{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "WEB003", "name": "Public web service has no security.txt", "shortDescription": {"text": "Public web service has no security.txt"}, "fullDescription": {"text": "security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB015", "name": "Public web app has no Content Security Policy", "shortDescription": {"text": "Public web app has no Content Security Policy"}, "fullDescription": {"text": "A Content Security Policy reduces the blast radius of injected scripts if the app is ever served through preview, static hosting, or a web container outside its normal sandbox."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "JRN003", "name": "Frontend API reference is not matched by discovered backend routes", "shortDescription": {"text": "Frontend API reference is not matched by discovered backend routes"}, "fullDescription": {"text": "A frontend string references a same-origin API path that Repobility could not match to backend route inventory. This often causes live 404s in user journeys."}, "properties": {"scanner": "repobility-journey-contract", "category": "quality", "severity": "medium", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AUC012", "name": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json", "shortDescription": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, "}, "fullDescription": {"text": "FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.72, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AUC009", "name": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function", "shortDescription": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE "}, "fullDescription": {"text": "A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{session_id}."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.68, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC004", "name": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence ", "shortDescription": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/mcp/servers."}, "fullDescription": {"text": "An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/mcp/servers."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.66, "cwe": "CWE-285", "owasp": "API5:2023 Broken Function Level Authorization"}}, {"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "GHSA-58qx-3vcg-4xpx", "name": "ws: GHSA-58qx-3vcg-4xpx", "shortDescription": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "fullDescription": {"text": "ws: Uninitialized memory disclosure"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-4w7w-66w2-5vf9", "name": "vite: GHSA-4w7w-66w2-5vf9", "shortDescription": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "fullDescription": {"text": "Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-w5hq-g745-h8pq", "name": "uuid: GHSA-w5hq-g745-h8pq", "shortDescription": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "fullDescription": {"text": "uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-2j2x-hqr9-3h42", "name": "react-router: GHSA-2j2x-hqr9-3h42", "shortDescription": {"text": "react-router: GHSA-2j2x-hqr9-3h42"}, "fullDescription": {"text": "React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-qx2v-qp2m-jg93", "name": "postcss: GHSA-qx2v-qp2m-jg93", "shortDescription": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "fullDescription": {"text": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "GHSA-67mh-4wv8-2f99", "name": "esbuild: GHSA-67mh-4wv8-2f99", "shortDescription": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "fullDescription": {"text": "esbuild enables any website to send any requests to the development server and read the response"}, "properties": {"scanner": "osv-scanner", "category": "dependency", "severity": "medium", "confidence": 0.88, "cwe": "", "owasp": ""}}, {"id": "SEC014", "name": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks.", "shortDescription": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "fullDescription": {"text": "Enable SSL verification. Use verify=True (default) for requests. Pin certificates if needed."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC012", "name": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the t", "shortDescription": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "fullDescription": {"text": "Validate extracted paths with os.path.realpath() and ensure they stay within the target directory."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC139", "name": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payme", "shortDescription": {"text": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks \u2014 exactly the surfaces that need tests \u2014 with no companion test file. AI agents rewrite handlers fluent"}, "fullDescription": {"text": "Require a companion test file for any change to auth/admin/users/payments/webhooks paths. CI gate: if `src/auth/*.py` changed in a PR, fail if `tests/auth/*.py` did not also change. For migrations, require an explicit rollback (`op.execute('-- rollback ...')`) plus a test that exercises both directions."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC087", "name": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces", "shortDescription": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "fullDescription": {"text": "Use `crypto.randomBytes(32).toString('hex')` (Node) or `crypto.getRandomValues()` (browser)."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `load_all` has cognitive complexity 16 (SonarSource scale). Cognitive comp", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `load_all` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-GHA", "name": "GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)", "shortDescription": {"text": "GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)"}, "fullDescription": {"text": "`uses: actions/setup-node@v4` is 2 major version(s) behind the latest published release v6.4.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises \u2014 and which Repobility had no coverage for."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "DEPCUR-NPM", "name": "npm package `@vitejs/plugin-react` is 2 major version(s) behind (4.7.0 -> 6.0.2)", "shortDescription": {"text": "npm package `@vitejs/plugin-react` is 2 major version(s) behind (4.7.0 -> 6.0.2)"}, "fullDescription": {"text": "`@vitejs/plugin-react` is pinned/resolved at 4.7.0 but the latest stable release on the npm registry is 6.0.2 (2 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise."}, "properties": {"scanner": "repobility-dependency-currency", "category": "dependency", "severity": "medium", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED111", "name": "Bare except continues silently", "shortDescription": {"text": "Bare except continues silently"}, "fullDescription": {"text": "Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "WEB011", "name": "Public web app has no humans.txt", "shortDescription": {"text": "Public web app has no humans.txt"}, "fullDescription": {"text": "humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.5, "cwe": "", "owasp": ""}}, {"id": "WEB008", "name": "Public docs site has no llms.txt", "shortDescription": {"text": "Public docs site has no llms.txt"}, "fullDescription": {"text": "AI coding agents increasingly read llms.txt to find canonical docs and API workflows. Without it, agents are more likely to browse pages repeatedly or use stale instructions."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.64, "cwe": "", "owasp": ""}}, {"id": "WEB002", "name": "Public web app has no sitemap", "shortDescription": {"text": "Public web app has no sitemap"}, "fullDescription": {"text": "A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "WEB001", "name": "Public web app has no robots.txt", "shortDescription": {"text": "Public web app has no robots.txt"}, "fullDescription": {"text": "Public websites should publish a robots.txt file so crawlers and AI agents can discover crawl rules and sitemap locations without guessing."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC006", "name": "Archive or legacy directory is mixed into the active repository root", "shortDescription": {"text": "Archive or legacy directory is mixed into the active repository root"}, "fullDescription": {"text": "Archive, old, backup, or legacy directories at the root often hide obsolete implementations that AI agents can copy from or accidentally rewire."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "MINED047", "name": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested.", "shortDescription": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED079", "name": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk.", "shortDescription": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-193 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC135", "name": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 4 more): Same pattern found in 4 additional files. ", "shortDescription": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Add the project's auth decorator/middleware: `@login_required` (Django/Flask), `@permission_classes([IsAuthenticated])` (DRF), `Depends(get_current_user)` (FastAPI), `requireAuth` middleware (Express). For genuinely public endpoints, add a `# public-endpoint` marker comment so future scans skip them."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED067", "name": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.", "shortDescription": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-400 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index (and 5 more): Same pattern found in 5 additional files. Review if needed.", "shortDescription": {"text": "[MINED056] React Key As Index (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED052", "name": "[MINED052] Ts Any Typed (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[MINED052] Ts Any Typed (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-704 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC103", "name": "[SEC103] LDAP injection \u2014 non-constant search filter (and 1 more): Same pattern found in 1 additional files. Review if n", "shortDescription": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders)."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED072", "name": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in.", "shortDescription": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 13 more): Same pattern found in 13 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED006", "name": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-705 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED049", "name": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.", "shortDescription": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 / A09:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED064] Python Input Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED012", "name": "[MINED012] Curl Pipe Bash (and 4 more): Same pattern found in 4 additional files. Review if needed.", "shortDescription": {"text": "[MINED012] Curl Pipe Bash (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-494 / A08:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass (and 32 more): Same pattern found in 32 additional files. Review if needed.", "shortDescription": {"text": "[MINED001] Bare Except Pass (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function (and 50 more): Same pattern found in 50 additional files. Review if needed.", "shortDescription": {"text": "[MINED050] Stub Only Function (and 50 more): Same pattern found in 50 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Settings screens sometimes render API keys, tokens, or passwords back into HTML/JSX password fields. That still exposes the secret to page source, browser extensions, screenshots, and DOM scraping."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}, {"id": "JRN004", "name": "Consent is collected in UI without visible backend audit persistence", "shortDescription": {"text": "Consent is collected in UI without visible backend audit persistence"}, "fullDescription": {"text": "A frontend journey appears to ask for consent to share identity/KYC/biometric data, but backend code does not show a consent audit model with scope, purpose, legal text version, timestamp, IP, or user-agent evidence."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AUC003", "name": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby a", "shortDescription": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/v1/entities/{entity_id}."}, "fullDescription": {"text": "A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/v1/entities/{entity_id}."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "high", "confidence": 0.7, "cwe": "CWE-639", "owasp": "API1:2023 Broken Object Level Authorization"}}, {"id": "MINED014", "name": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in G", "shortDescription": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-295 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC078", "name": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsiv", "shortDescription": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a re"}, "fullDescription": {"text": "Add `timeout=10` (or appropriate value) to every requests call."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "Action `actions/setup-node` pinned to mutable ref `@v4`", "shortDescription": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "fullDescription": {"text": "`uses: actions/setup-node@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED112", "name": "FastAPI POST /create has no auth", "shortDescription": {"text": "FastAPI POST /create has no auth"}, "fullDescription": {"text": "Handler `api_create_event` is registered with router/app.post(...) but no Depends/Security parameter is declared and no auth marker appears in the function body."}, "properties": {"scanner": "repobility-route-auth", "category": "quality", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED110", "name": "Blocking call `urllib.request.urlopen` inside async function `morning_briefing`", "shortDescription": {"text": "Blocking call `urllib.request.urlopen` inside async function `morning_briefing`"}, "fullDescription": {"text": "`urllib.request.urlopen` is a synchronous (blocking) call. When invoked inside an `async def` it stalls the event loop, preventing every other coroutine in the process from making progress."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "Phantom test coverage: test_provider", "shortDescription": {"text": "Phantom test coverage: test_provider"}, "fullDescription": {"text": "Test function `test_provider` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "`self._start_step` used but never assigned in __init__", "shortDescription": {"text": "`self._start_step` used but never assigned in __init__"}, "fullDescription": {"text": "Method `_execute_workflow` of class `DurableWorkflowEngine` reads `self._start_step`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED107", "name": "Missing import: `html` used but not imported", "shortDescription": {"text": "Missing import: `html` used but not imported"}, "fullDescription": {"text": "The file uses `html.something(...)` but never imports `html`. This raises NameError at runtime the first time the line executes."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/1169"}, "properties": {"repository": "xbrxr03/clawos", "repoUrl": "https://github.com/xbrxr03/clawos", "branch": "main"}, "results": [{"ruleId": "WEB003", "level": "warning", "message": {"text": "Public web service has no security.txt"}, "properties": {"repobilityId": 117310, "scanner": "repobility-web-presence", "fingerprint": "5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app/API but no security.txt file or route was discovered.", "evidence": {"rule_id": "WEB003", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9116", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|5cd26606c5a53c9f403ff7a92a6917c19cf440a23ce03e2b90e8c493312ef8cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".well-known/security.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB015", "level": "warning", "message": {"text": "Public web app has no Content Security Policy"}, "properties": {"repobilityId": 117309, "scanner": "repobility-web-presence", "fingerprint": "7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63", "category": "quality", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no CSP header, framework header config, Helmet policy, or CSP meta tag was discovered.", "evidence": {"rule_id": "WEB015", "scanner": "repobility-web-presence", "references": ["https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|7eb70cae3ff63d8ed7c31706185d32b37655333b40b58ca826d740b08fb1ad63"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "index.html"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 117299, "scanner": "repobility-journey-contract", "fingerprint": "0e9932d81e9bd780157ba52df3709323702a983462b04a3299f901d610fc6d5d", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/setup/frameworks{param}", "correlation_key": "fp|0e9932d81e9bd780157ba52df3709323702a983462b04a3299f901d610fc6d5d", "backend_endpoint_count": 287}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/static/assets/workflows-BhVdju9M.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 117298, "scanner": "repobility-journey-contract", "fingerprint": "cf8a8a11fc069a5d504afc064caa57de4c0fef51e42ae05b52d6bd21f14f1384", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/setup/openclaw/{param}", "correlation_key": "fp|cf8a8a11fc069a5d504afc064caa57de4c0fef51e42ae05b52d6bd21f14f1384", "backend_endpoint_count": 287}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/static/assets/setup-Cez0JBY1.