Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo

hermes-agent

https://github.com/NousResearch/hermes-agent.git · scanned 2026-05-17 02:56 UTC (13 hours, 25 minutes ago) · 10 languages

914 findings (102 legacy + 812 scanner) 7/10 scanners ran 86th percentile · Python · huge (>500K LoC) Scanner says 69 (higher by 17)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 13 hours, 25 minutes ago · v1 · 914 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
75.4
/100
Repobility
82
102 legacy
9-layer
69
100.0% cov · 812 gaps
Critical
0
click to filter
Agents
6
0 votes
Crowd
0
reported
Severity distribution — click a segment to filter
Active filters: source: scanner × excluding tests × Reset all
Severity: Critical 0 High 98 Medium 96 Low 390 Source: Legacy 102 9-layer 812 Crowd 0 Layer: Security 107 Quality 615 Software 96 Cicd 18 Frontend 25 Hardware 3 Api 50
Corpus Intelligence Cross-corpus context (cohort percentile, top patterns, fix plan) is shown only on repositories you own. Sign up and connect your repo to view it.
Scan summary Repository scanned at 69.0/100 with 100.0% coverage. It contains 48717 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 812 findings — concentrated in quality (593), software (74), security (62). Risk profile is high: 0 critical, 60 high, 36 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 812 of 914 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def _launch_detached_restart_command` — gateway/run.py:3162
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
gateway/run.py:3162 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def start_gateway` — gateway/run.py:16754
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
gateway/run.py:16754 integritysync-io-in-asyncperformance
high 9-layer quality integrity conf 1.00 Blocking `time.sleep(...)` inside `async def start_gateway` — gateway/run.py:16763
Sync I/O inside an async function blocks the event loop. While `time.sleep(...)` is running, *all* other coroutines on this loop are paused — silent throughput collapse under concurrency. Use the async equivalent (`httpx.AsyncClient`, `asyncio.sleep`, `aiofiles`) or wrap with `await asyncio.to_thre…
gateway/run.py:16763 integritysync-io-in-asyncperformance
high 9-layer security auth conf 1.00 FastAPI DELETE `cancel_oauth_session` without auth dependency — hermes_cli/web_server.py:2313
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2313 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `delete_agent_plugin` without auth dependency — hermes_cli/web_server.py:4223
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:4223 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `delete_board` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1500
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1500 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `delete_cron_job` without auth dependency — hermes_cli/web_server.py:2596
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2596 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `delete_link` without auth dependency — plugins/kanban/dashboard/plugin_api.py:798
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:798 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `delete_profile_endpoint` without auth dependency — hermes_cli/web_server.py:2815
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2815 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `delete_session_endpoint` without auth dependency — hermes_cli/web_server.py:2447
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2447 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `disconnect_oauth_provider` without auth dependency — hermes_cli/web_server.py:1543
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:1543 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `remove_env_var` without auth dependency — hermes_cli/web_server.py:1228
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:1228 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI DELETE `unsubscribe_home` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1283
`@router.delete` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1283 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PATCH `rename_board` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1481
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1481 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PATCH `rename_profile_endpoint` without auth dependency — hermes_cli/web_server.py:2800
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2800 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PATCH `update_task` without auth dependency — plugins/kanban/dashboard/plugin_api.py:583
`@router.patch` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:583 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `add_comment` without auth dependency — plugins/kanban/dashboard/plugin_api.py:759
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:759 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `add_link` without auth dependency — plugins/kanban/dashboard/plugin_api.py:785
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:785 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `bulk_update` without auth dependency — plugins/kanban/dashboard/plugin_api.py:829
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:829 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `create_board_endpoint` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1460
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1460 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `create_cron_job` without auth dependency — hermes_cli/web_server.py:2548
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2548 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `create_profile_endpoint` without auth dependency — hermes_cli/web_server.py:2710
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2710 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `create_task` without auth dependency — plugins/kanban/dashboard/plugin_api.py:520
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:520 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `dispatch` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1389
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1389 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `open_profile_terminal_endpoint` without auth dependency — hermes_cli/web_server.py:2746
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2746 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `pause_cron_job` without auth dependency — hermes_cli/web_server.py:2569
