{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "Add the backend route, update the frontend constant to the implemented endpoint, or document that the route is served by another service and exclude it with .repobilityignore."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "Handle QuotaExceededError explicitly, show a toast or error state, and guide the user to export/clear old local data. Log non-quota failures for diagnostics."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "QUAL003", "name": "Magic number used as default arg", "shortDescription": {"text": "Magic number used as default arg"}, "fullDescription": {"text": "Using hardcoded default values for complex configuration objects makes the code brittle and difficult to manage. Consider using a dedicated factory or builder pattern.\n\nAuto-promoted from proposal 444 on 2026-05-12. Synth confidence: 0.85. FP estimate: 0.00."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP001", "name": "Crypto \u2014 plaintext HTTP for sensitive endpoint", "shortDescription": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "fullDescription": {"text": "Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Bind local agent bridges to 127.0.0.1 by default. If remote access is required, require a bearer token or mTLS, enforce origin/CSRF checks for browser clients, and document the threat model."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /sc"}, "fullDescription": {"text": "Require an explicit admin, maintainer, super_admin, or scoped service role in code and .repobility/access.yml."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "Add .repobility/access.yml mapping routes to anonymous, authenticated, owner, admin, and super_admin. Keep business-specific rules in the repo so CI can enforce them."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "", "owasp": ""}}, {"id": "QA001", "name": "[QA001] No Tests Found: No test files or test directories found.", "shortDescription": {"text": "[QA001] No Tests Found: No test files or test directories found."}, "fullDescription": {"text": "Add unit tests. Start with critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility", "category": "testing", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility", "category": "error_handling", "severity": "medium", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC009", "name": "Multiple AI-agent scaffold marker files are present", "shortDescription": {"text": "Multiple AI-agent scaffold marker files are present"}, "fullDescription": {"text": "Keep one current agent instruction file if it helps contributors, remove stale progress/completion markers, and make sure the README, tests, and CI describe the real supported behavior."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "low", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 10 more): Same pattern found in 10 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED054", "name": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely.", "shortDescription": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 86 more): Same pattern found in 86 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 86 more): Same pattern found in 86 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.", "shortDescription": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 8 more): Same pattern found in 8 addit", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED065", "name": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public re", "shortDescription": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-942,CWE-346 / A05:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-r", "shortDescription": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025"}, "fullDescription": {"text": "Replace with: `uses: actions/setup-node@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "Persist consent as a backend record with subject, actor, purpose, scope, legal text version, timestamp, IP address, user agent, and revocation state."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found", "shortDescription": {"text": "No test files found"}, "fullDescription": {"text": "Add a test directory (tests/ or __tests__/) with unit tests for core functionality. Use pytest (Python), Jest (JS/TS), or go test (Go). Start with tests for critical business logic and security-sensitive functions."}, "properties": {"scanner": "repobility", "category": "testing", "severity": "high", "confidence": null, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/19"}, "properties": {"repository": "pascalorg/editor", "repoUrl": "https://github.com/pascalorg/editor.git", "branch": "main"}, "results": [{"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 56843, "scanner": "repobility-journey-contract", "fingerprint": "03722a9fa3a1a9eae28bdfc09f34dca34c545f46ea1e44cd4f9cdf4aa63fccdb", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/thumbnail", "correlation_key": "fp|03722a9fa3a1a9eae28bdfc09f34dca34c545f46ea1e44cd4f9cdf4aa63fccdb", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 184}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 56842, "scanner": "repobility-journey-contract", "fingerprint": "624ce49a1e30c0ba4a77cfa6b8d988c2853dc068dea92199465ca1579605ff76", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/events", "correlation_key": "fp|624ce49a1e30c0ba4a77cfa6b8d988c2853dc068dea92199465ca1579605ff76", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 151}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 56841, "scanner": "repobility-agent-runtime", "fingerprint": "9dd2c2ba35f56ea65312d57b9a5e3f78d3a9deff8d3d3c53659e41a74f7bb922", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|9dd2c2ba35f56ea65312d57b9a5e3f78d3a9deff8d3d3c53659e41a74f7bb922"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 396}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 56835, "scanner": "repobility-threat-engine", "fingerprint": "463602352e43024aabfbbdcc62c8ae4068fb0be37feb789aa6bac558b7374794", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|463602352e43024aabfbbdcc62c8ae4068fb0be37feb789aa6bac558b7374794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/hooks/use-auto-save.ts"}, "region": {"startLine": 162}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 53023, "scanner": "repobility-journey-contract", "fingerprint": "e639615c5456c7e1ca70275daa0d4f3ac41699facf3828a39ff56f4bca8389cb", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/thumbnail", "correlation_key": "fp|e639615c5456c7e1ca70275daa0d4f3ac41699facf3828a39ff56f4bca8389cb", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 179}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 53022, "scanner": "repobility-agent-runtime", "fingerprint": "0d5bb26ccf792976ea9de177a6c80bfd0fdaf6786fc76e9fbd5b0b1234b782a7", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|0d5bb26ccf792976ea9de177a6c80bfd0fdaf6786fc76e9fbd5b0b1234b782a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 395}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 45632, "scanner": "repobility-agent-runtime", "fingerprint": "8eb80ca573af5d4a37b8e7979efe43eaabea9fce191ace977172d45a1cda3c77", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|8eb80ca573af5d4a37b8e7979efe43eaabea9fce191ace977172d45a1cda3c77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 393}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 45147, "scanner": "repobility-agent-runtime", "fingerprint": "b16c4ca3d6e63ce1b27dc76b524884ac0a182f2ff7f95e2df86cf5af688a5dee", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|b16c4ca3d6e63ce1b27dc76b524884ac0a182f2ff7f95e2df86cf5af688a5dee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 387}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 44269, "scanner": "repobility-agent-runtime", "fingerprint": "cfef67befa57a873dacc5390817a5316cb180a8d87cedac6348ec46e3d56ccb4", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|cfef67befa57a873dacc5390817a5316cb180a8d87cedac6348ec46e3d56ccb4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 392}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 36720, "scanner": "repobility-journey-contract", "fingerprint": "a700051b9f6c63076e4458337cade6fe777761ecbdf0deb8dec5e96de605ae41", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/thumbnail", "correlation_key": "fp|a700051b9f6c63076e4458337cade6fe777761ecbdf0deb8dec5e96de605ae41", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 149}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 36719, "scanner": "repobility-journey-contract", "fingerprint": "f94e419a2a25585b538d0f77c6d5a11c629a331b96cfdcdd5c147939a4949c6e", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}", "correlation_key": "fp|f94e419a2a25585b538d0f77c6d5a11c629a331b96cfdcdd5c147939a4949c6e", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 116}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 36718, "scanner": "repobility-journey-contract", "fingerprint": "20bd7ab43eff541d3ff9c89cfb3338d12b12bc1e42c20f80686100da183f50cb", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}", "correlation_key": "fp|20bd7ab43eff541d3ff9c89cfb3338d12b12bc1e42c20f80686100da183f50cb", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 86}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 34594, "scanner": "repobility-threat-engine", "fingerprint": "a0cb5c545cbfafdf480f974bb04e59f1c65a6bd127e78076877387e15a6d39f8", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|15|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/storage/sqlite-driver.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 34593, "scanner": "repobility-threat-engine", "fingerprint": "b7317ad68eb856f1e002a18843f3376e5e89e936d88ccd9aad324ecffdd3bee0", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|42|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/prompts/renovation-from-photos.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 34592, "scanner": "repobility-threat-engine", "fingerprint": "d2af68b7950c2c9c3f2e59ca4a97709f86fe1e4fa821b8269fc14e7355026c56", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random().toString(36).slice(2, 10)\n      const raw = localStorage.getItem(PRESETS_KEY", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d2af68b7950c2c9c3f2e59ca4a97709f86fe1e4fa821b8269fc14e7355026c56"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/contexts/presets-context.