{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT014", "name": "Codex auth.json is read or copied without visible secret-file hardening", "shortDescription": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "fullDescription": {"text": "Tools that read or switch Codex CLI auth files handle OAuth/session material. Plain file copies, account switchers, and token readers should enforce narrow permissions and avoid printing or exporting token values."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "localStorage and sessionStorage are readable by injected JavaScript. For sensitive sessions, this turns XSS into account compromise."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "AI-assisted edits often create a new sibling file instead of integrating the change into the existing module. That leaves two paths for future maintainers to understand and can hide the code that is actually wired into the app."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values. ", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility", "category": "error_handling", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "DKC015", "name": "Database service has no healthcheck", "shortDescription": {"text": "Database service has no healthcheck"}, "fullDescription": {"text": "Compose starts dependent containers in dependency order, but it does not wait for a database to be ready unless a healthcheck is defined and dependents use service_healthy."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DKC006", "name": "Compose service does not declare a runtime user", "shortDescription": {"text": "Compose service does not declare a runtime user"}, "fullDescription": {"text": "If the image does not define USER internally, this service may run as root."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.56, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC022", "name": "[SEC022] Database URL With Embedded Credential (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[SEC022] Database URL With Embedded Credential (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Remove the embedded password, require the URL from a secret store or environment variable, and rotate the database credential."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 57 more): Same pattern found in 57 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "SEC035", "name": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based o", "shortDescription": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation."}, "fullDescription": {"text": "Cap user-controlled sizes BEFORE allocation:\n  size = min(int(request.args.get('n', 100)), MAX_SIZE)\nSet framework-level limits:\n  Flask:    app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024\n  FastAPI:  use middleware to enforce request size\n  Django:   DATA_UPLOAD_MAX_MEMORY_SIZE in settings.py\nNever raise `sys.setrecursionlimit` past 10K without a deeper review."}, "properties": {"scanner": "repobility-threat-engine", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "CFG001", "name": "[CFG001] Docker Runs as Root: Container runs as root user.  in our analysis.", "shortDescription": {"text": "[CFG001] Docker Runs as Root: Container runs as root user.  in our analysis."}, "fullDescription": {"text": "Add 'USER nonroot' after installing dependencies."}, "properties": {"scanner": "repobility", "category": "docker", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility", "category": "injection", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "[SEC001] Hardcoded Password: Hardcoded password found in source code.", "shortDescription": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "fullDescription": {"text": "Use environment variables or a secrets manager."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "JRN001", "name": "Token handoff appears to use a callback URL or fragment", "shortDescription": {"text": "Token handoff appears to use a callback URL or fragment"}, "fullDescription": {"text": "A frontend flow appears to combine a caller-controlled callback/redirect parameter with a token-bearing URL or fragment. This can exfiltrate sessions when callback validation is incomplete."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "critical", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "DKC007", "name": "Compose service contains a literal secret environment value", "shortDescription": {"text": "Compose service contains a literal secret environment value"}, "fullDescription": {"text": "Literal secrets in Compose files are committed to source and exposed through container inspection."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "critical", "confidence": 0.96, "cwe": "", "owasp": ""}}, {"id": "SEC002", "name": "Possible OpenAI API key found", "shortDescription": {"text": "Possible OpenAI API key found"}, "fullDescription": {"text": ""}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC003", "name": "Possible hardcoded private key found", "shortDescription": {"text": "Possible hardcoded private key found"}, "fullDescription": {"text": ""}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC001", "name": "Possible hardcoded password found", "shortDescription": {"text": "Possible hardcoded password found"}, "fullDescription": {"text": ""}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "SEC010", "name": "Possible GitHub token found", "shortDescription": {"text": "Possible GitHub token found"}, "fullDescription": {"text": ""}, "properties": {"scanner": "repobility", "category": "credential_exposure", "severity": "critical", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/15"}, "properties": {"repository": "https://github.com/multica-ai/multica", "repoUrl": "https://github.com/multica-ai/multica", "branch": "main"}, "results": [{"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 27768, "scanner": "repobility-threat-engine", "fingerprint": "e5b6bd1fff95a28e7276ed1dab0b9f1f3488f59a49ceff940d33a377953c6e45", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e5b6bd1fff95a28e7276ed1dab0b9f1f3488f59a49ceff940d33a377953c6e45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/common/task-transcript/agent-transcript-dialog.tsx"}, "region": {"startLine": 215}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 12256, "scanner": "repobility-agent-runtime", "fingerprint": "ff79dfb1852b1bc7eafda14c5494dedae63d6787ec4a2ce1e72e85a71c3396fc", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|ff79dfb1852b1bc7eafda14c5494dedae63d6787ec4a2ce1e72e85a71c3396fc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 528}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 12255, "scanner": "repobility-agent-runtime", "fingerprint": "505cbacde991a3c50f42f2b6658d8ed8c0fbfc563a7fe089b05b25bda60a0093", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|505cbacde991a3c50f42f2b6658d8ed8c0fbfc563a7fe089b05b25bda60a0093"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 528}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 8429, "scanner": "repobility-agent-runtime", "fingerprint": "e5364aca8fee70311b3a63f80bceb026fa19f12c9bb6c4632030bc792152dc11", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|e5364aca8fee70311b3a63f80bceb026fa19f12c9bb6c4632030bc792152dc11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 502}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 8428, "scanner": "repobility-agent-runtime", "fingerprint": "a583fb7d075d81c362ccf0d799e09d090c346d9bdce16d2f72d299c1a75a29a5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|a583fb7d075d81c362ccf0d799e09d090c346d9bdce16d2f72d299c1a75a29a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 502}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 8427, "scanner": "repobility-agent-runtime", "fingerprint": "7399e124bb22a7f6391c45fd0424e903b5fb8e1769a3c692bc236c90c5954839", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7399e124bb22a7f6391c45fd0424e903b5fb8e1769a3c692bc236c90c5954839"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.zh-CN.md"}, "region": {"startLine": 79}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 5723, "scanner": "repobility-agent-runtime", "fingerprint": "f6023e446246754c014a9f4e0d68ee1c2fd0f019e95acdbcb138f11f6e20e975", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|f6023e446246754c014a9f4e0d68ee1c2fd0f019e95acdbcb138f11f6e20e975"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 478}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 5722, "scanner": "repobility-agent-runtime", "fingerprint": "b94c8d9bd90f6ad4d0b73f6f78a6dbee02959b44f100235951387c3016c4d364", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b94c8d9bd90f6ad4d0b73f6f78a6dbee02959b44f100235951387c3016c4d364"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 478}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 5721, "scanner": "repobility-ai-code-hygiene", "fingerprint": "90c0d14d7bad69520cd133af8fa3372e61cdde67a66ab48c7e2cf9c002163a5b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/issues/actions/issue-actions-context-menu.tsx", "duplicate_line": 45, "correlation_key": "fp|90c0d14d7bad69520cd133af8fa3372e61cdde67a66ab48c7e2cf9c002163a5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/actions/issue-actions-dropdown.