039e71d628f804cda981b2584caa8fd99fb45866716471", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8d56a4f7d0ce84454a039e71d628f804cda981b2584caa8fd99fb45866716471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/auto-update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC009", "level": "note", "message": {"text": "Multiple AI-agent scaffold marker files are present"}, "properties": {"repobilityId": 11366, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb", "category": "quality", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains several AI-agent scaffold marker files.", "evidence": {"markers": [".github/copilot-instructions.md", "AGENTS.md", "CLAUDE.md"], "rule_id": "AIC009", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/copilot-instructions.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 11384, "scanner": "repobility-threat-engine", "fingerprint": "2848741efcf49971a66f01c8f0159413b53b0a5d99716b985fc36987ac6d67e3", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|scripts/loop-status.js|643|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/loop-status.js"}, "region": {"startLine": 643}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 11383, "scanner": "repobility-threat-engine", "fingerprint": "d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d438fc2d14c63660d615290dceab2a5421ef5f4c5a8a429a3564895c539fbbc1"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 11382, "scanner": "repobility-threat-engine", "fingerprint": "0fa83ab8218d381bdcdc72f26ca59163da7ddf802b1ce5233a886583d7770c1a", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "console.log(`  Environment var: ${process.env.CLAUDE_PACKAGE_MANAGER || 'not set'}`)", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|7|console.log environment var: token not set"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/setup-package-manager.js"}, "region": {"startLine": 76}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 11381, "scanner": "repobility-threat-engine", "fingerprint": "c94b5faa03553085d5b8d9c063bb11d305153c2a868d3b1795f1e79939e60f4b", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error('[ECC] WARNING: Potential secret detected in prompt!')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|. token|1|console.error ecc warning: potential secret detected in prompt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".cursor/hooks/before-submit-prompt.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC018", "level": "error", "message": {"text": "[SEC018] AI-Agent Secret Retrieval Command: A command that prints or embeds credentials was committed. AI coding agents often add these commands while trying to help with setup or deployment, but they can leak live secrets through logs, shell history, CI output, or documentation."}, "properties": {"repobilityId": 11385, "scanner": "repobility-threat-engine", "fingerprint": "fb317cce3c95f527789dd784de1cdb34e86f3e8cbc810d15e021de5477057986", "category": "credential_exposure", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "gh auth token", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC018", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|6|gh auth token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/codex/merge-mcp-config.js"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 11380, "scanner": "repobility-threat-engine", "fingerprint": "38180df9e594e83c1dafac6db6fe141c0fcaf1448b7c1a1cedefe5d187d2a913", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "console.log(`Estimated tokens: ${m.tokenEstimate}`)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|scripts/claw.js|42|console.log estimated tokens: m.tokenestimate"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/claw.js"}, "region": {"startLine": 430}}}]}]}]}