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21926, "scanner": "repobility", "fingerprint": "9d14a98c731621999b0a55999eb21379", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"snippet": "default 0.9", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/tools/door/door-tool.tsx"}, "region": {"startLine": 254}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14175, "scanner": "repobility", "fingerprint": "8e39538284a5c9d52a6ac9774a5fff95", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/viewer/src/lib/asset-url.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14174, "scanner": "repobility", "fingerprint": "5c1165838f86d99f3222254ded2acbf6", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/viewer/src/lib/asset-url.ts"}, "region": {"startLine": 16}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14173, "scanner": "repobility", "fingerprint": "9251fa56b69b3cc5c6cdce8134d445c2", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/viewer/src/lib/asset-url.ts"}, "region": {"startLine": 7}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14172, "scanner": "repobility", "fingerprint": "d966b91a6690e27fa1e0a7a789d6ba17", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/ui/sidebar/panels/site-panel/index.tsx"}, "region": {"startLine": 443}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4925, "scanner": "repobility-journey-contract", "fingerprint": "fcb674261fd73b003c9d1e6ef0a9fcb8ead7c2d9e3ac46e0cb9c861fd01c9ff2", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/events", "correlation_key": "fp|fcb674261fd73b003c9d1e6ef0a9fcb8ead7c2d9e3ac46e0cb9c861fd01c9ff2", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 146}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4924, "scanner": "repobility-journey-contract", "fingerprint": "0ffdb48d7d1356bbceca643f79ca5a68ba6e477bc72b7ebfce89c690c2a3022e", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/events", "correlation_key": "fp|0ffdb48d7d1356bbceca643f79ca5a68ba6e477bc72b7ebfce89c690c2a3022e", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 113}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4923, "scanner": "repobility-journey-contract", "fingerprint": "28c8994daecc041c82353f6f39cb13360e4f7470ef8506f233dc30be3ac9e5fd", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}", "correlation_key": "fp|28c8994daecc041c82353f6f39cb13360e4f7470ef8506f233dc30be3ac9e5fd", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 83}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 4922, "scanner": "repobility-agent-runtime", "fingerprint": "71491643b7685125efaaa5fbde77f5eca1c89085f3bd8655cb180e99833bba6f", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|71491643b7685125efaaa5fbde77f5eca1c89085f3bd8655cb180e99833bba6f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 391}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 4625, "scanner": "repobility-threat-engine", "fingerprint": "592bd3932f8521ac92fcd1c010fe3c1bd23672d1218e9d2781c3d890f6583d91", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|592bd3932f8521ac92fcd1c010fe3c1bd23672d1218e9d2781c3d890f6583d91"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/hooks/use-auto-save.ts"}, "region": {"startLine": 156}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 4623, "scanner": "repobility-agent-runtime", "fingerprint": "b9cad4b1fb410b23c0649937e7227f557d3ccea88a5b388ee988ef989caa10d9", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|b9cad4b1fb410b23c0649937e7227f557d3ccea88a5b388ee988ef989caa10d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 390}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4290, "scanner": "repobility-journey-contract", "fingerprint": "ea466a0e7a34d203a1c6f47ba477c5d0a6f258c4b2dcedc16e743ac4cc7803a8", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/thumbnail", "correlation_key": "fp|ea466a0e7a34d203a1c6f47ba477c5d0a6f258c4b2dcedc16e743ac4cc7803a8", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 147}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4289, "scanner": "repobility-journey-contract", "fingerprint": "3dc032654dcf9edad8466fed43756041c4227caad5007de45456a85a614ba72c", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}/events", "correlation_key": "fp|3dc032654dcf9edad8466fed43756041c4227caad5007de45456a85a614ba72c", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 114}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4288, "scanner": "repobility-journey-contract", "fingerprint": "699b66fbb374bdf19829c7019facd52b3d1557dd87ba01b37af52b11edb70d6a", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}", "correlation_key": "fp|699b66fbb374bdf19829c7019facd52b3d1557dd87ba01b37af52b11edb70d6a", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 84}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4287, "scanner": "repobility-journey-contract", "fingerprint": "b07d0426101321673610698d15520a6d0e4ef26e57d4a23ccc83162a3cfa3bfd", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes", "correlation_key": "fp|b07d0426101321673610698d15520a6d0e4ef26e57d4a23ccc83162a3cfa3bfd", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/save-button.tsx"}, "region": {"startLine": 118}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4286, "scanner": "repobility-journey-contract", "fingerprint": "d7f1051dd3307fbaee41253ca4b52941d21d4b21675a5930647f6b5901721750", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes/{param}", "correlation_key": "fp|d7f1051dd3307fbaee41253ca4b52941d21d4b21675a5930647f6b5901721750", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/save-button.tsx"}, "region": {"startLine": 83}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 4285, "scanner": "repobility-journey-contract", "fingerprint": "55086d056d7e684012fe1e755df4e6548bb5e8c15345adf58608b9a6fb636827", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/scenes", "correlation_key": "fp|55086d056d7e684012fe1e755df4e6548bb5e8c15345adf58608b9a6fb636827", "backend_endpoint_count": 7}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/save-button.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 4284, "scanner": "repobility-agent-runtime", "fingerprint": "7cee23811d46bac7417a06cfecc7a88cca47293268c9d3600e33863e90a8041c", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7cee23811d46bac7417a06cfecc7a88cca47293268c9d3600e33863e90a8041c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/lib/safe-fetch.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 4283, "scanner": "repobility-agent-runtime", "fingerprint": "51f5f48c6a6bc8ac8a70f3a72f3675671497afeaa80032a3286f02cbb35bb723", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|51f5f48c6a6bc8ac8a70f3a72f3675671497afeaa80032a3286f02cbb35bb723"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/lib/scene.ts"}, "region": {"startLine": 134}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 4282, "scanner": "repobility-agent-runtime", "fingerprint": "ee1ce9e365c32f66009fb67d3e3901e335c8d5572e19730c16f28257456fa9e0", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|ee1ce9e365c32f66009fb67d3e3901e335c8d5572e19730c16f28257456fa9e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/contexts/presets-context.tsx"}, "region": {"startLine": 58}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 4281, "scanner": "repobility-agent-runtime", "fingerprint": "f39770c8e201dccf64746c867cd2deb80a5b472b508ca254199310f72effde1e", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|f39770c8e201dccf64746c867cd2deb80a5b472b508ca254199310f72effde1e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/index.tsx"}, "region": {"startLine": 388}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /scenes/:id/events/route."}, "properties": {"repobilityId": 2281, "scanner": "repobility-access-control", "fingerprint": "1c2a54a0c1bc49d487cda08032e160e8eab665f816a0146cc5b1e73f4fbf317a", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/scenes/:id/events/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|apps/editor/app/api/scenes/ id /events/route.ts|22|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/[id]/events/route.ts"}, "region": {"startLine": 22}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PATCH /scenes/:id/route."}, "properties": {"repobilityId": 2280, "scanner": "repobility-access-control", "fingerprint": "b4ddb4598a05af7083a505338d1b12d6557bb8219fac0d64290b36f107c66e4e", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/scenes/:id/route", "method": "PATCH", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|apps/editor/app/api/scenes/ id /route.ts|123|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/[id]/route.ts"}, "region": {"startLine": 123}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /scenes/:id/route."}, "properties": {"repobilityId": 2279, "scanner": "repobility-access-control", "fingerprint": "d085ab96f128d2fc7c4588297f1e77e5b23ff4da62c3f7305001a1d65350e432", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/scenes/:id/route", "method": "DELETE", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|apps/editor/app/api/scenes/ id /route.ts|104|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/[id]/route.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: PUT /scenes/:id/route."}, "properties": {"repobilityId": 2278, "scanner": "repobility-access-control", "fingerprint": "c1998eeff361527f7de85c5819e7cbfa093c06b8880d0b6484ba7cc5256b3f03", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/scenes/:id/route", "method": "PUT", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|apps/editor/app/api/scenes/ id /route.ts|51|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/[id]/route.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /scenes/:id/route."}, "properties": {"repobilityId": 2277, "scanner": "repobility-access-control", "fingerprint": "d438d2353258abc9b0fa86537a7d90f6ab899059484531b989d9572b31cefddc", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/scenes/:id/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|apps/editor/app/api/scenes/ id /route.ts|32|auc009", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/[id]/route.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /scenes/route."}, "properties": {"repobilityId": 2276, "scanner": "repobility-access-control", "fingerprint": "55468ca20863fdf14b33ac7878eecba6beaa326e4c03cf6f6b2c043b67a89687", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/scenes/route", "method": "POST", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|51|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/route.