{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC002", "name": "[AUC002] Low visible authorization coverage in route inventory: Only 37.5% of discovered routes show nearby authenticati", "shortDescription": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 37.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "fullDescription": {"text": "Only 37.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.74, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "SEC125", "name": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeh", "shortDescription": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim "}, "fullDescription": {"text": "Replace with env lookup: `API_KEY = os.environ['SERVICE_API_KEY']`. Move actual key to a secret manager. Add a startup check that the env var is non-empty so missing config fails loudly instead of shipping the placeholder."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC005", "name": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.", "shortDescription": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "fullDescription": {"text": "Use subprocess with shell=False and a list of args. Never eval user input."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "SEC034", "name": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines o", "shortDescription": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (S"}, "fullDescription": {"text": "Strip control characters before logging:\n  safe = user_input.replace('\\n','').replace('\\r','').replace('\\x00','')\n  logger.info('User action: %s', safe)\nAlways use parameterized logging (`%s` + args), never f-strings or string concat \u2014 that's also what mitigates log4shell-style attacks. For structured logging, use a JSON formatter that escapes values."}, "properties": {"scanner": "repobility-threat-engine", "category": "log_injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AUC005", "name": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or sup", "shortDescription": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "fullDescription": {"text": "No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "low", "confidence": 0.76, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `copy_dataset_files` has cognitive complexity 9 (SonarSource scale). Cogni", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `copy_dataset_files` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recur"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 9."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code.", "shortDescription": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "fullDescription": {"text": "Use environment variables. Add the pattern to .gitignore."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/runs/{run_name}/gens/{gen"}, "fullDescription": {"text": "A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/runs/{run_name}/gens/{gen_name}/trajectory/{qid}."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "CWE-639", "owasp": "API1:2023 Broken Object Level Authorization"}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED034", "name": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.", "shortDescription": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-78 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`", "shortDescription": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "fullDescription": {"text": "`uses: pypa/gh-action-pypi-publish@release/v1` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self.dataset_dir` used but never assigned in __init__", "shortDescription": {"text": "`self.dataset_dir` used but never assigned in __init__"}, "fullDescription": {"text": "Method `abs_dataset_dir` of class `TaskLayout` reads `self.dataset_dir`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_invalid_client_kind_raises", "shortDescription": {"text": "Phantom test coverage: test_invalid_client_kind_raises"}, "fullDescription": {"text": "Test function `test_invalid_client_kind_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1320"}, "properties": {"repository": "hexo-ai/sia", "repoUrl": "https://github.com/hexo-ai/sia", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 134753, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 134752, "scanner": "repobility-journey-contract", "fingerprint": "8006fb7290e092344da0067b9b7f4e0ac9c2509d494331f957ea7431a8c086c9", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/runs/{param}/gens/{param}/artifact/improvement", "correlation_key": "fp|8006fb7290e092344da0067b9b7f4e0ac9c2509d494331f957ea7431a8c086c9", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/web/static/index.html"}, "region": {"startLine": 449}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 134751, "scanner": "repobility-journey-contract", "fingerprint": "29124541d256c6740a9183c0d613e0840c50ecbd83bf2ca6e1b3018e25c1c4b2", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/runs/{param}/gens/{param}/artifact/target_agent", "correlation_key": "fp|29124541d256c6740a9183c0d613e0840c50ecbd83bf2ca6e1b3018e25c1c4b2", "backend_endpoint_count": 8}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/web/static/index.html"}, "region": {"startLine": 429}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 134749, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 32, "file_path": "sia/web/server.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC002", "level": "warning", "message": {"text": "[AUC002] Low visible authorization coverage in route inventory: Only 37.5% of discovered routes show nearby authentication, authorization, middleware, or public-route evidence."