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2569 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `post_agent_plugin_disable` without auth dependency — hermes_cli/web_server.py:4198
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:4198 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `post_agent_plugin_enable` without auth dependency — hermes_cli/web_server.py:4186
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:4186 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `post_agent_plugin_install` without auth dependency — hermes_cli/web_server.py:4158
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:4158 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `post_agent_plugin_update` without auth dependency — hermes_cli/web_server.py:4210
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:4210 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `post_plugin_visibility` without auth dependency — hermes_cli/web_server.py:4261
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:4261 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `reassign_task_endpoint` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1096
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1096 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `reclaim_task_endpoint` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1005
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1005 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `rescan` without auth dependency — plugins/hermes-achievements/dashboard/plugin_api.py:1037
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/hermes-achievements/dashboard/plugin_api.py:1037 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `reset_state` without auth dependency — plugins/hermes-achievements/dashboard/plugin_api.py:1042
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/hermes-achievements/dashboard/plugin_api.py:1042 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `restart_gateway` without auth dependency — hermes_cli/web_server.py:716
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:716 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `resume_cron_job` without auth dependency — hermes_cli/web_server.py:2578
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2578 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `reveal_env_var` without auth dependency — hermes_cli/web_server.py:1242
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:1242 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `set_model_assignment` without auth dependency — hermes_cli/web_server.py:1049
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:1049 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `specify_task_endpoint` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1043
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1043 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `start_oauth_login` without auth dependency — hermes_cli/web_server.py:2247
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2247 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `submit_oauth_code` without auth dependency — hermes_cli/web_server.py:2285
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2285 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `subscribe_home` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1249
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1249 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `switch_board` without auth dependency — plugins/kanban/dashboard/plugin_api.py:1510
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
plugins/kanban/dashboard/plugin_api.py:1510 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `trigger_cron_job` without auth dependency — hermes_cli/web_server.py:2587
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2587 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `update_hermes` without auth dependency — hermes_cli/web_server.py:731
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:731 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `put_plugin_providers` without auth dependency — hermes_cli/web_server.py:4241
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:4241 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `set_dashboard_theme` without auth dependency — hermes_cli/web_server.py:3893
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:3893 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `set_env_var` without auth dependency — hermes_cli/web_server.py:1218
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:1218 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `toggle_skill` without auth dependency — hermes_cli/web_server.py:2877
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2877 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `update_config_raw` without auth dependency — hermes_cli/web_server.py:2939
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2939 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `update_config` without auth dependency — hermes_cli/web_server.py:1189
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:1189 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `update_cron_job` without auth dependency — hermes_cli/web_server.py:2560
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2560 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI PUT `update_profile_soul` without auth dependency — hermes_cli/web_server.py:2844
`@router.put` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
hermes_cli/web_server.py:2844 authowaspauth.fastapi.unauth_mutation
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in tools/skills_guard.py:294
Found a known-risky pattern (eval_used). Review and replace if possible.
tools/skills_guard.py:294 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in hermes_cli/tips.py:306
Found a known-risky pattern (exec_used). Review and replace if possible.
hermes_cli/tips.py:306 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in skills/red-teaming/godmode/scripts/auto_jailbreak.py:52
Found a known-risky pattern (exec_used). Review and replace if possible.
skills/red-teaming/godmode/scripts/auto_jailbreak.py:52 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in skills/red-teaming/godmode/scripts/load_godmode.py:29
Found a known-risky pattern (exec_used). Review and replace if possible.
skills/red-teaming/godmode/scripts/load_godmode.py:29 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in tools/approval.py:358
Found a known-risky pattern (exec_used). Review and replace if possible.
tools/approval.py:358 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in tools/skills_guard.py:297
Found a known-risky pattern (exec_used). Review and replace if possible.