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 117297, "scanner": "repobility-journey-contract", "fingerprint": "5139aea6381097892ce95a0a8d98feb16e00b154a6435b0c2aea63286895580e", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/setup/openclaw/{param}", "correlation_key": "fp|5139aea6381097892ce95a0a8d98feb16e00b154a6435b0c2aea63286895580e", "backend_endpoint_count": 287}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/screens/OpenClawOnboardModal.tsx"}, "region": {"startLine": 23}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 117296, "scanner": "repobility-journey-contract", "fingerprint": "694c38d27ea6f3371d0dfb40dbad99739d483baf4022f64861ac3202ab90451f", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/setup/openclaw/{param}", "correlation_key": "fp|694c38d27ea6f3371d0dfb40dbad99739d483baf4022f64861ac3202ab90451f", "backend_endpoint_count": 287}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/screens/OpenClawOnboardModal.tsx"}, "region": {"startLine": 14}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 117295, "scanner": "repobility-journey-contract", "fingerprint": "99b8c0a699cebed5017b96c9419cff6a68cbcaa0ca027d69d48c35293ef37765", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/workflows/list{param}", "correlation_key": "fp|99b8c0a699cebed5017b96c9419cff6a68cbcaa0ca027d69d48c35293ef37765", "backend_endpoint_count": 287}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/lib/commandCenterApi.ts"}, "region": {"startLine": 868}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 117294, "scanner": "repobility-journey-contract", "fingerprint": "6e3319ddbddc8e3f8e1cdd17a4b0717714fcb77e01dbc73e1a5a9965c1f82362", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/setup/frameworks{param}", "correlation_key": "fp|6e3319ddbddc8e3f8e1cdd17a4b0717714fcb77e01dbc73e1a5a9965c1f82362", "backend_endpoint_count": 287}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/lib/commandCenterApi.ts"}, "region": {"startLine": 605}}}]}, {"ruleId": "JRN003", "level": "warning", "message": {"text": "Frontend API reference is not matched by discovered backend routes"}, "properties": {"repobilityId": 117293, "scanner": "repobility-journey-contract", "fingerprint": "baf8682a0851d79ebfbc1f653d78db9c5f7405981ba2f27911e064efc241ed34", "category": "quality", "severity": "medium", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Same-origin /api path appears in frontend code but no discovered backend endpoint has the same route shape.", "evidence": {"rule_id": "JRN003", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "route_shape": "/api/memory/nexus_default", "correlation_key": "fp|baf8682a0851d79ebfbc1f653d78db9c5f7405981ba2f27911e064efc241ed34", "backend_endpoint_count": 287}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clients/dashboard/index.html"}, "region": {"startLine": 666}}}]}, {"ruleId": "AUC012", "level": "warning", "message": {"text": "[AUC012] FastAPI interactive docs may be exposed by framework defaults: FastAPI exposes /docs, /redoc, and /openapi.json by default. Public production APIs should explicitly disable those defaults, protect them behind admin authentication, or publish a reviewed OpenAPI spec with declared security requirements."}, "properties": {"repobilityId": 117292, "scanner": "repobility-access-control", "fingerprint": "27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899", "category": "auth", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"apps": [{"line": 25, "file_path": "clawos_core/fastapi_lifespan.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 86, "file_path": "clawos_core/fastapi_lifespan.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 38, "file_path": "clawos_core/daemon_http.py", "docs_url_disabled": true, "redoc_url_disabled": true, "openapi_url_disabled": false}, {"line": 135, "file_path": "archive/legacy/dashboard-backend/service.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}, {"line": 718, "file_path": "services/desktopd/main.py", "docs_url_disabled": false, "redoc_url_disabled": false, "openapi_url_disabled": false}], "scanner": "repobility-access-control", "correlation_key": "fp|27f8c50db94c1d5138790446654bd4d0b5823ce185d040059e5a7502358b5899"}}}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{session_id}."}, "properties": {"repobilityId": 117291, "scanner": "repobility-access-control", "fingerprint": "163c09bf9df44469884f660bb83beb380c9a7e502e367a14ae751b012d472b72", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{session_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|161|cwe-285", "identity_targets": ["authenticated", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/researchd/service.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /export/ical."}, "properties": {"repobilityId": 117290, "scanner": "repobility-access-control", "fingerprint": "4c86103f3c21d431aa068abddb794579d1ef9746e5bb172e4d822258329ddb3c", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/export/ical", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|54|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/calendard/service.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{event_id}."}, "properties": {"repobilityId": 117289, "scanner": "repobility-access-control", "fingerprint": "66a3b2c2b820f4940cfe0633e25f66cf6520e4f7798f776a0cd51b6cbb4d330d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{event_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|46|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/calendard/service.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /{note_id}."}, "properties": {"repobilityId": 117288, "scanner": "repobility-access-control", "fingerprint": "3181206c8361ef38118e467c8d1b75e259e9a9409676e263efc24a403b34f597", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{note_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/noted/service.py|66|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /api/peers."}, "properties": {"repobilityId": 117287, "scanner": "repobility-access-control", "fingerprint": "eca25d94c7102fb505b78328ec8515e7867dab7fd076f3429099a7fd9cceae0f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/peers", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|559|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 559}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /api/tokens."}, "properties": {"repobilityId": 117286, "scanner": "repobility-access-control", "fingerprint": "a27ecccf1aa9fbe2754e4e15050db0d44223a6ff552377079fa4cef7933db08d", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/tokens", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|545|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 545}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: DELETE /api/models/{model_name}."}, "properties": {"repobilityId": 117285, "scanner": "repobility-access-control", "fingerprint": "8431099d6745c7c12cd6a443b25297f56a0af1fea4433bce4c60e29a9f154d7f", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/models/{model_name}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|289|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /api/approvals/{approval_id}/deny."}, "properties": {"repobilityId": 117284, "scanner": "repobility-access-control", "fingerprint": "aadfe1e9b3ac2d4b60a903e959a89331900187f410a1f7a1d8cd6262119ed1ab", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/approvals/{approval_id}/deny", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|247|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: POST /api/approvals/{approval_id}/approve."}, "properties": {"repobilityId": 117283, "scanner": "repobility-access-control", "fingerprint": "dfe3d4cd27f8921252b63554914539b9cbb813ce5dc71d26d4b2b3e2240596f0", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/approvals/{approval_id}/approve", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|242|cwe-285", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "AUC009", "level": "warning", "message": {"text": "[AUC009] Sensitive function route lacks elevated authorization evidence: A route appears to perform a sensitive function such as export, invite, role, token, billing, or destructive action without elevated policy evidence. Endpoint: GET /api/approvals."}, "properties": {"repobilityId": 117282, "scanner": "repobility-access-control", "fingerprint": "a6d60271929992686241493468fcdb0bbba7e222f4ef6864ac6500c4bbd65519", "category": "auth", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/approvals", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|237|cwe-285", "identity_targets": ["unknown"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/mcp/servers."}, "properties": {"repobilityId": 117281, "scanner": "repobility-access-control", "fingerprint": "26a7048c317e1af725780016249435919525f2ddbd2283e044f0a1f95ee2580c", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/mcp/servers", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/dashd/api.py|2494|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 2494}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/a2a/signing-key."}, "properties": {"repobilityId": 117280, "scanner": "repobility-access-control", "fingerprint": "7cc43da5e2119386d1c080896277e51955e70492de5c14867cab1540eaff8491", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/a2a/signing-key", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/dashd/api.py|2487|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 2487}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/research/sessions/{session_id}/pause."}, "properties": {"repobilityId": 117279, "scanner": "repobility-access-control", "fingerprint": "fae723053fca9ed4acc17b75c608c6e222e37720468d560cd05a520ae2176e74", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/research/sessions/{session_id}/pause", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/dashd/api.py|2272|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 2272}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/approve/{request_id}."}, "properties": {"repobilityId": 117278, "scanner": "repobility-access-control", "fingerprint": "d4c1d5e86a2aa9ed14a68ab6c1d1c2b62ac17df09848486460ef9128a6a52609", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/approve/{request_id}", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/dashd/api.py|1147|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 1147}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/chat."}, "properties": {"repobilityId": 117277, "scanner": "repobility-access-control", "fingerprint": "b1ea5a50c4397c67771cb9dbb379bb51928ddec3799d66512940aad7334413dc", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/chat", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/dashd/api.py|1136|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 1136}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/tasks/{task_id}."}, "properties": {"repobilityId": 117276, "scanner": "repobility-access-control", "fingerprint": "ab3fdfe493773f37aa2a4796e81c7ee45c4a0e4f0b616b61dd471ac9557366ef", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/tasks/{task_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/dashd/api.py|1127|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 1127}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/tasks/submit."}, "properties": {"repobilityId": 117275, "scanner": "repobility-access-control", "fingerprint": "86e6feafe4151f3d45d499668b09e9c3d0124e579280308e70966b4799fbd4c4", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/tasks/submit", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/dashd/api.py|1104|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 1104}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/nexus/chat."}, "properties": {"repobilityId": 117274, "scanner": "repobility-access-control", "fingerprint": "91e604abdc891c04d3f10678e61ab99f4e5a9303a4d07190d428fdebdd7affd1", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/nexus/chat", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|624|cwe-285", "identity_targets": ["unknown", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 624}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: POST /api/agents/{workspace_id}/reset."}, "properties": {"repobilityId": 117273, "scanner": "repobility-access-control", "fingerprint": "bfe40d14723b7ba59d1aa7fc5b69f84b5c4d62066b472779d1a69e98fd4698a6", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/agents/{workspace_id}/reset", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|612|cwe-285", "identity_targets": ["authenticated", "owner", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 612}}}]}, {"ruleId": "AUC004", "level": "warning", "message": {"text": "[AUC004] Admin route does not show super_admin separation: An administrative route was detected without nearby evidence that platform super_admin access is separated from tenant/application admin access. Endpoint: GET /api/agents."}, "properties": {"repobilityId": 117272, "scanner": "repobility-access-control", "fingerprint": "f711539d9f42a4def0c703c9c4ade61abc759c4c62e91a2b66eb26716f13b3e3", "category": "auth", "severity": "medium", "confidence": 0.66, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/agents", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|593|cwe-285", "identity_targets": ["authenticated", "admin"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 593}}}]}, {"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 117261, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["Django", "FastAPI"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "GHSA-58qx-3vcg-4xpx", "level": "warning", "message": {"text": "ws: GHSA-58qx-3vcg-4xpx"}, "properties": {"repobilityId": 117260, "scanner": "osv-scanner", "fingerprint": "b29a3f025c38eb6cbbbf0c8f09d7eae016b3b0dc7f460654acd7e7135d65e344", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-45736"], "package": "ws", "rule_id": "GHSA-58qx-3vcg-4xpx", "scanner": "osv-scanner", "correlation_key": "vuln|ws|CVE-2026-45736|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-4w7w-66w2-5vf9", "level": "warning", "message": {"text": "vite: GHSA-4w7w-66w2-5vf9"}, "properties": {"repobilityId": 117259, "scanner": "osv-scanner", "fingerprint": "96e6dc113b9c527c96e1622a3014fba3de73ee5f25da0ea6865d65c84faa80a4", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-39365"], "package": "vite", "rule_id": "GHSA-4w7w-66w2-5vf9", "scanner": "osv-scanner", "correlation_key": "vuln|vite|CVE-2026-39365|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-w5hq-g745-h8pq", "level": "warning", "message": {"text": "uuid: GHSA-w5hq-g745-h8pq"}, "properties": {"repobilityId": 117258, "scanner": "osv-scanner", "fingerprint": "86fe750365f8b8059b013970017c43122eb74e125aa14e1673970d56f5e08df6", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41907"], "package": "uuid", "rule_id": "GHSA-w5hq-g745-h8pq", "scanner": "osv-scanner", "correlation_key": "vuln|uuid|CVE-2026-41907|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-2j2x-hqr9-3h42", "level": "warning", "message": {"text": "react-router: GHSA-2j2x-hqr9-3h42"}, "properties": {"repobilityId": 117257, "scanner": "osv-scanner", "fingerprint": "613ad9b75b7f9f23d6464a714d82cace2e767376a37ca37c22266c7594addf63", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-40181"], "package": "react-router", "rule_id": "GHSA-2j2x-hqr9-3h42", "scanner": "osv-scanner", "correlation_key": "vuln|react-router|CVE-2026-40181|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-qx2v-qp2m-jg93", "level": "warning", "message": {"text": "postcss: GHSA-qx2v-qp2m-jg93"}, "properties": {"repobilityId": 117256, "scanner": "osv-scanner", "fingerprint": "28ce31bc7d6ac2293ce2ff5ebb487f1c006eec9625049f4275dbadca9759cd88", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "aliases": ["CVE-2026-41305"], "package": "postcss", "rule_id": "GHSA-qx2v-qp2m-jg93", "scanner": "osv-scanner", "correlation_key": "vuln|postcss|CVE-2026-41305|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "GHSA-67mh-4wv8-2f99", "level": "warning", "message": {"text": "esbuild: GHSA-67mh-4wv8-2f99"}, "properties": {"repobilityId": 117255, "scanner": "osv-scanner", "fingerprint": "35b552e5416134f9141c5790f944779304469314f947c56f319a689b80323a61", "category": "dependency", "severity": "medium", "confidence": 0.88, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"match": "", "package": "esbuild", "rule_id": "GHSA-67mh-4wv8-2f99", "scanner": "osv-scanner", "correlation_key": "vuln|esbuild|GHSA-67MH-4WV8-2F99|token"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package-lock.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC014", "level": "warning", "message": {"text": "[SEC014] SSL Verification Disabled: SSL certificate verification is disabled, allowing man-in-the-middle attacks."}, "properties": {"repobilityId": 117253, "scanner": "repobility-threat-engine", "fingerprint": "ecff27eba4b943783836e277f051e3d82e925f89b6323d0552803848bc9e781a", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "verify=False", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC014", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|26|sec014"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/pr_review/workflow.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC012", "level": "warning", "message": {"text": "[SEC012] ZipSlip \u2014 Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory."}, "properties": {"repobilityId": 117249, "scanner": "repobility-threat-engine", "fingerprint": "a842a6b32b52de089ea28c1d141160f3e6c0129eec9e063eaa7788c5d8c54fbf", "category": "path_traversal", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".extractall(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC012", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|path_traversal|token|116|sec012"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/marketplace/installer.