}, "properties": {"repobilityId": 134747, "scanner": "repobility-access-control", "fingerprint": "ebd2f6338325f67f3e5d05915bf1e6c5440c9a5ce8207411f415b723772ff1f8", "category": "auth", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "endpoint_count": 8, "correlation_key": "fp|ebd2f6338325f67f3e5d05915bf1e6c5440c9a5ce8207411f415b723772ff1f8", "auth_visible_percent": 37.5}}}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 134746, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "SEC125", "level": "warning", "message": {"text": "[SEC125] AI placeholder credential left in source (your-api-key-here style): AI coding assistants frequently emit placeholder credentials shaped like `API_KEY = \"your-api-key-here\"` instead of pulling from env. These get committed verbatim \u2014 production code with a literal placeholder string is a near-certain bug, and the value also leaks what credential type the system expects to authentication crawlers. CWE-1188. Distinctive AI footprint: the exact phrase shape `your-X-here` is uncommon in hand"}, "properties": {"repobilityId": 134744, "scanner": "repobility-threat-engine", "fingerprint": "d55b1f60859c248a34823c10311c21a5568b999fad1afdca8c96ac167179e661", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "API_KEY='<redacted>", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC125", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d55b1f60859c248a34823c10311c21a5568b999fad1afdca8c96ac167179e661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/longcot-chess/reference/reference_target_agent.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 134730, "scanner": "repobility-threat-engine", "fingerprint": "75568b85949d27d6dd72b95db24876bb6705806ca7ff65d43799069fc1cd873d", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable Collapsed 1 duplicate scanner signal(s) for the same underlying issue.", "evidence": {"match": "subprocess.run(\n            command,\n            shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|token|73|sec005", "duplicate_count": 1, "duplicate_rule_ids": ["SEC005"], "duplicate_scanners": ["repobility-threat-engine"], "duplicate_fingerprints": ["588af72615ff8877b087985f3bf31955a84b5cf48b368815abe478d781b0dada", "75568b85949d27d6dd72b95db24876bb6705806ca7ff65d43799069fc1cd873d"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/_shared/reference_target_agent.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC005", "level": "warning", "message": {"text": "[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input."}, "properties": {"repobilityId": 134729, "scanner": "repobility-threat-engine", "fingerprint": "2a5764ae39c4f1d732fb1d83f101f18f108c6696537d947d1994f3a34d830916", "category": "injection", "severity": "medium", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "shell=True detected \u2014 verify command source is not user-controllable", "evidence": {"match": "subprocess.run(\n                command,\n                shell=True", "reason": "shell=True detected \u2014 verify command source is not user-controllable", "rule_id": "SEC005", "scanner": "repobility-threat-engine", "confidence": 0.5, "correlation_key": "code|injection|sia/backends/pydantic_ai.py|78|sec005"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/backends/pydantic_ai.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC034", "level": "warning", "message": {"text": "[SEC034] Log Injection / Log Forging \u2014 unsanitized user input in log: User input is logged without sanitizing newlines or control characters. Attackers inject `\\n` to forge fake log entries, hide tracks, or exploit downstream log parsers (SIEM, splunk). Combined with template injection this can escalate to RCE (CVE-2021-44228 log4shell). CWE-117."}, "properties": {"repobilityId": 134720, "scanner": "repobility-threat-engine", "fingerprint": "744107b13f713eede65f120533527c5fbf761c41bf780d3c0e35b648f97c7eee", "category": "log_injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "logger.debug(f\"   Input: {input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC034", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|744107b13f713eede65f120533527c5fbf761c41bf780d3c0e35b648f97c7eee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/backends/claude.py"}, "region": {"startLine": 72}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134703, "scanner": "repobility-ast-engine", "fingerprint": "56294fde743927d0ce1f08a7841d80763263f572d66ca904482965fe4b92d78b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|56294fde743927d0ce1f08a7841d80763263f572d66ca904482965fe4b92d78b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/spaceship-titanic/reference/reference_target_agent.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134702, "scanner": "repobility-ast-engine", "fingerprint": "1d57f0b8f5918abf983552fbddce38ad783fbf59b45b4176911a4b67d7436b1a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d57f0b8f5918abf983552fbddce38ad783fbf59b45b4176911a4b67d7436b1a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/spaceship-titanic/reference/reference_target_agent.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134701, "scanner": "repobility-ast-engine", "fingerprint": "b4fd100c5b37afb84f225b682d237d17c1f5b88efe23ed899eb75ff216efde42", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b4fd100c5b37afb84f225b682d237d17c1f5b88efe23ed899eb75ff216efde42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/spaceship-titanic/reference/reference_target_agent.