{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@types/jsdom` is 1 major version(s) behind (^27.0.0 -> 28.0.3)", "shortDescription": {"text": "npm package `@types/jsdom` is 1 major version(s) behind (^27.0.0 -> 28.0.3)"}, "fullDescription": {"text": "`@types/jsdom` is pinned/resolved at ^27.0.0 but the latest stable release on the npm registry is 28.0.3 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "GHSA-866g-f22w-33x8", "name": "@ai-sdk/provider-utils: GHSA-866g-f22w-33x8", "shortDescription": {"text": "@ai-sdk/provider-utils: GHSA-866g-f22w-33x8"}, "fullDescription": {"text": "@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "low", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 6 more): Same pattern found in 6 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion (and 8 more): Same pattern found in 8 additional files. Review if needed.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 91 more): Same pattern found in 91 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 91 more): Same pattern found in 91 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, ra"}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC114", "name": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker", "shortDescription": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "fullDescription": {"text": "After joining, re-check containment: `if !strings.HasPrefix(filepath.Clean(joined), filepath.Clean(baseDir)+string(os.PathSeparator)) { error }`. In Node: `path.resolve(base, x); if (!resolved.startsWith(base + path.sep)) throw`."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/upload-artifact` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "generic-api-key", "name": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations.", "shortDescription": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "private-key", "name": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption.", "shortDescription": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "fullDescription": {"text": "Gitleaks detected a committed secret or credential pattern."}, "properties": {"scanner": "gitleaks", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "MINED116", "name": "Workflow uses `secrets.PARITY_APP_PRIVATE_KEY` on a `pull_request` trigger", "shortDescription": {"text": "Workflow uses `secrets.PARITY_APP_PRIVATE_KEY` on a `pull_request` trigger"}, "fullDescription": {"text": "This workflow triggers on `pull_request`, which checks out the FORK's code. Referencing `${ secrets.PARITY_APP_PRIVATE_KEY }` lets a PR from any fork exfiltrate the secret (modify a script, log the value, etc.). Use `pull_request_target` ONLY with strict checkout discipline (no fork code in the trusted context)."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1338"}, "properties": {"repository": "browserbase/stagehand", "repoUrl": "https://github.com/browserbase/stagehand", "branch": "main"}, "results": [{"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 136652, "scanner": "repobility-threat-engine", "fingerprint": "7b11ff4eeec39e47bb523d252aa05e34cd556676755849516e28f96368d328b4", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7b11ff4eeec39e47bb523d252aa05e34cd556676755849516e28f96368d328b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/core/targets/localChrome.ts"}, "region": {"startLine": 135}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 136651, "scanner": "repobility-threat-engine", "fingerprint": "3268ca9a5f147e2300d882a1f261374f1c83fe7fc0af6ae5a49c7e3d0c896a8f", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3268ca9a5f147e2300d882a1f261374f1c83fe7fc0af6ae5a49c7e3d0c896a8f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/browserbaseCleanup.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 136650, "scanner": "repobility-threat-engine", "fingerprint": "255b04aca8579708a7db04c9be83d21fa9ccd5ed15d4824d93ce9f4a6012c74f", "category": "error_handling", "severity": "medium", "confidence": 0.45, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found | [R34 auto-suppress: documentation/example path]", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.45, "correlation_key": "fp|255b04aca8579708a7db04c9be83d21fa9ccd5ed15d4824d93ce9f4a6012c74f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/examples/record-video.ts"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 136646, "scanner": "repobility-threat-engine", "fingerprint": "1318bc81bf2d525e4a8ee42191e11f06b55e7a94da3dbd31450c54e61b4e7ec4", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'John Doe'", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1318bc81bf2d525e4a8ee42191e11f06b55e7a94da3dbd31450c54e61b4e7ec4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/examples/example.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 136637, "scanner": "repobility-agent-runtime", "fingerprint": "3a36ba68cd9c6388733a3c189fba86c8b1a90f089b850a8a8491b52ed39c2440", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|3a36ba68cd9c6388733a3c189fba86c8b1a90f089b850a8a8491b52ed39c2440"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/docs/sdk-api-reference-labels.js"}, "region": {"startLine": 196}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 136636, "scanner": "repobility-agent-runtime", "fingerprint": "cc8608e78d312cecd5a7a21a4230b5fa33251f2a15568d9de01a9530b0d6aae8", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|cc8608e78d312cecd5a7a21a4230b5fa33251f2a15568d9de01a9530b0d6aae8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/logger.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@types/jsdom` is 1 major version(s) behind (^27.0.0 -> 28.0.3)"}, "properties": {"repobilityId": 136635, "scanner": "repobility-dependency-currency", "fingerprint": "0ad06a92eaff09a94a4b641735181f551444b6034d4ad9f3d97e81e58da53867", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/jsdom", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "28.0.3", "correlation_key": "fp|0ad06a92eaff09a94a4b641735181f551444b6034d4ad9f3d97e81e58da53867", "current_version": "^27.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `uuid` is 3 major version(s) behind (^11.1.1 -> 14.0.0)"}, "properties": {"repobilityId": 136632, "scanner": "repobility-dependency-currency", "fingerprint": "71d9c4e24a23c14a759a66e8a120d01ae9ce9b12cf902fac9112c1c7a3fd4469", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "uuid", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "14.0.0", "correlation_key": "fp|71d9c4e24a23c14a759a66e8a120d01ae9ce9b12cf902fac9112c1c7a3fd4469", "current_version": "^11.1.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `pino` is 1 major version(s) behind (^9.6.0 -> 10.3.1)"}, "properties": {"repobilityId": 136630, "scanner": "repobility-dependency-currency", "fingerprint": "adc81f0b0349dc8f950a37e67e2b09ef0f22a9c4690062e925a5abd3d9c01c9d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pino", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.3.1", "correlation_key": "fp|adc81f0b0349dc8f950a37e67e2b09ef0f22a9c4690062e925a5abd3d9c01c9d", "current_version": "^9.6.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@google/genai` is 1 major version(s) behind (^1.22.0 -> 2.8.0)"}, "properties": {"repobilityId": 136628, "scanner": "repobility-dependency-currency", "fingerprint": "a6ebb3f1d95cfac16b5c7a03ef05b19f8ea28f2f093e96774d51f4000de01567", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@google/genai", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.8.0", "correlation_key": "fp|a6ebb3f1d95cfac16b5c7a03ef05b19f8ea28f2f093e96774d51f4000de01567", "current_version": "^1.22.