tools/skills_guard.py:297 owaspexec_used
medium 9-layer hardware security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
securitycontainer
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/skills-index.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/deploy-site.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/nix-lockfile-fix.yml supply-chaingithub-actionsleast-privilege
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/upload_to_pypi.yml supply-chaingithub-actionsleast-privilege
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in cli.py:8046
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
cli.py:8046 owaspsubprocess_shell_true
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in hermes_cli/tools_config.py:651
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
hermes_cli/tools_config.py:651 owaspsubprocess_shell_true
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in tools/environments/docker.py:638
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
tools/environments/docker.py:638 owaspsubprocess_shell_true
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in tools/transcription_tools.py:518
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
tools/transcription_tools.py:518 owaspsubprocess_shell_true
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in tui_gateway/server.py:4594
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
tui_gateway/server.py:4594 owaspsubprocess_shell_true
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — gateway/platforms/whatsapp.py:620
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/_subprocess_compat.py:7
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/config.py:5022
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/dep_ensure.py:97
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/gateway_windows.py:444
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/main.py:997
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/relaunch.py:91
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/setup.py:1042
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/tools_config.py:686
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/uninstall.py:177
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — hermes_cli/web_server.py:697
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — optional-skills/creative/kanban-video-orchestrator/scripts/monitor.py:46
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — plugins/google_meet/audio_bridge.py:141
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — plugins/memory/honcho/cli.py:343
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — plugins/platforms/google_chat/oauth.py:584
`urllib.request.urlopen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — scripts/check-windows-footguns.py:292
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — scripts/contributor_audit.py:77
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — scripts/install_psutil_android.py:108
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — scripts/profile-tui.py:571
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — scripts/release.py:1094
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — skills/creative/comfyui/scripts/auto_fix_deps.py:54
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — skills/creative/pixel-art/scripts/pixel_art_video.py:297
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — skills/productivity/google-workspace/scripts/google_api.py:108
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — skills/productivity/google-workspace/scripts/gws_bridge.py:103
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — skills/productivity/google-workspace/scripts/setup.py:409
`urllib.request.urlopen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — tools/transcription_tools.py:518
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
low 9-layer quality maintenance conf 1.00 124 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
maintenance
low 9-layer quality integrity conf 1.00 707 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `AGENT_BROWSER_ENGINE`, `AGENT_BROWSER_EXECUTABLE_PATH`, `AI_GATEWAY_API_KEY`, `AI_GATEWAY_BASE_URL`, `ALL_PROXY`, `ALPHA_VANTAGE_KEY`, `ANTHROPIC_API_KEY`, `ANTHROPIC_TOKEN` + 699 more. Add them (with a placeholder/comment) to .env.example so onbo…
integrityconfig-drift
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: debian:13.4
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:3 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: hermes_cli/default_soul.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tests/test_minisweagent_path.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: tools/computer_use_tool.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/index.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/entry-exports.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/colorize.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/components/CursorAdvanceContext.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/components/CursorDeclarationContext.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/components/Text.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/constants.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/cursor.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/devtools.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/events/event-handlers.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/global.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/instances.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/layout/node.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/terminal.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/termio.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/wrap-text.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/src/ink/wrapAnsi.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/text-input.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/packages/hermes-ink/text-input.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: ui-tui/vitest.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/eslint.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/components/NouiTypography.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/contexts/page-header-context.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/contexts/system-actions-context.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/af.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/de.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/en.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/es.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/fr.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/ga.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/hu.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/it.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/ja.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/ko.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/pt.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/ru.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/tr.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/uk.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/zh-hant.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/i18n/zh.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/main.tsx