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134700, "scanner": "repobility-ast-engine", "fingerprint": "66d1267e3160be64d82adea0ae3a92ee102e52eacea1c470e90c164988ee0b82", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|66d1267e3160be64d82adea0ae3a92ee102e52eacea1c470e90c164988ee0b82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/lawbench/data/public/evaluate.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134699, "scanner": "repobility-ast-engine", "fingerprint": "eb30c9633b504baef8272d18c664fc30a6305196f6f915d068684dfd32873028", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|eb30c9633b504baef8272d18c664fc30a6305196f6f915d068684dfd32873028"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/longcot-chess/reference/reference_target_agent.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134698, "scanner": "repobility-ast-engine", "fingerprint": "cd6510c6b460a6980b1e8ec52758eb87b1cb7902feedb34143af2e9f7cf7402a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cd6510c6b460a6980b1e8ec52758eb87b1cb7902feedb34143af2e9f7cf7402a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/longcot-chess/reference/reference_target_agent.py"}, "region": {"startLine": 139}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134697, "scanner": "repobility-ast-engine", "fingerprint": "5c30c71d80a321ed38665cb0571a090a4993e2da588fa9090ff3a27e7ec9ef4e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5c30c71d80a321ed38665cb0571a090a4993e2da588fa9090ff3a27e7ec9ef4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/gpqa/reference/reference_target_agent.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134696, "scanner": "repobility-ast-engine", "fingerprint": "8755fa4eb0a68a7ca811e1ddcd1ed95f2e7c4467b2299a4c04a8451210ac5042", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8755fa4eb0a68a7ca811e1ddcd1ed95f2e7c4467b2299a4c04a8451210ac5042"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/gpqa/reference/reference_target_agent.py"}, "region": {"startLine": 162}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134695, "scanner": "repobility-ast-engine", "fingerprint": "9cca7217650531e9791da525af3bda35f7ecb5903c039cb8daa7e78f82034363", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9cca7217650531e9791da525af3bda35f7ecb5903c039cb8daa7e78f82034363"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/_shared/reference_target_agent.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134694, "scanner": "repobility-ast-engine", "fingerprint": "fb545d6aa9aa19d762f6807e0ce2240428368202d43d41b0b3751787e2b73f50", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb545d6aa9aa19d762f6807e0ce2240428368202d43d41b0b3751787e2b73f50"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/_shared/reference_target_agent.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134693, "scanner": "repobility-ast-engine", "fingerprint": "07613e3fcb5baff85ed0599585b1e588d3ed02c88117177273622eba2c4866c0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07613e3fcb5baff85ed0599585b1e588d3ed02c88117177273622eba2c4866c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/_shared/reference_target_agent.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134692, "scanner": "repobility-ast-engine", "fingerprint": "fcf592720f95c7bf0b6c58883fd7aae3d7149945a8135af1955e06903fdbc9f3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fcf592720f95c7bf0b6c58883fd7aae3d7149945a8135af1955e06903fdbc9f3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/_shared/reference_target_agent.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 134691, "scanner": "repobility-ast-engine", "fingerprint": "2c32f146a2d380e95fcf88eb80647b20e90038abe1e9a5cf1466154950349ad5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2c32f146a2d380e95fcf88eb80647b20e90038abe1e9a5cf1466154950349ad5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/prepare_mlebench_dataset.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "AUC005", "level": "note", "message": {"text": "[AUC005] No authorization-focused tests detected: No test files with common authorization, ownership, 403, admin, or super_admin assertions were found."}, "properties": {"repobilityId": 134750, "scanner": "repobility-access-control", "fingerprint": "c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e", "category": "auth", "severity": "low", "confidence": 0.76, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["FastAPI"], "correlation_key": "fp|c58bb88e6682225dc480b3036f30153044953a3d94f500396678a77324e8d30e"}}}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `copy_dataset_files` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, if=5, nested_bonus=2."}, "properties": {"repobilityId": 134723, "scanner": "repobility-threat-engine", "fingerprint": "fa56cd74615c6da3c5fc6dace488a79d1c8652be77796f7b8694cf2fde67c116", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "copy_dataset_files", "breakdown": {"if": 5, "else": 2, "nested_bonus": 2}, "complexity": 9, "correlation_key": "fp|fa56cd74615c6da3c5fc6dace488a79d1c8652be77796f7b8694cf2fde67c116"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/prepare_mlebench_dataset.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `resolve_task_dir` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: if=4, nested_bonus=3, ternary=1."