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4942, "scanner": "repobility-agent-runtime", "fingerprint": "5030c00648d7a3781d54bc5c0c7632edf75a64932327923a2869a4395746c896", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5030c00648d7a3781d54bc5c0c7632edf75a64932327923a2869a4395746c896"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 454}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4941, "scanner": "repobility-agent-runtime", "fingerprint": "cd570a88808502fdf9da92aefd1039e242be21dd0d38b51fc9435be9a78fa1e0", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|cd570a88808502fdf9da92aefd1039e242be21dd0d38b51fc9435be9a78fa1e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 454}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4784, "scanner": "repobility-agent-runtime", "fingerprint": "6de8c4c7c0ab14096d5fc80bcc2f0679fedf812a3186b81ee29fb0e405697599", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|6de8c4c7c0ab14096d5fc80bcc2f0679fedf812a3186b81ee29fb0e405697599"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 428}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4783, "scanner": "repobility-agent-runtime", "fingerprint": "568f10ed2aeef9ba39bcc15ac923aa7133d824a2d71af65e808dbba48b9fbfcb", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|568f10ed2aeef9ba39bcc15ac923aa7133d824a2d71af65e808dbba48b9fbfcb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 428}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4690, "scanner": "repobility-agent-runtime", "fingerprint": "c7ec1693526c9730bc2c68c93dff2dadb1b044f2be1a07f0e1c941d8e8f499b5", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|c7ec1693526c9730bc2c68c93dff2dadb1b044f2be1a07f0e1c941d8e8f499b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 394}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4689, "scanner": "repobility-agent-runtime", "fingerprint": "9952c770cba288a921df960e6c0210b63b2d062b054fcad8489c552dc2e5748e", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9952c770cba288a921df960e6c0210b63b2d062b054fcad8489c552dc2e5748e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 394}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 4622, "scanner": "repobility-threat-engine", "fingerprint": "60a9a5b8139500b40da7a8bcc5628fd97411f1ae1fa0968c490c24b22d2b478e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|60a9a5b8139500b40da7a8bcc5628fd97411f1ae1fa0968c490c24b22d2b478e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/invitations/invitations-page.tsx"}, "region": {"startLine": 130}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4621, "scanner": "repobility-agent-runtime", "fingerprint": "ec18eb9d86543e4580e94ebfb5de9e0c948bba83fb77c821e5fa1c97661670f0", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|ec18eb9d86543e4580e94ebfb5de9e0c948bba83fb77c821e5fa1c97661670f0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 393}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4620, "scanner": "repobility-agent-runtime", "fingerprint": "e9a514af45d33262daa5275266468307cf14770e0465360de79eb7241dc6e300", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|e9a514af45d33262daa5275266468307cf14770e0465360de79eb7241dc6e300"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 393}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 4308, "scanner": "repobility-journey-contract", "fingerprint": "d6167f8cd88802da753ef04560c1f98e87796ecdcc65f7586b9cb52d5f00867b", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|252|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 252}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 4307, "scanner": "repobility-journey-contract", "fingerprint": "3d5a82cb438ac067c18b6f70815774adba218a5c1031b1f7568e6ea3a29d6710", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|201|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 201}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 4306, "scanner": "repobility-journey-contract", "fingerprint": "3d941f460647cffc46118672b0e68abbca5281f1a3abae1a36752101d8e92881", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|140|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 140}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 4305, "scanner": "repobility-journey-contract", "fingerprint": "257bda12d074159adff88450d8d676dfba9fdae85b4f5a5e406be193ffdf6467", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|24|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/components/web-providers.tsx"}, "region": {"startLine": 24}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 4304, "scanner": "repobility-journey-contract", "fingerprint": "a78168d2a3ecd3d8adbd31d2321c4bcefae6419b4c052733d0c3c83c8468e9ae", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|84|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/renderer/src/App.tsx"}, "region": {"startLine": 84}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 4298, "scanner": "repobility-threat-engine", "fingerprint": "100272a038d4b22a9f6d20d7aed561def4d6957698ecd20905c13f91463d8f44", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|100272a038d4b22a9f6d20d7aed561def4d6957698ecd20905c13f91463d8f44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/invitations/invitations-page.tsx"}, "region": {"startLine": 126}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4297, "scanner": "repobility-agent-runtime", "fingerprint": "04f5a2b7189345388c3cdb08c27ca556c01dff52258b3e03d2dab069eb551bc7", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|04f5a2b7189345388c3cdb08c27ca556c01dff52258b3e03d2dab069eb551bc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 356}}}]}, {"ruleId": "AGT014", "level": "warning", "message": {"text": "Codex auth.json is read or copied without visible secret-file hardening"}, "properties": {"repobilityId": 4296, "scanner": "repobility-agent-runtime", "fingerprint": "2848b077f0db57407df60c5047369d26ce7a291450f669806252efe037bd0870", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File references Codex auth.json or CODEX_HOME with read/copy/write behavior and no visible permission or secure-storage guard.", "evidence": {"rule_id": "AGT014", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|2848b077f0db57407df60c5047369d26ce7a291450f669806252efe037bd0870"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/en.ts"}, "region": {"startLine": 356}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 4295, "scanner": "repobility-agent-runtime", "fingerprint": "5432eea4b82bc1b9736120f419238fce11d5b8a7c76cc28da3fbff3e0de15eaa", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|5432eea4b82bc1b9736120f419238fce11d5b8a7c76cc28da3fbff3e0de15eaa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/renderer/src/platform/i18n-adapter.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4294, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f4aa176c4e32b4ddf637f76936ff45a2bd1db82810163c7c2a75e42439d1a2ce", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/issues/components/pickers/priority-picker.tsx", "duplicate_line": 18, "correlation_key": "fp|f4aa176c4e32b4ddf637f76936ff45a2bd1db82810163c7c2a75e42439d1a2ce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/components/pickers/status-picker.tsx"}, "region": {"startLine": 18}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 4067, "scanner": "repobility-agent-runtime", "fingerprint": "1a9bf6ea33cafbc5e9c48e8f376623c4652a76883e1c9edb919a91aa9003accd", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1a9bf6ea33cafbc5e9c48e8f376623c4652a76883e1c9edb919a91aa9003accd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 656}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 4021, "scanner": "repobility-threat-engine", "fingerprint": "cb61b17831ac426ee639100dad55b9ec42448930acc8390e028e55444ed1f767", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cb61b17831ac426ee639100dad55b9ec42448930acc8390e028e55444ed1f767"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/invitations/invitations-page.tsx"}, "region": {"startLine": 124}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 4020, "scanner": "repobility-agent-runtime", "fingerprint": "1d022febeddea0d080b63d1452c95c0579c60925fe363ec7b351b335317d7591", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1d022febeddea0d080b63d1452c95c0579c60925fe363ec7b351b335317d7591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 627}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 4019, "scanner": "repobility-agent-runtime", "fingerprint": "91cf2463b7dbb5b590ece30cf29a454400a9a08b9973a779efffec0a09103683", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|91cf2463b7dbb5b590ece30cf29a454400a9a08b9973a779efffec0a09103683"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.zh-CN.md"}, "region": {"startLine": 76}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4018, "scanner": "repobility-ai-code-hygiene", "fingerprint": "67da14adbb76aabc479709e63628c697cbba93dc12166857363ede37b05a2731", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/invitations/invitations-page.tsx", "duplicate_line": 207, "correlation_key": "fp|67da14adbb76aabc479709e63628c697cbba93dc12166857363ede37b05a2731"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/invite/invite-page.tsx"}, "region": {"startLine": 216}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 3781, "scanner": "repobility-agent-runtime", "fingerprint": "76b3a2a6c93da6f42bbf808c3979b7fdbaca51362b7623a21ec479e8a1e4934b", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|76b3a2a6c93da6f42bbf808c3979b7fdbaca51362b7623a21ec479e8a1e4934b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/onboarding/steps/cli-install-instructions.tsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 3780, "scanner": "repobility-agent-runtime", "fingerprint": "1372e80e821a231bd516656df0256aee385a35fb3c19db1c5ad78c0882a39e65", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|1372e80e821a231bd516656df0256aee385a35fb3c19db1c5ad78c0882a39e65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/i18n/zh.ts"}, "region": {"startLine": 604}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 3779, "scanner": "repobility-agent-runtime", "fingerprint": "41fa9d51e534ee19a37b73d66a9471b0434a3388174ab318737ac70e7ee3e681", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|41fa9d51e534ee19a37b73d66a9471b0434a3388174ab318737ac70e7ee3e681"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/features/landing/components/download/cli-section.tsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 