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /scenes/route."}, "properties": {"repobilityId": 2275, "scanner": "repobility-access-control", "fingerprint": "df32b13dc15a2f2160c9e8c7757d453556db9be81cfd2de417310214e58d3f1c", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/scenes/route", "method": "GET", "scanner": "repobility-access-control", "framework": "Next.js", "correlation_key": "code|auth|token|26|auc009", "identity_targets": ["authenticated"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/route.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 2261, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Next.js"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "QA001", "level": "warning", "message": {"text": "[QA001] No Tests Found: No test files or test directories found."}, "properties": {"repobilityId": 1284, "scanner": "repobility", "fingerprint": "be028542411e0ec312e12d2f50c11c24019b2976e2d4ab2f349dbb0805b2af21", "category": "testing", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "likely", "isResolved": true, "reason": "No test files or standard test directories detected", "evidence": {}}}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 1279, "scanner": "repobility", "fingerprint": "7efa44e7b44f00a973570696fd98abd5e79c24fa82c0f4d9031341634adfd14c", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/hooks/use-auto-save.ts"}, "region": {"startLine": 142}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 1278, "scanner": "repobility", "fingerprint": "5c4efe60a0455dbbe4e034fb49a1eb0d408540890640a9159c617ca62963a772", "category": "error_handling", "severity": "medium", "confidence": null, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/viewer/src/components/error-boundary.tsx"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 56840, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f17253c235de5d9999fa646a1910b2ac43b3f9547a763c4e75c17dcab21d869e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/elevator/elevator-tool.tsx", "duplicate_line": 140, "correlation_key": "fp|f17253c235de5d9999fa646a1910b2ac43b3f9547a763c4e75c17dcab21d869e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/stair/stair-tool.tsx"}, "region": {"startLine": 125}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 56839, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b27724b15615a8ac0046485194bd4239fd59b2d9e6cc064496d4c4f88546c5d8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/roof/roof-tool.tsx", "duplicate_line": 132, "correlation_key": "fp|b27724b15615a8ac0046485194bd4239fd59b2d9e6cc064496d4c4f88546c5d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/stair/stair-tool.tsx"}, "region": {"startLine": 124}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 56838, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9a71b59ae21d34935e6fe99f5f3163a177870762592c14ad3d271eb0f8d8998b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/elevator/elevator-tool.tsx", "duplicate_line": 140, "correlation_key": "fp|9a71b59ae21d34935e6fe99f5f3163a177870762592c14ad3d271eb0f8d8998b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/roof/roof-tool.tsx"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 56837, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03f0bffa94ce0b756100886f0dcbf4aa64641c7872f591c2a8223ee0bc4125ac", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor/group-move-handle.tsx", "duplicate_line": 26, "correlation_key": "fp|03f0bffa94ce0b756100886f0dcbf4aa64641c7872f591c2a8223ee0bc4125ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/group-rotate-handle.tsx"}, "region": {"startLine": 31}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 56836, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3020acd1c1d06632397fd76c8131fb6ff3c64535ff12605967bc6f17b03c53c9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/src/systems/elevator/elevator-opening-sync.ts", "duplicate_line": 14, "correlation_key": "fp|3020acd1c1d06632397fd76c8131fb6ff3c64535ff12605967bc6f17b03c53c9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/systems/stair/stair-opening-sync.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53021, "scanner": "repobility-ai-code-hygiene", "fingerprint": "135b9674b758464e499bc283f67ffde786935f47f5021377ac967d59335dc086", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 50, "correlation_key": "fp|135b9674b758464e499bc283f67ffde786935f47f5021377ac967d59335dc086"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/gutter-tree-node.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53020, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eff647c91f7a48a04e58b353997f1cf65af29044ea3bb756acc8abba74405bd5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx", "duplicate_line": 22, "correlation_key": "fp|eff647c91f7a48a04e58b353997f1cf65af29044ea3bb756acc8abba74405bd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/gutter-tree-node.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53019, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e08eca7860811e93944b4f0420e9e6830a5a4c07caee9585834aa7e1aeb051fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 50, "correlation_key": "fp|e08eca7860811e93944b4f0420e9e6830a5a4c07caee9585834aa7e1aeb051fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/dormer-tree-node.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53018, "scanner": "repobility-ai-code-hygiene", "fingerprint": "13a2062b6d6f473ff4ea5c7cdee47e903dca1a7a443a6fd455bddcc06a98cbb7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 50, "correlation_key": "fp|13a2062b6d6f473ff4ea5c7cdee47e903dca1a7a443a6fd455bddcc06a98cbb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53017, "scanner": "repobility-ai-code-hygiene", "fingerprint": "edce11f2ec2eee3f6eb1b0b7809556bb72fe10346ab33f2139a9b2d580b123c6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/items-panel/function-tree-panel.tsx", "duplicate_line": 63, "correlation_key": "fp|edce11f2ec2eee3f6eb1b0b7809556bb72fe10346ab33f2139a9b2d580b123c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/items-panel/index.tsx"}, "region": {"startLine": 100}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53016, "scanner": "repobility-ai-code-hygiene", "fingerprint": "84bfbee6d4c2858ab15759c9744ac326f6671eb92f2670dc7653892294fb0eaf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor/wall-move-side-handles.tsx", "duplicate_line": 66, "correlation_key": "fp|84bfbee6d4c2858ab15759c9744ac326f6671eb92f2670dc7653892294fb0eaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/shared/polygon-editor.tsx"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53015, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e18a9323bf1be74e7588135da00ac415180b1663ffca802e7e73784f2059600f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor/wall-move-side-handles.tsx", "duplicate_line": 132, "correlation_key": "fp|e18a9323bf1be74e7588135da00ac415180b1663ffca802e7e73784f2059600f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/systems/ceiling/ceiling-selection-affordance-system.tsx"}, "region": {"startLine": 78}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53014, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3cbf4ae5282e97ee499cb9d31aca0a6dfc6daf2a98c915c6b66392400547712", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor/group-move-handle.tsx", "duplicate_line": 90, "correlation_key": "fp|c3cbf4ae5282e97ee499cb9d31aca0a6dfc6daf2a98c915c6b66392400547712"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/wall-move-side-handles.tsx"}, "region": {"startLine": 343}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53013, "scanner": "repobility-ai-code-hygiene", "fingerprint": "52f0361b8f2461c9e79105f878d8ae59e6741db5545429f4bb17a7a4b7767f0d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor-2d/floorplan-registry-action-menu.tsx", "duplicate_line": 91, "correlation_key": "fp|52f0361b8f2461c9e79105f878d8ae59e6741db5545429f4bb17a7a4b7767f0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/floating-action-menu.tsx"}, "region": {"startLine": 365}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53012, "scanner": "repobility-ai-code-hygiene", "fingerprint": "901edef5c7a607b9b31d4f96125ec4dec51c5dd1de86ebac0b54ff2c4e606080", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/editor/app/page.tsx", "duplicate_line": 19, "correlation_key": "fp|901edef5c7a607b9b31d4f96125ec4dec51c5dd1de86ebac0b54ff2c4e606080"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/components/scene-loader.tsx"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 52593, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2f128b1b4ae048495438ed266dd7e5974a0910afaa9a0d5a98d241a9c3b1a620", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor-2d/floorplan-registry-action-menu.tsx", "duplicate_line": 91, "correlation_key": "fp|2f128b1b4ae048495438ed266dd7e5974a0910afaa9a0d5a98d241a9c3b1a620"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/floating-action-menu.tsx"}, "region": {"startLine": 294}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45631, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07be4566e03b7d29d4fcb83ab029386f127ef4f5f1437f2b0e1fdd09eddf67e9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor/editor-layout-v2.tsx", "duplicate_line": 78, "correlation_key": "fp|07be4566e03b7d29d4fcb83ab029386f127ef4f5f1437f2b0e1fdd09eddf67e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/primitives/sidebar.tsx"}, "region": {"startLine": 180}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 45146, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c0fbe4dddf39e010a4ebc3b4991c18d5093ded7c5d2e05744fa070542561e1c2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/items-panel/function-tree-panel.tsx", "duplicate_line": 63, "correlation_key": "fp|c0fbe4dddf39e010a4ebc3b4991c18d5093ded7c5d2e05744fa070542561e1c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/items-panel/index.tsx"}, "region": {"startLine": 88}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 44268, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b348effb8c0138fd7be67b5a830b99461d268f82e575320d254dc0f2f1b24c68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/building-tree-node.tsx", "duplicate_line": 77, "correlation_key": "fp|b348effb8c0138fd7be67b5a830b99461d268f82e575320d254dc0f2f1b24c68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/level-tree-node.tsx"}, "region": {"startLine": 59}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 44267, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78590a966c702fb56925ca264d563e06a4a3a4a0b68a3cef1949cbec63857316", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/item-tree-node.tsx", "duplicate_line": 88, "correlation_key": "fp|78590a966c702fb56925ca264d563e06a4a3a4a0b68a3cef1949cbec63857316"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/level-tree-node.tsx"}, "region": {"startLine": 43}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 44266, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f1059a6ed11a0c1bac1a4ab9d4b542fbfd1a4df1d064bb5f333f3bca0255df21", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/fence/fence-drafting.ts", "duplicate_line": 39, "correlation_key": "fp|f1059a6ed11a0c1bac1a4ab9d4b542fbfd1a4df1d064bb5f333f3bca0255df21"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/wall/wall-drafting.ts"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 44265, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fa935e2753a88d5277536bd88981aae38ea3095561a3c2aef01b761023e802ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor/wall-move-side-handles.tsx", "duplicate_line": 66, "correlation_key": "fp|fa935e2753a88d5277536bd88981aae38ea3095561a3c2aef01b761023e802ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/shared/polygon-editor.