}, "properties": {"repobilityId": 134722, "scanner": "repobility-threat-engine", "fingerprint": "77cd7cf78612df82f74000f55272c616019e4198381059b0a11b4ce8117cb7d0", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "resolve_task_dir", "breakdown": {"if": 4, "ternary": 1, "nested_bonus": 3}, "complexity": 8, "correlation_key": "fp|77cd7cf78612df82f74000f55272c616019e4198381059b0a11b4ce8117cb7d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 134661, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3ef7a14d9e3d6ff5e765e5aaadfbf445cc4ab0c541436731cef380a3bdaace4e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "sia/tasks/_shared/reference_target_agent.py", "duplicate_line": 1, "correlation_key": "fp|3ef7a14d9e3d6ff5e765e5aaadfbf445cc4ab0c541436731cef380a3bdaace4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/spaceship-titanic/reference/reference_target_agent.py"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 134745, "scanner": "repobility-threat-engine", "fingerprint": "99c4f24a5a747ab92d8a231e04846b3dba9465f4ff68046a7ffc48fdddfdf2d1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99c4f24a5a747ab92d8a231e04846b3dba9465f4ff68046a7ffc48fdddfdf2d1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/web/server.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "SEC002", "level": "none", "message": {"text": "[SEC002] Hardcoded API Key: Hardcoded API key found in source code."}, "properties": {"repobilityId": 134743, "scanner": "repobility-threat-engine", "fingerprint": "82a9ea9703936330436950f75849f19e6e2f51d784aafdcd978c24452548672b", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Value looks like a development placeholder, not a live credential", "evidence": {"match": "API_KEY='<redacted>'", "reason": "Value looks like a development placeholder, not a live credential", "rule_id": "SEC002", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|28|api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/longcot-chess/reference/reference_target_agent.py"}, "region": {"startLine": 285}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134742, "scanner": "repobility-threat-engine", "fingerprint": "5c11d6873af0f6681852b38e5bb3abf922162858215b64a1cc8cc55a5d828955", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c11d6873af0f6681852b38e5bb3abf922162858215b64a1cc8cc55a5d828955"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/gpqa/reference/reference_target_agent.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 134741, "scanner": "repobility-threat-engine", "fingerprint": "79f7b28e26817cc969444e598a7aab3605f95292f990c993c1ed0ea6965422e5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|79f7b28e26817cc969444e598a7aab3605f95292f990c993c1ed0ea6965422e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/_shared/reference_target_agent.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 134739, "scanner": "repobility-threat-engine", "fingerprint": "7b3a0daa1a3b4c0b0378fa696e1fd987328a7ced51c3b886c633ace99b5cd5f0", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7b3a0daa1a3b4c0b0378fa696e1fd987328a7ced51c3b886c633ace99b5cd5f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/longcot-chess/reference/reference_target_agent.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 134738, "scanner": "repobility-threat-engine", "fingerprint": "423b29b484ff0416c6c440ead602f4837caebd462806f68fc01ecda75b8fc73c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|423b29b484ff0416c6c440ead602f4837caebd462806f68fc01ecda75b8fc73c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/prepare_mlebench_dataset.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 134737, "scanner": "repobility-threat-engine", "fingerprint": "bb073d169e432edd80ad520c2365fa126e348646d562af5169f91fd938623995", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|bb073d169e432edd80ad520c2365fa126e348646d562af5169f91fd938623995", "aggregated_count": 3}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 134736, "scanner": "repobility-threat-engine", "fingerprint": "ee3ac8aa5e087b49b2e2868f3e9a676af8a057a8b2bf599aa6aaca37dd7dc41d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ee3ac8aa5e087b49b2e2868f3e9a676af8a057a8b2bf599aa6aaca37dd7dc41d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/profiles.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 134735, "scanner": "repobility-threat-engine", "fingerprint": "a3e480421f99d85d3d3ef9c453e98aaff4ef043ae7a955066d388b8bef41d0e8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a3e480421f99d85d3d3ef9c453e98aaff4ef043ae7a955066d388b8bef41d0e8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 134734, "scanner": "repobility-threat-engine", "fingerprint": "c007cc125334d2f89ea741a916b5cd98a1f33cd05b9330adecb4d43359873a5c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c007cc125334d2f89ea741a916b5cd98a1f33cd05b9330adecb4d43359873a5c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/config.py"}, "region": {"startLine": 11}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 134728, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 134727, "scanner": "repobility-threat-engine", "fingerprint": "716f43bd48e00af92de9ce1e91b8cd282174ce6db8f1e733c5c461a5b7890e7f", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "print(\"  \u26a0 No GEMINI_API_KEY environment variable set. Skipping similar tasks generation.\")", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|11|print no gemini_api_key environment variable set. skipping similar tasks generation."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/prepare_mlebench_dataset.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 134726, "scanner": "repobility-threat-engine", "fingerprint": "58457c01402f03d9ab3682ce3da1cef323fd4fe1a5053926e33283a0c3ab1302", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "logger.warning(f\"No API key found for model {model_name}. Using LLM_API_KEY if available.