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "SEC139", "level": "warning", "message": {"text": "[SEC139] AI-generated migration/route without companion test file: Route or migration touching auth, admin, users, payments, or webhooks \u2014 exactly the surfaces that need tests \u2014 with no companion test file. AI agents rewrite handlers fluently but skip the test diff almost every time, leaving high-blast-radius code uncovered. Distinct from generic 'no tests' because we target sensitive surfaces where the absence of tests is itself a risk signal. CWE-1078 (missing test coverage of security-critica"}, "properties": {"repobilityId": 117248, "scanner": "repobility-threat-engine", "fingerprint": "081a5dcc00b99da5058f54d89a4d80107ccc9de4e940805de31ecc186d91c0f8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@app.post(\"/api/v1/workflows\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC139", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|081a5dcc00b99da5058f54d89a4d80107ccc9de4e940805de31ecc186d91c0f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/visuald/main.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 117247, "scanner": "repobility-threat-engine", "fingerprint": "6a9b36f4de16c0ace31c6cea46a3af838219ec1a0bce1fc2d15917e00bb1fc67", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "def create_virtual_key", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|services/llmd/service.py|191|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/llmd/service.py"}, "region": {"startLine": 191}}}]}, {"ruleId": "SEC015", "level": "warning", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 117246, "scanner": "repobility-threat-engine", "fingerprint": "cdd9d0efa5302f4dda04032445f241992a0875d433d9afef03ef28a51ffe24f4", "category": "crypto", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "evidence": {"match": "Math.random()-.5)*8:0);f.style.height=`${Math.max(3,Math.min(70,g))}px`}),d.current=requestAnimation", "reason": "Security-sensitive keyword found nearby \u2014 weak PRNG is risky here", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|crypto|token|1|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/static/assets/JarvisVoice-DoQXvFy8.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 117236, "scanner": "repobility-threat-engine", "fingerprint": "302a93377eaae477e6f690e5afcd1b4de6507d95caa536c0d1df8071ee24cff4", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "eval (", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|tools/shell/do/safety.py|57|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/shell/do/safety.py"}, "region": {"startLine": 57}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 117235, "scanner": "repobility-threat-engine", "fingerprint": "db38386fa2f9026591ff7a1e6486df0b85a05f2fb86e773e5f0ea312235aa3bc", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|155|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/marketplace/sandbox.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 117234, "scanner": "repobility-threat-engine", "fingerprint": "e64083818b90867959e45f50044fe787dd1a394450623d9c690ddd53de379224", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|scripts/security_audit.py|46|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/security_audit.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 117228, "scanner": "repobility-threat-engine", "fingerprint": "e034ebbcdd93294283888678be56b33d9e64b08ac2ab8e391f258c83d9eb3cc3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Math.random()*2),r.total);return{...r,done:a,file:a===r.total?\"complete\":e[a%e.length],activ", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e034ebbcdd93294283888678be56b33d9e64b08ac2ab8e391f258c83d9eb3cc3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/static/assets/Brain-HCR_Wu1E.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC087", "level": "warning", "message": {"text": "[SEC087] JS: weak Math.random for crypto: Math.random() is not cryptographically secure; using it for tokens/keys/nonces is predictable. Ported from gosec G404 / eslint detect-pseudoRandomBytes concept (Apache-2.0)."}, "properties": {"repobilityId": 117227, "scanner": "repobility-threat-engine", "fingerprint": "d6802b087400ede685ee8aa7df8133fb1058777286050f9c025df0033f94a384", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "ive ? (Math.random(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC087", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d6802b087400ede685ee8aa7df8133fb1058777286050f9c025df0033f94a384"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/atoms.tsx"}, "region": {"startLine": 62}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 117225, "scanner": "repobility-threat-engine", "fingerprint": "75d56e37502cfe5d52c619056622a394d8101b139167e95f04856780b062a485", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|75d56e37502cfe5d52c619056622a394d8101b139167e95f04856780b062a485"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Traces.tsx"}, "region": {"startLine": 66}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 117224, "scanner": "repobility-threat-engine", "fingerprint": "7a6807e7678cc7daf73a236ecf9300b5fd3084f1c572b9303733c0d07331775a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7a6807e7678cc7daf73a236ecf9300b5fd3084f1c572b9303733c0d07331775a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Memory.tsx"}, "region": {"startLine": 61}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 117223, "scanner": "repobility-threat-engine", "fingerprint": "860f89bc62fa6a0e122356b72740d9116a36cdff51a4efa8e5aef8474d3c57f5", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch(e) {}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|860f89bc62fa6a0e122356b72740d9116a36cdff51a4efa8e5aef8474d3c57f5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/hooks/useClawOS.js"}, "region": {"startLine": 93}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 117206, "scanner": "repobility-threat-engine", "fingerprint": "05e532e9840650a02cdd0408d890234b59244155cfd13cc4b63b2ee728cf1bb2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        return subprocess.check_output([resolve_executable(\"node\"), \"-v\"], cwd=ROOT, text=True)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|05e532e9840650a02cdd0408d890234b59244155cfd13cc4b63b2ee728cf1bb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_repo.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 117205, "scanner": "repobility-threat-engine", "fingerprint": "a22deaec158e38b3ac2f65d6663af723242eb63656ff50205a08e13341c646d0", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n        req = urllib.request.Request(url, headers={\"User-Agent\": \"ClawOS-Status/1.0\"})", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a22deaec158e38b3ac2f65d6663af723242eb63656ff50205a08e13341c646d0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/status.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 117199, "scanner": "repobility-threat-engine", "fingerprint": "4c76a569c5a4ecf0f6ab65a8f4c84c71659a852ce79055d5de2868951a6c7714", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n        pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4c76a569c5a4ecf0f6ab65a8f4c84c71659a852ce79055d5de2868951a6c7714"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/nexus-command/serve.py"}, "region": {"startLine": 22}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 117198, "scanner": "repobility-threat-engine", "fingerprint": "d22525989771fe8116deba387aa30898f24351ba742fe189d2bc87057abc1e5f", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d22525989771fe8116deba387aa30898f24351ba742fe189d2bc87057abc1e5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/status.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 117197, "scanner": "repobility-threat-engine", "fingerprint": "05d26714e63ca48fcb83184d638a37e2064a2259fa04dd0c12710871c38d37ac", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|05d26714e63ca48fcb83184d638a37e2064a2259fa04dd0c12710871c38d37ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/dashboard.py"}, "region": {"startLine": 252}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `load_all` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=2, except=1, for=3, if=2, nested_bonus=8."}, "properties": {"repobilityId": 117159, "scanner": "repobility-threat-engine", "fingerprint": "19487a683cf7967022de77da5ff99868fb0c642cb85028f40129122b23fc492d", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "load_all", "breakdown": {"if": 2, "for": 3, "except": 1, "continue": 2, "nested_bonus": 8}, "complexity": 16, "correlation_key": "fp|19487a683cf7967022de77da5ff99868fb0c642cb85028f40129122b23fc492d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/capabilityd/service.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 117156, "scanner": "repobility-agent-runtime", "fingerprint": "cae64a8be4b69456c93d884ea3e4722d2d61d59ba2e7cf6e1527aaaea0f7b172", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|cae64a8be4b69456c93d884ea3e4722d2d61d59ba2e7cf6e1527aaaea0f7b172"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/static/assets/setup-Cez0JBY1.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117155, "scanner": "repobility-agent-runtime", "fingerprint": "4f8f02ecd76bd8a9a0666f252a3e4a7a9a9fc96326b41d0edffba44f0832a9bf", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|4f8f02ecd76bd8a9a0666f252a3e4a7a9a9fc96326b41d0edffba44f0832a9bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/security_audit.py"}, "region": {"startLine": 65}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117154, "scanner": "repobility-agent-runtime", "fingerprint": "b063d9e12096b4e292f26e3bf14be3df39b4ed7e753cacd1eb7f54c1a064eb97", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|b063d9e12096b4e292f26e3bf14be3df39b4ed7e753cacd1eb7f54c1a064eb97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/launch/hn_post.md"}, "region": {"startLine": 22}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117153, "scanner": "repobility-agent-runtime", "fingerprint": "e6aabc44629427d06e623d6f3fb75241ee3077199e608a6e442bd51a0cb5bea9", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|e6aabc44629427d06e623d6f3fb75241ee3077199e608a6e442bd51a0cb5bea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/launch/demo_script.md"}, "region": {"startLine": 11}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117152, "scanner": "repobility-agent-runtime", "fingerprint": "fe042f2beca4cb3fc4f091ed94c55705b6a8c4cae446de7e71a9df3edc2c7695", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|fe042f2beca4cb3fc4f091ed94c55705b6a8c4cae446de7e71a9df3edc2c7695"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/iso/hooks/01-install-deps.sh"}, "region": {"startLine": 31}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117151, "scanner": "repobility-agent-runtime", "fingerprint": "56c2a601327b778bddf8714aebf41951a52cd23b46c906c297d1580e4777d2b7", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|56c2a601327b778bddf8714aebf41951a52cd23b46c906c297d1580e4777d2b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "landing/og-card.html"}, "region": {"startLine": 192}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 117150, "scanner": "repobility-agent-runtime", "fingerprint": "feb948bfd7db4c691df8e795523d69ecd6d65b5d82fb75337152e07b28a75615", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|feb948bfd7db4c691df8e795523d69ecd6d65b5d82fb75337152e07b28a75615"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "install.sh"}, "region": {"startLine": 331}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117149, "scanner": "repobility-agent-runtime", "fingerprint": "9e1e718774210470fc143ea2397b1acae4662be2356f8852f626ea69cc1d32b8", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9e1e718774210470fc143ea2397b1acae4662be2356f8852f626ea69cc1d32b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/SECURITY_AUDIT.md"}, "region": {"startLine": 15}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117148, "scanner": "repobility-agent-runtime", "fingerprint": "d746387421eb5a906ccb018ee2ded90af54b7630379a731410f35ea321ce9576", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d746387421eb5a906ccb018ee2ded90af54b7630379a731410f35ea321ce9576"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/LAUNCH/twitter_thread.md"}, "region": {"startLine": 9}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117147, "scanner": "repobility-agent-runtime", "fingerprint": "d34a865c9503764de61c798f4cbed9f38271e9c2408ee0c6b4472647301d17b1", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|d34a865c9503764de61c798f4cbed9f38271e9c2408ee0c6b4472647301d17b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/LAUNCH/hn_submission.md"}, "region": {"startLine": 12}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117146, "scanner": "repobility-agent-runtime", "fingerprint": "010a3a9022f5892483f7bc8d5965b8a917907eb22ef4faca121854786aff6bee", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|010a3a9022f5892483f7bc8d5965b8a917907eb22ef4faca121854786aff6bee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/INSTALL_URL_SETUP.md"}, "region": {"startLine": 46}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 117145, "scanner": "repobility-agent-runtime", "fingerprint": "d026d47170e90b348f213da039b1fbd8a2b5527f54866610f4c7436ef08de1f4", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|d026d47170e90b348f213da039b1fbd8a2b5527f54866610f4c7436ef08de1f4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/screens/SummaryScreen.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 117144, "scanner": "repobility-agent-runtime", "fingerprint": "d9cc5377a277cd2c121b4852fd488731970efd6316aa1ba26436f90102156e76", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|d9cc5377a277cd2c121b4852fd488731970efd6316aa1ba26436f90102156e76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/SetupPage.tsx"}, "region": {"startLine": 101}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 117143, "scanner": "repobility-agent-runtime", "fingerprint": "eabd6296e99d627a744fae17579cbec2c1a10f23d1240ddff50bb9eb4821d1ab", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|eabd6296e99d627a744fae17579cbec2c1a10f23d1240ddff50bb9eb4821d1ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/components/GettingStartedCard.tsx"}, "region": {"startLine": 82}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117142, "scanner": "repobility-agent-runtime", "fingerprint": "aa10ac25791992100e054fca6c1517eec32400282d531995a5db24cad51d3aa3", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|aa10ac25791992100e054fca6c1517eec32400282d531995a5db24cad51d3aa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/model.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117141, "scanner": "repobility-agent-runtime", "fingerprint": "7b2742a0faa217ed9e21fdcf75b0bb233826ff22aca4edcec920ce7644c42bb7", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|7b2742a0faa217ed9e21fdcf75b0bb233826ff22aca4edcec920ce7644c42bb7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/cookbook.py"}, "region": {"startLine": 401}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 117140, "scanner": "repobility-agent-runtime", "fingerprint": "52e37322996218da349291866221b4500752a94a549367d7617a7870ae972461", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|52e37322996218da349291866221b4500752a94a549367d7617a7870ae972461"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 5}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 117139, "scanner": "repobility-agent-runtime", "fingerprint": "294d594ab2059306958bb5cca2ba48ba29c1797fedef42f3b47984059c0de453", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|294d594ab2059306958bb5cca2ba48ba29c1797fedef42f3b47984059c0de453"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "RELEASE_NOTES_v0.1.0.md"}, "region": {"startLine": 73}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 117138, "scanner": "repobility-dependency-currency", "fingerprint": "820ba0bb2290c9585359e531171ca194fd215ca70ea8d740eee29374b4d7daaf", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|820ba0bb2290c9585359e531171ca194fd215ca70ea8d740eee29374b4d7daaf", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/security.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 117137, "scanner": "repobility-dependency-currency", "fingerprint": "b02231cb51be2e8ba98a54ef58893aaf790b154740dd18ac59638c2d98e20c38", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|b02231cb51be2e8ba98a54ef58893aaf790b154740dd18ac59638c2d98e20c38", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/security.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 117136, "scanner": "repobility-dependency-currency", "fingerprint": "6c5a00380bfddeb0559ca3c53f136814dae684bc39036875f2369dfa4ef1724d", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|6c5a00380bfddeb0559ca3c53f136814dae684bc39036875f2369dfa4ef1724d", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/security.