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@ai-sdk/provider` is 1 major version(s) behind (^2.0.0 -> 3.0.10)"}, "properties": {"repobilityId": 136625, "scanner": "repobility-dependency-currency", "fingerprint": "fd0959affbc26ccc60c7077ebc7a9fa37858d993e00e86120c99bd0a0ed62214", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@ai-sdk/provider", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.0.10", "correlation_key": "fp|fd0959affbc26ccc60c7077ebc7a9fa37858d993e00e86120c99bd0a0ed62214", "current_version": "^2.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `braintrust` is 3 major version(s) behind (^0.4.10 -> 3.17.0)"}, "properties": {"repobilityId": 136623, "scanner": "repobility-dependency-currency", "fingerprint": "c01c1673bc65681ff1b1f3cce4921e96acb05ba31a8ea1fee9dfb2269cccb0a5", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "braintrust", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.17.0", "correlation_key": "fp|c01c1673bc65681ff1b1f3cce4921e96acb05ba31a8ea1fee9dfb2269cccb0a5", "current_version": "^0.4.10"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@ai-sdk/provider` is 1 major version(s) behind (^2.0.0 -> 3.0.10)"}, "properties": {"repobilityId": 136620, "scanner": "repobility-dependency-currency", "fingerprint": "fb116b61a1fcfe79378ae032513335296052d2159e4bb4c3c8bcc6f4df3e33d6", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@ai-sdk/provider", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.0.10", "correlation_key": "fp|fb116b61a1fcfe79378ae032513335296052d2159e4bb4c3c8bcc6f4df3e33d6", "current_version": "^2.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `lint-staged` is 1 major version(s) behind (^16.4.0 -> 17.0.7)"}, "properties": {"repobilityId": 136616, "scanner": "repobility-dependency-currency", "fingerprint": "f36983bb482b184333db0f655e2c3fa020c2729534b12614f7e5c4d523c9f882", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "lint-staged", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.0.7", "correlation_key": "fp|f36983bb482b184333db0f655e2c3fa020c2729534b12614f7e5c4d523c9f882", "current_version": "^16.4.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `globals` is 2 major version(s) behind (^15.13.0 -> 17.6.0)"}, "properties": {"repobilityId": 136615, "scanner": "repobility-dependency-currency", "fingerprint": "4a548851021555ebde9492cf2d3956e0dcf377894c83ad5bff6807a4ae58a18e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "globals", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.6.0", "correlation_key": "fp|4a548851021555ebde9492cf2d3956e0dcf377894c83ad5bff6807a4ae58a18e", "current_version": "^15.13.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `eslint-plugin-security` is 1 major version(s) behind (^3.0.1 -> 4.0.0)"}, "properties": {"repobilityId": 136614, "scanner": "repobility-dependency-currency", "fingerprint": "b89b3d5cb57e7c3bf44ff668d58a10cf403b430cee0e22a0cbbeb25872b85035", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "eslint-plugin-security", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.0.0", "correlation_key": "fp|b89b3d5cb57e7c3bf44ff668d58a10cf403b430cee0e22a0cbbeb25872b85035", "current_version": "^3.0.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-866g-f22w-33x8", "level": "note", "message": {"text": "@ai-sdk/provider-utils: GHSA-866g-f22w-33x8"}, "properties": {"repobilityId": 136675, "scanner": "osv-scanner", "fingerprint": "5962aa98b5dac5ab5742ebd7d6dcc8f6f17b9760df54c2fc19fe354f783748ae", "category": "dependency", "severity": "low", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-8769"], "package": "@ai-sdk/provider-utils", "rule_id": "GHSA-866g-f22w-33x8", "scanner": "osv-scanner", "correlation_key": "vuln|ai-sdk/provider-utils|CVE-2026-8769|pnpm-lock.yaml"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pnpm-lock.yaml"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `pino-pretty` is minor version(s) behind (^13.0.0 -> 13.1.3)"}, "properties": {"repobilityId": 136631, "scanner": "repobility-dependency-currency", "fingerprint": "0a7007f4341bab570dc3cd7e92c8109c2f4c8096182ba7c8aa88c51ab08c6284", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "pino-pretty", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "13.1.3", "correlation_key": "fp|0a7007f4341bab570dc3cd7e92c8109c2f4c8096182ba7c8aa88c51ab08c6284", "current_version": "^13.0.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `fetch-cookie` is minor version(s) behind (^3.1.0 -> 3.2.0)"}, "properties": {"repobilityId": 136629, "scanner": "repobility-dependency-currency", "fingerprint": "87c13c258b8954a66f45aaa8b9174c8e164fdf83dd96d88f6d8b660dfc91662b", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "fetch-cookie", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.2.0", "correlation_key": "fp|87c13c258b8954a66f45aaa8b9174c8e164fdf83dd96d88f6d8b660dfc91662b", "current_version": "^3.1.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@browserbasehq/sdk` is minor version(s) behind (^2.10.0 -> 2.13.0)"}, "properties": {"repobilityId": 136627, "scanner": "repobility-dependency-currency", "fingerprint": "8539a36e340c15f0b7b4aa4bfb43e49ff1eb79fcf17c93f045cef4a474f4af3a", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@browserbasehq/sdk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.13.0", "correlation_key": "fp|8539a36e340c15f0b7b4aa4bfb43e49ff1eb79fcf17c93f045cef4a474f4af3a", "current_version": "^2.10.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@anthropic-ai/sdk` is minor version(s) behind (0.39.0 -> 0.101.0)"}, "properties": {"repobilityId": 136626, "scanner": "repobility-dependency-currency", "fingerprint": "f270f34ccf8c64dbf1a872a8718623fc72c37aa0437035cc15963f264fd6a2b9", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@anthropic-ai/sdk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.101.0", "correlation_key": "fp|f270f34ccf8c64dbf1a872a8718623fc72c37aa0437035cc15963f264fd6a2b9", "current_version": "0.39.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `chalk` is minor version(s) behind (^5.4.1 -> 5.6.2)"}, "properties": {"repobilityId": 136624, "scanner": "repobility-dependency-currency", "fingerprint": "77b78eacb4b7664bc3554643fc93acb37839ee5294ad775fd72ea20ea11047d3", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "chalk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "5.6.2", "correlation_key": "fp|77b78eacb4b7664bc3554643fc93acb37839ee5294ad775fd72ea20ea11047d3", "current_version": "^5.4.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `dotenv` is minor version(s) behind (^17.3.1 -> 17.4.2)"}, "properties": {"repobilityId": 136622, "scanner": "repobility-dependency-currency", "fingerprint": "60293abc3df7ae7f379229e7ac1b567e162d0b7908136acb8e227f0020d2c551", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "dotenv", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.4.2", "correlation_key": "fp|60293abc3df7ae7f379229e7ac1b567e162d0b7908136acb8e227f0020d2c551", "current_version": "^17.3.