\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|sia/backends/openhands.py|5|logger.warning f no api key found for model model_name . using llm_api_key if available."}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/backends/openhands.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 134724, "scanner": "repobility-threat-engine", "fingerprint": "79d352d73437ebd7dfb28aea2dab6bd7823e8d3a3a6573567ca5ec0771ab478c", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "run_agent_claude", "breakdown": {"if": 8, "for": 2, "elif": 2, "except": 2, "ternary": 1, "nested_bonus": 44}, "aggregated": true, "complexity": 59, "correlation_key": "fp|79d352d73437ebd7dfb28aea2dab6bd7823e8d3a3a6573567ca5ec0771ab478c", "aggregated_count": 13}}}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/runs/{run_name}/gens/{gen_name}/trajectory/{qid}."}, "properties": {"repobilityId": 134748, "scanner": "repobility-access-control", "fingerprint": "07a53f8784399c93c3c6d715c7e1f14cbd20450a71e0da6c591c772ddfbfe25f", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/runs/{run_name}/gens/{gen_name}/trajectory/{qid}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|sia/web/server.py|59|cwe-639", "identity_targets": ["unknown", "owner", "super_admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/web/server.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 134740, "scanner": "repobility-threat-engine", "fingerprint": "fa03af7377f586a2211a0f0c456ebc757ee21321444525ce2a7bb933991cf546", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "venv.create(venv_dir, with_pip=True)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fa03af7377f586a2211a0f0c456ebc757ee21321444525ce2a7bb933991cf546"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/run_setup.py"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 134733, "scanner": "repobility-threat-engine", "fingerprint": "51480cdc6e7ebab5bd786a88f965fc4951374fac304aa59ecc55f84c3f1ee784", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|51480cdc6e7ebab5bd786a88f965fc4951374fac304aa59ecc55f84c3f1ee784"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/spaceship-titanic/reference/reference_target_agent.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 134732, "scanner": "repobility-threat-engine", "fingerprint": "c7f4c3a05efc14b479ae20b2cf644fb4efe86da3cafcaba70599d33a8e5b623b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c7f4c3a05efc14b479ae20b2cf644fb4efe86da3cafcaba70599d33a8e5b623b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/_shared/reference_target_agent.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED034", "level": "error", "message": {"text": "[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection."}, "properties": {"repobilityId": 134731, "scanner": "repobility-threat-engine", "fingerprint": "c33ba1b60b78b00f23bb8a4352e8ad33c951c0edc554d4d8b5f93b29f9382ee9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-subprocess-shell-true", "owasp": null, "cwe_ids": ["CWE-78"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347977+00:00", "triaged_in_corpus": 15, "observations_count": 3478, "ai_coder_pattern_id": 118}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c33ba1b60b78b00f23bb8a4352e8ad33c951c0edc554d4d8b5f93b29f9382ee9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/backends/pydantic_ai.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 134725, "scanner": "repobility-threat-engine", "fingerprint": "3bc2e02c45b0cfeebf262997ab975b11038f1f986890efb2266d3d67bea453e1", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"  Total tokens: {summary['total_prompt_tokens'] + summary['total_completion_tokens']}\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|23|print f total tokens: summary total_prompt_tokens + summary total_completion_tokens"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/tasks/longcot-chess/reference/reference_target_agent.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "COMP001", "level": "error", "message": {"text": "[COMP001] High cognitive complexity: Function `run_agent_claude` has cognitive complexity 59 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, except=2, for=2, if=8, nested_bonus=44, ternary=1."}, "properties": {"repobilityId": 134721, "scanner": "repobility-threat-engine", "fingerprint": "75f177782dc85e9a4fa90baa87671974ab227ff0ddeebfebd29127edf7bd488f", "category": "quality", "severity": "high", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 59 (severity threshold for high: 25+).", "evidence": {"scanner": "repobility-threat-engine", "function": "run_agent_claude", "breakdown": {"if": 8, "for": 2, "elif": 2, "except": 2, "ternary": 1, "nested_bonus": 44}, "complexity": 59, "correlation_key": "fp|75f177782dc85e9a4fa90baa87671974ab227ff0ddeebfebd29127edf7bd488f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/backends/claude.