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 44264, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3f5536d9fabf23b57c328e705a0a3bc6dc3b00540dc9978b8f79c49f081bcaf1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor-2d/floorplan-registry-action-menu.tsx", "duplicate_line": 93, "correlation_key": "fp|3f5536d9fabf23b57c328e705a0a3bc6dc3b00540dc9978b8f79c49f081bcaf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/floating-action-menu.tsx"}, "region": {"startLine": 296}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39202, "scanner": "repobility-ai-code-hygiene", "fingerprint": "841665b4535adf74f8e260914d7768d8ee5e275a222acb3fbc4c961abe66fb7d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/box-vent-tree-node.tsx", "duplicate_line": 22, "correlation_key": "fp|841665b4535adf74f8e260914d7768d8ee5e275a222acb3fbc4c961abe66fb7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/ridge-vent-tree-node.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39201, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8ff626e74e4e1fa708e1001e9748e9c8c309e7104fab82cf027786ce06434a28", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx", "duplicate_line": 22, "correlation_key": "fp|8ff626e74e4e1fa708e1001e9748e9c8c309e7104fab82cf027786ce06434a28"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/dormer-tree-node.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39200, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ccf390ceaff7648159020634bed8e0b60209dcef385fb2ac396ef9088b0f0001", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx", "duplicate_line": 22, "correlation_key": "fp|ccf390ceaff7648159020634bed8e0b60209dcef385fb2ac396ef9088b0f0001"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/column-tree-node.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39199, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d5d2a4053d27fca04bea274d6846908ce19ee8e5284641f31ecb4e5db38ed065", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/box-vent-tree-node.tsx", "duplicate_line": 22, "correlation_key": "fp|d5d2a4053d27fca04bea274d6846908ce19ee8e5284641f31ecb4e5db38ed065"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39198, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a9167abb902f6e647316e9d4c1df3c9bc79a6ef6645eb27494004f6f79785e49", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/box-vent-tree-node.tsx", "duplicate_line": 26, "correlation_key": "fp|a9167abb902f6e647316e9d4c1df3c9bc79a6ef6645eb27494004f6f79785e49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 39197, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a194981374e9686f386ea0751c127a4181d32ff3c3e5662ca1394403ac300dc5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor-2d/floorplan-registry-action-menu.tsx", "duplicate_line": 64, "correlation_key": "fp|a194981374e9686f386ea0751c127a4181d32ff3c3e5662ca1394403ac300dc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/floating-action-menu.tsx"}, "region": {"startLine": 353}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36717, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9469a31d90ac85f6a712f189f887d67ee655ca829d4139bd7e6225000c6a205f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/fence/fence-drafting.ts", "duplicate_line": 37, "correlation_key": "fp|9469a31d90ac85f6a712f189f887d67ee655ca829d4139bd7e6225000c6a205f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/shared/segment-angle.ts"}, "region": {"startLine": 32}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 36716, "scanner": "repobility-ai-code-hygiene", "fingerprint": "306ae14a3b2ad045411b5db0b1ea32e9c3fb51d0f2167c3a6760450282d2ac6a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/src/systems/elevator/elevator-opening-system.tsx", "duplicate_line": 13, "correlation_key": "fp|306ae14a3b2ad045411b5db0b1ea32e9c3fb51d0f2167c3a6760450282d2ac6a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/systems/stair/stair-opening-system.tsx"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34630, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2629a35511ab545b6db904228fe624fe45c7861df19524af9e5891392670fbe4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 50, "correlation_key": "fp|2629a35511ab545b6db904228fe624fe45c7861df19524af9e5891392670fbe4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/slab-tree-node.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34629, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dd37fdb9b25f325d17e54a370faffd75294d70e37ef4167fb3e02135c8b547d8", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/column-tree-node.tsx", "duplicate_line": 22, "correlation_key": "fp|dd37fdb9b25f325d17e54a370faffd75294d70e37ef4167fb3e02135c8b547d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/slab-tree-node.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34628, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b015be8dd55fa2c84c027ef525f38b1085da8bef13550fc8cc6bff0945077cf0", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/item-tree-node.tsx", "duplicate_line": 95, "correlation_key": "fp|b015be8dd55fa2c84c027ef525f38b1085da8bef13550fc8cc6bff0945077cf0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/shelf-tree-node.tsx"}, "region": {"startLine": 86}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34627, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e36d29cc6727f6135ce75f809eb128bbe9b2cdacbdb1907f0175a31d971e94ef", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/roof-tree-node.tsx", "duplicate_line": 46, "correlation_key": "fp|e36d29cc6727f6135ce75f809eb128bbe9b2cdacbdb1907f0175a31d971e94ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/shelf-tree-node.tsx"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34626, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e537388529800d2adc8d92717a046941071c08cfbcf2b96d9dc6fb2914461c69", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 28, "correlation_key": "fp|e537388529800d2adc8d92717a046941071c08cfbcf2b96d9dc6fb2914461c69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/shelf-tree-node.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34625, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07213d359cd5f223dc36f720fe254cc49b3fec64fe0f1fa7db638f1e9da08321", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/item-tree-node.tsx", "duplicate_line": 90, "correlation_key": "fp|07213d359cd5f223dc36f720fe254cc49b3fec64fe0f1fa7db638f1e9da08321"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/roof-tree-node.tsx"}, "region": {"startLine": 91}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34624, "scanner": "repobility-ai-code-hygiene", "fingerprint": "403a03abad32c7b239f482d75f6bc0008d1ceb8d571837d552cea4d447bccaaf", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/box-vent-tree-node.tsx", "duplicate_line": 26, "correlation_key": "fp|403a03abad32c7b239f482d75f6bc0008d1ceb8d571837d552cea4d447bccaaf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/roof-tree-node.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34623, "scanner": "repobility-ai-code-hygiene", "fingerprint": "20483dadeb2d111414b7e88f94a87fa3ef9c91aaff51ab6ff853dd57531b4fbc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 100, "correlation_key": "fp|20483dadeb2d111414b7e88f94a87fa3ef9c91aaff51ab6ff853dd57531b4fbc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/level-tree-node.tsx"}, "region": {"startLine": 58}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34622, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a66c737639fff013b19059d447ee9be0e08104a19ad0303605cc30abdbd795b2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 100, "correlation_key": "fp|a66c737639fff013b19059d447ee9be0e08104a19ad0303605cc30abdbd795b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/level-tree-node.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34621, "scanner": "repobility-ai-code-hygiene", "fingerprint": "df2080869d67c5c661887a4c82bde007906bdc8c48cefb4e8b1cc1f5619e0497", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/item-tree-node.tsx", "duplicate_line": 88, "correlation_key": "fp|df2080869d67c5c661887a4c82bde007906bdc8c48cefb4e8b1cc1f5619e0497"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/level-tree-node.