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@anthropic-ai/claude-agent-sdk` is minor version(s) behind (^0.2.141 -> 0.3.165)"}, "properties": {"repobilityId": 136621, "scanner": "repobility-dependency-currency", "fingerprint": "407b4d990f02852253167b1dd1eef301a1602e5a74c3c546942f5b3ed91247f6", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@anthropic-ai/claude-agent-sdk", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.3.165", "correlation_key": "fp|407b4d990f02852253167b1dd1eef301a1602e5a74c3c546942f5b3ed91247f6", "current_version": "^0.2.141"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `tsx` is minor version(s) behind (^4.19.4 -> 4.22.4)"}, "properties": {"repobilityId": 136619, "scanner": "repobility-dependency-currency", "fingerprint": "1f328d1f3efcb4dd18ab4aaed86e4eb0d148e346f1359d5f35c9828f2816dd0b", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "tsx", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "4.22.4", "correlation_key": "fp|1f328d1f3efcb4dd18ab4aaed86e4eb0d148e346f1359d5f35c9828f2816dd0b", "current_version": "^4.19.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `prettier` is minor version(s) behind (^3.2.5 -> 3.8.3)"}, "properties": {"repobilityId": 136617, "scanner": "repobility-dependency-currency", "fingerprint": "d58ce6911e3c7b835053ccc2a141e9af79574adeda6ee8e894b54646722db295", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "prettier", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.8.3", "correlation_key": "fp|d58ce6911e3c7b835053ccc2a141e9af79574adeda6ee8e894b54646722db295", "current_version": "^3.2.5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `esbuild` is minor version(s) behind (0.27.2 -> 0.28.0)"}, "properties": {"repobilityId": 136613, "scanner": "repobility-dependency-currency", "fingerprint": "62e9a5a49a798fb721f59a1a84c0dc8b1835b993a6bb9aaa1966b5a750544e72", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "esbuild", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.28.0", "correlation_key": "fp|62e9a5a49a798fb721f59a1a84c0dc8b1835b993a6bb9aaa1966b5a750544e72", "current_version": "0.27.2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `dotenv` is minor version(s) behind (^17.3.1 -> 17.4.2)"}, "properties": {"repobilityId": 136612, "scanner": "repobility-dependency-currency", "fingerprint": "b5423ca946ebfb6865248aaa07d5e612d5bf35f8009ecb33fb2e71b055ac98c0", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "dotenv", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "17.4.2", "correlation_key": "fp|b5423ca946ebfb6865248aaa07d5e612d5bf35f8009ecb33fb2e71b055ac98c0", "current_version": "^17.3.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@changesets/changelog-github` is minor version(s) behind (^0.5.0 -> 0.7.0)"}, "properties": {"repobilityId": 136611, "scanner": "repobility-dependency-currency", "fingerprint": "e2d652c577f9bd7d8d1fe60349a3a88dcf9c86b114c864e219f2a845c81c0ca3", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@changesets/changelog-github", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.7.0", "correlation_key": "fp|e2d652c577f9bd7d8d1fe60349a3a88dcf9c86b114c864e219f2a845c81c0ca3", "current_version": "^0.5.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136583, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1476af58c2213669f71cf5bace3efde5ab5e7acf244fb3a8e5bc0f7786aea8b6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/evals/core/tools/playwright_code.ts", "duplicate_line": 51, "correlation_key": "fp|1476af58c2213669f71cf5bace3efde5ab5e7acf244fb3a8e5bc0f7786aea8b6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/core/tools/understudy_code.ts"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136582, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a64902cccb7e5b3931cf73f416173492d5d91aa4a5cb6ce0cb55853e127ca33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/evals/core/tools/browse_cli.ts", "duplicate_line": 25, "correlation_key": "fp|0a64902cccb7e5b3931cf73f416173492d5d91aa4a5cb6ce0cb55853e127ca33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/core/tools/understudy_code.ts"}, "region": {"startLine": 23}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136581, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a75a90fc01c057247d4a0b3984e79a5f4109f73968fa8afac8b3d36a1a79fb96", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/evals/core/tools/browse_cli.ts", "duplicate_line": 25, "correlation_key": "fp|a75a90fc01c057247d4a0b3984e79a5f4109f73968fa8afac8b3d36a1a79fb96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/core/tools/playwright_code.ts"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136580, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9e85c7b894288ede9ef6c42c206e2baece6c5a4f2b17a15485a70ab3b4f71a53", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/evals/core/tasks/actions/click_coordinates.ts", "duplicate_line": 5, "correlation_key": "fp|9e85c7b894288ede9ef6c42c206e2baece6c5a4f2b17a15485a70ab3b4f71a53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/core/tasks/actions/hover.ts"}, "region": {"startLine": 5}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136579, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dc5743d9047a63ccffcd45f8396aff820d6995e3f142a303db2725e896c55ea2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/scripts/build-cjs.ts", "duplicate_line": 1, "correlation_key": "fp|dc5743d9047a63ccffcd45f8396aff820d6995e3f142a303db2725e896c55ea2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/scripts/build-esm.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136578, "scanner": "repobility-ai-code-hygiene", "fingerprint": "41b859b75273edca7549675d28f51e511ebe8a4a02da555dbc0c1ad56ac240f2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/understudy/deepLocator.ts", "duplicate_line": 106, "correlation_key": "fp|41b859b75273edca7549675d28f51e511ebe8a4a02da555dbc0c1ad56ac240f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/understudy/frameLocator.ts"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136577, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2c0ac6841b0368dcfa8799c7a1452c550eedc6080abc295a1e6aadeb6e439573", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/understudy/a11y/snapshot/focusSelectors.ts", "duplicate_line": 16, "correlation_key": "fp|2c0ac6841b0368dcfa8799c7a1452c550eedc6080abc295a1e6aadeb6e439573"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/understudy/deepLocator.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136576, "scanner": "repobility-ai-code-hygiene", "fingerprint": "75765be13eb3b67222bcc3de76abad26ae547701ebb7c3a5fa7b26ea98be0419", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/external_clients/aisdk.ts", "duplicate_line": 26, "correlation_key": "fp|75765be13eb3b67222bcc3de76abad26ae547701ebb7c3a5fa7b26ea98be0419"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/llm/aisdk.