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `pypa/gh-action-pypi-publish` pinned to mutable ref `@release/v1`"}, "properties": {"repobilityId": 134719, "scanner": "repobility-supply-chain", "fingerprint": "4d225a43ca41f84dbf9d0f8741b3de525dfefa95d97cf0e8e302e1e1047509e3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4d225a43ca41f84dbf9d0f8741b3de525dfefa95d97cf0e8e302e1e1047509e3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134718, "scanner": "repobility-supply-chain", "fingerprint": "d005355b101da60aae158c38290e19ca9b8483c5674883fd3bc698049d11fb35", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d005355b101da60aae158c38290e19ca9b8483c5674883fd3bc698049d11fb35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134717, "scanner": "repobility-supply-chain", "fingerprint": "2411bca95d8000c3ed4f87a0a98314018e0fb5c809094104c3b1f26510c2cf8d", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2411bca95d8000c3ed4f87a0a98314018e0fb5c809094104c3b1f26510c2cf8d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134716, "scanner": "repobility-supply-chain", "fingerprint": "021b94e257e34270e4fd9c42e791f2798585356c6827770c7343e6df1080f429", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|021b94e257e34270e4fd9c42e791f2798585356c6827770c7343e6df1080f429"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134715, "scanner": "repobility-supply-chain", "fingerprint": "a98fe52cc489e1fde0c4f3ef17a137168a5b0c1c566011ee2e0c2a9537a8e87a", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a98fe52cc489e1fde0c4f3ef17a137168a5b0c1c566011ee2e0c2a9537a8e87a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134714, "scanner": "repobility-supply-chain", "fingerprint": "af1693ab94194824d41d14ea455e6385730a6b92ae20edf3a3a2ff1bbade7d6b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af1693ab94194824d41d14ea455e6385730a6b92ae20edf3a3a2ff1bbade7d6b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134713, "scanner": "repobility-supply-chain", "fingerprint": "bc8cd038a44930b375e508e3de2d29bd66aa1d099ac2d87e9f42c6ce72544edb", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|bc8cd038a44930b375e508e3de2d29bd66aa1d099ac2d87e9f42c6ce72544edb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134712, "scanner": "repobility-supply-chain", "fingerprint": "d5ca43e52101deae50d20d9702cfac512711a0a18987548ed0cb006dbd350bc2", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d5ca43e52101deae50d20d9702cfac512711a0a18987548ed0cb006dbd350bc2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134711, "scanner": "repobility-supply-chain", "fingerprint": "b88666db1af33b3ab72cd4902dfbab2c80bffa12d43ff6aa04a33339fbc2297b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b88666db1af33b3ab72cd4902dfbab2c80bffa12d43ff6aa04a33339fbc2297b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134710, "scanner": "repobility-supply-chain", "fingerprint": "ec4aca61ac735a377f8a874096c6069900e46a6389d27dbdff34cb10d62c9d34", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ec4aca61ac735a377f8a874096c6069900e46a6389d27dbdff34cb10d62c9d34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134709, "scanner": "repobility-supply-chain", "fingerprint": "eaa0e9786de574924ef76222f0b33b01866cefd95580f34745ce0a208df7fe48", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eaa0e9786de574924ef76222f0b33b01866cefd95580f34745ce0a208df7fe48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134708, "scanner": "repobility-supply-chain", "fingerprint": "200256635419882d2748c15bb21a0055322e1b6db98b7bbc18cb54d04737ee5f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|200256635419882d2748c15bb21a0055322e1b6db98b7bbc18cb54d04737ee5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134707, "scanner": "repobility-supply-chain", "fingerprint": "7a42a80532ad896b375dd6420180c07f13e5b4f59e0656faa081334656830406", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7a42a80532ad896b375dd6420180c07f13e5b4f59e0656faa081334656830406"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `astral-sh/setup-uv` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134706, "scanner": "repobility-supply-chain", "fingerprint": "3fe486a056ac14ed4811765d77ee8b6624393f41af502b8cd9fbc53e0541ad00", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3fe486a056ac14ed4811765d77ee8b6624393f41af502b8cd9fbc53e0541ad00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 134705, "scanner": "repobility-supply-chain", "fingerprint": "44fa7d4918d3b1d7b2e348502ff6dd35aa1b36ad06977a5bc6f5ffa43a821457", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|44fa7d4918d3b1d7b2e348502ff6dd35aa1b36ad06977a5bc6f5ffa43a821457"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 134704, "scanner": "repobility-supply-chain", "fingerprint": "3b0fec33be5da43e4e2850c526263f24e1558c0bb18e637f7972cf88cafc23e1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b0fec33be5da43e4e2850c526263f24e1558c0bb18e637f7972cf88cafc23e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 17}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.dataset_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 134690, "scanner": "repobility-ast-engine", "fingerprint": "baebcdd93218fa2579d8cca6585f96d9814e39508d92cfd8c5f1486cb7aebfca", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|baebcdd93218fa2579d8cca6585f96d9814e39508d92cfd8c5f1486cb7aebfca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.gen_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 134689, "scanner": "repobility-ast-engine", "fingerprint": "2074b0252d60bbc6d37adda522994d6ffcbc3f8fa4d8b5bc3a4dcfda5ef4bbf4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2074b0252d60bbc6d37adda522994d6ffcbc3f8fa4d8b5bc3a4dcfda5ef4bbf4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 138}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.gen_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 134688, "scanner": "repobility-ast-engine", "fingerprint": "027b71a81dc7c280e8bd9b30943f0a9416d373cd674e6047b329a2cce79f0e59", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|027b71a81dc7c280e8bd9b30943f0a9416d373cd674e6047b329a2cce79f0e59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.gen_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 