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/plugins/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/themes/presets.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: web/src/themes/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: website/docusaurus.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: website/sidebars.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer quality integrity conf 1.00 Legacy-named symbol `20Legacy` in optional-skills/health/fitness-nutrition/scripts/nutrition_search.py:30
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_add_v1` in hermes_cli/main.py:3184
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_call_tool_unused` in tests/tools/test_mcp_circuit_breaker.py:201
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_cmd_backup` in hermes_cli/curator.py:372
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_prune_old` in agent/curator_backup.py:277
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_run_in_copy` in tests/tools/test_skill_provenance.py:88
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_strip_trailing_v1` in hermes_cli/azure_detect.py:109
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_warned_telegram_group_users_legacy` in gateway/run.py:5630
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `another_old` in tests/gateway/test_voice_mode_platform_isolation.py:176
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `call_old` in tests/gateway/test_api_server.py:1508
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `call_old` in tests/run_agent/test_background_review_summary.py:35
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `cfg_backup` in hermes_logging.py:203
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `chat_v1` in plugins/platforms/google_chat/oauth.py:25
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `children_copy` in run_agent.py:5465
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `clawhub_catalog_v1` in tests/tools/test_search_hidden_dirs.py:4
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `clawhub_catalog_v1` in tools/skills_hub.py:1913
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `clear_legacy` in tests/tools/test_checkpoint_manager.py:32
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `clear_legacy` in tools/checkpoint_manager.py:1619
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `cmd_clear_legacy` in hermes_cli/checkpoints.py:171
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `comment_add_v1` in gateway/platforms/feishu_comment.py:4
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `config_copy` in tests/cli/test_cli_provider_resolution.py:221
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `curator_backup` in agent/curator.py:1412
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `curator_backup` in tests/agent/test_curator_backup.py:1
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `deleted_user_copy` in tools/skills_sync.py:370
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `eleven_multilingual_v2` in hermes_cli/config.py:1048
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `eleven_multilingual_v2` in tools/tts_tool.py:154
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `env_backup` in tests/tools/test_code_execution.py:685
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `expected_legacy` in tests/tools/test_delegate.py:1834
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `files_upload_v2` in gateway/platforms/slack.py:1018
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `files_upload_v2` in tests/gateway/test_send_image_file.py:328
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `files_upload_v2` in tests/gateway/test_send_multiple_images.py:8
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `files_upload_v2` in tests/gateway/test_slack.py:486
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `get_legacy` in tests/test_tui_gateway_server.py:1471
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `ghost_session_prune_v1` in cli.py:1026
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `group_v2` in gateway/platforms/signal.py:501
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `history_v2` in skills/creative/comfyui/scripts/_common.py:366
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `history_v2` in skills/creative/comfyui/scripts/fetch_logs.py:39
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `history_v2` in skills/creative/comfyui/scripts/run_workflow.py:7
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `history_v2` in skills/creative/comfyui/tests/test_common.py:58
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `history_v2` in skills/creative/comfyui/tests/test_run_workflow.py:213
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `manual_at_old` in tests/hermes_cli/test_auth_xai_oauth_provider.py:1393
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `maybe_backup` in optional-skills/migration/openclaw-migration/scripts/openclaw_to_hermes.py:1094
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `mcp_srv_old` in tests/tools/test_mcp_tool.py:830
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `mock_copy` in tests/cli/test_cli_copy_command.py:28
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `no_backup` in hermes_cli/claw.py:334
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `no_backup` in tests/hermes_cli/test_claw.py:468
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `proc_old` in tests/tools/test_process_registry.py:391
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `pubsub_v1` in plugins/platforms/google_chat/adapter.py:65
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `pubsub_v1` in tests/gateway/test_google_chat.py:43
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `pubsub_v1` in tests/hermes_cli/test_startup_plugin_gating.py:6
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `receive_v1` in gateway/platforms/feishu.py:430
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `receive_v1` in tests/gateway/test_feishu_bot_admission.py:698
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `register_p2_im_message_message_read_v1` in tests/gateway/test_feishu.py:25
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `rest_v1` in optional-skills/research/osint-investigation/scripts/fetch_wikipedia.py:25
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `run_backup` in hermes_cli/backup.py:128
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `run_backup` in tests/hermes_cli/test_backup.py:161