3778, "scanner": "repobility-agent-runtime", "fingerprint": "06161d091240f6f4ccba5e86ec78d18cf0571a5c3e87cc87e5afc16918cfbbee", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|06161d091240f6f4ccba5e86ec78d18cf0571a5c3e87cc87e5afc16918cfbbee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/docs/content/docs/cloud-quickstart.zh.mdx"}, "region": {"startLine": 29}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 3777, "scanner": "repobility-agent-runtime", "fingerprint": "a844c80f8d2d175cf7680a5fac7d8bfa42e176cfb0f69b03c7d3ee353a867f09", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|a844c80f8d2d175cf7680a5fac7d8bfa42e176cfb0f69b03c7d3ee353a867f09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "SELF_HOSTING_AI.md"}, "region": {"startLine": 15}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 3776, "scanner": "repobility-agent-runtime", "fingerprint": "b20b885066a64db2af92186c5506d3b5df805142b8f5ad4159403721bd5c61de", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b20b885066a64db2af92186c5506d3b5df805142b8f5ad4159403721bd5c61de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "README.zh-CN.md"}, "region": {"startLine": 64}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2397, "scanner": "repobility-journey-contract", "fingerprint": "24a4a508b8aa2feefe3a9a961869c80099966434792f8b5e28eb0e8af10a9556", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|248|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 248}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2396, "scanner": "repobility-journey-contract", "fingerprint": "7131b55b627587ba46ad307d9b557165f5368eedfe92aeeb272cae08ace49fa8", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|199|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 199}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2395, "scanner": "repobility-journey-contract", "fingerprint": "84fdbad153474facc602a435bc50ea89e5ffd567fa1b0c10c9956290576db033", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|138|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 138}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2394, "scanner": "repobility-journey-contract", "fingerprint": "a8f358b136842a352305cfdb30d594db318e3a0cf03b0f7fbabeea32214db55e", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|443|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.test.tsx"}, "region": {"startLine": 443}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2393, "scanner": "repobility-journey-contract", "fingerprint": "06b6833a7c36afab7814c716c3365b25014011aed6841a4b2232962af4485835", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|408|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.test.tsx"}, "region": {"startLine": 408}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2392, "scanner": "repobility-journey-contract", "fingerprint": "8233dbc19154e48a2de3016d17d3e74f1f84ddf30920f328ce14ce24d0649409", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|376|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.test.tsx"}, "region": {"startLine": 376}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2391, "scanner": "repobility-journey-contract", "fingerprint": "e83ffbcc7646f496fec0f3a40d4c83b2838d42906c2d5a30c39f8c0c2b0edc3e", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|e2e/helpers.ts|26|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "e2e/helpers.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2390, "scanner": "repobility-journey-contract", "fingerprint": "0ee29a2498009fa2098ec8023334d218f54685bf3a76956dbd3a6baac12574ce", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|22|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/components/web-providers.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 2389, "scanner": "repobility-journey-contract", "fingerprint": "01d10bd2b247fbecf05a30f5275e572e10b628420228472f1724a58e4f080206", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|76|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/renderer/src/App.tsx"}, "region": {"startLine": 76}}}]}, {"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 2376, "scanner": "repobility-docker", "fingerprint": "1eb8ef6687fec125996c180855da62d34d9a8989980a20ae833ad2ba0a804163", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "alpine:3.21", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|1eb8ef6687fec125996c180855da62d34d9a8989980a20ae833ad2ba0a804163"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 23}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 2375, "scanner": "repobility-threat-engine", "fingerprint": "1ded49a0851d4d4855b6d68e28bf6f7a97f22f6fca069744dece1a9788db62d7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1ded49a0851d4d4855b6d68e28bf6f7a97f22f6fca069744dece1a9788db62d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/common/task-transcript/agent-transcript-dialog.tsx"}, "region": {"startLine": 213}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2374, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3240f9a8cd05ac00d93038f2764423b0a83bea976c43abe6939b5212612bdb18", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/issues/components/issues-header.tsx", "duplicate_line": 20, "correlation_key": "fp|3240f9a8cd05ac00d93038f2764423b0a83bea976c43abe6939b5212612bdb18"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/my-issues/components/my-issues-header.tsx"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2373, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78ee91043c15e44f3648e5f2d094165f1302b31b4611397cd39c18ee77818b99", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/autopilots/components/autopilot-detail-page.tsx", "duplicate_line": 148, "correlation_key": "fp|78ee91043c15e44f3648e5f2d094165f1302b31b4611397cd39c18ee77818b99"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/modals/delete-issue-confirm.tsx"}, "region": {"startLine": 48}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2372, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a77fe7889c445cd2b524d21f17beaf414cf55d8e9cae5ea151cb2c195eb76a8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/autopilots/components/autopilot-dialog.tsx", "duplicate_line": 368, "correlation_key": "fp|6a77fe7889c445cd2b524d21f17beaf414cf55d8e9cae5ea151cb2c195eb76a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/modals/create-project.tsx"}, "region": {"startLine": 129}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2371, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4164480d4dcf6cac45bb532b7c1ce564185ab601539b0fa5d4d22318a8da726", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/modals/create-issue.tsx", "duplicate_line": 229, "correlation_key": "fp|c4164480d4dcf6cac45bb532b7c1ce564185ab601539b0fa5d4d22318a8da726"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/modals/create-project.tsx"}, "region": {"startLine": 122}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2370, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9396f105dd4ec1503ab20c023d74e1918b0e278eb2525b26003fa587f49fd805", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/autopilots/components/autopilot-dialog.tsx", "duplicate_line": 368, "correlation_key": "fp|9396f105dd4ec1503ab20c023d74e1918b0e278eb2525b26003fa587f49fd805"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/modals/create-issue.tsx"}, "region": {"startLine": 236}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2369, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7dae05810dd4cecef683bdfabe9c051aa75b776cc5d9a2f4c9b54bd28365e83b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/issues/components/comment-input.tsx", "duplicate_line": 20, "correlation_key": "fp|7dae05810dd4cecef683bdfabe9c051aa75b776cc5d9a2f4c9b54bd28365e83b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/components/reply-input.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2368, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eec6fcef3907669aaf0e91e200afe84290867c93f1a844e0e34b11ffab00a907", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/chat/components/chat-message-list.tsx", "duplicate_line": 227, "correlation_key": "fp|eec6fcef3907669aaf0e91e200afe84290867c93f1a844e0e34b11ffab00a907"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/components/agent-live-card.tsx"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2367, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d636eb1c1b9e561db34c38a549a6daeeaf2c3662119422946ba02293a6f9e1b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/autopilots/components/autopilot-dialog.tsx", "duplicate_line": 98, "correlation_key": "fp|1d636eb1c1b9e561db34c38a549a6daeeaf2c3662119422946ba02293a6f9e1b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/autopilots/components/trigger-config.tsx"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2366, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bdb3f3b23c36ee8df0801ec02a2e98917f942f0a150ae2a32ae80b763c624216", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/agents/components/tabs/custom-args-tab.tsx", "duplicate_line": 108, "correlation_key": "fp|bdb3f3b23c36ee8df0801ec02a2e98917f942f0a150ae2a32ae80b763c624216"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/agents/components/tabs/env-tab.tsx"}, "region": {"startLine": 207}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2365, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a1ed8bedc16d0965de113bc396cc8881e2f18f1e00f79d9a497f489f6823715", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/docs/app/[lang]/layout.tsx", "duplicate_line": 13, "correlation_key": "fp|0a1ed8bedc16d0965de113bc396cc8881e2f18f1e00f79d9a497f489f6823715"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/layout.