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/upload-artifact@v4` is 3 major version(s) behind (latest v7.0.1)"}, "properties": {"repobilityId": 117135, "scanner": "repobility-dependency-currency", "fingerprint": "6d6a6cee746a988744809663f0cfb29e6a4e0c7f0cf5c9fb15c3b94b3681ea15", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/upload-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.0.1", "correlation_key": "fp|6d6a6cee746a988744809663f0cfb29e6a4e0c7f0cf5c9fb15c3b94b3681ea15", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 117134, "scanner": "repobility-dependency-currency", "fingerprint": "c3ab43501fa9fb78ca270f3afdb57875a69f1d8b2cc62dee012d2e7868855da1", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|c3ab43501fa9fb78ca270f3afdb57875a69f1d8b2cc62dee012d2e7868855da1", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 117133, "scanner": "repobility-dependency-currency", "fingerprint": "38d581c69139d809b3ace3c6737bae5f37fdb0ded3dfcf44af0cc9350df5ac44", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|38d581c69139d809b3ace3c6737bae5f37fdb0ded3dfcf44af0cc9350df5ac44", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 117132, "scanner": "repobility-dependency-currency", "fingerprint": "35c3de67d1e3e6ef547f030e075cd10a4b0c9930949b9af71b67e00486b8300e", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|35c3de67d1e3e6ef547f030e075cd10a4b0c9930949b9af71b67e00486b8300e", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)"}, "properties": {"repobilityId": 117131, "scanner": "repobility-dependency-currency", "fingerprint": "27cbed57e80289d2a7265476152ba6ce965ae335d5c66f92ebaa2fa6d4f68a6b", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-node", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.4.0", "correlation_key": "fp|27cbed57e80289d2a7265476152ba6ce965ae335d5c66f92ebaa2fa6d4f68a6b", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/upload-artifact@v4` is 3 major version(s) behind (latest v7.0.1)"}, "properties": {"repobilityId": 117130, "scanner": "repobility-dependency-currency", "fingerprint": "58f3c2231ba3748287be175dcc972874d1445b4533152d4566075908ec31b235", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "3 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/upload-artifact", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v7.0.1", "correlation_key": "fp|58f3c2231ba3748287be175dcc972874d1445b4533152d4566075908ec31b235", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/setup-python@v5` is 1 major version(s) behind (latest v6.2.0)"}, "properties": {"repobilityId": 117129, "scanner": "repobility-dependency-currency", "fingerprint": "e93f9cffd2ed8c63b047f6ff0ab080fb26bae2b1dccc1878f7f8aebcaee3b23a", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "1 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/setup-python", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.2.0", "correlation_key": "fp|e93f9cffd2ed8c63b047f6ff0ab080fb26bae2b1dccc1878f7f8aebcaee3b23a", "current_version": "v5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "DEPCUR-GHA", "level": "warning", "message": {"text": "GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)"}, "properties": {"repobilityId": 117128, "scanner": "repobility-dependency-currency", "fingerprint": "2e5471bd25b413121d08d0526b4fb417397069a689b5a142ff82dd01ff1bddc9", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": ["CWE-1104"], "package": "actions/checkout", "scanner": "repobility-dependency-currency", "ecosystem": "github-actions", "languages": ["yaml"], "latest_version": "v6.0.3", "correlation_key": "fp|2e5471bd25b413121d08d0526b4fb417397069a689b5a142ff82dd01ff1bddc9", "current_version": "v4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "DEPCUR-NPM", "level": "warning", "message": {"text": "npm package `@vitejs/plugin-react` is 2 major version(s) behind (4.7.0 -> 6.0.2)"}, "properties": {"repobilityId": 117124, "scanner": "repobility-dependency-currency", "fingerprint": "d1a893ae1d294f765fce1481ec2a641263ddbfd379e181f2b719e12115d3293c", "category": "dependency", "severity": "medium", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "2 major version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@vitejs/plugin-react", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.0.2", "correlation_key": "fp|d1a893ae1d294f765fce1481ec2a641263ddbfd379e181f2b719e12115d3293c", "current_version": "4.7.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117047, "scanner": "repobility-ast-engine", "fingerprint": "ba8acf629226234582e084e5272ccb653a46f37446514642311aeb2de67e9591", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba8acf629226234582e084e5272ccb653a46f37446514642311aeb2de67e9591"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/compression.py"}, "region": {"startLine": 147}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117046, "scanner": "repobility-ast-engine", "fingerprint": "33b33cfab9496ff52997aed03e23987b38b3b158e657d716d583329d66c0f7d2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|33b33cfab9496ff52997aed03e23987b38b3b158e657d716d583329d66c0f7d2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/compression.py"}, "region": {"startLine": 130}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117045, "scanner": "repobility-ast-engine", "fingerprint": "58d68d710afd31d05c5eac753e505e13dc5a9f34c95533845dc9e7ed211a03a1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|58d68d710afd31d05c5eac753e505e13dc5a9f34c95533845dc9e7ed211a03a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/compression.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117044, "scanner": "repobility-ast-engine", "fingerprint": "ee54e4024b0f585151b1fdf0102821ace44fa6ef278fbe14db5e77ee8eaea549", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ee54e4024b0f585151b1fdf0102821ace44fa6ef278fbe14db5e77ee8eaea549"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/compression.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117043, "scanner": "repobility-ast-engine", "fingerprint": "31a467aff15f19f6dde6a848bfffae43440b5e0b242b6532cecd46f4a4372f88", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31a467aff15f19f6dde6a848bfffae43440b5e0b242b6532cecd46f4a4372f88"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/installer.py"}, "region": {"startLine": 165}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117042, "scanner": "repobility-ast-engine", "fingerprint": "871623c5eb8bbea733d476dffaf38d2bcd3a2cf12c335afc4ea4d036195847f1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|871623c5eb8bbea733d476dffaf38d2bcd3a2cf12c335afc4ea4d036195847f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/installer.py"}, "region": {"startLine": 277}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117041, "scanner": "repobility-ast-engine", "fingerprint": "0064d1ade5fcfbc1261cb3a57490504f18f4bbbe7f90740a0e16096eb91378a9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0064d1ade5fcfbc1261cb3a57490504f18f4bbbe7f90740a0e16096eb91378a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/installer.py"}, "region": {"startLine": 151}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117040, "scanner": "repobility-ast-engine", "fingerprint": "4eb5b099b9a9dde35ebcf0af8462af1ba259a781821cc19bf8db7dd21a38f648", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4eb5b099b9a9dde35ebcf0af8462af1ba259a781821cc19bf8db7dd21a38f648"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/installer.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117039, "scanner": "repobility-ast-engine", "fingerprint": "ba30ca925dc01e6f0fc6b9597b994e6077b1e77ae045e4eaa3dc6b08c4b9e3f8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ba30ca925dc01e6f0fc6b9597b994e6077b1e77ae045e4eaa3dc6b08c4b9e3f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/installer.py"}, "region": {"startLine": 104}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117038, "scanner": "repobility-ast-engine", "fingerprint": "efda8b20cb2bc186531020ec9b32bd44522cbfd1c11349f01d100f28c3b81eee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|efda8b20cb2bc186531020ec9b32bd44522cbfd1c11349f01d100f28c3b81eee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/installer.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117037, "scanner": "repobility-ast-engine", "fingerprint": "512c0cb113c5c970afd994f05ffe8b2133c20b762e4c40857ba7d7aa19d36e94", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|512c0cb113c5c970afd994f05ffe8b2133c20b762e4c40857ba7d7aa19d36e94"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/register_peers.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117036, "scanner": "repobility-ast-engine", "fingerprint": "ed0174a1191f4062dad8299f9fc9df66b57006a4a4e8318393fdc62557f00ad3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed0174a1191f4062dad8299f9fc9df66b57006a4a4e8318393fdc62557f00ad3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/responses_api.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117035, "scanner": "repobility-ast-engine", "fingerprint": "59c6d02f255c439079be415354ce93bc3c7733b2ae9831df2ba3d88fcaf2328d", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|59c6d02f255c439079be415354ce93bc3c7733b2ae9831df2ba3d88fcaf2328d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/responses_api.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117034, "scanner": "repobility-ast-engine", "fingerprint": "aa9717f2a6a14aef386f86677c424ae38cf8ecc1a80db3fa1c3d3255f3da5a11", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aa9717f2a6a14aef386f86677c424ae38cf8ecc1a80db3fa1c3d3255f3da5a11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/hardware_probe.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117033, "scanner": "repobility-ast-engine", "fingerprint": "bd75b1a9f2fb0774639a396157e34065d7bd012097035784d23f313d1538d8df", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd75b1a9f2fb0774639a396157e34065d7bd012097035784d23f313d1538d8df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/hardware_probe.py"}, "region": {"startLine": 357}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117032, "scanner": "repobility-ast-engine", "fingerprint": "07422b546ea14fb98ad7f598a0d98cbb2f20e8ddcd89889578990e987fa53ff2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|07422b546ea14fb98ad7f598a0d98cbb2f20e8ddcd89889578990e987fa53ff2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/hardware_probe.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117031, "scanner": "repobility-ast-engine", "fingerprint": "28702ea47f8ff1ec48c997ab2e294a23c0f3bdfee32e60a54bcc3d4f1159a51b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|28702ea47f8ff1ec48c997ab2e294a23c0f3bdfee32e60a54bcc3d4f1159a51b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/hardware_probe.py"}, "region": {"startLine": 341}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117030, "scanner": "repobility-ast-engine", "fingerprint": "50ae130c92493d2a0b9ddd0427f9fb796a0a4691075533bc91da35f0bd223e97", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|50ae130c92493d2a0b9ddd0427f9fb796a0a4691075533bc91da35f0bd223e97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/memory_init.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117029, "scanner": "repobility-ast-engine", "fingerprint": "31fe6963e1893dbb7206ba02cf9d79867d4c604398e9dc20cb19c4d6d6e20cf5", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|31fe6963e1893dbb7206ba02cf9d79867d4c604398e9dc20cb19c4d6d6e20cf5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/model_provision.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117028, "scanner": "repobility-ast-engine", "fingerprint": "87e69df78a1d90a6d3b808f24d47ab642c506aaab429ac8b290b46636e5b8d74", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87e69df78a1d90a6d3b808f24d47ab642c506aaab429ac8b290b46636e5b8d74"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/model_provision.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117027, "scanner": "repobility-ast-engine", "fingerprint": "f0a873bace33a4e66923a274b0f9941b7fe356896e75bb665cd7fc3bed8c092c", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f0a873bace33a4e66923a274b0f9941b7fe356896e75bb665cd7fc3bed8c092c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/model_provision.py"}, "region": {"startLine": 19}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117026, "scanner": "repobility-ast-engine", "fingerprint": "f1b9438143585ce84145c7e31d1a4b24286c35dd90a553eb3c63afd3ad8ac0a1", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f1b9438143585ce84145c7e31d1a4b24286c35dd90a553eb3c63afd3ad8ac0a1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/service_enable.py"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117025, "scanner": "repobility-ast-engine", "fingerprint": "7e0c3aa5db45a530a2c2a271e5308981278256fef0634122a57bb3feb545a365", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7e0c3aa5db45a530a2c2a271e5308981278256fef0634122a57bb3feb545a365"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/service_enable.py"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117024, "scanner": "repobility-ast-engine", "fingerprint": "b0a60d3fc6e96eb55004c9c0b1984d400dad9c507422fd439e49951475d4aa4f", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b0a60d3fc6e96eb55004c9c0b1984d400dad9c507422fd439e49951475d4aa4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frameworks/runner.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "Bare except continues silently"}, "properties": {"repobilityId": 117023, "scanner": "repobility-ast-engine", "fingerprint": "c176552c2f85d9d49c1e757fdda1aa91c25ee78de031c54f033bb29871899831", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c176552c2f85d9d49c1e757fdda1aa91c25ee78de031c54f033bb29871899831"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "frameworks/runner.py"}, "region": {"startLine": 45}}}]}, {"ruleId": "WEB011", "level": "note", "message": {"text": "Public web app has no humans.txt"}, "properties": {"repobilityId": 117308, "scanner": "repobility-web-presence", "fingerprint": "bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1", "category": "quality", "severity": "low", "confidence": 0.5, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks like a public web app but no humans.txt file or route was discovered.", "evidence": {"rule_id": "WEB011", "scanner": "repobility-web-presence", "references": ["https://github.com/Lissy93/web-check"], "correlation_key": "fp|bdd551fbe1ab6405480e0d5755632562c2096cb9e9a6a071ef60e4c27a6873f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "humans.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB008", "level": "note", "message": {"text": "Public docs site has no llms.txt"}, "properties": {"repobilityId": 117307, "scanner": "repobility-web-presence", "fingerprint": "cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76", "category": "quality", "severity": "low", "confidence": 0.64, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Repository looks public and documentation-heavy but no llms.txt file or route was discovered.", "evidence": {"rule_id": "WEB008", "scanner": "repobility-web-presence", "references": ["https://llmstxt.org/"], "correlation_key": "fp|cdce8ed8706710d39c3e7272dad572dd639cff74fd3d2ac62d8f6f522b891d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "llms.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB002", "level": "note", "message": {"text": "Public web app has no sitemap"}, "properties": {"repobilityId": 117306, "scanner": "repobility-web-presence", "fingerprint": "fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf", "category": "quality", "severity": "low", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no sitemap file or route was discovered.", "evidence": {"rule_id": "WEB002", "scanner": "repobility-web-presence", "references": ["https://www.sitemaps.org/protocol.html", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|fccbe72d13ca3ba9197ec37b0daa0802fb6d5ebff54b3eb9f09b59b0f8d0acdf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "sitemap.xml"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB001", "level": "note", "message": {"text": "Public web app has no robots.txt"}, "properties": {"repobilityId": 117305, "scanner": "repobility-web-presence", "fingerprint": "cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository looks like a public web app but no robots.txt file or route was discovered.", "evidence": {"rule_id": "WEB001", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://github.com/Lissy93/web-check"], "correlation_key": "fp|cae3f2223945958e14d8eb90f7965fa26b47011cc5be29c2855a4054937e29c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "robots.txt"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `_check_allowlist` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=3, nested_bonus=4."}, "properties": {"repobilityId": 117158, "scanner": "repobility-threat-engine", "fingerprint": "42a96cf6d099d53504bff8ef6203e896ba99cd11fa18f556720d173c553e4df7", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "_check_allowlist", "breakdown": {"if": 3, "for": 1, "except": 1, "nested_bonus": 4}, "complexity": 9, "correlation_key": "fp|42a96cf6d099d53504bff8ef6203e896ba99cd11fa18f556720d173c553e4df7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adapters/browser/playwright_adapter.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `speak` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=2, else=1, except=1, if=3, or=1."}, "properties": {"repobilityId": 117157, "scanner": "repobility-threat-engine", "fingerprint": "2b7600633fed121f2c82bbc33f30f5b39e316afc1f063e99de86d8a744a6c999", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "speak", "breakdown": {"if": 3, "or": 1, "elif": 2, "else": 1, "except": 1}, "complexity": 8, "correlation_key": "fp|2b7600633fed121f2c82bbc33f30f5b39e316afc1f063e99de86d8a744a6c999"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adapters/audio/elevenlabs_adapter.