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136575, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bdd8423b3636c675c66a84db2b5ce5f2469404c4e73f5ac52827525b9fb2678b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/external_clients/customOpenAI.ts", "duplicate_line": 43, "correlation_key": "fp|bdd8423b3636c675c66a84db2b5ce5f2469404c4e73f5ac52827525b9fb2678b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/llm/OpenAIClient.ts"}, "region": {"startLine": 104}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136574, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cc4b5be919409758ca9bfd955cdf554f7668a07e22287bf2692e8b0ae6331c44", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/llm/AnthropicClient.ts", "duplicate_line": 165, "correlation_key": "fp|cc4b5be919409758ca9bfd955cdf554f7668a07e22287bf2692e8b0ae6331c44"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/llm/GroqClient.ts"}, "region": {"startLine": 153}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136573, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb75fd17f54fbd22981b7f154a12f62ba6474dfbe96db41766f5fa4b5cdc7edc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/llm/CerebrasClient.ts", "duplicate_line": 15, "correlation_key": "fp|bb75fd17f54fbd22981b7f154a12f62ba6474dfbe96db41766f5fa4b5cdc7edc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/llm/GroqClient.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136572, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb84d9bd8b3ce76d2c8ea5a322a56ba72e4c5013f0f5d998d71d841311027064", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/llm/AnthropicClient.ts", "duplicate_line": 165, "correlation_key": "fp|bb84d9bd8b3ce76d2c8ea5a322a56ba72e4c5013f0f5d998d71d841311027064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/llm/CerebrasClient.ts"}, "region": {"startLine": 153}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136571, "scanner": "repobility-ai-code-hygiene", "fingerprint": "25566701144d8a26820a952a533ae7ac990edba60976a44d16329ff3999f047c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/handlers/extractHandler.ts", "duplicate_line": 51, "correlation_key": "fp|25566701144d8a26820a952a533ae7ac990edba60976a44d16329ff3999f047c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/handlers/observeHandler.ts"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136570, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2747a1d7e8ffe9e0d903d458a0a19f808bb84817df91343575a20e4b5cf1525f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/dom/locatorScripts/counts.ts", "duplicate_line": 122, "correlation_key": "fp|2747a1d7e8ffe9e0d903d458a0a19f808bb84817df91343575a20e4b5cf1525f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/dom/locatorScripts/selectors.ts"}, "region": {"startLine": 133}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136569, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a67cfddfbce85127cd0e49a672557debaa4c5494c9ff6c88371fe8201ccba33e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/click.ts", "duplicate_line": 80, "correlation_key": "fp|a67cfddfbce85127cd0e49a672557debaa4c5494c9ff6c88371fe8201ccba33e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/wait.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136568, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4206e8045a3d4eef008a2736941d494170d6d4794c4dce0d9f5e2dae6c0ffb81", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/fillFormVision.ts", "duplicate_line": 153, "correlation_key": "fp|4206e8045a3d4eef008a2736941d494170d6d4794c4dce0d9f5e2dae6c0ffb81"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/type.ts"}, "region": {"startLine": 110}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136567, "scanner": "repobility-ai-code-hygiene", "fingerprint": "faf0771bbd84e8ac139798f5306b126024b549187fa016f6772a15cb1a41ca1d", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/click.ts", "duplicate_line": 59, "correlation_key": "fp|faf0771bbd84e8ac139798f5306b126024b549187fa016f6772a15cb1a41ca1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/type.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136566, "scanner": "repobility-ai-code-hygiene", "fingerprint": "197e60e3d5caf6d81548359b1c90925535c8e1d2c025d81b04a5a89d4ac98920", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/click.ts", "duplicate_line": 80, "correlation_key": "fp|197e60e3d5caf6d81548359b1c90925535c8e1d2c025d81b04a5a89d4ac98920"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/scroll.ts"}, "region": {"startLine": 145}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136565, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b4ab2543751a9955f9c798703e09bc91a1fc5c91a223ac38cf9cc0e4642f63c3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/ariaTree.ts", "duplicate_line": 44, "correlation_key": "fp|b4ab2543751a9955f9c798703e09bc91a1fc5c91a223ac38cf9cc0e4642f63c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/screenshot.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136564, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3f8e922a66c170397281d75034aca7def130ec7c47a8f8c52bcc930906b7c24", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/act.ts", "duplicate_line": 60, "correlation_key": "fp|a3f8e922a66c170397281d75034aca7def130ec7c47a8f8c52bcc930906b7c24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/fillform.ts"}, "region": {"startLine": 72}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136563, "scanner": "repobility-ai-code-hygiene", "fingerprint": "83c243debcd2650fa58598f3838365118d48b62433055483f698fb4adf8c2cb6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/click.ts", "duplicate_line": 95, "correlation_key": "fp|83c243debcd2650fa58598f3838365118d48b62433055483f698fb4adf8c2cb6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/fillFormVision.ts"}, "region": {"startLine": 151}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136562, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4d380a800966f836179641df5a47a0d72457016d890b22cc75050f63d58e9798", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/click.ts", "duplicate_line": 59, "correlation_key": "fp|4d380a800966f836179641df5a47a0d72457016d890b22cc75050f63d58e9798"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/dragAndDrop.ts"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136561, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c423335ee7ba13f44a5ab5d57961d4bab3b43b2fc60e95cca2fd74eb235fcea1", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/tools/braveSearch.ts", "duplicate_line": 72, "correlation_key": "fp|c423335ee7ba13f44a5ab5d57961d4bab3b43b2fc60e95cca2fd74eb235fcea1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/tools/browserbaseSearch.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136560, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b96c553be850d9a7df157525723387dea7d95bf06fef43a6fe52512d4f52ef8b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/GoogleCUAClient.ts", "duplicate_line": 213, "correlation_key": "fp|b96c553be850d9a7df157525723387dea7d95bf06fef43a6fe52512d4f52ef8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/OpenAICUAClient.ts"}, "region": {"startLine": 154}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136559, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a444aeff773afb239907793c918db591dd050421fbf8035b5396bb73023eb4d9", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/AnthropicCUAClient.ts", "duplicate_line": 72, "correlation_key": "fp|a444aeff773afb239907793c918db591dd050421fbf8035b5396bb73023eb4d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/OpenAICUAClient.ts"}, "region": {"startLine": 80}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136558, "scanner": "repobility-ai-code-hygiene", "fingerprint": "02f79718a5c2d31fcf41493d049b4d40abf2519ffaf93ec3e9c61a8a9ea49b94", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/core/lib/v3/agent/AnthropicCUAClient.ts", "duplicate_line": 75, "correlation_key": "fp|02f79718a5c2d31fcf41493d049b4d40abf2519ffaf93ec3e9c61a8a9ea49b94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/lib/v3/agent/GoogleCUAClient.ts"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136557, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9f2350cb422cde112187427961f7e4d5b553cdc68434fbc3fc97fedda3adf0e2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/cli/src/lib/cloud/api.ts", "duplicate_line": 136, "correlation_key": "fp|9f2350cb422cde112187427961f7e4d5b553cdc68434fbc3fc97fedda3adf0e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/lib/functions/shared.