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34620, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e4303222228f0b813b5d822ccdc0aca68feaaee88d07ab741b52f6f5776994a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 29, "correlation_key": "fp|9e4303222228f0b813b5d822ccdc0aca68feaaee88d07ab741b52f6f5776994a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/item-tree-node.tsx"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34619, "scanner": "repobility-ai-code-hygiene", "fingerprint": "03f6362be1db03521a2082c5a4acc39980f56e00c80d91ec4f4a7b660e90121d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx", "duplicate_line": 66, "correlation_key": "fp|03f6362be1db03521a2082c5a4acc39980f56e00c80d91ec4f4a7b660e90121d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/fence-tree-node.tsx"}, "region": {"startLine": 52}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34618, "scanner": "repobility-ai-code-hygiene", "fingerprint": "23a532a4e26c81b9929173c619be881b627ecd537fe5f4fd17686ae75b71016b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx", "duplicate_line": 64, "correlation_key": "fp|23a532a4e26c81b9929173c619be881b627ecd537fe5f4fd17686ae75b71016b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/elevator-tree-node.tsx"}, "region": {"startLine": 57}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34617, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5fa8b2d3ce5160b1391ea6a47c55dd0b2b64a5efa196aadc30971392ae70f18e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 50, "correlation_key": "fp|5fa8b2d3ce5160b1391ea6a47c55dd0b2b64a5efa196aadc30971392ae70f18e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/door-tree-node.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34616, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5c78e69af17e9ae371ef9bdcaa6d815a2b2fb17ce018a7bcbe77b9ff36d7a582", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/chimney-tree-node.tsx", "duplicate_line": 22, "correlation_key": "fp|5c78e69af17e9ae371ef9bdcaa6d815a2b2fb17ce018a7bcbe77b9ff36d7a582"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/door-tree-node.tsx"}, "region": {"startLine": 22}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34615, "scanner": "repobility-ai-code-hygiene", "fingerprint": "80af6a890e739b88064420708df00e9a2e89ead8e9a8bac69a3a58f0e29e432d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx", "duplicate_line": 50, "correlation_key": "fp|80af6a890e739b88064420708df00e9a2e89ead8e9a8bac69a3a58f0e29e432d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/column-tree-node.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34614, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f6ba20e961812b9949b7cf51abebbc7f18c05b66379d2b6a0b35d21a5001727", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/sidebar/panels/site-panel/building-tree-node.tsx", "duplicate_line": 77, "correlation_key": "fp|9f6ba20e961812b9949b7cf51abebbc7f18c05b66379d2b6a0b35d21a5001727"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/ceiling-tree-node.tsx"}, "region": {"startLine": 101}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34613, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7b33c4cf35787afd15572d2cde881ee64d580858e6542ab0028d505e6d27e359", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/ui/controls/metric-control.tsx", "duplicate_line": 7, "correlation_key": "fp|7b33c4cf35787afd15572d2cde881ee64d580858e6542ab0028d505e6d27e359"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/controls/slider-control.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34612, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab7d02778b1591f4f64356e41226abf71d2f653cee74983c15c2f03f9cf987d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/fence/fence-drafting.ts", "duplicate_line": 38, "correlation_key": "fp|ab7d02778b1591f4f64356e41226abf71d2f653cee74983c15c2f03f9cf987d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/wall/wall-drafting.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34611, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2aeb6f17d17e4021aab4f0c0ce0f17471a33acd4abd7642cfc3c2746f99e5b48", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/elevator/elevator-tool.tsx", "duplicate_line": 156, "correlation_key": "fp|2aeb6f17d17e4021aab4f0c0ce0f17471a33acd4abd7642cfc3c2746f99e5b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/stair/stair-tool.tsx"}, "region": {"startLine": 143}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34610, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ab8d87c790301ededdf05d6daba715842de5e17fb05a8ffb0f9089d42f175418", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/fence/fence-drafting.ts", "duplicate_line": 36, "correlation_key": "fp|ab8d87c790301ededdf05d6daba715842de5e17fb05a8ffb0f9089d42f175418"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/shared/segment-angle.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34609, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c84d9df4cf5c8ee8a2d77eb26f2228c9745478334a848c55cb05018ca02e504a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/elevator/elevator-tool.tsx", "duplicate_line": 156, "correlation_key": "fp|c84d9df4cf5c8ee8a2d77eb26f2228c9745478334a848c55cb05018ca02e504a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/roof/move-roof-tool.tsx"}, "region": {"startLine": 242}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34608, "scanner": "repobility-ai-code-hygiene", "fingerprint": "acd1459fbe63704edb1c34635daff94d29944e6c5b0eb1c78ff3f596b1281267", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/elevator/move-elevator-tool.tsx", "duplicate_line": 188, "correlation_key": "fp|acd1459fbe63704edb1c34635daff94d29944e6c5b0eb1c78ff3f596b1281267"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/roof/move-roof-tool.tsx"}, "region": {"startLine": 241}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34607, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f9b97ccf814db734e96e199bec15ea4be06e180db53998b3fab7d301a9d86868", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/tools/elevator/elevator-tool.tsx", "duplicate_line": 223, "correlation_key": "fp|f9b97ccf814db734e96e199bec15ea4be06e180db53998b3fab7d301a9d86868"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/elevator/move-elevator-tool.tsx"}, "region": {"startLine": 189}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34606, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07b25dbe5a2924d9a61d905a4b31d5f502596966257f48aafae5c885d0b964fb", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor/wall-move-side-handles.tsx", "duplicate_line": 127, "correlation_key": "fp|07b25dbe5a2924d9a61d905a4b31d5f502596966257f48aafae5c885d0b964fb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/systems/ceiling/ceiling-selection-affordance-system.tsx"}, "region": {"startLine": 77}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34605, "scanner": "repobility-ai-code-hygiene", "fingerprint": "89dd812280cd33d7b93218dbf3dfab43df75d4b88a326e34bf1661e9af7e03aa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/editor/src/components/editor-2d/floorplan-registry-action-menu.tsx", "duplicate_line": 64, "correlation_key": "fp|89dd812280cd33d7b93218dbf3dfab43df75d4b88a326e34bf1661e9af7e03aa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/floating-action-menu.tsx"}, "region": {"startLine": 352}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34604, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d72ef3090b7a00437cc89ae910be01ccf6c9312cd580f48e969a97d5ec98b836", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/src/systems/elevator/elevator-opening-sync.ts", "duplicate_line": 14, "correlation_key": "fp|d72ef3090b7a00437cc89ae910be01ccf6c9312cd580f48e969a97d5ec98b836"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/systems/stair/stair-opening-sync.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34603, "scanner": "repobility-ai-code-hygiene", "fingerprint": "eeb808518a604bc2444a3725d7e8bd9ba74e2a6c4e6b313ca59080e236943118", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/editor/app/privacy/page.tsx", "duplicate_line": 8, "correlation_key": "fp|eeb808518a604bc2444a3725d7e8bd9ba74e2a6c4e6b313ca59080e236943118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/terms/page.tsx"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34602, "scanner": "repobility-ai-code-hygiene", "fingerprint": "585943dbb37b2c9f21babfe2880053ee4ff9e3bf319635b370f72f2d32f65584", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/editor/app/scene/[id]/page.tsx", "duplicate_line": 9, "correlation_key": "fp|585943dbb37b2c9f21babfe2880053ee4ff9e3bf319635b370f72f2d32f65584"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/scenes/page.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 34601, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d5e7179584aaf9a8adae0d9a7982c5710ee52cc07bf0948de6ea7caa36fbea44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "apps/editor/app/api/scenes/[id]/route.ts", "duplicate_line": 174, "correlation_key": "fp|d5e7179584aaf9a8adae0d9a7982c5710ee52cc07bf0948de6ea7caa36fbea44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/route.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC009", "level": "note", "message": {"text": "Multiple AI-agent scaffold marker files are present"}, "properties": {"repobilityId": 34600, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb", "category": "quality", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains several AI-agent scaffold marker files.", "evidence": {"markers": [".github/copilot-instructions.md", "AGENTS.md", "CLAUDE.md", "GEMINI.md"], "rule_id": "AIC009", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/copilot-instructions.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "note", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 1282, "scanner": "repobility", "fingerprint": "5a9592eddcc8209b37b95a9cfa3ea4b04c236dd3a958afd96935aa9a0bd6d3c7", "category": "crypto", "severity": "low", "confidence": null, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "No security-sensitive keywords nearby \u2014 may be non-security use (UI, shuffling, etc.)", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/pascal-radio.tsx"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC015", "level": "note", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 1281, "scanner": "repobility", "fingerprint": "e5cf821b8ca21809ca85f8ac280ca7a19ff4847d2f2ad3eb519d90b5e1c45b93", "category": "crypto", "severity": "low", "confidence": null, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "No security-sensitive keywords nearby \u2014 may be non-security use (UI, shuffling, etc.)", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/contexts/presets-context.tsx"}, "region": {"startLine": 45}}}]}, {"ruleId": "SEC015", "level": "note", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 1280, "scanner": "repobility", "fingerprint": "ae20330ba8e2cbdfc202c601a24bbcc9249a8e129a9b8de8c001cccaa0efd737", "category": "crypto", "severity": "low", "confidence": null, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "No security-sensitive keywords nearby \u2014 may be non-security use (UI, shuffling, etc.)", "evidence": {}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/store/use-scene.