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@tauri-apps/cli` is minor version(s) behind (^2.0.0-rc.16 -> 2.11.2)"}, "properties": {"repobilityId": 117127, "scanner": "repobility-dependency-currency", "fingerprint": "179302563c527216e86714ca6b3eb62479e7ad866ab7934d4a071bc40f8c8f38", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@tauri-apps/cli", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.11.2", "correlation_key": "fp|179302563c527216e86714ca6b3eb62479e7ad866ab7934d4a071bc40f8c8f38", "current_version": "^2.0.0-rc.16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/command-center/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `autoprefixer` is minor version(s) behind (10.4.27 -> 10.5.0)"}, "properties": {"repobilityId": 117125, "scanner": "repobility-dependency-currency", "fingerprint": "ddbc5bc7c284c7ab0c674da5436055e2ad9900c8ff2085a7fd956915016e50b5", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "autoprefixer", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "10.5.0", "correlation_key": "fp|ddbc5bc7c284c7ab0c674da5436055e2ad9900c8ff2085a7fd956915016e50b5", "current_version": "10.4.27"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `three` is minor version(s) behind (0.179.0 -> 0.184.0)"}, "properties": {"repobilityId": 117123, "scanner": "repobility-dependency-currency", "fingerprint": "ffcd9f7cf29eaa6eef3bbda1eb8dda3493ecac750b87e4ee231375a18b658f36", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "three", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "0.184.0", "correlation_key": "fp|ffcd9f7cf29eaa6eef3bbda1eb8dda3493ecac750b87e4ee231375a18b658f36", "current_version": "0.179.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "note", "message": {"text": "npm package `@tauri-apps/api` is minor version(s) behind (2.10.1 -> 2.11.0)"}, "properties": {"repobilityId": 117121, "scanner": "repobility-dependency-currency", "fingerprint": "2c61cf5190cef7d0436e6f9ad83d343870ae09c1ec2c6c592d79adb8f053a870", "category": "dependency", "severity": "low", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "minor version(s) behind", "signal": "currency", "cwe_ids": [], "package": "@tauri-apps/api", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "2.11.0", "correlation_key": "fp|2c61cf5190cef7d0436e6f9ad83d343870ae09c1ec2c6c592d79adb8f053a870", "current_version": "2.10.1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116997, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f54f99f115b6da7ec28a1df711a4de28b2f8b26a71d59a81660e33559b032858", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "workflows/repo_summary/workflow.py", "duplicate_line": 39, "correlation_key": "fp|f54f99f115b6da7ec28a1df711a4de28b2f8b26a71d59a81660e33559b032858"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/write_readme/workflow.py"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116996, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8717607a1b4596388a6fdf12daec6ce5a05eae7820528551e0ab3d2a0ef4cd0c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "services/jarvisd/service.py", "duplicate_line": 158, "correlation_key": "fp|8717607a1b4596388a6fdf12daec6ce5a05eae7820528551e0ab3d2a0ef4cd0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/voiced/service.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116995, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c2b510e28213e754c389969ebd409be6f1e3dc52a663cb5eeb976c2b738d9e67", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/frontend/public/sw.js", "duplicate_line": 1, "correlation_key": "fp|c2b510e28213e754c389969ebd409be6f1e3dc52a663cb5eeb976c2b738d9e67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/static/sw.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116994, "scanner": "repobility-ai-code-hygiene", "fingerprint": "52a61604e23bec3647e99e90fc7be861108f24cf4593e98198a7d65297aa90fa", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/frontend/src/pages/Providers.tsx", "duplicate_line": 173, "correlation_key": "fp|52a61604e23bec3647e99e90fc7be861108f24cf4593e98198a7d65297aa90fa"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Registry.tsx"}, "region": {"startLine": 210}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116993, "scanner": "repobility-ai-code-hygiene", "fingerprint": "50b392008b97f4d68cbb32d7c0b59b34078d39a0c3ee3fea2935510055721c3c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/frontend/src/lib/commandCenterApi.ts", "duplicate_line": 470, "correlation_key": "fp|50b392008b97f4d68cbb32d7c0b59b34078d39a0c3ee3fea2935510055721c3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/MCPManager.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116992, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7991ea7f8203e2e8ab4761c60670668b92ea4db2cd68e466d01ffee4f01cf331", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "dashboard/frontend/src/lib/commandCenterApi.ts", "duplicate_line": 437, "correlation_key": "fp|7991ea7f8203e2e8ab4761c60670668b92ea4db2cd68e466d01ffee4f01cf331"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Federation.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 116991, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6a9a8cd2ebb0656c9af05e27ce1528b677fadb99f70d42cccb86d254842b8437", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "clawctl/commands/dashboard.py", "duplicate_line": 27, "correlation_key": "fp|6a9a8cd2ebb0656c9af05e27ce1528b677fadb99f70d42cccb86d254842b8437"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/status.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC006", "level": "note", "message": {"text": "Archive or legacy directory is mixed into the active repository root"}, "properties": {"repobilityId": 116990, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0a7d2f4e50dd6f0a3ca0adfbcb9cb1f442d6b4ebfb1b14f4466301798c4f394e", "category": "quality", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains an archive/legacy directory name.", "evidence": {"rule_id": "AIC006", "scanner": "repobility-ai-code-hygiene", "directory": "archive", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|0a7d2f4e50dd6f0a3ca0adfbcb9cb1f442d6b4ebfb1b14f4466301798c4f394e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 117252, "scanner": "repobility-threat-engine", "fingerprint": "282b8a2ff986c382a6def384681d51fa97d00fc34ee7330f7b12c6e1e29f4184", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|282b8a2ff986c382a6def384681d51fa97d00fc34ee7330f7b12c6e1e29f4184"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/folder_summary/workflow.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED047", "level": "none", "message": {"text": "[MINED047] Emoji In Source: Emoji \u2705 \u274c \ud83d\ude80 in code/comments \u2014 common AI output unless explicitly requested."}, "properties": {"repobilityId": 117251, "scanner": "repobility-threat-engine", "fingerprint": "571419b4c24b2380af8092413f0bd7b3d00cbdbc5e4b8026b84ec583fb8d6501", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "emoji-in-source", "owasp": null, "cwe_ids": [], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348010+00:00", "triaged_in_corpus": 9, "observations_count": 1468364, "ai_coder_pattern_id": 29}, "scanner": "repobility-threat-engine", "correlation_key": "fp|571419b4c24b2380af8092413f0bd7b3d00cbdbc5e4b8026b84ec583fb8d6501"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/bulk_rename/workflow.py"}, "region": {"startLine": 2}}}]}, {"ruleId": "MINED079", "level": "none", "message": {"text": "[MINED079] Off By One Slice: range(len(x)+1), arr[i+1:i+n+1], or while i<=len(arr) \u2014 off-by-one risk."}, "properties": {"repobilityId": 117250, "scanner": "repobility-threat-engine", "fingerprint": "61298bcf6db7d28a415e7b89fcecde6425d047d1c65f417beae07f25d0254b5e", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "off-by-one-slice", "owasp": null, "cwe_ids": ["CWE-193"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348121+00:00", "triaged_in_corpus": 12, "observations_count": 6443, "ai_coder_pattern_id": 19}, "scanner": "repobility-threat-engine", "correlation_key": "fp|61298bcf6db7d28a415e7b89fcecde6425d047d1c65f417beae07f25d0254b5e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/marketplace/verifier.py"}, "region": {"startLine": 149}}}]}, {"ruleId": "SEC135", "level": "none", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 117245, "scanner": "repobility-threat-engine", "fingerprint": "bc129f2192361c1cda8f5b32a77a57cd4e6101bf622fd0ba4e727442c6a135b6", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bc129f2192361c1cda8f5b32a77a57cd4e6101bf622fd0ba4e727442c6a135b6"}}}, {"ruleId": "MINED067", "level": "none", "message": {"text": "[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever."}, "properties": {"repobilityId": 117241, "scanner": "repobility-threat-engine", "fingerprint": "5e926187c727ea7dc60cc0dd089c696f2b8eb36fb94a5f445f04b0fc65ec7256", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-requests-no-timeout", "owasp": null, "cwe_ids": ["CWE-400"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348058+00:00", "triaged_in_corpus": 12, "observations_count": 45429, "ai_coder_pattern_id": 122}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5e926187c727ea7dc60cc0dd089c696f2b8eb36fb94a5f445f04b0fc65ec7256"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/braind/significance_filter.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 117237, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 117233, "scanner": "repobility-threat-engine", "fingerprint": "a47c7d6238669e8841fc99d5b362e8f9d38d710b40c21d32b4dd4e27a93c0d69", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|a47c7d6238669e8841fc99d5b362e8f9d38d710b40c21d32b4dd4e27a93c0d69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/install-resume.sh"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 117232, "scanner": "repobility-threat-engine", "fingerprint": "780ba75e51542a335d6194a2b30ed0d23b00bf8c1ffbf1168f11480c4b712a35", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|780ba75e51542a335d6194a2b30ed0d23b00bf8c1ffbf1168f11480c4b712a35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/iso/chroot_install.sh"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 117231, "scanner": "repobility-threat-engine", "fingerprint": "d01734851def2cd0e4b2a3bc43e5e12576a033845e45e59b50b6e37b9045a863", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d01734851def2cd0e4b2a3bc43e5e12576a033845e45e59b50b6e37b9045a863"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/deb/build_deb.sh"}, "region": {"startLine": 41}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 117230, "scanner": "repobility-threat-engine", "fingerprint": "3e65df8373f40d70b46d1397fc6d8a7d9a798db88d22f1de6a631febebc540d8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3e65df8373f40d70b46d1397fc6d8a7d9a798db88d22f1de6a631febebc540d8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "desktop/command-center/src-tauri/src/main.rs"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 117229, "scanner": "repobility-threat-engine", "fingerprint": "801249ed1a415ab1bfa0ba7f816a41664a50510055b0280a1bc6eb52a6cc1664", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|801249ed1a415ab1bfa0ba7f816a41664a50510055b0280a1bc6eb52a6cc1664"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/screens/FrameworkScreen.tsx"}, "region": {"startLine": 49}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 117226, "scanner": "repobility-threat-engine", "fingerprint": "bcc4f4ba9d6f1cc01238739180acf67e6d4fb5ebbdd6b73d3d1174f7cc93f498", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|bcc4f4ba9d6f1cc01238739180acf67e6d4fb5ebbdd6b73d3d1174f7cc93f498"}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index (and 5 more): Same pattern found in 5 additional files. Review if needed."}, "properties": {"repobilityId": 117222, "scanner": "repobility-threat-engine", "fingerprint": "4db3df9a58704d55636bd1053cf88cb80048c172ae779f3f99e1995443ef680a", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 5 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|4db3df9a58704d55636bd1053cf88cb80048c172ae779f3f99e1995443ef680a", "aggregated_count": 5}}}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 117221, "scanner": "repobility-threat-engine", "fingerprint": "084627c10734a199df6967b03a0d40d5f8eab63dbdc17ac4720de69b5efd924c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|084627c10734a199df6967b03a0d40d5f8eab63dbdc17ac4720de69b5efd924c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Memory.tsx"}, "region": {"startLine": 137}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 117220, "scanner": "repobility-threat-engine", "fingerprint": "1843474201bbc6c81de96d3152eebcbd86fdcdc4f7b3a06c0bb6e12a249aab93", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1843474201bbc6c81de96d3152eebcbd86fdcdc4f7b3a06c0bb6e12a249aab93"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/components/ui.jsx"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 117219, "scanner": "repobility-threat-engine", "fingerprint": "3554d99439ed613b7e02f8d162f79f7f29ab87ccea3ebd89a069555988780894", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3554d99439ed613b7e02f8d162f79f7f29ab87ccea3ebd89a069555988780894"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/components/StructuredMessage.jsx"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 117218, "scanner": "repobility-threat-engine", "fingerprint": "57a66d8089dbb0f16c0fbc2c99bff20835ea29c668391e3ba302d34ec078a586", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|57a66d8089dbb0f16c0fbc2c99bff20835ea29c668391e3ba302d34ec078a586", "aggregated_count": 2}}}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 117217, "scanner": "repobility-threat-engine", "fingerprint": "505dd0fdcef5db1af8de31680bf90fdfa68ed243dfa1cbd14333eb4cae826be6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|505dd0fdcef5db1af8de31680bf90fdfa68ed243dfa1cbd14333eb4cae826be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Providers.tsx"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 117216, "scanner": "repobility-threat-engine", "fingerprint": "1640fe742bc4c4f551a094fbb0107d004fb2d0d40157f7a29feaa05b1bc34585", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1640fe742bc4c4f551a094fbb0107d004fb2d0d40157f7a29feaa05b1bc34585"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/hooks/useCommandCenter.ts"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED052", "level": "none", "message": {"text": "[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety."}, "properties": {"repobilityId": 117215, "scanner": "repobility-threat-engine", "fingerprint": "f7c29e2f56166943ee8c15689aae0f2457512486a4abe9b8ca8ebcbbc1bfc510", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-any-typed", "owasp": null, "cwe_ids": ["CWE-704"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348022+00:00", "triaged_in_corpus": 12, "observations_count": 496002, "ai_coder_pattern_id": 97}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f7c29e2f56166943ee8c15689aae0f2457512486a4abe9b8ca8ebcbbc1bfc510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/App.tsx"}, "region": {"startLine": 135}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 117214, "scanner": "repobility-threat-engine", "fingerprint": "40e02260c3a58299b427250c503e8c80efeb2cbb99f3a60034d4e813357934f8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|40e02260c3a58299b427250c503e8c80efeb2cbb99f3a60034d4e813357934f8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/App.tsx"}, "region": {"startLine": 74}}}]}, {"ruleId": "SEC103", "level": "none", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 117212, "scanner": "repobility-threat-engine", "fingerprint": "22508ccee32638f9ac364756933bbf6b1f3edd72383ba0881512139ec7cc5c09", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|22508ccee32638f9ac364756933bbf6b1f3edd72383ba0881512139ec7cc5c09"}}}, {"ruleId": "MINED072", "level": "none", "message": {"text": "[MINED072] Python Pass Only Class: class Foo: pass \u2014 stub waiting to be filled in."}, "properties": {"repobilityId": 117207, "scanner": "repobility-threat-engine", "fingerprint": "d33d4570f6ca8058834e45e81e21df87d912dbe24a47a11906deaaa741848358", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-pass-only-class", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348069+00:00", "triaged_in_corpus": 10, "observations_count": 14245, "ai_coder_pattern_id": 143}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d33d4570f6ca8058834e45e81e21df87d912dbe24a47a11906deaaa741848358"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawos_core/config/schema.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 13 more): Same pattern found in 13 additional files. Review if needed."}, "properties": {"repobilityId": 117204, "scanner": "repobility-threat-engine", "fingerprint": "fe63a0c3db36cbf73bb9f04d5837f9f34863a99ac7da05df7321980a56d87019", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 13 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|fe63a0c3db36cbf73bb9f04d5837f9f34863a99ac7da05df7321980a56d87019"}}}, {"ruleId": "ERR001", "level": "none", "message": {"text": "[ERR001] Silent Exception Swallowing (and 8 more): Same pattern found in 8 additional files. Review if needed."}, "properties": {"repobilityId": 117200, "scanner": "repobility-threat-engine", "fingerprint": "d519e5d6197711acc45a6df1657a71c2872715d9e6af4ce1a278f7572298871f", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 8 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|d519e5d6197711acc45a6df1657a71c2872715d9e6af4ce1a278f7572298871f"}}}, {"ruleId": "MINED006", "level": "none", "message": {"text": "[MINED006] Overcatch Baseexception (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 117196, "scanner": "repobility-threat-engine", "fingerprint": "f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|f87ed9b6811675c97d18c0024fde96dcf647cce402a76a98ff5bf685ee8d2ef2", "aggregated_count": 1}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 117192, "scanner": "repobility-threat-engine", "fingerprint": "703e17c787d71b843e4189f03cc2de342f8a62b2a73bec10b29bc34c1fed35bf", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|703e17c787d71b843e4189f03cc2de342f8a62b2a73bec10b29bc34c1fed35bf", "aggregated_count": 4}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 117191, "scanner": "repobility-threat-engine", "fingerprint": "aab270eca5771583db9c5112db875c9d66c9ed021ed68a28006e7eca463b4311", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|aab270eca5771583db9c5112db875c9d66c9ed021ed68a28006e7eca463b4311"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawos_core/exceptions.