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136556, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bda49a813efa2f85c4620862ca713b5e3ee06363c254ff5ca418d28ad25ed655", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/cli/src/lib/driver/daemon/client.ts", "duplicate_line": 238, "correlation_key": "fp|bda49a813efa2f85c4620862ca713b5e3ee06363c254ff5ca418d28ad25ed655"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/lib/driver/local-cdp-discovery.ts"}, "region": {"startLine": 85}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136555, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ba2f5253cbcba414ac0720c25d34d41d8a2a40772ae7a9ce23f7823191e84b3f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/cli/src/commands/functions/dev.ts", "duplicate_line": 10, "correlation_key": "fp|ba2f5253cbcba414ac0720c25d34d41d8a2a40772ae7a9ce23f7823191e84b3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/commands/functions/publish.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 136554, "scanner": "repobility-ai-code-hygiene", "fingerprint": "741b5aee3240b8983b03cd8f1eff1b343c5c347ac7381e7c3b9f310b0ba93c52", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "packages/cli/src/commands/cloud/projects/list.ts", "duplicate_line": 1, "correlation_key": "fp|741b5aee3240b8983b03cd8f1eff1b343c5c347ac7381e7c3b9f310b0ba93c52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/commands/cloud/sessions/list.ts"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 6 more): Same pattern found in 6 additional files. Review if needed."}, "properties": {"repobilityId": 136668, "scanner": "repobility-threat-engine", "fingerprint": "e7cd40d7b324241c80937e7a6f550054df46cdde533de8ce7a56977f55a98866", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 6 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e7cd40d7b324241c80937e7a6f550054df46cdde533de8ce7a56977f55a98866", "aggregated_count": 6}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 136667, "scanner": "repobility-threat-engine", "fingerprint": "c74ffd6f76781ab025606f32b863109741a29ed5e70087570a21ed4df3121604", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|c74ffd6f76781ab025606f32b863109741a29ed5e70087570a21ed4df3121604"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/tasks/bench/agent/hotels_paris_amenities.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 136666, "scanner": "repobility-threat-engine", "fingerprint": "353c2ea388379b57df1f006cffc3974e1b0830549f0925462d091cc32000136b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|353c2ea388379b57df1f006cffc3974e1b0830549f0925462d091cc32000136b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/tasks/bench/agent/flipkart_laptops.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 136665, "scanner": "repobility-threat-engine", "fingerprint": "8a706406fbddd32de3759cd4924a52e19a9d7854c2fa0abcaff13a849cdcae85", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8a706406fbddd32de3759cd4924a52e19a9d7854c2fa0abcaff13a849cdcae85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/tasks/bench/agent/columbia_tuition.ts"}, "region": {"startLine": 20}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 136663, "scanner": "repobility-threat-engine", "fingerprint": "3fe8d33e128ffadbccce73f2652100ccfed6103ba34fda2f795c803e2dd7cf38", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|3fe8d33e128ffadbccce73f2652100ccfed6103ba34fda2f795c803e2dd7cf38", "aggregated_count": 8}}}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 136662, "scanner": "repobility-threat-engine", "fingerprint": "04541c25f1b54b8196da5899ff0b8bfa28510bed8fa3a8d2b8129d839b7ce974", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|04541c25f1b54b8196da5899ff0b8bfa28510bed8fa3a8d2b8129d839b7ce974"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/server-v3/scripts/gen-openapi.ts"}, "region": {"startLine": 184}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 136661, "scanner": "repobility-threat-engine", "fingerprint": "9782571bac2b783ac4fccfe5d6003078c96c7a4e2e688a9facc7f5c538107d8e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9782571bac2b783ac4fccfe5d6003078c96c7a4e2e688a9facc7f5c538107d8e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/framework/discovery.ts"}, "region": {"startLine": 271}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 136660, "scanner": "repobility-threat-engine", "fingerprint": "bd195fe2ccb79257980d240dd894eefe99cdae6911a2691924124bd3d0ced024", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bd195fe2ccb79257980d240dd894eefe99cdae6911a2691924124bd3d0ced024"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/core/tasks/actions/click_coordinates.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 136656, "scanner": "repobility-threat-engine", "fingerprint": "821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|821cba61ed8ca9932fa4a20b298f5d896106f8bf2152c246419c88b94424b756"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 136649, "scanner": "repobility-threat-engine", "fingerprint": "8f617dc89a6b8e53cdf841c5b006e6e0a2e56e904ad3384d46bacd2ea15639f4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8f617dc89a6b8e53cdf841c5b006e6e0a2e56e904ad3384d46bacd2ea15639f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/examples/mcp.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 136648, "scanner": "repobility-threat-engine", "fingerprint": "0cfc57412097d70457d77e3fca6c550360d2638dae1bde90bf11b7d5d7fd3b4c", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "console.log(`\u2713 ${language} SDK docs written to ${config.outputPath}`)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|17|console.log language sdk docs written to config.outputpath"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/docs/scripts/sync-sdk-docs.js"}, "region": {"startLine": 177}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 136647, "scanner": "repobility-threat-engine", "fingerprint": "de933e89fa91aef3249953c64e14d2029073f39dca82ae31551816418aaf82e4", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Environment variable or config lookup (credentials loaded safely)", "evidence": {"match": "console.log(process.env.NOTION_TOKEN)", "reason": "Environment variable or config lookup (credentials loaded safely)", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|1|console.log process.env.notion_token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/examples/mcp.ts"}, "region": {"startLine": 6}}}]}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 136645, "scanner": "repobility-threat-engine", "fingerprint": "5604b0415ef1c219adfd5f12877e5f4c0affdedeba09d684a49e22087970a270", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5604b0415ef1c219adfd5f12877e5f4c0affdedeba09d684a49e22087970a270"}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 91 more): Same pattern found in 91 additional files. Review if needed."