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 10 more): Same pattern found in 10 additional files. Review if needed."}, "properties": {"repobilityId": 56834, "scanner": "repobility-threat-engine", "fingerprint": "377e9ed5b80ffb9d61ead7cdc96c8d32214c1075bbdc490f011ecc80671f46d1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 10 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|377e9ed5b80ffb9d61ead7cdc96c8d32214c1075bbdc490f011ecc80671f46d1", "aggregated_count": 10}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 56833, "scanner": "repobility-threat-engine", "fingerprint": "dab2316e48d4863cd9485172ae88b3a733f0cdc80a99c45818a0b7b394ec00f7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dab2316e48d4863cd9485172ae88b3a733f0cdc80a99c45818a0b7b394ec00f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/alignment-3d-guide-layer.tsx"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 53723, "scanner": "repobility-threat-engine", "fingerprint": "32985417b1131cb02bb65c8fcd7457d683df7b08f8f21019b0f106ed1392ca70", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|32985417b1131cb02bb65c8fcd7457d683df7b08f8f21019b0f106ed1392ca70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/first-person/build-collider-world.ts"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 53722, "scanner": "repobility-threat-engine", "fingerprint": "260f8ba6e2db9728cd682c2ee168facb9863c00c03ca2ba191e60ec5befdf997", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|260f8ba6e2db9728cd682c2ee168facb9863c00c03ca2ba191e60ec5befdf997"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/export-manager.tsx"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 86 more): Same pattern found in 86 additional files. Review if needed."}, "properties": {"repobilityId": 53721, "scanner": "repobility-threat-engine", "fingerprint": "dda94603d6e75fca7fd35202a1f882ac33b776847cb5364651cdbf9f1c7081e1", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 86 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dda94603d6e75fca7fd35202a1f882ac33b776847cb5364651cdbf9f1c7081e1", "aggregated_count": 86}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 53011, "scanner": "repobility-threat-engine", "fingerprint": "45049d29fe16bd3188ab7a4cc63b50b1c890061ee753df6b218c090e7c87438b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|45049d29fe16bd3188ab7a4cc63b50b1c890061ee753df6b218c090e7c87438b", "aggregated_count": 9}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 53010, "scanner": "repobility-threat-engine", "fingerprint": "8c6adf3608fbc8116f03fe80ec8693fc7dd3a5ee6aa3a73731c53cab4abf106c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8c6adf3608fbc8116f03fe80ec8693fc7dd3a5ee6aa3a73731c53cab4abf106c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor-2d/floorplan-alignment-guide-layer.tsx"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 53009, "scanner": "repobility-threat-engine", "fingerprint": "45a90587cc7cd25815e755b04e0e9acedfd942d6614b8d52cf142ea6efcc7b59", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|45a90587cc7cd25815e755b04e0e9acedfd942d6614b8d52cf142ea6efcc7b59"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/first-person/build-collider-world.ts"}, "region": {"startLine": 306}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 87 more): Same pattern found in 87 additional files. Review if needed."}, "properties": {"repobilityId": 53008, "scanner": "repobility-threat-engine", "fingerprint": "827f9714653e1f652ed75130ffe09646c34e0e9342f4cbb583113d21db7ef879", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 87 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|827f9714653e1f652ed75130ffe09646c34e0e9342f4cbb583113d21db7ef879", "aggregated_count": 87}}}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 44263, "scanner": "repobility-threat-engine", "fingerprint": "5604b0415ef1c219adfd5f12877e5f4c0affdedeba09d684a49e22087970a270", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5604b0415ef1c219adfd5f12877e5f4c0affdedeba09d684a49e22087970a270"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 44261, "scanner": "repobility-threat-engine", "fingerprint": "ffc9ba3b9d5bd2d29c31b01830a880750f5647e3c9f440819f3cb38c6944b1b4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ffc9ba3b9d5bd2d29c31b01830a880750f5647e3c9f440819f3cb38c6944b1b4", "aggregated_count": 16}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 44260, "scanner": "repobility-threat-engine", "fingerprint": "4132eb64530a7d22b463116034879358745a0e8400006319a201529d987251f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4132eb64530a7d22b463116034879358745a0e8400006319a201529d987251f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/registry/registry.ts"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 78 more): Same pattern found in 78 additional files. Review if needed."}, "properties": {"repobilityId": 44259, "scanner": "repobility-threat-engine", "fingerprint": "ebdb8455eeb930d12e054aca7176be0f6f58c187c8ab78ec6ecf978f0cf284d4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 78 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|ebdb8455eeb930d12e054aca7176be0f6f58c187c8ab78ec6ecf978f0cf284d4", "aggregated_count": 78}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 44258, "scanner": "repobility-threat-engine", "fingerprint": "421c9d36df46078949de516048dd4690665b6b366353c021dc699b87440492a8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|421c9d36df46078949de516048dd4690665b6b366353c021dc699b87440492a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/hooks/spatial-grid/spatial-grid-sync.ts"}, "region": {"startLine": 115}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 39196, "scanner": "repobility-threat-engine", "fingerprint": "bdd310e0031f80225bf9efd8718b20fc9ff391ca24b2454d619782995b894096", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bdd310e0031f80225bf9efd8718b20fc9ff391ca24b2454d619782995b894096"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/item/placement-math.ts"}, "region": {"startLine": 117}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 39195, "scanner": "repobility-threat-engine", "fingerprint": "45520cf0e1d436dca26687a97c66bb843bf82798640c4ea1056e2883ec91f22d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|45520cf0e1d436dca26687a97c66bb843bf82798640c4ea1056e2883ec91f22d", "aggregated_count": 15}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 39194, "scanner": "repobility-threat-engine", "fingerprint": "43b81e30ecec4542d5b7c1728a77ddf506d2c87684fdce356d7b2b0e14a44049", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|43b81e30ecec4542d5b7c1728a77ddf506d2c87684fdce356d7b2b0e14a44049"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 39193, "scanner": "repobility-threat-engine", "fingerprint": "f922f4f13d4219e470422812906b99d2e69dcf0dbe44404db6fb52eebaf73cdd", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f922f4f13d4219e470422812906b99d2e69dcf0dbe44404db6fb52eebaf73cdd", "aggregated_count": 15}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 79 more): Same pattern found in 79 additional files. Review if needed."}, "properties": {"repobilityId": 39192, "scanner": "repobility-threat-engine", "fingerprint": "2b2546a57d3b6778c51b671e5ed528e20a22454ebea20464115496623a78edc4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 79 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|2b2546a57d3b6778c51b671e5ed528e20a22454ebea20464115496623a78edc4", "aggregated_count": 79}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 14 more): Same pattern found in 14 additional files. Review if needed."}, "properties": {"repobilityId": 37982, "scanner": "repobility-threat-engine", "fingerprint": "af04b44cf3259ba75a7bf35ce6dc48f15354180dfaf6bd2ee3818f3a3be6c827", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 14 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|af04b44cf3259ba75a7bf35ce6dc48f15354180dfaf6bd2ee3818f3a3be6c827", "aggregated_count": 14}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 37981, "scanner": "repobility-threat-engine", "fingerprint": "a10c458fe5b7aaf06d841afac14d53e16e1bf717ff3c35f05544161ef95a81d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a10c458fe5b7aaf06d841afac14d53e16e1bf717ff3c35f05544161ef95a81d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/ifc-converter/scripts/copy-web-ifc-wasm.mjs"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 64 more): Same pattern found in 64 additional files. Review if needed."}, "properties": {"repobilityId": 36715, "scanner": "repobility-threat-engine", "fingerprint": "a4abcac13e24ac13720b3aa5f409d45342c0c528a83f28208961789140fa5d9b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 64 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a4abcac13e24ac13720b3aa5f409d45342c0c528a83f28208961789140fa5d9b", "aggregated_count": 64}}}, {"ruleId": "MINED065", "level": "none", "message": {"text": "[MINED065] Cors Wildcard: Access-Control-Allow-Origin: * exposes the API to any browser origin. Acceptable for public read-only endpoints; dangerous when paired with credentials or write endpoints."}, "properties": {"repobilityId": 34599, "scanner": "repobility-threat-engine", "fingerprint": "bb469100a61156ad5dd973007f32e4a81b30d52c03cf951a9307c7758788cab3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "cors-wildcard", "owasp": "A05:2021", "cwe_ids": ["CWE-942", "CWE-346"], "languages": ["python", "javascript", "typescript", "yaml", "json"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348052+00:00", "triaged_in_corpus": 12, "observations_count": 63910, "ai_coder_pattern_id": 46}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb469100a61156ad5dd973007f32e4a81b30d52c03cf951a9307c7758788cab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/transports/http.ts"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 34598, "scanner": "repobility-threat-engine", "fingerprint": "7a37f1a916b0d31f703c7577d4d3f0a65205962f3043bb5b8077f76d831b31d4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7a37f1a916b0d31f703c7577d4d3f0a65205962f3043bb5b8077f76d831b31d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/transports/http.ts"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 34597, "scanner": "repobility-threat-engine", "fingerprint": "16b3aaffaa9f394eea3b99f4e1c310a12ff7c0c6b80fc34009c1527d9da716ac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|16b3aaffaa9f394eea3b99f4e1c310a12ff7c0c6b80fc34009c1527d9da716ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/prompts/renovation-from-photos.