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 2363, "scanner": "repobility-ai-code-hygiene", "fingerprint": "96dd187b59eedc6af90baab50c50ae937f435c664f8cf86a4e0b2bcf1c843f49", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "update", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "server/internal/handler/runtime.go", "correlation_key": "fp|96dd187b59eedc6af90baab50c50ae937f435c664f8cf86a4e0b2bcf1c843f49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/runtime_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 2200, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 2070, "scanner": "repobility-threat-engine", "fingerprint": "70a759112fbfab6f7a066d60dc9a9415c445176783f6377df7feecad6c393124", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|70a759112fbfab6f7a066d60dc9a9415c445176783f6377df7feecad6c393124"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/components/agent-transcript-dialog.tsx"}, "region": {"startLine": 223}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 2069, "scanner": "repobility-threat-engine", "fingerprint": "b5c6431f496eb9d898be5a9dc12aedd0bd7d75c4d2df046d089acfa92bc643d7", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b5c6431f496eb9d898be5a9dc12aedd0bd7d75c4d2df046d089acfa92bc643d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/auth/store.ts"}, "region": {"startLine": 119}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 2068, "scanner": "repobility-threat-engine", "fingerprint": "3aab2227d58d3e192bf0944f8431cbcd7d3e31153eb9b503baa24526ba76ef55", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3aab2227d58d3e192bf0944f8431cbcd7d3e31153eb9b503baa24526ba76ef55"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/main/daemon-manager.ts"}, "region": {"startLine": 201}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 786, "scanner": "repobility", "fingerprint": "b405366a6390b5c44357fa418bbb53df56db3d3d7b990ef4928e4d8ed159ab93", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/pkg/agent/opencode.go"}, "region": {"startLine": 271}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 785, "scanner": "repobility", "fingerprint": "e136c4c3df7892b7619ffc1736193e0383861a2dafb236b6d14e32a2e6e916c0", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/pkg/agent/codex_test.go"}, "region": {"startLine": 73}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 784, "scanner": "repobility", "fingerprint": "7935f1f92b28b9ec83c52b4d774966594a3b6729e1dd591dd5ed2bdb8508de54", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/pkg/agent/openclaw_test.go"}, "region": {"startLine": 44}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 783, "scanner": "repobility", "fingerprint": "3201ee66d8cda0843ea74d8820720929b931b734f33234f34bbc434d67c8c091", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/pkg/agent/claude.go"}, "region": {"startLine": 396}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 782, "scanner": "repobility", "fingerprint": "28fad39fff0ab4ae9ec960627d3645446f7df6066cfdb0ea14f48782149b5e13", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/pkg/agent/codex.go"}, "region": {"startLine": 339}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 781, "scanner": "repobility", "fingerprint": "72062b8f79963272b44cae8dc1a53f906f8985f3381621169b7920658a6092ac", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/pkg/agent/version.go"}, "region": {"startLine": 31}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 780, "scanner": "repobility", "fingerprint": "a64959065a32129ec4f12f0e68cb48add20b264c487a43e355ed788079b0c834", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/pkg/agent/agent_test.go"}, "region": {"startLine": 40}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 779, "scanner": "repobility", "fingerprint": "0c16286ee8f5f9e4b942c462a06e08328b8d7119fbaee713910f05b5df2f2b56", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_version.go"}, "region": {"startLine": 23}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 778, "scanner": "repobility", "fingerprint": "ab68b42814cc0d9da47763e62073a54d493e331eb9a10cccfaed87032009a21c", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_attachment.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 777, "scanner": "repobility", "fingerprint": "41b755ca558854097e6b3a056d3afc57fa6db007b66397e9cb4e4148a235d96d", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_skill.go"}, "region": {"startLine": 156}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 776, "scanner": "repobility", "fingerprint": "9b2fe072019d6387f71f8741fbb7f0d9fad3c750401a084ef167312b6466fb30", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_setup.go"}, "region": {"startLine": 32}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 775, "scanner": "repobility", "fingerprint": "3ba3937f803d31bd2ea077cb488d92f85f9346162155ce094fe57dafc7888ce5", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_config.go"}, "region": {"startLine": 55}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 774, "scanner": "repobility", "fingerprint": "b016824342b87733ed662df9d5bd6c3c7adb019210142944c21f9ae97eb81209", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_repo.go"}, "region": {"startLine": 74}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 773, "scanner": "repobility", "fingerprint": "fa4786e4e0331dd274367b67f0ffedb2955fa280566f8c6deb70da438d5d60fb", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_workspace.go"}, "region": {"startLine": 92}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 772, "scanner": "repobility", "fingerprint": "18a277eb1038e18da4c2f656c0a72520399ec6e0ebf35110024c601d6dad0a47", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_agent.go"}, "region": {"startLine": 151}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 771, "scanner": "repobility", "fingerprint": "9bc121e885ecebd06952d9b33555c1dc8b267b053dd48a70b1679a46476050c1", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_auth.go"}, "region": {"startLine": 60}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 770, "scanner": "repobility", "fingerprint": "b118d1234e79aa492f894093f982e908db925ca19387eedea6bb2c31a71e8b50", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_project.go"}, "region": {"startLine": 120}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 769, "scanner": "repobility", "fingerprint": "068648862e116daf51d8e5a134fadede7596bafdf0fb2460935d8a6711fcbd08", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_daemon.go"}, "region": {"startLine": 112}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 768, "scanner": "repobility", "fingerprint": "37360f0cf8fdc647d5a4044af6d4f50c7a98ccb7a84664b0d861c380fc3bcdca", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_issue.go"}, "region": {"startLine": 220}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 767, "scanner": "repobility", "fingerprint": "1fc6a210a1ae1580cac849555c68ae4252cf39cef512c8b64a97176e2e864e18", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_runtime.go"}, "region": {"startLine": 98}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 766, "scanner": "repobility", "fingerprint": "867397b9060aad28e49836622c20a3707c7332305f6fc6924878c27261d025b4", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/activity_listeners.go"}, "region": {"startLine": 61}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 765, "scanner": "repobility", "fingerprint": "2f558473b992e0dd28c150fb90feaae0ad98f5b3cf3e091697c0bcfb00a1dbb3", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/comment_trigger_integration_test.go"}, "region": {"startLine": 19}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 764, "scanner": "repobility", "fingerprint": "01c5685e2b246a7ed47d6b4c02c441ae8250216a18f8d34d17f233926bb5beaa", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/listeners.go"}, "region": {"startLine": 50}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 763, "scanner": "repobility", "fingerprint": "34280ad88128f10e6224cd68d3401b3ca3db7844488facb93af455aabd742860", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/subscriber_listeners.go"}, "region": {"startLine": 57}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 762, "scanner": "repobility", "fingerprint": "201562ad02be16df1fd7ba901fe0c290c43e36344276dc714af6c559771ebe65", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/runtime_sweeper_test.go"}, "region": {"startLine": 137}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 761, "scanner": "repobility", "fingerprint": "5002f23bbc1e8cee21ca9b3614cb66712b501573a49e813d96c8b72ad55a4a8c", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/notification_listeners.go"}, "region": {"startLine": 384}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 760, "scanner": "repobility", "fingerprint": "6bf17cc25a967e6e7fef277d6c0406e8975a90a2d69c6633ee11f30ecc396468", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/integration_test.go"}, "region": {"startLine": 167}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 759, "scanner": "repobility", "fingerprint": "9c7420cb255e384bdd0f794f9e529ad0579acb5c2c0c3bc04e636f87c6844fd3", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/usage/claude.go"}, "region": {"startLine": 30}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 758, "scanner": "repobility", "fingerprint": "3de176dd1eee648657e7342e8cff9545f2c873e7ee48272e8264d9229f422402", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/execenv/execenv_test.go"}, "region": {"startLine": 596}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 757, "scanner": "repobility", "fingerprint": "8e2ef274d54600ddd91bc241c66c3b1bc75f2b9f267787b56a2a7dcc6d1fecb0", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/execenv/git.go"}, "region": {"startLine": 133}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 756, "scanner": "repobility", "fingerprint": "164a14164a185e012db13416e4b4dbcb9d2e106177823665de8d099112580b0a", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/repocache/cache.go"}, "region": {"startLine": 54}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 755, "scanner": "repobility", "fingerprint": "2fcc5201db8a7483c6256dbbf9da897a9e7690d4222a6fc5c68c1bf10eb5d083", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/repocache/cache_test.go"}, "region": {"startLine": 419}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 754, "scanner": "repobility", "fingerprint": "4e981756bfa215798ac12653c86037bc0c6d635dbd0734c5f6c5b7384810cb76", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/auth/cloudfront.go"}, "region": {"startLine": 120}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 752, "scanner": "repobility", "fingerprint": "8ba8f6605adb65af728d470d635250be93ad58de0a9bc898255b1a21be2ee4d9", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/middleware/workspace.