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 117190, "scanner": "repobility-threat-engine", "fingerprint": "ce72da8c1e13af99ba974d307cc15f491abed7fbe8feb91cf495831cda52bc70", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ce72da8c1e13af99ba974d307cc15f491abed7fbe8feb91cf495831cda52bc70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawos_core/ambient.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 117189, "scanner": "repobility-threat-engine", "fingerprint": "b5286c6b1c59ec7060aa700780960dfa8e44f90660934386b43fd33fb86949ac", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b5286c6b1c59ec7060aa700780960dfa8e44f90660934386b43fd33fb86949ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/compare.py"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 117188, "scanner": "repobility-threat-engine", "fingerprint": "648516b624713ec6c92cd1d7b4f670acf37fda4886c38f832f2d7aecf63afa4d", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|648516b624713ec6c92cd1d7b4f670acf37fda4886c38f832f2d7aecf63afa4d"}}}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 117184, "scanner": "repobility-threat-engine", "fingerprint": "36ee6e0ec1cc36333362baadbacc1a760a2b19ac76fc6b020f74ec9542597dd6", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|36ee6e0ec1cc36333362baadbacc1a760a2b19ac76fc6b020f74ec9542597dd6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/compression.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED049", "level": "none", "message": {"text": "[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout."}, "properties": {"repobilityId": 117183, "scanner": "repobility-threat-engine", "fingerprint": "6103796eb8ef946f256fc2af52abb1ba295735201b77c7504fb2896538fe2199", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "print-pii", "owasp": "A09:2021", "cwe_ids": ["CWE-532"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348015+00:00", "triaged_in_corpus": 12, "observations_count": 676566, "ai_coder_pattern_id": 26}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6103796eb8ef946f256fc2af52abb1ba295735201b77c7504fb2896538fe2199"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/budget.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 117182, "scanner": "repobility-threat-engine", "fingerprint": "501024c3da5dfcdf69adcb2fcc8caf250244bc833c4a649e2a31afe5b7eba0c1", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "print(\"  \u2500\u2500 Token Compression Setup \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\")", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|token|28|print token compression setup"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "openclaw_integration/compression.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 117180, "scanner": "repobility-threat-engine", "fingerprint": "e9bef44272652a5ecb502f14f98158bf299b66a7cb41ba7aeb53e7c0265b59b2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|e9bef44272652a5ecb502f14f98158bf299b66a7cb41ba7aeb53e7c0265b59b2", "aggregated_count": 3}}}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 117179, "scanner": "repobility-threat-engine", "fingerprint": "0b1ad96d237de92f90ce7bf9dde7fd3e28191b154309f791ca751377c9927fd2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0b1ad96d237de92f90ce7bf9dde7fd3e28191b154309f791ca751377c9927fd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/workspace.py"}, "region": {"startLine": 55}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 117178, "scanner": "repobility-threat-engine", "fingerprint": "8d63671d90fad508200733360457f0687308e0a86482516a4168728a8950fd02", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8d63671d90fad508200733360457f0687308e0a86482516a4168728a8950fd02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/skill.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 117177, "scanner": "repobility-threat-engine", "fingerprint": "1713eb208439464886202fefcb5ce5daa3be3f5911ea05fd463f80f31c97c7bd", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1713eb208439464886202fefcb5ce5daa3be3f5911ea05fd463f80f31c97c7bd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/ace.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 117176, "scanner": "repobility-threat-engine", "fingerprint": "0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|0c333dc88d2673beda07ea322592a5e2658418eeef4b48e34ddf9f62e680bdd2", "aggregated_count": 3}}}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 117175, "scanner": "repobility-threat-engine", "fingerprint": "591de41a981d28847033bdd25b778aaae841239ce0501cf0bda2c4340d14c0d3", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|591de41a981d28847033bdd25b778aaae841239ce0501cf0bda2c4340d14c0d3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/setup-launchd.sh"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 117174, "scanner": "repobility-threat-engine", "fingerprint": "7912235dadd21c93c135182cb4a9d38feb1ad9a13a1a22a080263074d7aee71b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7912235dadd21c93c135182cb4a9d38feb1ad9a13a1a22a080263074d7aee71b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clients/desktop/launch_command_center.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 117173, "scanner": "repobility-threat-engine", "fingerprint": "0a0de0f7ff352fc8e039d1d301902d1bb1f78165eac51d2c5182af5c41b0a0ae", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0a0de0f7ff352fc8e039d1d301902d1bb1f78165eac51d2c5182af5c41b0a0ae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/a2a.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED012", "level": "none", "message": {"text": "[MINED012] Curl Pipe Bash (and 4 more): Same pattern found in 4 additional files. Review if needed."}, "properties": {"repobilityId": 117172, "scanner": "repobility-threat-engine", "fingerprint": "c433c4390ae474c2ce95bf5cc4f52bb9f453d3cb81d023cd927d7112eb5fa541", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 4 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c433c4390ae474c2ce95bf5cc4f52bb9f453d3cb81d023cd927d7112eb5fa541", "aggregated_count": 4}}}, {"ruleId": "MINED001", "level": "none", "message": {"text": "[MINED001] Bare Except Pass (and 32 more): Same pattern found in 32 additional files. Review if needed."}, "properties": {"repobilityId": 117168, "scanner": "repobility-threat-engine", "fingerprint": "c780dc506344a37b21d7dc82337005e9f1fff03b9ab555d93c68bb96f64add7b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 32 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|c780dc506344a37b21d7dc82337005e9f1fff03b9ab555d93c68bb96f64add7b", "aggregated_count": 32}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function (and 50 more): Same pattern found in 50 additional files. Review if needed."}, "properties": {"repobilityId": 117164, "scanner": "repobility-threat-engine", "fingerprint": "a7b00ef43625fb8624226d9fd2cafe890e28be9e1ad55dbfd637235eb8976c4e", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 50 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|a7b00ef43625fb8624226d9fd2cafe890e28be9e1ad55dbfd637235eb8976c4e", "aggregated_count": 50}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 117163, "scanner": "repobility-threat-engine", "fingerprint": "fc55205622876eb1199a0d5610cc66e593a8c47b4444854812535be54b210db7", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fc55205622876eb1199a0d5610cc66e593a8c47b4444854812535be54b210db7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adapters/browser/session_manager.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 117162, "scanner": "repobility-threat-engine", "fingerprint": "44778afcfd57ddaee046eaaf2c90aa54a07a37ba05126e7296a87b35834c7e3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|44778afcfd57ddaee046eaaf2c90aa54a07a37ba05126e7296a87b35834c7e3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adapters/browser/playwright_adapter.py"}, "region": {"startLine": 232}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 117161, "scanner": "repobility-threat-engine", "fingerprint": "720afa861bff12d4bb8a2ded3ecd7b1cd9039561f51c75633b387e4439eab274", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|720afa861bff12d4bb8a2ded3ecd7b1cd9039561f51c75633b387e4439eab274"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adapters/audio/whisper_adapter.py"}, "region": {"startLine": 97}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 174 more): Same pattern found in 174 additional files. Review if needed."}, "properties": {"repobilityId": 117160, "scanner": "repobility-threat-engine", "fingerprint": "b1822e2d53ac03a18cd1861ce3cedc666eb866c0da1f83f71a9070e96698c2a4", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 174 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "speak", "breakdown": {"if": 3, "or": 1, "elif": 2, "else": 1, "except": 1}, "aggregated": true, "complexity": 8, "correlation_key": "fp|b1822e2d53ac03a18cd1861ce3cedc666eb866c0da1f83f71a9070e96698c2a4", "aggregated_count": 174}}}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `postcss` is patch version(s) behind (8.5.8 -> 8.5.15)"}, "properties": {"repobilityId": 117126, "scanner": "repobility-dependency-currency", "fingerprint": "9a333e606ab95a4b79210c2746f709b1fbf2fa234347d57f7c75ccf81e01276a", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "postcss", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "8.5.15", "correlation_key": "fp|9a333e606ab95a4b79210c2746f709b1fbf2fa234347d57f7c75ccf81e01276a", "current_version": "8.5.8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "DEPCUR-NPM", "level": "none", "message": {"text": "npm package `postprocessing` is patch version(s) behind (6.39.0 -> 6.39.1)"}, "properties": {"repobilityId": 117122, "scanner": "repobility-dependency-currency", "fingerprint": "aaabe1d9a9d7ff77526fa524476638fbdf43f3d305567edc3a30fa1f60c92161", "category": "dependency", "severity": "info", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"gap": "patch version(s) behind", "signal": "currency", "cwe_ids": [], "package": "postprocessing", "scanner": "repobility-dependency-currency", "ecosystem": "npm", "languages": ["javascript"], "latest_version": "6.39.1", "correlation_key": "fp|aaabe1d9a9d7ff77526fa524476638fbdf43f3d305567edc3a30fa1f60c92161", "current_version": "6.39.0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 117304, "scanner": "repobility-journey-contract", "fingerprint": "00e0f071ac920998caa875cbea087e013f4739ad2d966fc26878f15db3ca562f", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|410|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/screens/OpenClawOnboardModal.tsx"}, "region": {"startLine": 410}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 117303, "scanner": "repobility-journey-contract", "fingerprint": "828943111010d9a3081d368a23bb8a3e3102835afe68779eb0cfada3773bd876", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|390|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/setup/screens/OpenClawOnboardModal.tsx"}, "region": {"startLine": 390}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 117302, "scanner": "repobility-journey-contract", "fingerprint": "cf51c33168f2de73c31472e205285914cf45699931ba6ffe27ac3d305719e601", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|325|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Settings.tsx"}, "region": {"startLine": 325}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 117301, "scanner": "repobility-journey-contract", "fingerprint": "577f4ac1727b009e8e2dfa5fb41e0906d3185c2fa704d9f534382118935098f0", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|290|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Research.tsx"}, "region": {"startLine": 290}}}]}, {"ruleId": "JRN004", "level": "error", "message": {"text": "Consent is collected in UI without visible backend audit persistence"}, "properties": {"repobilityId": 117300, "scanner": "repobility-journey-contract", "fingerprint": "6934f51ca36634337ed808c29f4df7c0dd859c054abff1a2e862bb1eecf65ea1", "category": "auth", "severity": "high", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Frontend consent wording was found, but backend consent/audit metadata was not visible.", "evidence": {"rule_id": "JRN004", "scanner": "repobility-journey-contract", "references": ["https://repobility.com/library/authorization/"], "correlation_key": "code|auth|token|191|jrn004", "backend_consent_model": false, "backend_audit_signal_count": 6}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/frontend/src/pages/Registry.tsx"}, "region": {"startLine": 191}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /api/v1/entities/{entity_id}."}, "properties": {"repobilityId": 117271, "scanner": "repobility-access-control", "fingerprint": "3e8302632154f9d3261302f4497a971b1bedfd445f20d9019796d98c89556f3e", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/v1/entities/{entity_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/braind/main.py|459|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/braind/main.py"}, "region": {"startLine": 459}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/v1/workflows/{workflow_id}/execute."}, "properties": {"repobilityId": 117270, "scanner": "repobility-access-control", "fingerprint": "72686d96510e96a80a4bee4a2c63c85ad52d4c29cb250603651f4f9b5dfad1da", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/v1/workflows/{workflow_id}/execute", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/visuald/main.py|226|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/visuald/main.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /{event_id}."}, "properties": {"repobilityId": 117269, "scanner": "repobility-access-control", "fingerprint": "f2fc161ce412ea1889c0f68884c570141eb06de46225f6c0bc0205f8970b9659", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{event_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|46|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/calendard/service.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{event_id}."}, "properties": {"repobilityId": 117268, "scanner": "repobility-access-control", "fingerprint": "d23ea5c99c93aebbd8f93433c8fa3762b610a5c6ea70639219d02f743efd44bf", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{event_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|38|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/calendard/service.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: DELETE /{note_id}."}, "properties": {"repobilityId": 117267, "scanner": "repobility-access-control", "fingerprint": "930ca88d5ddb14680d1e34b43170e4b4b9758e7d06f3de31fb56b2908466a092", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{note_id}", "method": "DELETE", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/noted/service.py|66|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: PUT /{note_id}."}, "properties": {"repobilityId": 117266, "scanner": "repobility-access-control", "fingerprint": "cfb4fea20fed13e9560cd902a2eb11b42a4a10b9baffcb15eb94477ab9a0915d", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{note_id}", "method": "PUT", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/noted/service.py|50|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: GET /{note_id}."}, "properties": {"repobilityId": 117265, "scanner": "repobility-access-control", "fingerprint": "d461896b034d11dc066190746cc82db4209da8fbd0315c0f61c2bdc94ccf9d93", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/{note_id}", "method": "GET", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|services/noted/service.py|42|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 42}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/workflows/{workflow_id}/run."}, "properties": {"repobilityId": 117264, "scanner": "repobility-access-control", "fingerprint": "13ed696d94ba22f04373c5b227cecc41fa3f1c57d50ef73db36f32e1ff1efb94", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/workflows/{workflow_id}/run", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|662|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 662}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/approvals/{approval_id}/deny."}, "properties": {"repobilityId": 117263, "scanner": "repobility-access-control", "fingerprint": "77e3d2a14dd016531e0ffc81c2ed2813098337b60f2a5b1f4c553a6b920d98d9", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/approvals/{approval_id}/deny", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|247|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 247}}}]}, {"ruleId": "AUC003", "level": "error", "message": {"text": "[AUC003] Object-level route lacks visible authorization: A route with an object id-like parameter does not show nearby authentication or authorization evidence. This is a BOLA/IDOR review target. Endpoint: POST /api/approvals/{approval_id}/approve."}, "properties": {"repobilityId": 117262, "scanner": "repobility-access-control", "fingerprint": "087fe7eea39462709dfd6b6ef90191a026fac2176bd8023fefbd83401f161b42", "category": "auth", "severity": "high", "confidence": 0.7, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"path": "/api/approvals/{approval_id}/approve", "method": "POST", "scanner": "repobility-access-control", "framework": "FastAPI", "correlation_key": "code|auth|token|242|cwe-639", "identity_targets": ["unknown", "owner"]}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 242}}}]}, {"ruleId": "MINED014", "level": "error", "message": {"text": "[MINED014] Disabled Tls Verify: verify=False in requests, rejectUnauthorized:false in node, InsecureSkipVerify:true in Go."