}, "properties": {"repobilityId": 136641, "scanner": "repobility-threat-engine", "fingerprint": "fa7ab2e1dd473eaa81929c032099f7d148c79bb4620fb2437711293477d409f0", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 91 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|fa7ab2e1dd473eaa81929c032099f7d148c79bb4620fb2437711293477d409f0", "aggregated_count": 91}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 136640, "scanner": "repobility-threat-engine", "fingerprint": "103f14f511948dda7cff90addde63e7037ac6f66def5e99bbbcc64ccfef162c4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|103f14f511948dda7cff90addde63e7037ac6f66def5e99bbbcc64ccfef162c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/commands/cloud/sessions/list.ts"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 136639, "scanner": "repobility-threat-engine", "fingerprint": "82354c146a16cdd9d70fa5a21e39683907e4f2c96a71c352d8eb7e8929f009af", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|82354c146a16cdd9d70fa5a21e39683907e4f2c96a71c352d8eb7e8929f009af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/commands/cloud/search.ts"}, "region": {"startLine": 80}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 136638, "scanner": "repobility-threat-engine", "fingerprint": "e74fee8ae4c17f5d8157c14d0c19239a1f6310c16c9c93d8798d0a1e8764eaf2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e74fee8ae4c17f5d8157c14d0c19239a1f6310c16c9c93d8798d0a1e8764eaf2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/commands/cloud/projects/list.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `@types/adm-zip` is patch version(s) behind (^0.5.7 -> 0.5.8)"}, "properties": {"repobilityId": 136634, "scanner": "repobility-dependency-currency", "fingerprint": "cbb9f65c931c5aacb1320dc03dd6b30322ef5c0bb39850dcbd544d3e0cf6c594", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@types/adm-zip", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.5.8", "correlation_key": "fp|cbb9f65c931c5aacb1320dc03dd6b30322ef5c0bb39850dcbd544d3e0cf6c594", "current_version": "^0.5.7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `zod-to-json-schema` is patch version(s) behind (^3.25.0 -> 3.25.2)"}, "properties": {"repobilityId": 136633, "scanner": "repobility-dependency-currency", "fingerprint": "c382cfa8b581dbd6d35dbc5fb6a59401a939e90979a5cd3f8d7a804a1da7ebf5", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "zod-to-json-schema", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "3.25.2", "correlation_key": "fp|c382cfa8b581dbd6d35dbc5fb6a59401a939e90979a5cd3f8d7a804a1da7ebf5", "current_version": "^3.25.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `source-map` is patch version(s) behind (^0.7.4 -> 0.7.6)"}, "properties": {"repobilityId": 136618, "scanner": "repobility-dependency-currency", "fingerprint": "fdae10c5cf0c9abe321d3a22eeb2671fd48aacbeafcbffd57caa43bd78fefceb", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "source-map", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.7.6", "correlation_key": "fp|fdae10c5cf0c9abe321d3a22eeb2671fd48aacbeafcbffd57caa43bd78fefceb", "current_version": "^0.7.4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 136669, "scanner": "repobility-threat-engine", "fingerprint": "e1a4a4adffbb4ecf2c925d958403bc6c8b6473e03a385e4dd18b3b5a7c992586", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1a4a4adffbb4ecf2c925d958403bc6c8b6473e03a385e4dd18b3b5a7c992586"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/tui/format.ts"}, "region": {"startLine": 14}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 136664, "scanner": "repobility-threat-engine", "fingerprint": "a75380ac5b9350cb76677595cc0a5e78c041d39ef39609ed5b9fdac6f41363e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "activeRunCleanups.delete(key);", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a75380ac5b9350cb76677595cc0a5e78c041d39ef39609ed5b9fdac6f41363e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/framework/activeRunCleanup.ts"}, "region": {"startLine": 17}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 136659, "scanner": "repobility-threat-engine", "fingerprint": "56bfe482b963a84c3596061733fbda64e847b9de77b4e58259f95ec21a80615a", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|28|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/server-v3/scripts/runtimePaths.ts"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 136658, "scanner": "repobility-threat-engine", "fingerprint": "0bb1a3855a86c7949c5efb845286d918c68afdafb2d5585ba62860b7589b67ee", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|31|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/runtimePaths.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC114", "level": "error", "message": {"text": "[SEC114] path.join / Path() on user-controlled segment without containment check: filepath.Clean / path.Join on attacker-supplied segments does NOT prevent escape from the base directory. `../../../etc/passwd` resolves cleanly."}, "properties": {"repobilityId": 136657, "scanner": "repobility-threat-engine", "fingerprint": "c5733c84c1ae5a230bdefdb7d1f682fb6938008b63aa8114777dcc944769572e", "category": "path_traversal", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "path.resolve(input", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC114", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|26|sec114"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/docs/scripts/runtimePaths.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136655, "scanner": "repobility-threat-engine", "fingerprint": "ab7a9f427c2a5781a4929067c643be7c44ac62edbad01f9617716656f70bc275", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n  p", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ab7a9f427c2a5781a4929067c643be7c44ac62edbad01f9617716656f70bc275"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/evals/core/targets/localChrome.ts"}, "region": {"startLine": 58}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136654, "scanner": "repobility-threat-engine", "fingerprint": "a18a88d220bab505aec0a3fec4a3a272cb0a93c21fe792cbbc496653ca25d530", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a18a88d220bab505aec0a3fec4a3a272cb0a93c21fe792cbbc496653ca25d530"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/docs/scripts/sync-sdk-docs.js"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 136653, "scanner": "repobility-threat-engine", "fingerprint": "ff8c4c4f28da6f2bccfd9dd6262c23d87cf0e796bababf69aa580b336e4256e4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(t", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ff8c4c4f28da6f2bccfd9dd6262c23d87cf0e796bababf69aa580b336e4256e4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/scripts/build-dom-scripts.ts"}, "region": {"startLine": 131}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 136644, "scanner": "repobility-threat-engine", "fingerprint": "c9a8fbb321c767013e859feba1a0e4d17d2d6e8a75cb63c4c60d51e796796686", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(\n          (action) =>\n            `${chalk.yellow(action.description)} -> ${chalk.blue(action.a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c9a8fbb321c767013e859feba1a0e4d17d2d6e8a75cb63c4c60d51e796796686"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/examples/observe-variables-login.ts"}, "region": {"startLine": 