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 751, "scanner": "repobility", "fingerprint": "f2096dfc1a874511084e4a777855897466682cb6bd8641cbb7b18e1e24b710de", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/middleware/auth_test.go"}, "region": {"startLine": 15}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 750, "scanner": "repobility", "fingerprint": "8e61491bbeaa10d534363927f7e330d570d275244e72a16117776009cb7c43e2", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/middleware/daemon_auth.go"}, "region": {"startLine": 24}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 749, "scanner": "repobility", "fingerprint": "362e1c15b201cb3c37f6ed299cea9dc312f74027d5288a55ff51486c65441619", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/cli/client.go"}, "region": {"startLine": 71}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 748, "scanner": "repobility", "fingerprint": "4a75867474970847585a2bc7ab08d025edf787a47fba794f4f0b450334abc8f9", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/cli/flags.go"}, "region": {"startLine": 14}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 747, "scanner": "repobility", "fingerprint": "e9209619bac0e8b2368870f6659205957ee98c8235554b638dd7ec254d9af427", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/daemon.go"}, "region": {"startLine": 200}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 746, "scanner": "repobility", "fingerprint": "60247704262adb0caf910328d62f3d0f8dacbe6858b15ef35ff23715b522ed90", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/workspace.go"}, "region": {"startLine": 235}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 745, "scanner": "repobility", "fingerprint": "85efce8a5e90a90d1be203d60a3f1cd66eedfa05189312a1a0b648a3de98bd3f", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/activity.go"}, "region": {"startLine": 148}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 744, "scanner": "repobility", "fingerprint": "ac7391499a98848e08e0ee9ab038b2d71ee6c1c40b9548b24bff2eda89706762", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/auth.go"}, "region": {"startLine": 415}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 743, "scanner": "repobility", "fingerprint": "3a849a7343f54e04b0593275cd31bb759bd1dd915005c7dd2db51f1350bae9a8", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/search_test.go"}, "region": {"startLine": 80}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 742, "scanner": "repobility", "fingerprint": "fdb8852587a006a274531c1b50671b303256d132b4b7fe691ceb32a68bc7459e", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/issue.go"}, "region": {"startLine": 1182}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 741, "scanner": "repobility", "fingerprint": "e35ced879916f70b2795195ff0e7439b0d9e95d3a43f062cdedcb8c08e3def8b", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/comment.go"}, "region": {"startLine": 523}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 740, "scanner": "repobility", "fingerprint": "baa9e56cd8a0ab08b8b685d288f7fcbe0705716c1d9ebaf603b16f055ac9a6a9", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/skill.go"}, "region": {"startLine": 212}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 739, "scanner": "repobility", "fingerprint": "4bc764f98b96c19d95b1f502b5139c8d29d4954283345999ea0e3ee3207a6614", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/agent.go"}, "region": {"startLine": 246}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 738, "scanner": "repobility", "fingerprint": "954fc99b56842ec3ca5643fae23bef3da1cae00c47e8e37dcb1380c328afaf17", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/client.go"}, "region": {"startLine": 247}}}]}, {"ruleId": "ERR003", "level": "warning", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values. "}, "properties": {"repobilityId": 737, "scanner": "repobility", "fingerprint": "0c2ab789e2760119b1902dfb4ea0bbd5041a65c5308f40e3a06ef66beafd9589", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/service/task.go"}, "region": {"startLine": 277}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 27777, "scanner": "repobility-threat-engine", "fingerprint": "d8e0902cecc38fa4b3c85ee579f74d411a1ec00fe03310e9b9e04cabedc5c294", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = json.NewEncoder(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d8e0902cecc38fa4b3c85ee579f74d411a1ec00fe03310e9b9e04cabedc5c294"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/health.go"}, "region": {"startLine": 160}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 27776, "scanner": "repobility-threat-engine", "fingerprint": "06349bda7da966ebb0a4f37f590f8a9f816c6ea5e23b0a80506408d4d7bff816", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = p.Kill(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|06349bda7da966ebb0a4f37f590f8a9f816c6ea5e23b0a80506408d4d7bff816"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_daemon.go"}, "region": {"startLine": 446}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 27775, "scanner": "repobility-threat-engine", "fingerprint": "e611efc519a3763d89d989776758301eec8efb1643b7f22676d7a7693895a825", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = cmd.Flags(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e611efc519a3763d89d989776758301eec8efb1643b7f22676d7a7693895a825"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_agent.go"}, "region": {"startLine": 886}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 12254, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d32c04769bf4309852f0c70c465cca0ec3553f50837aacebe5915c4d8ffa5b76", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|d32c04769bf4309852f0c70c465cca0ec3553f50837aacebe5915c4d8ffa5b76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/auto_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 8426, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d85fa7b24568bf5a8e2c629c45e0cd570a76aa343ea4d0a4bebcb7d9d362e2a1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/agents/components/agent-live-peek-card.tsx", "duplicate_line": 31, "correlation_key": "fp|d85fa7b24568bf5a8e2c629c45e0cd570a76aa343ea4d0a4bebcb7d9d362e2a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/agents/components/agent-profile-card.tsx"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4293, "scanner": "repobility-ai-code-hygiene", "fingerprint": "44d282b75f1be73f3e9aefdd46e2bff6dbc358109a12bf01137761bf51da4e4b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/autopilots/components/autopilot-dialog.tsx", "duplicate_line": 99, "correlation_key": "fp|44d282b75f1be73f3e9aefdd46e2bff6dbc358109a12bf01137761bf51da4e4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/autopilots/components/trigger-config.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4292, "scanner": "repobility-ai-code-hygiene", "fingerprint": "72bd7d3e2b9308b508ae965cc73aac3a8bd25d2783db10b08e23b05081c446e7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/agents/components/tabs/custom-args-tab.tsx", "duplicate_line": 108, "correlation_key": "fp|72bd7d3e2b9308b508ae965cc73aac3a8bd25d2783db10b08e23b05081c446e7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/agents/components/tabs/env-tab.tsx"}, "region": {"startLine": 208}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 4291, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3b159894e2b89bc54b4386d6df903adfbe6217257e8ac74525ed3a203539dc45", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/views/agents/components/inspector/model-picker.tsx", "duplicate_line": 25, "correlation_key": "fp|3b159894e2b89bc54b4386d6df903adfbe6217257e8ac74525ed3a203539dc45"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/agents/components/model-dropdown.tsx"}, "region": {"startLine": 27}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 3775, "scanner": "repobility-ai-code-hygiene", "fingerprint": "45e2c8887d29f6ff2ceb953c54fad1c42b2799bb0228ee6c6832c40180f95dda", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "copy", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|45e2c8887d29f6ff2ceb953c54fad1c42b2799bb0228ee6c6832c40180f95dda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/editor/extensions/markdown-copy.