{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "DKR001", "name": "Docker final stage has no non-root USER", "shortDescription": {"text": "Docker final stage has no non-root USER"}, "fullDescription": {"text": "Docker images run as root unless the image or Dockerfile switches to a non-root user."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "CORE_LARGE_FILES", "name": "Average file size is 541 lines (recommend <300)", "shortDescription": {"text": "Average file size is 541 lines (recommend <300)"}, "fullDescription": {"text": "Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle \u2014 each module should have one clear purpose."}, "properties": {"scanner": "repobility-core", "category": "quality", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "DKR008", "name": ".dockerignore misses sensitive defaults", "shortDescription": {"text": ".dockerignore misses sensitive defaults"}, "fullDescription": {"text": ".dockerignore exists but does not cover common secret or VCS patterns."}, "properties": {"scanner": "repobility-docker", "category": "docker", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/349"}, "properties": {"repository": "CopilotKit/aimock", "repoUrl": "https://github.com/CopilotKit/aimock", "branch": "main"}, "results": [{"ruleId": "DKR001", "level": "warning", "message": {"text": "Docker final stage has no non-root USER"}, "properties": {"repobilityId": 11111, "scanner": "repobility-docker", "fingerprint": "8834241eeb4d718f800897a4f5ff17bde22fe63b627eb3d2777a3d72ee8e9a11", "category": "docker", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "No USER directive was found in the final runtime stage.", "evidence": {"rule_id": "DKR001", "scanner": "repobility-docker", "final_base": "node:22-alpine", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", "https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html", "https://github.com/hadolint/hadolint"], "correlation_key": "fp|8834241eeb4d718f800897a4f5ff17bde22fe63b627eb3d2777a3d72ee8e9a11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Dockerfile"}, "region": {"startLine": 20}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 11110, "scanner": "repobility-threat-engine", "fingerprint": "69960913b554e32f55d9de649e57947423f0e2e2d14e8224d766f540ce5a48a2", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                    pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|69960913b554e32f55d9de649e57947423f0e2e2d14e8224d766f540ce5a48a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/aimock-pytest/src/aimock_pytest/_server.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 11109, "scanner": "repobility-threat-engine", "fingerprint": "5a6b75bdeb65ff8f9ebc987fe845cb50d9dcd3715771d2713693cb6268cb6249", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|153|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/aimock-pytest/src/aimock_pytest/_node_manager.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 11105, "scanner": "repobility-agent-runtime", "fingerprint": "fce62f2a5f64a7cd71cd6cbb847b6675ff38db85aff5798b6174740751a30d82", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|fce62f2a5f64a7cd71cd6cbb847b6675ff38db85aff5798b6174740751a30d82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/migrate-from-vidaimock/index.html"}, "region": {"startLine": 59}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 11104, "scanner": "repobility-agent-runtime", "fingerprint": "873ab5e619bcfde4fb729e321fc896217b834d447d31738e063571a6c78555d4", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|873ab5e619bcfde4fb729e321fc896217b834d447d31738e063571a6c78555d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/migrate-from-python-mocks/index.html"}, "region": {"startLine": 191}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 11103, "scanner": "repobility-agent-runtime", "fingerprint": "5c40336d7d821083c6225ad34ddef32a03ce424558bd5c28b10ec79b57adceb3", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|5c40336d7d821083c6225ad34ddef32a03ce424558bd5c28b10ec79b57adceb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/migrate-from-piyook/index.html"}, "region": {"startLine": 149}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 11102, "scanner": "repobility-agent-runtime", "fingerprint": "0ef52c6f3355b03992f004e1d2e800c562da3cd464052ed3beef5912a198b080", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|0ef52c6f3355b03992f004e1d2e800c562da3cd464052ed3beef5912a198b080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/migrate-from-openai-responses/index.html"}, "region": {"startLine": 179}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 11101, "scanner": "repobility-agent-runtime", "fingerprint": "131f8379f8659cfa2609ae2357a0ff5846632f11551efc72fb9293d002165304", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|131f8379f8659cfa2609ae2357a0ff5846632f11551efc72fb9293d002165304"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/migrate-from-msw/index.html"}, "region": {"startLine": 150}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 11100, "scanner": "repobility-agent-runtime", "fingerprint": "2734a4265303897309a6ee3c400829ecae9ce255368999fe22f8b60a02141ed6", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|2734a4265303897309a6ee3c400829ecae9ce255368999fe22f8b60a02141ed6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/migrate-from-mock-llm/index.html"}, "region": {"startLine": 197}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11099, "scanner": "repobility-ai-code-hygiene", "fingerprint": "db6b21cab85e7ed140f59b325762bc5358ad57ed4d0c747b2883c6c3242fe7f1", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/a2a-stub.ts", "duplicate_line": 1, "correlation_key": "fp|db6b21cab85e7ed140f59b325762bc5358ad57ed4d0c747b2883c6c3242fe7f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/index.ts"}, "region": {"startLine": 131}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11098, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4f4d9dd546bee33ab4a7023f6f950747db16ab77655481e4f189b045c3de7d20", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/embeddings.ts", "duplicate_line": 186, "correlation_key": "fp|4f4d9dd546bee33ab4a7023f6f950747db16ab77655481e4f189b045c3de7d20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/images.ts"}, "region": {"startLine": 138}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11097, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f5d7abe0220b404d26dc5d0f5c2815c4a7c0a077cb6ca38a066aa9a2e498710", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/elevenlabs-audio.ts", "duplicate_line": 