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `s_old` in tests/agent/test_insights.py:127
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `sess_old` in tests/gateway/test_mirror.py:43
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `sess_v1` in tests/gateway/test_resume_command.py:162
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `sig_old` in tests/agent/test_anthropic_adapter.py:1525
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `sig_old` in tests/gateway/test_agent_cache.py:560
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `snapshot_copy` in tools/browser_supervisor.py:444
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `super_old` in tests/agent/test_curator.py:173
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `t2a_v2` in tests/tools/test_tts_speed.py:118
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_cli_daemon_help_marks_deprecated` in tests/hermes_cli/test_kanban_core_functionality.py:3316
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_corrupt_owner_pid_falls_back_to_legacy` in tests/tools/test_browser_orphan_reaper.py:241
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_custom_max_size_and_backup` in tests/test_hermes_logging.py:130
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_elevenlabs_default_model_multilingual_v2` in tests/tools/test_tts_max_text_length.py:81
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_env_override_wins_over_legacy` in tests/hermes_cli/test_api_key_providers.py:925
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_extra_body_override_legacy` in tests/providers/test_profile_wiring.py:258
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_history_renamed_to_v2` in skills/creative/comfyui/tests/test_cloud_integration.py:46
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_migration_from_v2` in tests/test_hermes_state.py:1694
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_migrator_can_overwrite_conflicting_imported_skill_with_backup` in tests/skills/test_openclaw_migration.py:449
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_new_platforms_takes_precedence_over_legacy` in tests/gateway/test_display_config.py:106
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_no_assistant_returns_copy` in tests/run_agent/test_run_agent.py:580
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_plain_text_uses_markdown_v2` in tests/tools/test_send_message_tool.py:655
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_profiles_nav_label_uses_short_copy` in tests/hermes_cli/test_dashboard_profiles_nav_label.py:5
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_read_returns_copy` in tests/tools/test_todo_tool.py:20
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_returned_list_is_a_copy` in tests/agent/test_external_skills_dirs_cache.py:112
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_returns_copy` in tests/test_toolset_distributions.py:37
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_returns_deep_copy` in tests/agent/test_prompt_caching.py:73
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_switch_to_minimax_m27_strips_v1` in tests/hermes_cli/test_model_switch_opencode_anthropic.py:80
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_text_as_dict_legacy` in tests/gateway/test_dingtalk.py:474
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_write_and_read_roundtrip_v2` in tests/tools/test_skills_sync.py:30
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `user_legacy` in tests/hermes_cli/test_gateway_service.py:2110
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `very_old` in tests/hermes_cli/test_debug.py:1086
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: run_agent.py:base_url, run_agent.py:base_url This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: cli.py:run_background, cli.py:run This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: trajectory_compressor.py:to_dict, trajectory_compressor.py:to_dict This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: trajectory_compressor.py:process_entry_async, trajectory_compressor.py:process_entry This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/context_compressor.py:update_model, agent/context_engine.py:update_model This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/gemini_cloudcode_adapter.py:build_gemini_request, agent/gemini_native_adapter.py:build_gemini_request This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/bedrock_adapter.py:call_converse, agent/bedrock_adapter.py:call_converse_stream This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/video_gen_provider.py:display_name, agent/image_gen_provider.py:display_name This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/video_gen_provider.py:default_model, agent/image_gen_provider.py:default_model This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/video_gen_provider.py:error_response, agent/image_gen_provider.py:error_response This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/auxiliary_client.py:close, agent/auxiliary_client.py:close This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/auxiliary_client.py:call_llm, agent/auxiliary_client.py:async_call_llm This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: agent/display.py:extract_edit_diff, agent/display.py:render_edit_diff_with_delta This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: cli.py:handler, cli.py:handler, cli.py:handler This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: agent/gemini_cloudcode_adapter.py:close, agent/gemini_native_adapter.py:close, agent/gemini_native_adapter.py:close This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or docu…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: agent/video_gen_provider.py:generate, plugins/video_gen/fal/__init__.py:generate, plugins/video_gen/xai/__init__.py:generate This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidat…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: agent/video_gen_registry.py:list_providers, agent/image_gen_registry.py:list_providers, agent/web_search_registry.py:list_providers This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Con…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: agent/video_gen_registry.py:get_provider, agent/image_gen_registry.py:get_provider, agent/web_search_registry.py:get_provider This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolida…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: agent/image_gen_provider.py:generate, plugins/image_gen/openai/__init__.py:generate, plugins/image_gen/xai/__init__.py:generate, plugins/image_gen/openai-codex/__init__.py:generate This is *the* AI-coder failure mode (4× more duplication in vibe-code…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: agent/auxiliary_client.py:create, agent/auxiliary_client.py:create, agent/auxiliary_client.py:create, agent/auxiliary_client.py:create This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). …