68}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 136643, "scanner": "repobility-threat-engine", "fingerprint": "5c25ee27093b5f3c5e400e76dfcb2a044a77c68dd51b35b64a4c387d0af06e93", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((r) => `${chalk.yellow(r.description)} -> ${chalk.gray(r.selector)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|5c25ee27093b5f3c5e400e76dfcb2a044a77c68dd51b35b64a4c387d0af06e93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/examples/form-filling-sensible.ts"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 136642, "scanner": "repobility-threat-engine", "fingerprint": "09c842a23d4cc8bf0b91a10a708bd1fe21d6a347f269551ec9002d60cf5af79a", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((r) => `\"${r}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|09c842a23d4cc8bf0b91a10a708bd1fe21d6a347f269551ec9002d60cf5af79a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/commands/cloud/sessions/create.ts"}, "region": {"startLine": 128}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 136608, "scanner": "repobility-supply-chain", "fingerprint": "fb0a64012651a5c6c7342350235f3c8e9381d1f2ec19b2ae82780b09dbf7c7bf", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fb0a64012651a5c6c7342350235f3c8e9381d1f2ec19b2ae82780b09dbf7c7bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-evals.yml"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 136607, "scanner": "repobility-supply-chain", "fingerprint": "9c314edb81124b8264192f652ace551b0c85dfaefa64543bfde888011144cd74", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|9c314edb81124b8264192f652ace551b0c85dfaefa64543bfde888011144cd74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/publish-evals.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 136674, "scanner": "gitleaks", "fingerprint": "50e28209515862d4e3c42b1ae6eb759f95de1d38c3634e9c271a2df34a7828f4", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "apiKey\": \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|packages/docs/docs.json|42|apikey : redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/docs/docs.json"}, "region": {"startLine": 421}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 136673, "scanner": "gitleaks", "fingerprint": "a0f419b2aa9db553e2f3cf244fb159354fd28228eec1cde2e1e5f0af74e5c002", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|15|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/tests/unit/api-variables-schema.test.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "private-key", "level": "error", "message": {"text": "Identified a Private Key, which may compromise cryptographic security and sensitive data encryption."}, "properties": {"repobilityId": 136672, "scanner": "gitleaks", "fingerprint": "9bc743382d65d645ab2af76f319215028161ed77a3541a8c469e820191a5faf9", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "REDACTED", "rule_id": "private-key", "scanner": "gitleaks", "detector": "private-key", "correlation_key": "secret|token|8|redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/core/tests/unit/api-variables-schema.test.ts"}, "region": {"startLine": 84}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 136671, "scanner": "gitleaks", "fingerprint": "6411af50f29bd0cb729c41b7cdda1f7c0d49bd7d364155a3f9b31457e17066ad", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "browserbaseTelemetryProjectToken =\n  \"<redacted>\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|token|1|token redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packages/cli/src/lib/telemetry.ts"}, "region": {"startLine": 15}}}]}, {"ruleId": "generic-api-key", "level": "error", "message": {"text": "Detected a Generic API Key, potentially exposing access to various services and sensitive operations."}, "properties": {"repobilityId": 136670, "scanner": "gitleaks", "fingerprint": "f78c6b3956d41221d8403103aa301843e8c5f6e16452eb4bc754725b051fa933", "category": "credential_exposure", "severity": "critical", "confidence": 0.95, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "BRAINTRUST_API_KEY=\"\"\nREDACTED\"", "rule_id": "generic-api-key", "scanner": "gitleaks", "detector": "generic-api-key", "correlation_key": "secret|.env.example|1|braintrust_api_key redacted"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".env.example"}, "region": {"startLine": 5}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.PARITY_APP_PRIVATE_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136610, "scanner": "repobility-supply-chain", "fingerprint": "3b7a304046cb5cd3f4d0d4ec317bf929b9d3e8e1cf25ea572078770a35c0d2a9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3b7a304046cb5cd3f4d0d4ec317bf929b9d3e8e1cf25ea572078770a35c0d2a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/feature-parity.yml"}, "region": {"startLine": 65}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.PARITY_APP_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 136609, "scanner": "repobility-supply-chain", "fingerprint": "c2e5b9cdb4962b8d9757f26b442a4773b706bda02f7cd8dcd0a27e9497a3bd9d", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c2e5b9cdb4962b8d9757f26b442a4773b706bda02f7cd8dcd0a27e9497a3bd9d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/feature-parity.yml"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_PROJECT_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 136606, "scanner": "repobility-supply-chain", "fingerprint": "6ea612fdbda71101864560f2aca919d674375b0db6f8a9e17f0871b9d744918f", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|6ea612fdbda71101864560f2aca919d674375b0db6f8a9e17f0871b9d744918f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 724}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136605, "scanner": "repobility-supply-chain", "fingerprint": "01d20e44abb308a56c1173a664da5f56f336b7c42ad462d738df070f58887a46", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|01d20e44abb308a56c1173a664da5f56f336b7c42ad462d738df070f58887a46"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 723}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BRAINTRUST_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136604, "scanner": "repobility-supply-chain", "fingerprint": "e93ff81635e3daabe309ee7d9edfb179da1f777b93f08cc261443ee09a0054a8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e93ff81635e3daabe309ee7d9edfb179da1f777b93f08cc261443ee09a0054a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 722}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GOOGLE_GENERATIVE_AI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136603, "scanner": "repobility-supply-chain", "fingerprint": "3f420319153de73d40c59d12e0db1fac24b83e44ceffd47da34bf58731167e07", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3f420319153de73d40c59d12e0db1fac24b83e44ceffd47da34bf58731167e07"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 721}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.ANTHROPIC_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136602, "scanner": "repobility-supply-chain", "fingerprint": "c411ff070ce97c93e4ad1e4b459c3f2f541fbd639fc7cf6ff6376972338a4894", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c411ff070ce97c93e4ad1e4b459c3f2f541fbd639fc7cf6ff6376972338a4894"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 