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 34591, "scanner": "repobility-threat-engine", "fingerprint": "dc495931fe10ccd594ead31c7c77f06bc2fd305548c052c38b6f9feadb646876", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|dc495931fe10ccd594ead31c7c77f06bc2fd305548c052c38b6f9feadb646876", "aggregated_count": 4}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 34590, "scanner": "repobility-threat-engine", "fingerprint": "0ab9224f6d7a66dc18be028da5ffba3848e5289a7e090b827bda2ce57c6f4a0a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ab9224f6d7a66dc18be028da5ffba3848e5289a7e090b827bda2ce57c6f4a0a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/nodes/src/scan/renderer.tsx"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 34589, "scanner": "repobility-threat-engine", "fingerprint": "12e5abae51dfa14e66733220990a51555fd92df4294fb79c71be3a89f1bb5da7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|12e5abae51dfa14e66733220990a51555fd92df4294fb79c71be3a89f1bb5da7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/sidebar/panels/site-panel/tree-node.tsx"}, "region": {"startLine": 10}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 34588, "scanner": "repobility-threat-engine", "fingerprint": "38c4bb83a9299561bf7ceefe5c79fc6e3db3fb59d7c740ae42520d52990b6f3d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|38c4bb83a9299561bf7ceefe5c79fc6e3db3fb59d7c740ae42520d52990b6f3d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/item/placement-math.ts"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 34587, "scanner": "repobility-threat-engine", "fingerprint": "588cbe6635e9107e3f4226ff395bb9d3b8dbc57f8977957784281db9e5f71589", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|588cbe6635e9107e3f4226ff395bb9d3b8dbc57f8977957784281db9e5f71589"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 34583, "scanner": "repobility-threat-engine", "fingerprint": "d7f594181ef7d6a707278fd0bbfa9918494cb5e31e08de25eb7881e568738c27", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|d7f594181ef7d6a707278fd0bbfa9918494cb5e31e08de25eb7881e568738c27", "aggregated_count": 8}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 34582, "scanner": "repobility-threat-engine", "fingerprint": "caf30db922978a18a6bdbd31a8f40f4a2b0e8f927c3a1df1d117a53fad4350ff", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|caf30db922978a18a6bdbd31a8f40f4a2b0e8f927c3a1df1d117a53fad4350ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/controls/slider-control.tsx"}, "region": {"startLine": 270}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 34581, "scanner": "repobility-threat-engine", "fingerprint": "1417a580a5e3ba8267e3811b9309507b7ad4fa432d106ea478465be42d6dd797", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1417a580a5e3ba8267e3811b9309507b7ad4fa432d106ea478465be42d6dd797"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/tools/zone/zone-tool.tsx"}, "region": {"startLine": 371}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 34580, "scanner": "repobility-threat-engine", "fingerprint": "99be3d0e0e6d13f64532709b134f956ad91029394073f278ce2c65f1159f3038", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|99be3d0e0e6d13f64532709b134f956ad91029394073f278ce2c65f1159f3038"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor-2d/floorplan-action-menu-layer.tsx"}, "region": {"startLine": 79}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any (and 16 more): Same pattern found in 16 additional files. Review if needed."}, "properties": {"repobilityId": 34579, "scanner": "repobility-threat-engine", "fingerprint": "cfbae54206329e5b46d12cf84cf315ffefe81fd5046a06b5d37539682193c953", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 16 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|cfbae54206329e5b46d12cf84cf315ffefe81fd5046a06b5d37539682193c953", "aggregated_count": 16}}}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 34578, "scanner": "repobility-threat-engine", "fingerprint": "d04a4d6999f4b1b7ac349ced635c58fb532f3fd66756417c7ab8b21e23971857", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d04a4d6999f4b1b7ac349ced635c58fb532f3fd66756417c7ab8b21e23971857"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/first-person/build-collider-world.ts"}, "region": {"startLine": 288}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 34577, "scanner": "repobility-threat-engine", "fingerprint": "80f2274e68fa1406f60e6174b619a6aa6e7d1fbbc3caee1e97074db0493df8df", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80f2274e68fa1406f60e6174b619a6aa6e7d1fbbc3caee1e97074db0493df8df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/utils/clone-scene-graph.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED054", "level": "none", "message": {"text": "[MINED054] Ts As Any: Casting to any (as any) bypasses type checking entirely."}, "properties": {"repobilityId": 34576, "scanner": "repobility-threat-engine", "fingerprint": "80805e1db43e0eb6219ba325d3004291bbc750dfab58aa691fb09238ec8524d9", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-as-any", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348028+00:00", "triaged_in_corpus": 12, "observations_count": 341218, "ai_coder_pattern_id": 98}, "scanner": "repobility-threat-engine", "correlation_key": "fp|80805e1db43e0eb6219ba325d3004291bbc750dfab58aa691fb09238ec8524d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/registry/__bench__/relations-resolver.bench.ts"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 34575, "scanner": "repobility-threat-engine", "fingerprint": "32a0c4b8eb59896358b09f6f62cfc62156eff6eb76004bde5c08520a91514dfe", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|32a0c4b8eb59896358b09f6f62cfc62156eff6eb76004bde5c08520a91514dfe", "aggregated_count": 13}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 34574, "scanner": "repobility-threat-engine", "fingerprint": "8ac10ad10bc4def011141d1b0c0aec01b3d4c16332c904ce9d44ff83cbaccd2e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8ac10ad10bc4def011141d1b0c0aec01b3d4c16332c904ce9d44ff83cbaccd2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/ui/primitives/error-boundary.tsx"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 34573, "scanner": "repobility-threat-engine", "fingerprint": "13ddca6616bac1f7ce656facb0bb2febf87fc44391943a203c45097f9e1208de", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|13ddca6616bac1f7ce656facb0bb2febf87fc44391943a203c45097f9e1208de"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/preset-thumbnail-generator.tsx"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 34572, "scanner": "repobility-threat-engine", "fingerprint": "d96f1652ff45f8b6f631a90098b8268ff917dfbe41225c8113a51dc05277ae44", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d96f1652ff45f8b6f631a90098b8268ff917dfbe41225c8113a51dc05277ae44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor/export-manager.tsx"}, "region": {"startLine": 19}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 7 more): Same pattern found in 7 additional files. Review if needed."}, "properties": {"repobilityId": 34571, "scanner": "repobility-threat-engine", "fingerprint": "f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 7 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f3554231f2d32a33a651c3b39559f3d21263dabefeb5c7ba90040f806b6ba0ca"}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 65 more): Same pattern found in 65 additional files. Review if needed."}, "properties": {"repobilityId": 34567, "scanner": "repobility-threat-engine", "fingerprint": "1c561104e1957968a0c5f9e8288d1ffe646118d82419ffdeca4f741fdc335a28", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 65 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1c561104e1957968a0c5f9e8288d1ffe646118d82419ffdeca4f741fdc335a28", "aggregated_count": 65}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 34566, "scanner": "repobility-threat-engine", "fingerprint": "cfd5ad650b089b4cb5ca9198414b23c4f1e14374197a9eb9a7156938bf997885", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cfd5ad650b089b4cb5ca9198414b23c4f1e14374197a9eb9a7156938bf997885"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/hooks/spatial-grid/spatial-grid-sync.ts"}, "region": {"startLine": 81}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 34565, "scanner": "repobility-threat-engine", "fingerprint": "54f4427e0dfd67200c11c308ad6daaa6d9edac00e18edbd755e552c627a7f8b1", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|54f4427e0dfd67200c11c308ad6daaa6d9edac00e18edbd755e552c627a7f8b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/hooks/scene-registry/scene-registry.ts"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 34564, "scanner": "repobility-threat-engine", "fingerprint": "f56a510791ec246a24fe10e995616f2ca0368ca76c4557acd4bc182f74e38d01", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f56a510791ec246a24fe10e995616f2ca0368ca76c4557acd4bc182f74e38d01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/[id]/route.ts"}, "region": {"startLine": 176}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 9 more): Same pattern found in 9 additional files. Review if needed."