134687, "scanner": "repobility-ast-engine", "fingerprint": "5a7c4acb24d533b2ead8247be0663b80e0b952cd7432fc40e81b382297afd8a0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5a7c4acb24d533b2ead8247be0663b80e0b952cd7432fc40e81b382297afd8a0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.gen_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 134686, "scanner": "repobility-ast-engine", "fingerprint": "c42835a42ab0be25ee306515bce63dae3950ba9d3d2ed1491d01a7676e4e9158", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c42835a42ab0be25ee306515bce63dae3950ba9d3d2ed1491d01a7676e4e9158"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.gen_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 134685, "scanner": "repobility-ast-engine", "fingerprint": "15bf8492591796f340510741c411530cd71208c7470327bf4ee60ad0e9b2d7a8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|15bf8492591796f340510741c411530cd71208c7470327bf4ee60ad0e9b2d7a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.venv_dir` used but never assigned in __init__"}, "properties": {"repobilityId": 134684, "scanner": "repobility-ast-engine", "fingerprint": "c53b2387f858daee5ec78a9c94365ce1b381300dc9d35fa781e695bb509aa4b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c53b2387f858daee5ec78a9c94365ce1b381300dc9d35fa781e695bb509aa4b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/layout.py"}, "region": {"startLine": 119}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._parse_stdout_metrics` used but never assigned in __init__"}, "properties": {"repobilityId": 134683, "scanner": "repobility-ast-engine", "fingerprint": "a17fed5d95abcd8ebd2ea871fd1838af92f7c822760611b48ee4fb458957a9c9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a17fed5d95abcd8ebd2ea871fd1838af92f7c822760611b48ee4fb458957a9c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/context_manager.py"}, "region": {"startLine": 375}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._extract_insights` used but never assigned in __init__"}, "properties": {"repobilityId": 134682, "scanner": "repobility-ast-engine", "fingerprint": "e1114c157098d694fd729531755d351d1bb0694ec38d866a0de220f324e7840d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e1114c157098d694fd729531755d351d1bb0694ec38d866a0de220f324e7840d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/context_manager.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._format_generation_entry` used but never assigned in __init__"}, "properties": {"repobilityId": 134681, "scanner": "repobility-ast-engine", "fingerprint": "568be125adb0e5a50d72cfc29f719dbd44554046125ec879fc92af246e874980", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|568be125adb0e5a50d72cfc29f719dbd44554046125ec879fc92af246e874980"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/context_manager.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._generate_llm_summary` used but never assigned in __init__"}, "properties": {"repobilityId": 134680, "scanner": "repobility-ast-engine", "fingerprint": "a824fcbe68e59173c9e9126190a893e927988b91caa08b9aef221a911f2c7368", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a824fcbe68e59173c9e9126190a893e927988b91caa08b9aef221a911f2c7368"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/context_manager.py"}, "region": {"startLine": 246}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._extract_metrics` used but never assigned in __init__"}, "properties": {"repobilityId": 134679, "scanner": "repobility-ast-engine", "fingerprint": "cfeb5cab0a9eaef6b0b8fbc9a6e76ca7ddb3adb03c841784717cb48ccdb04e9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cfeb5cab0a9eaef6b0b8fbc9a6e76ca7ddb3adb03c841784717cb48ccdb04e9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/context_manager.py"}, "region": {"startLine": 238}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_agent_stats` used but never assigned in __init__"}, "properties": {"repobilityId": 134678, "scanner": "repobility-ast-engine", "fingerprint": "b00abc5461e51275b8f1374c74fc55207d8ffc3c1d7a1d52bf05e8e7294e80ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b00abc5461e51275b8f1374c74fc55207d8ffc3c1d7a1d52bf05e8e7294e80ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/context_manager.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._format_metrics_comparison` used but never assigned in __init__"}, "properties": {"repobilityId": 134677, "scanner": "repobility-ast-engine", "fingerprint": "53191dafc4e9de6d81136f9790ef5727baaf9e22dafe6170deb4c58d3cb79afd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|53191dafc4e9de6d81136f9790ef5727baaf9e22dafe6170deb4c58d3cb79afd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sia/context_manager.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_client_kind_raises"}, "properties": {"repobilityId": 134676, "scanner": "repobility-ast-engine", "fingerprint": "bc08a7b9bd9a7aedf04a0fd0af2d334b5f93aac0c7e662e922950736afd08b15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bc08a7b9bd9a7aedf04a0fd0af2d334b5f93aac0c7e662e922950736afd08b15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_providers.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_missing_path_raises"}, "properties": {"repobilityId": 134675, "scanner": "repobility-ast-engine", "fingerprint": "5103857dd082026fd2161583a18eeab907385c1d9da3ec2fbc6a8d398876b317", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5103857dd082026fd2161583a18eeab907385c1d9da3ec2fbc6a8d398876b317"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_providers.