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "DKC015", "level": "note", "message": {"text": "Database service has no healthcheck"}, "properties": {"repobilityId": 2380, "scanner": "repobility-docker", "fingerprint": "db29ca22f5acbb916c8adc7b9c9cf5dd05fb820ccc98a1fd4d6b1943bdce631a", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Database-like service has no Compose healthcheck.", "evidence": {"rule_id": "DKC015", "scanner": "repobility-docker", "service": "postgres", "references": ["https://docs.docker.com/compose/how-tos/startup-order/"], "correlation_key": "fp|db29ca22f5acbb916c8adc7b9c9cf5dd05fb820ccc98a1fd4d6b1943bdce631a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKC006", "level": "note", "message": {"text": "Compose service does not declare a runtime user"}, "properties": {"repobilityId": 2378, "scanner": "repobility-docker", "fingerprint": "8263cfa034b9f9a32bd39a97fad0788930dd8d614b1a754a3731c75521887656", "category": "docker", "severity": "low", "confidence": 0.56, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Service has no user setting and Repobility could not prove the image runs non-root.", "evidence": {"rule_id": "DKC006", "scanner": "repobility-docker", "service": "postgres", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html"], "correlation_key": "fp|8263cfa034b9f9a32bd39a97fad0788930dd8d614b1a754a3731c75521887656"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 2377, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": ["id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 2364, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1b2d91369f7b6349bc907b1187a1621a6f90f363528905027b39ac85963a3a91", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/desktop/src/renderer/src/components/daemon-panel.tsx", "duplicate_line": 349, "correlation_key": "fp|1b2d91369f7b6349bc907b1187a1621a6f90f363528905027b39ac85963a3a91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/renderer/src/components/daemon-runtime-card.tsx"}, "region": {"startLine": 129}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 2362, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c6679bf7375da07a7c6ac5585b44e32a38da56996f81a63b86eead13ac90a635", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|c6679bf7375da07a7c6ac5585b44e32a38da56996f81a63b86eead13ac90a635"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_update.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 27779, "scanner": "repobility-threat-engine", "fingerprint": "405f99ccf227799a8f3f068cd1c1b8cf33b1121cfcc6b71d118b1495977de3c3", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "Print(\"Enter your personal access token: \"<redacted>", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|33|print enter your personal access token: redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_auth.go"}, "region": {"startLine": 339}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 29 more): Same pattern found in 29 additional files. Review if needed."}, "properties": {"repobilityId": 27778, "scanner": "repobility-threat-engine", "fingerprint": "6cb54a6ac3424c804429f4ede903f344df26e0db6167077556b30835ec236c09", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 29 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|6cb54a6ac3424c804429f4ede903f344df26e0db6167077556b30835ec236c09"}}}, {"ruleId": "SEC022", "level": "none", "message": {"text": "[SEC022] Database URL With Embedded Credential (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 27774, "scanner": "repobility-threat-engine", "fingerprint": "ec9b3a827cd4f689de9428c0dcc547014bed588aa82416f76a37f2d7d6f0c83f", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|ec9b3a827cd4f689de9428c0dcc547014bed588aa82416f76a37f2d7d6f0c83f"}}}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 57 more): Same pattern found in 57 additional files. Review if needed."}, "properties": {"repobilityId": 27767, "scanner": "repobility-threat-engine", "fingerprint": "5ba15338ccde81be2d7cb5ba4a85d8abc6650a2f590ff88c6e19a03619e5012c", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 57 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 57 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5ba15338ccde81be2d7cb5ba4a85d8abc6650a2f590ff88c6e19a03619e5012c"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 5724, "scanner": "repobility-threat-engine", "fingerprint": "aa6e55ce9e7365887f39e2e61dcf8285bc01dfd3fe0033ea8ccac42d7235f892", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|659|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/ui/components/ui/sidebar.tsx"}, "region": {"startLine": 659}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 4022, "scanner": "repobility-threat-engine", "fingerprint": "e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|e7174d71aa23c14419f9144792a6ba116afcec3004f64b82de4dbf54fc9e1921"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 2071, "scanner": "repobility-threat-engine", "fingerprint": "202e518980b3a4d303d56c00e3211abe82020720db0943fc7f9e9d0ed1ec3677", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|655|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/ui/components/ui/sidebar.tsx"}, "region": {"startLine": 655}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 27782, "scanner": "repobility-threat-engine", "fingerprint": "42ed2c4472a8be513c50e4649d956120050aa8a10b662b0a6290371bcaad6d5a", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Bytes(input.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|42ed2c4472a8be513c50e4649d956120050aa8a10b662b0a6290371bcaad6d5a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/skill_create.go"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC035", "level": "error", "message": {"text": "[SEC035] Unbounded Resource Allocation \u2014 DoS risk: Allocating resources (buffers, recursion stack, large ranges) based on user input without an upper bound. Attackers send `size=10000000` to exhaust memory, or trigger expensive computation. CWE-770/400. Examples: CVE-2023-44487 (HTTP/2 Rapid Reset), countless YAML/XML billion-laughs variants."}, "properties": {"repobilityId": 27781, "scanner": "repobility-threat-engine", "fingerprint": "e5b08aa1c539e841a91c033e961a1744ba2437c75553ec4759597b58e17ad55c", "category": "resource_exhaustion", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Bytes(req.", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC035", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e5b08aa1c539e841a91c033e961a1744ba2437c75553ec4759597b58e17ad55c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/skill.go"}, "region": {"startLine": 1708}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 27780, "scanner": "repobility-threat-engine", "fingerprint": "dc0a5ec528180ac4d731b48d639608332eba4729105fde33e1430fb963208d78", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "logger.Debug(\"auth token loaded\", \"profile\", d.cfg.Profile, \"token_len\", len(cfg.Token)", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|token|68|logger.debug auth token loaded profile d.cfg.profile token_len len cfg.token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/daemon.go"}, "region": {"startLine": 683}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 27769, "scanner": "repobility-threat-engine", "fingerprint": "30b501721b45ab3c19c3da09e394745956ca00f028db43bae7ae1c68f902b4bc", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "Open(!pullRequest", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|1333|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/components/issue-detail.tsx"}, "region": {"startLine": 1333}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27766, "scanner": "repobility-threat-engine", "fingerprint": "60fdcd3e60ff4f53d04cfd0fb5eafed54f74906121271b10a6e7ebef8ed50b14", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|60fdcd3e60ff4f53d04cfd0fb5eafed54f74906121271b10a6e7ebef8ed50b14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/main/external-url.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27765, "scanner": "repobility-threat-engine", "fingerprint": "ef6ff3bc9902f0e20b7d8921116c51a6b2e6a9cda7381db425dca83e4ad8dc4b", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ef6ff3bc9902f0e20b7d8921116c51a6b2e6a9cda7381db425dca83e4ad8dc4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/main/daemon-manager.ts"}, "region": {"startLine": 113}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 27764, "scanner": "repobility-threat-engine", "fingerprint": "3845559f763dac68aae5f5aec38848582745a97c6b23cdb0dab1ed047e228c4f", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3845559f763dac68aae5f5aec38848582745a97c6b23cdb0dab1ed047e228c4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/scripts/package.mjs"}, "region": {"startLine": 427}}}]}, {"ruleId": "CFG001", "level": "error", "message": {"text": "[CFG001] Docker Runs as Root: Container runs as root user.  in our analysis."}, "properties": {"repobilityId": 787, "scanner": "repobility", "fingerprint": "f5b020bc86eabfd8ca0241779a783be56eeec42ae6257a29b9441378a7be11b7", "category": "docker", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 736, "scanner": "repobility", "fingerprint": "0b1d0bf037ea79feafab42f5d2bbba00226f911a863b3087bbe2c6cafd591df7", "category": "injection", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/editor/readonly-content.tsx"}, "region": {"startLine": 246}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 735, "scanner": "repobility", "fingerprint": "961f17515e124d2296ef200f62af469e69eb918bdcb2e2aa66e9d709f1d05764", "category": "injection", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/ui/components/ui/chart.tsx"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 734, "scanner": "repobility", "fingerprint": "8bbf018e3bb211cb76c4fcc23e35d64c1ec423de446a33d2c3bbcd0966b9e508", "category": "injection", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/ui/markdown/CodeBlock.tsx"}, "region": {"startLine": 165}}}]}, {"ruleId": "SEC006", "level": "error", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 733, "scanner": "repobility", "fingerprint": "40aa8572cadadbe86eb0b60ccbabc6d62de3f7a8a73bd044114d8038aeadb946", "category": "injection", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(landing)/layout.tsx"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 27773, "scanner": "repobility-threat-engine", "fingerprint": "14ad2845b6f6b647dad3213570bad5de768fe6d0d1877e77aca839336f38d4db", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgres://multica:multica@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|4|postgres://multica:multica"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/backfill_task_usage_daily/main.go"}, "region": {"startLine": 49}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 27772, "scanner": "repobility-threat-engine", "fingerprint": "73c43e0e2526fd8640c826216b9c10c0c91f33ec05b19ece150c7e02e60e1ead", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgres://multica:multica@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|1|postgres://multica:multica"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/screenshot-pr-cards.mjs"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC022", "level": "error", "message": {"text": "[SEC022] Database URL With Embedded Credential: A database connection URL contains an embedded username and password. These URLs are often copied into defaults, docs, and scripts, then leak working credentials."