}, "properties": {"repobilityId": 117254, "scanner": "repobility-threat-engine", "fingerprint": "ec5149636b75dd53284a5ca145db4f29bf2dcd5f740d8cd80b4c89f290cd437f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "disabled-tls-verify", "owasp": "A02:2021", "cwe_ids": ["CWE-295"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347930+00:00", "triaged_in_corpus": 15, "observations_count": 86916, "ai_coder_pattern_id": 16}, "scanner": "repobility-threat-engine", "correlation_key": "fp|ec5149636b75dd53284a5ca145db4f29bf2dcd5f740d8cd80b4c89f290cd437f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/pr_review/workflow.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 117244, "scanner": "repobility-threat-engine", "fingerprint": "fc6ee50847c6c5ea1d0a5904a58518846b668e1139d3c61226ee8b73ecf6f9f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/create\")\nasync def api_create_note(req: CreateNoteRequest)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|fc6ee50847c6c5ea1d0a5904a58518846b668e1139d3c61226ee8b73ecf6f9f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 31}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 117243, "scanner": "repobility-threat-engine", "fingerprint": "3c0c851a1b021258eaaa4027a02b191cdccff4e49b0807d072b1048a33a2d89c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/send\")\nasync def api_send(req: SendRequest)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3c0c851a1b021258eaaa4027a02b191cdccff4e49b0807d072b1048a33a2d89c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/maild/service.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC135", "level": "error", "message": {"text": "[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we see in AI-generated SaaS code: the AI builds the route, builds the handler, and forgets to wire the auth check that the rest of the codebase uses. CWE-862 (missing authorization). High-severity because the route is fully functional, just unprotected \u2014 attackers can call it directly."}, "properties": {"repobilityId": 117242, "scanner": "repobility-threat-engine", "fingerprint": "1518e3ed5dd2750f1c435820b7af24fba2ae21248e1c7f1408d1e758007f878b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "@router.post(\"/create\")\nasync def api_create_event(req: CreateEventRequest)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC135", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1518e3ed5dd2750f1c435820b7af24fba2ae21248e1c7f1408d1e758007f878b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/calendard/service.py"}, "region": {"startLine": 25}}}]}, {"ruleId": "SEC078", "level": "error", "message": {"text": "[SEC078] Python: requests without timeout: requests.get/post without a timeout will hang indefinitely on a non-responsive server, causing thread exhaustion and ReDoS. Ported from bandit B113 (Apache-2.0). NOTE: this regex is heuristic; a real AST check is preferred for accuracy."}, "properties": {"repobilityId": 117240, "scanner": "repobility-threat-engine", "fingerprint": "e1d22631a312f07e87377eff9b9fa23c398ac1b273f8e4f20ad0adba1ee14651", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "requests.post(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC078", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e1d22631a312f07e87377eff9b9fa23c398ac1b273f8e4f20ad0adba1ee14651"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/braind/significance_filter.py"}, "region": {"startLine": 146}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 117239, "scanner": "repobility-threat-engine", "fingerprint": "ac72291a74e07a93b9b1b11a4b773ddd3abc0a7c685f2fdf67af6cc06a0f0b68", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(code", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ac72291a74e07a93b9b1b11a4b773ddd3abc0a7c685f2fdf67af6cc06a0f0b68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/marketplace/sandbox.py"}, "region": {"startLine": 155}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 117238, "scanner": "repobility-threat-engine", "fingerprint": "3c594f539082f3831b77e1a34cc8a7c4f355f0eee67c1fefbb7913ba2fc0eba1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(open", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3c594f539082f3831b77e1a34cc8a7c4f355f0eee67c1fefbb7913ba2fc0eba1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/security_audit.py"}, "region": {"startLine": 46}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 117213, "scanner": "repobility-threat-engine", "fingerprint": "3c1bf2bf4136a367346e701418b7f87726ae9a43d2c79c6d08a7e83e38705ca8", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(request", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|50|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clients/desktop/launch_command_center.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 117211, "scanner": "repobility-threat-engine", "fingerprint": "b4e18b2dff68d57bc42a3eca236fc6540a213da379aa4284d373c35818ada198", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r'(https?://|`\\w+`|\\bAPI\\b|\\bSQL\\b|\\bJSON\\b|function|class|method)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|110|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/braind/significance_filter.py"}, "region": {"startLine": 110}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 117210, "scanner": "repobility-threat-engine", "fingerprint": "e9fc5f24971358276bb905b207472f478978c852bc68153e14c7ca6e0bc02b95", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"(\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|scripts/verify_repo.py|98|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/verify_repo.py"}, "region": {"startLine": 98}}}]}, {"ruleId": "SEC103", "level": "error", "message": {"text": "[SEC103] LDAP injection \u2014 non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts."}, "properties": {"repobilityId": 117209, "scanner": "repobility-threat-engine", "fingerprint": "2c4561b75b5c23190b89e0f1d2d6336c9a6ec4e50bebb01c7c979b88b6c8c3e2", "category": "injection", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".search(r\"page size of (\\d+)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC103", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|clawos_core/platform.py|115|sec103"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawos_core/platform.py"}, "region": {"startLine": 115}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 117203, "scanner": "repobility-threat-engine", "fingerprint": "d42ecbb4e350f17bcb7ac6b29e4db09173def4c5298636bed67485eca1b4f1dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "state.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d42ecbb4e350f17bcb7ac6b29e4db09173def4c5298636bed67485eca1b4f1dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/providers.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 117202, "scanner": "repobility-threat-engine", "fingerprint": "9c25edaeadc7cd5202bf4b7a1ae0be67df079d98be5dc7d18af53a4e668db303", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "state.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9c25edaeadc7cd5202bf4b7a1ae0be67df079d98be5dc7d18af53a4e668db303"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/packs.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 117201, "scanner": "repobility-threat-engine", "fingerprint": "cae5120f6071bd6506cd37620a69ca55985a360e1a8881bb0cc72d8933ddd5f9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "state.save()", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cae5120f6071bd6506cd37620a69ca55985a360e1a8881bb0cc72d8933ddd5f9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/extensions.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 117195, "scanner": "repobility-threat-engine", "fingerprint": "2ab7712a7c4aeb7e666abff43d4ef266b2ab144f54af75996240b0365d372147", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2ab7712a7c4aeb7e666abff43d4ef266b2ab144f54af75996240b0365d372147"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/mcp-demo.py"}, "region": {"startLine": 105}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 117194, "scanner": "repobility-threat-engine", "fingerprint": "b8ff97d5fe56f4392926be86dc4db531d7652ff71f9fa197a2e506be85f47aae", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b8ff97d5fe56f4392926be86dc4db531d7652ff71f9fa197a2e506be85f47aae"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "dashboard/nexus-command/serve.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED006", "level": "error", "message": {"text": "[MINED006] Overcatch Baseexception: except BaseException: ... \u2014 prevents Ctrl+C and SystemExit from working."}, "properties": {"repobilityId": 117193, "scanner": "repobility-threat-engine", "fingerprint": "2b4f245007ccbc28f54fae4df1beb111be0d6babc85c402396603de909c5589b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "overcatch-baseexception", "owasp": null, "cwe_ids": ["CWE-705"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347911+00:00", "triaged_in_corpus": 15, "observations_count": 230624, "ai_coder_pattern_id": 8}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2b4f245007ccbc28f54fae4df1beb111be0d6babc85c402396603de909c5589b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/dashboard.py"}, "region": {"startLine": 273}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 117187, "scanner": "repobility-threat-engine", "fingerprint": "cca9ffcc4b5ee18844d0741a932e4fa64a44d5e9727231037ea3e2f00e25d753", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cca9ffcc4b5ee18844d0741a932e4fa64a44d5e9727231037ea3e2f00e25d753"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/mcpd.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 117186, "scanner": "repobility-threat-engine", "fingerprint": "87808aa05194007432d1e8a96cf65e603a4413433229d6c0b400d84dd23ccf4d", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|87808aa05194007432d1e8a96cf65e603a4413433229d6c0b400d84dd23ccf4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/dashboard.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 117185, "scanner": "repobility-threat-engine", "fingerprint": "0b0fab65bbfe23165df185b869c5edd1d4168b3e6761b522fcf4308a72b4cd02", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0b0fab65bbfe23165df185b869c5edd1d4168b3e6761b522fcf4308a72b4cd02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/compare.py"}, "region": {"startLine": 71}}}]}, {"ruleId": "SEC020", "level": "error", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 117181, "scanner": "repobility-threat-engine", "fingerprint": "97918e94169c2f7f0e9a01d0f13cb44908cd6f48168f04de163364a34db338cd", "category": "credential_exposure", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Credential-bearing variable appears to be printed or logged", "evidence": {"match": "print(f\"\\n  Daily limit: {DEFAULT_DAILY_TOKEN_BUDGET:,} tokens per workspace\\n\")", "reason": "Credential-bearing variable appears to be printed or logged", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.85, "correlation_key": "secret|clawctl/commands/budget.py|2|print f n daily limit: default_daily_token_budget: tokens per workspace n"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/budget.py"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 117171, "scanner": "repobility-threat-engine", "fingerprint": "b3ecc72bd5e6eefdcc94046c1ec7fe182d8272e9836a06f6fc29c7134050da0c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b3ecc72bd5e6eefdcc94046c1ec7fe182d8272e9836a06f6fc29c7134050da0c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "packaging/iso/hooks/01-install-deps.sh"}, "region": {"startLine": 31}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 117170, "scanner": "repobility-threat-engine", "fingerprint": "595647649844f86f0a2f89611c327f9f51ad60dee6bb01f590f5d99e944f4099", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|595647649844f86f0a2f89611c327f9f51ad60dee6bb01f590f5d99e944f4099"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/model.py"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED012", "level": "error", "message": {"text": "[MINED012] Curl Pipe Bash: curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"repobilityId": 117169, "scanner": "repobility-threat-engine", "fingerprint": "fee28c3f74c460a109b5288a72b8a987dd4471ce43a3e04c25e74ca38a8ca437", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "curl-pipe-bash", "owasp": "A08:2021", "cwe_ids": ["CWE-494"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347926+00:00", "triaged_in_corpus": 15, "observations_count": 135001, "ai_coder_pattern_id": 25}, "scanner": "repobility-threat-engine", "correlation_key": "fp|fee28c3f74c460a109b5288a72b8a987dd4471ce43a3e04c25e74ca38a8ca437"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "bootstrap/model_provision.py"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 117167, "scanner": "repobility-threat-engine", "fingerprint": "1b1fb20a8064775b3b6e707ede89bef6e94af1a5a33dd1126734025a6f2dfd4e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1b1fb20a8064775b3b6e707ede89bef6e94af1a5a33dd1126734025a6f2dfd4e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/omi.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 117166, "scanner": "repobility-threat-engine", "fingerprint": "3c9bb5081eb56949b2b0d25550a1bdfe88acedc24b0715930693b318e97d2f4a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3c9bb5081eb56949b2b0d25550a1bdfe88acedc24b0715930693b318e97d2f4a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/dashboard.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 117165, "scanner": "repobility-threat-engine", "fingerprint": "73999c5f2f0c74d0f6681fdc3f012adcc104fbcd7396f78f8fae0183a9bade2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|73999c5f2f0c74d0f6681fdc3f012adcc104fbcd7396f78f8fae0183a9bade2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "adapters/memory/graph_adapter.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117120, "scanner": "repobility-supply-chain", "fingerprint": "0ff9573732476530304a8ff4a4ae92ef9f3bf085d30e1e8c8d789582641983b0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|0ff9573732476530304a8ff4a4ae92ef9f3bf085d30e1e8c8d789582641983b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/security.yml"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 117119, "scanner": "repobility-supply-chain", "fingerprint": "c76fcee8d0e7b6128bbaedf5bf71ae6f85279b6b5250acd2f4be8149af480601", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c76fcee8d0e7b6128bbaedf5bf71ae6f85279b6b5250acd2f4be8149af480601"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/security.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117118, "scanner": "repobility-supply-chain", "fingerprint": "d9d2ce050389c5301b3cbf5be586ac00c1497d0b70db6c6d5d2ff588ab13889c", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|d9d2ce050389c5301b3cbf5be586ac00c1497d0b70db6c6d5d2ff588ab13889c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/security.