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unknown_provider_name_raises"}, "properties": {"repobilityId": 134674, "scanner": "repobility-ast-engine", "fingerprint": "09d005fa86df328d13cf0419acc00a2066da3f1825735597000796803732c8e6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09d005fa86df328d13cf0419acc00a2066da3f1825735597000796803732c8e6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_providers.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_context_md_golden"}, "properties": {"repobilityId": 134673, "scanner": "repobility-ast-engine", "fingerprint": "a8cf91d51819deff5db7ffd978b776815b8726a85c66d8d3c97e9d17fae34170", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a8cf91d51819deff5db7ffd978b776815b8726a85c66d8d3c97e9d17fae34170"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_context_golden.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_success_multi_with_results"}, "properties": {"repobilityId": 134672, "scanner": "repobility-ast-engine", "fingerprint": "74553c7a2cad3ef20f9e42813f93e8f548975a70635e4358dc52996f708ba5ce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|74553c7a2cad3ef20f9e42813f93e8f548975a70635e4358dc52996f708ba5ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_feedback_context_golden.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_failure_single_no_results"}, "properties": {"repobilityId": 134671, "scanner": "repobility-ast-engine", "fingerprint": "aeff4b0f892e05f9a494622122b1248c846dffc75f7870d833493a582c8b14c4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aeff4b0f892e05f9a494622122b1248c846dffc75f7870d833493a582c8b14c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_feedback_context_golden.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_success_single_with_results"}, "properties": {"repobilityId": 134670, "scanner": "repobility-ast-engine", "fingerprint": "98d450dd5d6bfac7427371cd4a75c9a865c261bb5a664bbba5f355a9ef35bb42", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|98d450dd5d6bfac7427371cd4a75c9a865c261bb5a664bbba5f355a9ef35bb42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_feedback_context_golden.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_claude_backend_requires_anthropic_provider"}, "properties": {"repobilityId": 134669, "scanner": "repobility-ast-engine", "fingerprint": "28224175f5dadc883c5d0e888dfb420cc8e80b1922aa1ab3bf786ad66c64d997", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28224175f5dadc883c5d0e888dfb420cc8e80b1922aa1ab3bf786ad66c64d997"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_profiles.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_backend_raises"}, "properties": {"repobilityId": 134668, "scanner": "repobility-ast-engine", "fingerprint": "9b2fc0e6b8a7c4a4bf925011f570512d1e7077921931bea70e5acd64108b1136", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9b2fc0e6b8a7c4a4bf925011f570512d1e7077921931bea70e5acd64108b1136"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_profiles.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_unknown_profile_raises"}, "properties": {"repobilityId": 134667, "scanner": "repobility-ast-engine", "fingerprint": "1c2914461f4ec736793214698eeac2f44d34cc2a10020dae7d0cf30eac0fb67d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1c2914461f4ec736793214698eeac2f44d34cc2a10020dae7d0cf30eac0fb67d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_profiles.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_feedback_prompt_golden"}, "properties": {"repobilityId": 134666, "scanner": "repobility-ast-engine", "fingerprint": "1470e9bf6a7bf0e18a7e7953d427cc66e11d5787de0c99c21b8fc6f7005cf11c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1470e9bf6a7bf0e18a7e7953d427cc66e11d5787de0c99c21b8fc6f7005cf11c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_prompts_snapshot.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_meta_prompt_openai_provider_golden"}, "properties": {"repobilityId": 134665, "scanner": "repobility-ast-engine", "fingerprint": "8db13808dad44238d35b532c516121a53fa23a015bde3560ee32ad776a43e661", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8db13808dad44238d35b532c516121a53fa23a015bde3560ee32ad776a43e661"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_prompts_snapshot.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_meta_prompt_anthropic_provider_is_byte_identical"}, "properties": {"repobilityId": 134664, "scanner": "repobility-ast-engine", "fingerprint": "58747e93e6e8e5faa4b7a33ad5aac0a3f57c1da1fd7c1f79c6475a99debb7e46", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58747e93e6e8e5faa4b7a33ad5aac0a3f57c1da1fd7c1f79c6475a99debb7e46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_prompts_snapshot.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_meta_prompt_golden"}, "properties": {"repobilityId": 134663, "scanner": "repobility-ast-engine", "fingerprint": "faeb308af64cb2526d4a022a806783d34f6fba345293164258cc28be153e5ee3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|faeb308af64cb2526d4a022a806783d34f6fba345293164258cc28be153e5ee3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_prompts_snapshot.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_get_backend_unknown_raises"}, "properties": {"repobilityId": 134662, "scanner": "repobility-ast-engine", "fingerprint": "afddaff2b413520c709cabcbba535e2413f9d6e6851dc31c629ba8b452ece832", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|afddaff2b413520c709cabcbba535e2413f9d6e6851dc31c629ba8b452ece832"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_backends.py"}, "region": {"startLine": 19}}}]}]}]}