integrityduplicatedry
low 9-layer cicd supply-chain conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
package.json supply-chainnpminstall-scripts
low 9-layer software dead-code conf 1.00 Possibly dead Python function: apply_transformation
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli.py:12797 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: clear_messages
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
hermes_state.py:2237 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: crawl_source
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/build_skills_index.py:66 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: dec
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tui_gateway/server.py:438 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: env_bool
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
utils.py:285 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: env_int
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
utils.py:274 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: expires_unix_seconds
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/google_oauth.py:455 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: go
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tui_gateway/server.py:5933 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: handle_enter
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli.py:11815 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: log_message
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/google_oauth.py:748 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: process_entry
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
trajectory_compressor.py:948 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: process_loop
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli.py:13531 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: read_claude_managed_key
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/anthropic_adapter.py:757 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: register_subparser
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/lsp/cli.py:22 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: run_after_agent_ready
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tui_gateway/server.py:3014 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: run_background
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli.py:8174 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: run_lsp_command
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/lsp/cli.py:70 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: save_b64_video
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/video_gen_provider.py:213 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: save_bytes_video
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/video_gen_provider.py:233 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: save_trajectory
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
agent/trajectory.py:30 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: secret_cb
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
tui_gateway/server.py:1660 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: spinner_loop
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli.py:13511 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: stream_callback
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
cli.py:10939 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sub_link
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
website/scripts/generate-skill-docs.py:239 dead-code
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — scripts/whatsapp-bridge/bridge.js:207
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — skills/creative/p5js/scripts/export-frames.js:94
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — ui-tui/src/entry.tsx:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — web/src/lib/gatewayClient.ts:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer quality integrity conf 1.00 Stub function `clear_cache` (body is just `pass`/`return`) — plugins/platforms/teams/adapter.py:131
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `close` (body is just `pass`/`return`) — tui_gateway/transport.py:182
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `handle_file_shared` (body is just `pass`/`return`) — gateway/platforms/slack.py:614
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `print` (body is just `pass`/`return`) — hermes_cli/skills_hub.py:728
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `print` (body is just `pass`/`return`) — tui_gateway/server.py:6541
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `register_tool` (body is just `pass`/`return`) — plugins/context_engine/__init__.py:209
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer quality integrity conf 1.00 Stub function `register_tool` (body is just `pass`/`return`) — plugins/memory/__init__.py:298
Likely an AI scaffold that was never filled in. Remove or implement.
integrityempty-handlerdead-code
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/cron/jobs/{job_id}
`hermes_cli/web_server.py` declares `DELETE /api/cron/jobs/{job_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/env
`hermes_cli/web_server.py` declares `DELETE /api/env` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/profiles/{name}
`hermes_cli/web_server.py` declares `DELETE /api/profiles/{name}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/providers/oauth/sessions/{session_id}
`hermes_cli/web_server.py` declares `DELETE /api/providers/oauth/sessions/{session_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who con…
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/providers/oauth/{provider_id}
`hermes_cli/web_server.py` declares `DELETE /api/providers/oauth/{provider_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: DELETE /api/sessions/{session_id}
`hermes_cli/web_server.py` declares `DELETE /api/sessions/{session_id}` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/actions/{name}/status
`hermes_cli/web_server.py` declares `GET /api/actions/{name}/status` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint
low 9-layer api wiring conf 1.00 Unused endpoint: GET /api/config
`hermes_cli/web_server.py` declares `GET /api/config` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting who consumes it.
wiringunused-endpoint

Showing first 300 of 812. Refine filters or use the legacy findings page for deep search.

{# ── 2026-05-17 Round 14: AI-agent bridge footer ────────────────────── Discoverability: the /agents/voting/ guide + MCP manifest exist but aren't linked from anywhere users actually land. Small, opt-in footer. #}
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/babdf5bb-90da-4ecd-a31d-8963b056e767/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/babdf5bb-90da-4ecd-a31d-8963b056e767/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.