34, "correlation_key": "fp|9f5d7abe0220b404d26dc5d0f5c2815c4a7c0a077cb6ca38a066aa9a2e498710"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/images.ts"}, "region": {"startLine": 65}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11096, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9c0e91d7604bf6333d3b5ca119fa9574e703045119c38be5d9f836c1e46af1c7", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/elevenlabs-audio.ts", "duplicate_line": 127, "correlation_key": "fp|9c0e91d7604bf6333d3b5ca119fa9574e703045119c38be5d9f836c1e46af1c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gemini.ts"}, "region": {"startLine": 577}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11095, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0d02332cff4331f76df033de4f16d0d60c5ca2f486ff106188cb6526f4287e82", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/gemini-interactions.ts", "duplicate_line": 579, "correlation_key": "fp|0d02332cff4331f76df033de4f16d0d60c5ca2f486ff106188cb6526f4287e82"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gemini.ts"}, "region": {"startLine": 559}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11094, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac9d7a308bc9808cef0f386f80885e41c4e36434166960943be99cdb711be7a8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/fal-audio.ts", "duplicate_line": 244, "correlation_key": "fp|ac9d7a308bc9808cef0f386f80885e41c4e36434166960943be99cdb711be7a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gemini.ts"}, "region": {"startLine": 546}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11093, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b1fdf3965991ab6a38ebac2ed4f88bcbbe18e80f7b0981d259d38dbac01301d3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/fal-audio.ts", "duplicate_line": 244, "correlation_key": "fp|b1fdf3965991ab6a38ebac2ed4f88bcbbe18e80f7b0981d259d38dbac01301d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/gemini-interactions.ts"}, "region": {"startLine": 566}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11092, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f16c04710ef0f34fc9167f92a940d1adb681905d61ee3e1c8b7418eed2d28b0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/fal-audio.ts", "duplicate_line": 79, "correlation_key": "fp|5f16c04710ef0f34fc9167f92a940d1adb681905d61ee3e1c8b7418eed2d28b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/fal.ts"}, "region": {"startLine": 64}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11091, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e3ac5263c33358c5d4b1f3a75f8896034d451c7d7e7b8a194dc2c748a96c6519", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/elevenlabs-audio.ts", "duplicate_line": 183, "correlation_key": "fp|e3ac5263c33358c5d4b1f3a75f8896034d451c7d7e7b8a194dc2c748a96c6519"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/fal-audio.ts"}, "region": {"startLine": 320}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11090, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5fb3d69a5d7145961a0e57a2ea173f7ff1a726455aac3d31886e09e5e3812c06", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/elevenlabs-audio.ts", "duplicate_line": 126, "correlation_key": "fp|5fb3d69a5d7145961a0e57a2ea173f7ff1a726455aac3d31886e09e5e3812c06"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/embeddings.ts"}, "region": {"startLine": 187}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11089, "scanner": "repobility-ai-code-hygiene", "fingerprint": "685b3c71bfa057bc895f3c62dab59dc767c0b401daa96ce5a5f6549f47f49420", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/agui-handler.ts", "duplicate_line": 13, "correlation_key": "fp|685b3c71bfa057bc895f3c62dab59dc767c0b401daa96ce5a5f6549f47f49420"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agui-stub.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 11088, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b7c63b9e55e48f3484f32a3e8ed19fb8bd0609f991ca96c4e27895e43ba8c7d5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/a2a-mock.ts", "duplicate_line": 167, "correlation_key": "fp|b7c63b9e55e48f3484f32a3e8ed19fb8bd0609f991ca96c4e27895e43ba8c7d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/agui-mock.ts"}, "region": {"startLine": 206}}}]}, {"ruleId": "CORE_LARGE_FILES", "level": "warning", "message": {"text": "Average file size is 541 lines (recommend <300)"}, "properties": {"repobilityId": 11087, "scanner": "repobility-core", "fingerprint": "f89c83b068698ad29e7a011921abcca89332cf8340d9d4ff32a4b511106579ec", "category": "quality", "severity": "medium", "confidence": null, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"rule_id": "CORE_LARGE_FILES", "scanner": "repobility-core", "correlation_key": "fp|f89c83b068698ad29e7a011921abcca89332cf8340d9d4ff32a4b511106579ec"}}}, {"ruleId": "DKR008", "level": "note", "message": {"text": ".dockerignore misses sensitive defaults"}, "properties": {"repobilityId": 11112, "scanner": "repobility-docker", "fingerprint": "aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "category": "docker", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A Docker build context should exclude secrets and repository metadata.", "evidence": {"rule_id": "DKR008", "scanner": "repobility-docker", "references": ["https://docs.docker.com/develop/develop-images/dockerfile_best-practices/"], "correlation_key": "fp|aea2ad92c68c4ee1f8432bb1ec25e7d45ac12c9e1790ac2d3fffe638b1acce12", "missing_patterns": [".env", "id_rsa", "*.pem", "*.key"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".dockerignore"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 11108, "scanner": "repobility-threat-engine", "fingerprint": "c213e6edb93f0ef9aff51cc94ad612eac91ed5e56e6d440e1ca2b72e4fc4c81f", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = b", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|docs/sidebar.js|128|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/sidebar.js"}, "region": {"startLine": 128}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 11107, "scanner": "repobility-threat-engine", "fingerprint": "469fc69587d644551085b3ee0425d1fa1f00353246efcfcd81ac9d09a507b81f", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/chaos.ts|109|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/chaos.ts"}, "region": {"startLine": 109}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 11106, "scanner": "repobility-threat-engine", "fingerprint": "1a4e4acaf564a4ab88331be8b833d75eecdfca3243d61035c2dbfba8422680e0", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|src/sse-writer.ts|43|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/sse-writer.ts"}, "region": {"startLine": 43}}}]}]}]}