}, "properties": {"repobilityId": 27771, "scanner": "repobility-threat-engine", "fingerprint": "9f831e5e21a738a93c4e29b713e24a5a6c6a562dde30cf41be802b634578471e", "category": "credential_exposure", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "postgres://multica:multica@", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC022", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "secret|token|3|postgres://multica:multica"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/init-worktree-env.sh"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC001", "level": "error", "message": {"text": "[SEC001] Hardcoded Password: Hardcoded password found in source code."}, "properties": {"repobilityId": 27770, "scanner": "repobility-threat-engine", "fingerprint": "ca8b3689d3606b6ba351612afc3869211a0ef1139bcd557d59785878eef0ef22", "category": "credential_exposure", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "High entropy value (4.4 bits) \u2014 likely real secret", "evidence": {"match": "PASSWORD=\"<redacted>}\"", "reason": "High entropy value (4.4 bits) \u2014 likely real secret", "rule_id": "SEC001", "scanner": "repobility-threat-engine", "confidence": 0.9, "correlation_key": "secret|scripts/ensure-postgres.sh|1|password redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ensure-postgres.sh"}, "region": {"startLine": 19}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4785, "scanner": "repobility-journey-contract", "fingerprint": "3818403a4c82c381c0d77ca61396cbb13dac378483706a9566c990416a0b170a", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|69|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/main/index.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4303, "scanner": "repobility-journey-contract", "fingerprint": "aff79714d6da256bbb0d9b4f4d142a066f0789c28e86aa7cab4f1a5bc2c97490", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|70|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 70}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4302, "scanner": "repobility-journey-contract", "fingerprint": "36426ea0db0ffd41e0433107afadeb48783241a886049b9632a761344e7b93e9", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.tsx|174|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.tsx"}, "region": {"startLine": 174}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4301, "scanner": "repobility-journey-contract", "fingerprint": "a565129d5d63ed3e942d4eff7e0f2f0b74a6668e7280d692dbe5aacc8c067bd3", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.tsx|75|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.tsx"}, "region": {"startLine": 75}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4300, "scanner": "repobility-journey-contract", "fingerprint": "24877a76b4f7db6bc02cf65cecf77bc0976d99c5fba5400c07fcfb39a4df6792", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|51|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/renderer/src/App.tsx"}, "region": {"startLine": 51}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4299, "scanner": "repobility-journey-contract", "fingerprint": "b93f8a24754d0d3c68296106a147a57b6de31059917d8c72860a62819540b421", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|54|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/main/index.ts"}, "region": {"startLine": 54}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4025, "scanner": "repobility-journey-contract", "fingerprint": "3fa3df943d844a124290fc6963e10dac382afe693bf05bf241f1a96b46cab81f", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|127|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/auth/callback/page.tsx"}, "region": {"startLine": 127}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4024, "scanner": "repobility-journey-contract", "fingerprint": "65908da0580de2a1fccf770924366bb0d1d131dc86304c900840e418478331bb", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.tsx|166|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.tsx"}, "region": {"startLine": 166}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 4023, "scanner": "repobility-journey-contract", "fingerprint": "31ee34a53c4fc306929949c90a60a006c03d47b2bb267271ab84bf2eeed78185", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.tsx|73|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.tsx"}, "region": {"startLine": 73}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 3784, "scanner": "repobility-journey-contract", "fingerprint": "2dfc8750feaa2874b93890b1485d3f3bc593f36650f66dcccc0dbe37e037ff61", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|69|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.tsx"}, "region": {"startLine": 69}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 3783, "scanner": "repobility-journey-contract", "fingerprint": "30772b59715febd1cff55d99057e1173f3aae30e535db574b1a294a5286f7ec0", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.tsx|137|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.tsx"}, "region": {"startLine": 137}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 3782, "scanner": "repobility-journey-contract", "fingerprint": "27e50195ff353523332550d770f269061fa2bcd168852a2d8deb120c9aebf694", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|48|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/main/index.ts"}, "region": {"startLine": 48}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2388, "scanner": "repobility-journey-contract", "fingerprint": "21486f18c5f53d4e89cc29e725f1a866879e2323c1d5ec9b345693d5981bbc7a", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|423|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/auth/login-page.test.tsx"}, "region": {"startLine": 423}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2387, "scanner": "repobility-journey-contract", "fingerprint": "6ff661b3bb50419674bb08207d4f96ea56c2c4c8ed2fa2e50aeaf464c9b00570", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|98|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/auth/callback/page.tsx"}, "region": {"startLine": 98}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2386, "scanner": "repobility-journey-contract", "fingerprint": "145a06e4954d54f6dafc02a3ff52acc4928069dc7c7a7108fb01b28119a13336", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|44|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/auth/callback/page.tsx"}, "region": {"startLine": 44}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2385, "scanner": "repobility-journey-contract", "fingerprint": "1f05dc7345916edc98e8e92365b5193aa9f2b695c1c8e752eb461ebc5193ce8a", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.tsx|145|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.tsx"}, "region": {"startLine": 145}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2384, "scanner": "repobility-journey-contract", "fingerprint": "2db65e30f6df661bfbf10dcd58bf1d57a0f5fa03b4e7617c52ffc56073440775", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.tsx|47|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.tsx"}, "region": {"startLine": 47}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2383, "scanner": "repobility-journey-contract", "fingerprint": "a5873d6c822106f3569503148bc270fd1a91755ae11e135d62fae9bfb75d998e", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|apps/web/app/ auth /login/page.test.tsx|184|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/web/app/(auth)/login/page.test.tsx"}, "region": {"startLine": 184}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2382, "scanner": "repobility-journey-contract", "fingerprint": "d45f6795ddd814b5ea295a3095277611726661fabf6267fb00a349044bf02029", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|43|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/renderer/src/App.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "JRN001", "level": "error", "message": {"text": "Token handoff appears to use a callback URL or fragment"}, "properties": {"repobilityId": 2381, "scanner": "repobility-journey-contract", "fingerprint": "8fdeaa38dc19ea75474914f5da7554edd699a16ced7c238bfde11efb6436b749", "category": "auth", "severity": "critical", "confidence": 0.88, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Callback/redirect wording, token-in-URL syntax, and navigation code appear near each other.", "evidence": {"rule_id": "JRN001", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html", "https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|47|jrn001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/desktop/src/main/index.ts"}, "region": {"startLine": 47}}}]}, {"ruleId": "DKC007", "level": "error", "message": {"text": "Compose service contains a literal secret environment value"}, "properties": {"repobilityId": 2379, "scanner": "repobility-docker", "fingerprint": "2a6608f39d04c4c39bf66fc97ccb5980b067c76ef8f8667ae5bc945202db0e89", "category": "docker", "severity": "critical", "confidence": 0.96, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Environment variable name is secret-like and value is a committed literal.", "evidence": {"rule_id": "DKC007", "scanner": "repobility-docker", "service": "postgres", "variable": "POSTGRES_PASSWORD", "references": ["https://docs.docker.com/compose/how-tos/environment-variables/best-practices/", "https://docs.docker.com/reference/compose-file/secrets/"], "path_context": "runtime", "correlation_key": "fp|2a6608f39d04c4c39bf66fc97ccb5980b067c76ef8f8667ae5bc945202db0e89", "compose_secrets_declared": false}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docker-compose.yml"}, "region": {"startLine": 3}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 806, "scanner": "repobility", "fingerprint": "ab5b1b1b28dbd33e685f0146bb1bd280bb150ccd9edc84c187b4a1d829685806", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_issue.