}, "properties": {"repobilityId": 34563, "scanner": "repobility-threat-engine", "fingerprint": "a0769f34321ccb4a2408866410ff258332c2e3d0c176eda236c0efe5490d0026", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 9 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a0769f34321ccb4a2408866410ff258332c2e3d0c176eda236c0efe5490d0026"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 2259, "scanner": "repobility-threat-engine", "fingerprint": "633ebde076d7afd950b2a5a7c0aacff0b53b3eb459c89dc723025337d986cb88", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|122|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/tools/variants/generate-variants.ts"}, "region": {"startLine": 122}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 2258, "scanner": "repobility-threat-engine", "fingerprint": "7decef8c84bd1e2e31405ae70a33d3a10b03880882b0160292e437dcf19dccd7", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|55|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/storage/slug.ts"}, "region": {"startLine": 55}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 2119, "scanner": "repobility-threat-engine", "fingerprint": "e21d0c03d4ae7cf4cf4d43d8897294f1b6999f06a60106a29c4da7a81fa73c72", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|297|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/store/use-scene.ts"}, "region": {"startLine": 297}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 1283, "scanner": "repobility", "fingerprint": "b786fbe3815cf0885ae9d4e1683784c5ae1816f1c9a129529b9930825f59b089", "category": "crypto", "severity": "info", "confidence": null, "triageState": "fixed", "verdict": "needs_review", "isResolved": true, "reason": "Deduplicated: 2 additional occurrences found", "evidence": {}}}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 44272, "scanner": "repobility-supply-chain", "fingerprint": "d413f81b98803d8e43e6da0bb842bc7ae19ffb520a35c92c48b851a7ea48c975", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d413f81b98803d8e43e6da0bb842bc7ae19ffb520a35c92c48b851a7ea48c975"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 44271, "scanner": "repobility-supply-chain", "fingerprint": "41133f320ed29326307e87d8b462a1c5201492e060ba28dc5c899daa046032ff", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|41133f320ed29326307e87d8b462a1c5201492e060ba28dc5c899daa046032ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 44270, "scanner": "repobility-supply-chain", "fingerprint": "aa2c37368ce5fcfcacef26ff1299cd4b07c395ce782f208eeae4345779ad197c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|aa2c37368ce5fcfcacef26ff1299cd4b07c395ce782f208eeae4345779ad197c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 44262, "scanner": "repobility-threat-engine", "fingerprint": "9cc6eaf33b67060e93654fa0c8b444cbf99f037ec64df74a82e00c0117fc7d4c", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(([x, y]) => `${x},${y}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9cc6eaf33b67060e93654fa0c8b444cbf99f037ec64df74a82e00c0117fc7d4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor-2d/renderers/floorplan-geometry-renderer.tsx"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 34636, "scanner": "repobility-supply-chain", "fingerprint": "cb68b7141f32210389cd902487097dc3fb8cd63ad42054837410ca5db16cbfa9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cb68b7141f32210389cd902487097dc3fb8cd63ad42054837410ca5db16cbfa9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/mcp-ci.yml"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 34635, "scanner": "repobility-supply-chain", "fingerprint": "48cda2c43bafa607dc41fcc2d12f59e3bc804b0e7bca0f67181120df7437c128", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|48cda2c43bafa607dc41fcc2d12f59e3bc804b0e7bca0f67181120df7437c128"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/mcp-ci.yml"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-node` pinned to mutable ref `@v4`: `uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 34634, "scanner": "repobility-supply-chain", "fingerprint": "af50385a445d348797bc0e44fa94cb6190820d67d0dd1ee5eadae06c5ec57b22", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|af50385a445d348797bc0e44fa94cb6190820d67d0dd1ee5eadae06c5ec57b22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 42}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `oven-sh/setup-bun` pinned to mutable ref `@v2`: `uses: oven-sh/setup-bun@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 34633, "scanner": "repobility-supply-chain", "fingerprint": "69edba610ad502b3c53f91e9f9e6f3cb7ecdda7b4865914df4f1d5d39f12dd14", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|69edba610ad502b3c53f91e9f9e6f3cb7ecdda7b4865914df4f1d5d39f12dd14"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 34632, "scanner": "repobility-supply-chain", "fingerprint": "5ef936d79c7cbd3719f225cc6536a8353dfbc8d1331ff0d2e9cc2b8c4acd13a7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5ef936d79c7cbd3719f225cc6536a8353dfbc8d1331ff0d2e9cc2b8c4acd13a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 37}}}]}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 34631, "scanner": "repobility-journey-contract", "fingerprint": "b375835ae9859df51845ddf4f3c5f18cd5b69fa5e91d405d42e53e42ebc66311", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|token|88|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 0}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/viewer/src/components/viewer/scene-bvh.tsx"}, "region": {"startLine": 88}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 34596, "scanner": "repobility-threat-engine", "fingerprint": "e87285026c469f06936bf5baac3574b093bb37bee32f32f2c4430901e5225edf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(sql", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e87285026c469f06936bf5baac3574b093bb37bee32f32f2c4430901e5225edf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/storage/sqlite-driver.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 34595, "scanner": "repobility-threat-engine", "fingerprint": "72151f31125554be8ec4e5d8021af9b631a986dc13e5f3499537abd1a7ecf277", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(source", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|72151f31125554be8ec4e5d8021af9b631a986dc13e5f3499537abd1a7ecf277"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/prompts/renovation-from-photos.ts"}, "region": {"startLine": 42}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 34586, "scanner": "repobility-threat-engine", "fingerprint": "c35e7be6bf09ea3b597979a6be4bf13054a9114d48f27a85318c2a5e10916fd1", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((k) => `${k}=${counts[k]}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c35e7be6bf09ea3b597979a6be4bf13054a9114d48f27a85318c2a5e10916fd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/mcp/src/resources/scene-summary.ts"}, "region": {"startLine": 159}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 34585, "scanner": "repobility-threat-engine", "fingerprint": "d4d9f2d90dbdca5f5bff968052baaf9b21fbfe747652253f1e5b908a6a29c8b2", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((point) => `${toSvgX(point.x)},${toSvgY(point.y)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d4d9f2d90dbdca5f5bff968052baaf9b21fbfe747652253f1e5b908a6a29c8b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor-2d/svg-paths.ts"}, "region": {"startLine": 103}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 34584, "scanner": "repobility-threat-engine", "fingerprint": "b9040df2ff6c573792c0624d647108c1179f15746cf3f1c6c5c532d4d7eb6cfa", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(([x, y]) => `${x},${y}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b9040df2ff6c573792c0624d647108c1179f15746cf3f1c6c5c532d4d7eb6cfa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/editor/src/components/editor-2d/renderers/floorplan-geometry-renderer.tsx"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 34570, "scanner": "repobility-threat-engine", "fingerprint": "5f7d545040b8a4018f20e0fd9731b5471e43d159e5cae1a7febedbf63fb915cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "this.itemToWall.delete(itemId)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5f7d545040b8a4018f20e0fd9731b5471e43d159e5cae1a7febedbf63fb915cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/hooks/spatial-grid/wall-spatial-grid.ts"}, "region": {"startLine": 165}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 34569, "scanner": "repobility-threat-engine", "fingerprint": "1b1999f44e8cfa62dbce731d2e9702c4342e201c2d3d853cf78205a977127b7d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "cell.itemIds.delete(itemId)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1b1999f44e8cfa62dbce731d2e9702c4342e201c2d3d853cf78205a977127b7d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/hooks/spatial-grid/spatial-grid.ts"}, "region": {"startLine": 105}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 34568, "scanner": "repobility-threat-engine", "fingerprint": "5b216b4f70cb22f168289f83b941826e7e2a3652b7242b491c8eba0d824fa106", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sceneRegistry.nodes.delete(id)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5b216b4f70cb22f168289f83b941826e7e2a3652b7242b491c8eba0d824fa106"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/hooks/scene-registry/scene-registry.ts"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 34562, "scanner": "repobility-threat-engine", "fingerprint": "b2e843f5697609b85684325c43a65559519c45267dedf14f4572c81054a6aa0d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b2e843f5697609b85684325c43a65559519c45267dedf14f4572c81054a6aa0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/src/schema/asset-url.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 34561, "scanner": "repobility-threat-engine", "fingerprint": "f1e7d4427f08438bee11a824dda1e2a8a201822b248960c3de267208916c4ca0", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f1e7d4427f08438bee11a824dda1e2a8a201822b248960c3de267208916c4ca0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/route.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 34560, "scanner": "repobility-threat-engine", "fingerprint": "c421e35c1dbcd8584d8118f95c939a531d9e642467f1a017a5d9841d860d6fa2", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c421e35c1dbcd8584d8118f95c939a531d9e642467f1a017a5d9841d860d6fa2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "apps/editor/app/api/scenes/[id]/events/route.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 2116, "scanner": "repobility-core", "fingerprint": "0200e9918bc2a7bf9c116d0907e50ac3df640c758b93852cf1890ec6e14d870d", "category": "testing", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {"rule_id": "CORE_NO_TESTS", "scanner": "repobility-core"}}}, {"ruleId": "CORE_NO_TESTS", "level": "error", "message": {"text": "No test files found"}, "properties": {"repobilityId": 1277, "scanner": "repobility", "fingerprint": "c0fd07c57880ff3ddc2207c562f846fba34028fad3c8ac3a333df1b705cffd65", "category": "testing", "severity": "high", "confidence": null, "triageState": "fixed", "verdict": "", "isResolved": true, "reason": "", "evidence": {}}}]}]}