720}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136601, "scanner": "repobility-supply-chain", "fingerprint": "4cf0dce0285d5b1a8caf7c183bc3b6293310f236281a52219cb3392afb06d532", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4cf0dce0285d5b1a8caf7c183bc3b6293310f236281a52219cb3392afb06d532"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 719}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_PROJECT_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 136600, "scanner": "repobility-supply-chain", "fingerprint": "f23dc3931d2c5bd0a203337d44f83097a939cdea043154dea7d65ac4025a71a8", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f23dc3931d2c5bd0a203337d44f83097a939cdea043154dea7d65ac4025a71a8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 662}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136599, "scanner": "repobility-supply-chain", "fingerprint": "02719a17e6252d765364ee296082560ecba826cdc55f98a3259cf92c0b7b25e0", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|02719a17e6252d765364ee296082560ecba826cdc55f98a3259cf92c0b7b25e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 661}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GOOGLE_GENERATIVE_AI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136598, "scanner": "repobility-supply-chain", "fingerprint": "eb0b2955b190adacb987108c8733d0044045dc2f8f7941e9dea911634a936f19", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|eb0b2955b190adacb987108c8733d0044045dc2f8f7941e9dea911634a936f19"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 660}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.ANTHROPIC_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136597, "scanner": "repobility-supply-chain", "fingerprint": "77c148324af92d19598248a14301671ab53084a5c29400958adbcbfa6fe9ba34", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|77c148324af92d19598248a14301671ab53084a5c29400958adbcbfa6fe9ba34"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 659}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136596, "scanner": "repobility-supply-chain", "fingerprint": "59615a3bb4d1b92317fc77ddda0f97f0865cf34757e3db708fbe39fb0d1ea21a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|59615a3bb4d1b92317fc77ddda0f97f0865cf34757e3db708fbe39fb0d1ea21a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 658}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_PROJECT_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 136595, "scanner": "repobility-supply-chain", "fingerprint": "e3a21f302f43c1c0e115020f6efd298ea92bf5e9fc9fcd7d8b7dc1240f1d367a", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|e3a21f302f43c1c0e115020f6efd298ea92bf5e9fc9fcd7d8b7dc1240f1d367a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 602}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136594, "scanner": "repobility-supply-chain", "fingerprint": "b2ee030d2b7c11d8f571e138ad7331770db035d2677122173b3857b3a03d2e01", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|b2ee030d2b7c11d8f571e138ad7331770db035d2677122173b3857b3a03d2e01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 601}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GOOGLE_GENERATIVE_AI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136593, "scanner": "repobility-supply-chain", "fingerprint": "ea72397296b9d23fb2be74daa69babf8c575fadc43d672020dc98e78c8b04a4c", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ea72397296b9d23fb2be74daa69babf8c575fadc43d672020dc98e78c8b04a4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 600}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.ANTHROPIC_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136592, "scanner": "repobility-supply-chain", "fingerprint": "64e50a2fc1de8b472b19bc5a008b4b4d64e17861cf411222e2bacf7e7cc3b932", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|64e50a2fc1de8b472b19bc5a008b4b4d64e17861cf411222e2bacf7e7cc3b932"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 599}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136591, "scanner": "repobility-supply-chain", "fingerprint": "360f2558ef57153280d9cc11e0dd134339c5b227c169ab87ab5a13deaa50b255", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|360f2558ef57153280d9cc11e0dd134339c5b227c169ab87ab5a13deaa50b255"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 598}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_PROJECT_ID` on a `pull_request` trigger"}, "properties": {"repobilityId": 136590, "scanner": "repobility-supply-chain", "fingerprint": "491596b92f986e40709f1f2647c1b18f9d6d529452c7a1bc6edf205440ada3a9", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|491596b92f986e40709f1f2647c1b18f9d6d529452c7a1bc6edf205440ada3a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 501}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.BROWSERBASE_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136589, "scanner": "repobility-supply-chain", "fingerprint": "66389e024187de236c4e259227f51a0294ffe41a163ebf085df6f8fa59e29b89", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|66389e024187de236c4e259227f51a0294ffe41a163ebf085df6f8fa59e29b89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 500}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.ANTHROPIC_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136588, "scanner": "repobility-supply-chain", "fingerprint": "0a889bc175c761e336ba437d612e46061ac93e0f9aa28483a1fa707d98264d54", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0a889bc175c761e336ba437d612e46061ac93e0f9aa28483a1fa707d98264d54"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 498}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.GEMINI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136587, "scanner": "repobility-supply-chain", "fingerprint": "5daa3473324c3d96ecf3fea9c318e626d9bc7265c7c087b3d0d1ddc62bebc1e1", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|5daa3473324c3d96ecf3fea9c318e626d9bc7265c7c087b3d0d1ddc62bebc1e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 497}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.OPENAI_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136586, "scanner": "repobility-supply-chain", "fingerprint": "a09537c04ec6cb19c7c710442bcb4f542171f1b6b7e5976caea34f1da83fc227", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|a09537c04ec6cb19c7c710442bcb4f542171f1b6b7e5976caea34f1da83fc227"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 496}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.STAINLESS_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136585, "scanner": "repobility-supply-chain", "fingerprint": "4cdb4312ee04bb7c97f2c1a48b34506e265ce83e9fbd0dfe4006b72c4bcd1e85", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4cdb4312ee04bb7c97f2c1a48b34506e265ce83e9fbd0dfe4006b72c4bcd1e85"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stainless.yml"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED116", "level": "error", "message": {"text": "Workflow uses `secrets.STAINLESS_API_KEY` on a `pull_request` trigger"}, "properties": {"repobilityId": 136584, "scanner": "repobility-supply-chain", "fingerprint": "2229c89e69d15cb3cb6af7ef27896d677b8326cdb2dca8be2bf247bcacf23043", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-pull-request-secrets", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2229c89e69d15cb3cb6af7ef27896d677b8326cdb2dca8be2bf247bcacf23043"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/stainless.yml"}, "region": {"startLine": 36}}}]}]}]}