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 805, "scanner": "repobility", "fingerprint": "d4dd42af9a89606ebf04e0f95754b52b696e33b5288de9abfffa9b8816286a56", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/router.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 804, "scanner": "repobility", "fingerprint": "ca145b68f11ccb9eac3cafdedb81ecbfa3f117edc84b374960ec4d7c4a4d6cc9", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/main.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 803, "scanner": "repobility", "fingerprint": "9ff181b6f74b332433e4f3537dfe0d6f20c5690e8356e1077147d2d7e6578a2a", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/execenv/runtime_config.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 802, "scanner": "repobility", "fingerprint": "5b97b84554908143c68a84224965b341659e5614539e7112684252022098b77e", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/repocache/cache_test.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 801, "scanner": "repobility", "fingerprint": "18af33641d3d7cae53a2101516869ffecd653cbc0431a82fe1c7846f83815d43", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/cli/client.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 800, "scanner": "repobility", "fingerprint": "5a9e90e5463d0de7ef2b7deb7f0508d34db1c6c68a612bec677eddf17371d28b", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/handler_test.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 799, "scanner": "repobility", "fingerprint": "ab2a1ae5ea0f29185fb82045bed89a88d5b9f6b75b80cb8e71b8e35aac8a2d89", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/handler.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 798, "scanner": "repobility", "fingerprint": "77006e1387fd0d3c4c47ec8f45046ce216525cf3bc664d25181b83b9cbcf783c", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/chat/components/chat-message-list.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 797, "scanner": "repobility", "fingerprint": "eb5ee0a5446b37cf81a941f963bbdad0ddb77c3d3370c3b06a4ef6fc1cfd7f30", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC003", "level": "error", "message": {"text": "Possible hardcoded private key found"}, "properties": {"repobilityId": 796, "scanner": "repobility", "fingerprint": "fb1967e3cccb697e4bde33565617a44bfb652d58b454939ffaca9d81aea9e433", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "error", "message": {"text": "Possible hardcoded password found"}, "properties": {"repobilityId": 795, "scanner": "repobility", "fingerprint": "ddaa2361d7c02ed72c457bc4959295981d6a41f19cf7838c70e8c9fa8f332a05", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC003", "level": "error", "message": {"text": "Possible hardcoded secret key found"}, "properties": {"repobilityId": 794, "scanner": "repobility", "fingerprint": "d30d0f3012c54c86165ce10b8a8b9b89c2aac42cee7b970625a38141fccc8f1c", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 793, "scanner": "repobility", "fingerprint": "bbced145d37d1f473e87090c08960b31d9baee7aee7e4bb98aec52fb34bf23a8", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC010", "level": "error", "message": {"text": "Possible GitHub token found"}, "properties": {"repobilityId": 792, "scanner": "repobility", "fingerprint": "bee79b1ebb8a239a0edee7c4fce262bc90416c8b4ac511d4261ae558c35c93dc", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 791, "scanner": "repobility", "fingerprint": "c4be90da3c4dcbf6bab877a294472b17bdd85eee9993d54069777bdcb64bd6ed", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "error", "message": {"text": "Possible hardcoded password found"}, "properties": {"repobilityId": 790, "scanner": "repobility", "fingerprint": "fd383171964af8365390b46d1c70050f17a5258d26b6559f2cb568167a32c872", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 789, "scanner": "repobility", "fingerprint": "49e2016f7c3080704b8c25e927c1229c056c65e357b3e8dec8ec7c3e366a58b1", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 788, "scanner": "repobility", "fingerprint": "adc286ff7f96c84bcd52275855bd81a0af55051693c4ae33ae296cf750b33c28", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/api/client.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC003", "level": "error", "message": {"text": "[SEC003] Hardcoded Secret: Hardcoded secret key. "}, "properties": {"repobilityId": 753, "scanner": "repobility", "fingerprint": "05badf6fc65c4b950afae7d572f6b1956b4cc7c35ba35e951b02cb53166458b9", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/auth/jwt.go"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 732, "scanner": "repobility", "fingerprint": "ab5b1b1b28dbd33e685f0146bb1bd280bb150ccd9edc84c187b4a1d829685806", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/multica/cmd_issue.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 731, "scanner": "repobility", "fingerprint": "d4dd42af9a89606ebf04e0f95754b52b696e33b5288de9abfffa9b8816286a56", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/router.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 730, "scanner": "repobility", "fingerprint": "ca145b68f11ccb9eac3cafdedb81ecbfa3f117edc84b374960ec4d7c4a4d6cc9", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/cmd/server/main.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 729, "scanner": "repobility", "fingerprint": "9ff181b6f74b332433e4f3537dfe0d6f20c5690e8356e1077147d2d7e6578a2a", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/execenv/runtime_config.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 728, "scanner": "repobility", "fingerprint": "5b97b84554908143c68a84224965b341659e5614539e7112684252022098b77e", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/daemon/repocache/cache_test.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 727, "scanner": "repobility", "fingerprint": "18af33641d3d7cae53a2101516869ffecd653cbc0431a82fe1c7846f83815d43", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/cli/client.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 726, "scanner": "repobility", "fingerprint": "5a9e90e5463d0de7ef2b7deb7f0508d34db1c6c68a612bec677eddf17371d28b", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/handler_test.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 725, "scanner": "repobility", "fingerprint": "ab2a1ae5ea0f29185fb82045bed89a88d5b9f6b75b80cb8e71b8e35aac8a2d89", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "server/internal/handler/handler.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 724, "scanner": "repobility", "fingerprint": "77006e1387fd0d3c4c47ec8f45046ce216525cf3bc664d25181b83b9cbcf783c", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/chat/components/chat-message-list.tsx"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 723, "scanner": "repobility", "fingerprint": "eb5ee0a5446b37cf81a941f963bbdad0ddb77c3d3370c3b06a4ef6fc1cfd7f30", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC003", "level": "error", "message": {"text": "Possible hardcoded private key found"}, "properties": {"repobilityId": 722, "scanner": "repobility", "fingerprint": "fb1967e3cccb697e4bde33565617a44bfb652d58b454939ffaca9d81aea9e433", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "error", "message": {"text": "Possible hardcoded password found"}, "properties": {"repobilityId": 721, "scanner": "repobility", "fingerprint": "ddaa2361d7c02ed72c457bc4959295981d6a41f19cf7838c70e8c9fa8f332a05", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC003", "level": "error", "message": {"text": "Possible hardcoded secret key found"}, "properties": {"repobilityId": 720, "scanner": "repobility", "fingerprint": "d30d0f3012c54c86165ce10b8a8b9b89c2aac42cee7b970625a38141fccc8f1c", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 719, "scanner": "repobility", "fingerprint": "bbced145d37d1f473e87090c08960b31d9baee7aee7e4bb98aec52fb34bf23a8", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC010", "level": "error", "message": {"text": "Possible GitHub token found"}, "properties": {"repobilityId": 718, "scanner": "repobility", "fingerprint": "bee79b1ebb8a239a0edee7c4fce262bc90416c8b4ac511d4261ae558c35c93dc", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 717, "scanner": "repobility", "fingerprint": "c4be90da3c4dcbf6bab877a294472b17bdd85eee9993d54069777bdcb64bd6ed", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC001", "level": "error", "message": {"text": "Possible hardcoded password found"}, "properties": {"repobilityId": 716, "scanner": "repobility", "fingerprint": "fd383171964af8365390b46d1c70050f17a5258d26b6559f2cb568167a32c872", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible hardcoded API key found"}, "properties": {"repobilityId": 715, "scanner": "repobility", "fingerprint": "49e2016f7c3080704b8c25e927c1229c056c65e357b3e8dec8ec7c3e366a58b1", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/views/issues/utils/redact.test.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC002", "level": "error", "message": {"text": "Possible OpenAI API key found"}, "properties": {"repobilityId": 714, "scanner": "repobility", "fingerprint": "adc286ff7f96c84bcd52275855bd81a0af55051693c4ae33ae296cf750b33c28", "category": "credential_exposure", "severity": "critical", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/api/client.ts"}, "region": {"startLine": 1}}}]}]}]}