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117117, "scanner": "repobility-supply-chain", "fingerprint": "85437b1d2042c524828d6636dcac230c960efe33b9cfa24993472e1cdb8ec403", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|85437b1d2042c524828d6636dcac230c960efe33b9cfa24993472e1cdb8ec403"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 50}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117116, "scanner": "repobility-supply-chain", "fingerprint": "cc72f92fcbe18427474f16ce9854cfdc27fa1d90ed746dc88422316763629c96", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|cc72f92fcbe18427474f16ce9854cfdc27fa1d90ed746dc88422316763629c96"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 18}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 117115, "scanner": "repobility-supply-chain", "fingerprint": "c15f4beffdff6ee5b14342901a58ed5c80c48475c6fe712aa2339532b0f76a4b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|c15f4beffdff6ee5b14342901a58ed5c80c48475c6fe712aa2339532b0f76a4b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117114, "scanner": "repobility-supply-chain", "fingerprint": "fffb138dec9615e79eab6c6234fce3b2e7d883c104881f4bfdbc9a8d79ed2283", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|fffb138dec9615e79eab6c6234fce3b2e7d883c104881f4bfdbc9a8d79ed2283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-node` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117113, "scanner": "repobility-supply-chain", "fingerprint": "46f12138b16893721723bf221eabd1c2989b09655005e6446cd4c632d4c1f68b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|46f12138b16893721723bf221eabd1c2989b09655005e6446cd4c632d4c1f68b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 76}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 117112, "scanner": "repobility-supply-chain", "fingerprint": "2c6b9b1f7bfa80efc0bf5cf51f21177eda45484737adab7b47e00459f36ea386", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2c6b9b1f7bfa80efc0bf5cf51f21177eda45484737adab7b47e00459f36ea386"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117111, "scanner": "repobility-supply-chain", "fingerprint": "470684e6094aef55815726527c71c5af06ccf57e43016358fc72b04bc9185194", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|470684e6094aef55815726527c71c5af06ccf57e43016358fc72b04bc9185194"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/upload-artifact` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117110, "scanner": "repobility-supply-chain", "fingerprint": "554b125eecc793888a4969d71673be2a2f78ace3e6615e6d2752b4acf83d6b73", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|554b125eecc793888a4969d71673be2a2f78ace3e6615e6d2752b4acf83d6b73"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 117109, "scanner": "repobility-supply-chain", "fingerprint": "60597e612fff385ff38e57ad0d937c97b2e23996e038f03cbe5d29b99f558eba", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|60597e612fff385ff38e57ad0d937c97b2e23996e038f03cbe5d29b99f558eba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117108, "scanner": "repobility-supply-chain", "fingerprint": "3979c386df7930d5b772af61c970ea214599d4bc16426ef059a3184c236b320b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|3979c386df7930d5b772af61c970ea214599d4bc16426ef059a3184c236b320b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 27}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/setup-python` pinned to mutable ref `@v5`"}, "properties": {"repobilityId": 117107, "scanner": "repobility-supply-chain", "fingerprint": "97ffabc1e56b4f1c7db1fb43226e1999d838d1b1e41412f9ec8bf9838f8f918f", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|97ffabc1e56b4f1c7db1fb43226e1999d838d1b1e41412f9ec8bf9838f8f918f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "Action `actions/checkout` pinned to mutable ref `@v4`"}, "properties": {"repobilityId": 117106, "scanner": "repobility-supply-chain", "fingerprint": "634675b936a57eeb302bcae8c2381f0e781d480bfe5aa082e06e1d5bbd5da39b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|634675b936a57eeb302bcae8c2381f0e781d480bfe5aa082e06e1d5bbd5da39b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/ci.yml"}, "region": {"startLine": 14}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /create has no auth"}, "properties": {"repobilityId": 117105, "scanner": "repobility-route-auth", "fingerprint": "aefa99ca2acd7c39524fbd704310c65a302a4bf250f66c5ad91c047693b61d5d", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|aefa99ca2acd7c39524fbd704310c65a302a4bf250f66c5ad91c047693b61d5d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/calendard/service.py"}, "region": {"startLine": 26}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /voiced-webhook has no auth"}, "properties": {"repobilityId": 117104, "scanner": "repobility-route-auth", "fingerprint": "ff41ad43a896e3717a7ab839dfba4f66b3d072cca397c5cbf510e2122da8fb98", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|ff41ad43a896e3717a7ab839dfba4f66b3d072cca397c5cbf510e2122da8fb98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/waketrd/main.py"}, "region": {"startLine": 142}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /trigger has no auth"}, "properties": {"repobilityId": 117103, "scanner": "repobility-route-auth", "fingerprint": "d421b51a5bdf765b53c9726b8b24aaa335d18479e8b9079a4b17c2133ad4e1ea", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d421b51a5bdf765b53c9726b8b24aaa335d18479e8b9079a4b17c2133ad4e1ea"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/waketrd/main.py"}, "region": {"startLine": 58}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /reminders has no auth"}, "properties": {"repobilityId": 117102, "scanner": "repobility-route-auth", "fingerprint": "cc5b08b029aac323072e452c98128e7ca669a64327ba06763469ba0aab88ee70", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|cc5b08b029aac323072e452c98128e7ca669a64327ba06763469ba0aab88ee70"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/reminderd/main.py"}, "region": {"startLine": 255}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /mcp has no auth"}, "properties": {"repobilityId": 117101, "scanner": "repobility-route-auth", "fingerprint": "73bfdd4995a31b3e94246a5f172925dd8969050b316af04a37d15fef3836a712", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|73bfdd4995a31b3e94246a5f172925dd8969050b316af04a37d15fef3836a712"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/mcpd/main.py"}, "region": {"startLine": 633}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /send has no auth"}, "properties": {"repobilityId": 117100, "scanner": "repobility-route-auth", "fingerprint": "fd2137747c7998c31162ae0a6104b1ae0fa6d0382f3525c802f208884f7c6115", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|fd2137747c7998c31162ae0a6104b1ae0fa6d0382f3525c802f208884f7c6115"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/maild/service.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /a2a/tasks/send has no auth"}, "properties": {"repobilityId": 117099, "scanner": "repobility-route-auth", "fingerprint": "32e23afa49ba274995494c79c97882a5bdd49383728996c12ec2f550e56a8b98", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|32e23afa49ba274995494c79c97882a5bdd49383728996c12ec2f550e56a8b98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/a2ad/service.py"}, "region": {"startLine": 204}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /submit has no auth"}, "properties": {"repobilityId": 117098, "scanner": "repobility-route-auth", "fingerprint": "e6378a0bdbf5d4a35f0d4514c2542664cf119fe9647bf2edf89b6e55a0c36834", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e6378a0bdbf5d4a35f0d4514c2542664cf119fe9647bf2edf89b6e55a0c36834"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/agentd/service.py"}, "region": {"startLine": 211}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/v1/transcribe has no auth"}, "properties": {"repobilityId": 117097, "scanner": "repobility-route-auth", "fingerprint": "bc131ae33d6586d44fdefff3e1f1756a33a8f4ffa260dfd6890d52f3ce7e1947", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|bc131ae33d6586d44fdefff3e1f1756a33a8f4ffa260dfd6890d52f3ce7e1947"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/voiced/main.py"}, "region": {"startLine": 605}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/v1/speak has no auth"}, "properties": {"repobilityId": 117096, "scanner": "repobility-route-auth", "fingerprint": "c1f7a77c841a4d65d00dfefb226351a4e1d061563aade492acc38c52fd95927e", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|c1f7a77c841a4d65d00dfefb226351a4e1d061563aade492acc38c52fd95927e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/voiced/main.py"}, "region": {"startLine": 581}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI DELETE /{note_id} has no auth"}, "properties": {"repobilityId": 117095, "scanner": "repobility-route-auth", "fingerprint": "17f451a329e143e6b66a70d4068ac7e0120bb02724e95dcad0f867de9dfb833f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|17f451a329e143e6b66a70d4068ac7e0120bb02724e95dcad0f867de9dfb833f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI PUT /{note_id} has no auth"}, "properties": {"repobilityId": 117094, "scanner": "repobility-route-auth", "fingerprint": "839e633ced424f077ea37a49fcc06513a77ee4118d2c0b3bd2c95a60e2d0fe58", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|839e633ced424f077ea37a49fcc06513a77ee4118d2c0b3bd2c95a60e2d0fe58"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /create has no auth"}, "properties": {"repobilityId": 117093, "scanner": "repobility-route-auth", "fingerprint": "feb6e4ededce6fcb994df491195720e087ec95b1f8ade34992d9ec16a6431cf1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|feb6e4ededce6fcb994df491195720e087ec95b1f8ade34992d9ec16a6431cf1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/noted/service.py"}, "region": {"startLine": 32}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/v1/task has no auth"}, "properties": {"repobilityId": 117092, "scanner": "repobility-route-auth", "fingerprint": "612272843878b922cf74c9fef22ce4e659e44a17cbddab14e327dddb25e11226", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|612272843878b922cf74c9fef22ce4e659e44a17cbddab14e327dddb25e11226"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/desktopd/main.py"}, "region": {"startLine": 776}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/v1/action has no auth"}, "properties": {"repobilityId": 117091, "scanner": "repobility-route-auth", "fingerprint": "13991aace6d03641b30ebbe63c8ab7469dd4f0dd712e2b2ff48ee7256573ea8c", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|13991aace6d03641b30ebbe63c8ab7469dd4f0dd712e2b2ff48ee7256573ea8c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/desktopd/main.py"}, "region": {"startLine": 753}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/v1/screenshot has no auth"}, "properties": {"repobilityId": 117090, "scanner": "repobility-route-auth", "fingerprint": "972b1b7e3952249dfb9c6a6ad0b5383b5f3d8e1536d693c9d7e213ba7b66ace4", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|972b1b7e3952249dfb9c6a6ad0b5383b5f3d8e1536d693c9d7e213ba7b66ace4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/desktopd/main.py"}, "region": {"startLine": 741}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/workflows/{workflow_id}/run has no auth"}, "properties": {"repobilityId": 117089, "scanner": "repobility-route-auth", "fingerprint": "7045f50589d73fd03d38107d7a040ad62279474cf4f6abc36d70f6ba194a9e61", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|7045f50589d73fd03d38107d7a040ad62279474cf4f6abc36d70f6ba194a9e61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 663}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/nexus/chat has no auth"}, "properties": {"repobilityId": 117088, "scanner": "repobility-route-auth", "fingerprint": "445aa32bd1b9bf02856413f59d75e474800e705e28ba32dad251f40ee15ee24f", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|445aa32bd1b9bf02856413f59d75e474800e705e28ba32dad251f40ee15ee24f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 625}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/agents/{workspace_id}/reset has no auth"}, "properties": {"repobilityId": 117087, "scanner": "repobility-route-auth", "fingerprint": "cc50c0fb87d81f02581a05bfdf1298df13a22cdc5b9cb19b3f54c119795f15b3", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|cc50c0fb87d81f02581a05bfdf1298df13a22cdc5b9cb19b3f54c119795f15b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 613}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/delegate has no auth"}, "properties": {"repobilityId": 117086, "scanner": "repobility-route-auth", "fingerprint": "815e7c90f5f72238de35356b6cb5ed1ea520087e02e50f570233de7c0d88d6c5", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|815e7c90f5f72238de35356b6cb5ed1ea520087e02e50f570233de7c0d88d6c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 569}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI DELETE /api/models/{model_name} has no auth"}, "properties": {"repobilityId": 117085, "scanner": "repobility-route-auth", "fingerprint": "303d803257f1ef82c79efb3c40ee47c20cef831411de8bf7b4918998a1733ddd", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|303d803257f1ef82c79efb3c40ee47c20cef831411de8bf7b4918998a1733ddd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 290}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/models/{model_name}/pull has no auth"}, "properties": {"repobilityId": 117084, "scanner": "repobility-route-auth", "fingerprint": "d926753bd77406fee505e0da7eb09cb7b60ff11445bfe9fcb8c1ee6c1c1e639a", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|d926753bd77406fee505e0da7eb09cb7b60ff11445bfe9fcb8c1ee6c1c1e639a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 283}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/approvals/{approval_id}/deny has no auth"}, "properties": {"repobilityId": 117083, "scanner": "repobility-route-auth", "fingerprint": "08b4b6e50e9886cdf9c15112bdf2ea4b1304e75bfb11eb1521d4c13372070572", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|08b4b6e50e9886cdf9c15112bdf2ea4b1304e75bfb11eb1521d4c13372070572"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 248}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/approvals/{approval_id}/approve has no auth"}, "properties": {"repobilityId": 117082, "scanner": "repobility-route-auth", "fingerprint": "c292c5fe4e8407d109284ec736e9414d7a42fdd06c1e34ccbd177bd8496e5dd1", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|c292c5fe4e8407d109284ec736e9414d7a42fdd06c1e34ccbd177bd8496e5dd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 243}}}]}, {"ruleId": "MINED112", "level": "error", "message": {"text": "FastAPI POST /api/tasks/submit has no auth"}, "properties": {"repobilityId": 117081, "scanner": "repobility-route-auth", "fingerprint": "e5a0d994283bbc1002796b4863ecf387689c20cbcd4f7f907e6c0760014b6331", "category": "quality", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "fastapi-destructive-unauth", "owasp": "A01:2021", "cwe_ids": ["CWE-306", "CWE-862"], "languages": ["python", "javascript"], "observations_count": 10455}, "scanner": "repobility-route-auth", "correlation_key": "fp|e5a0d994283bbc1002796b4863ecf387689c20cbcd4f7f907e6c0760014b6331"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/dashboard-backend/service.py"}, "region": {"startLine": 186}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `urllib.request.urlopen` inside async function `morning_briefing`"}, "properties": {"repobilityId": 117078, "scanner": "repobility-ast-engine", "fingerprint": "32b9d43356fd782095903e75ca841060e4ceaa2051ea3df02b727d18b15cadd5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|32b9d43356fd782095903e75ca841060e4ceaa2051ea3df02b727d18b15cadd5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 1431}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `urllib.request.urlopen` inside async function `morning_briefing`"}, "properties": {"repobilityId": 117077, "scanner": "repobility-ast-engine", "fingerprint": "69bbe41a927d84f5e114ffae4f511395f8224349f0305ece6b3c8519b2839b79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69bbe41a927d84f5e114ffae4f511395f8224349f0305ece6b3c8519b2839b79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 1392}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_provider"}, "properties": {"repobilityId": 117075, "scanner": "repobility-ast-engine", "fingerprint": "434089105f399b186e418b1bc27d6be7348f2c45efdef9efeac0f67fab1446a5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|434089105f399b186e418b1bc27d6be7348f2c45efdef9efeac0f67fab1446a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 1226}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `urllib.request.urlopen` inside async function `extract_and_append`"}, "properties": {"repobilityId": 117074, "scanner": "repobility-ast-engine", "fingerprint": "1f49969855349e96dc2ad80a0c0343335594a8e176e75ad758271c804fd89f24", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1f49969855349e96dc2ad80a0c0343335594a8e176e75ad758271c804fd89f24"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/memd/service.py"}, "region": {"startLine": 799}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `urllib.request.Request` inside async function `extract_and_append`"}, "properties": {"repobilityId": 117073, "scanner": "repobility-ast-engine", "fingerprint": "869c484c85225184a11bae5d2b5135bc967f0eb3ae4cd3bb8f838bf4b6cc6030", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|869c484c85225184a11bae5d2b5135bc967f0eb3ae4cd3bb8f838bf4b6cc6030"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/memd/service.py"}, "region": {"startLine": 794}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_wake_word"}, "properties": {"repobilityId": 117071, "scanner": "repobility-ast-engine", "fingerprint": "9aee2eecd2bcfb65eeeffde5af0d85e148893e60974383ad64444f16f5e0ac97", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9aee2eecd2bcfb65eeeffde5af0d85e148893e60974383ad64444f16f5e0ac97"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/voiced/service.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_pipeline"}, "properties": {"repobilityId": 117070, "scanner": "repobility-ast-engine", "fingerprint": "3ccd4669dddad92b30c586b306ccdb9fb8355a7fddcb170407e42f7574124d9e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3ccd4669dddad92b30c586b306ccdb9fb8355a7fddcb170407e42f7574124d9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/voiced/service.py"}, "region": {"startLine": 344}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_microphone"}, "properties": {"repobilityId": 117069, "scanner": "repobility-ast-engine", "fingerprint": "116dd600d0922fb95ec294d5d2733dc481147a4d458073ecf05b02e2b2a3f593", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|116dd600d0922fb95ec294d5d2733dc481147a4d458073ecf05b02e2b2a3f593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/voiced/service.py"}, "region": {"startLine": 319}}}]}, {"ruleId": "MINED110", "level": "error", "message": {"text": "Blocking call `input` inside async function `run_repl`"}, "properties": {"repobilityId": 117068, "scanner": "repobility-ast-engine", "fingerprint": "e7a0fe5ba5371450496b8dba32d27a0f105befa5a7b56450ad5e2a65c447be03", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "asyncio-blocking-call", "owasp": null, "cwe_ids": ["CWE-833"], "languages": ["python"], "observations_count": 31606}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e7a0fe5ba5371450496b8dba32d27a0f105befa5a7b56450ad5e2a65c447be03"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clients/cli/repl.py"}, "region": {"startLine": 170}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_set_mode_off"}, "properties": {"repobilityId": 117067, "scanner": "repobility-ast-engine", "fingerprint": "da87af9e5f65c12308a22b1e446ff8b9d1525ee27c96b9b0b35f74c641ea60df", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da87af9e5f65c12308a22b1e446ff8b9d1525ee27c96b9b0b35f74c641ea60df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_voice.py"}, "region": {"startLine": 161}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_register_duplicate_raises"}, "properties": {"repobilityId": 117066, "scanner": "repobility-ast-engine", "fingerprint": "ce8b17680c3d436b69bec13b464947d17dbedf8fdc7b616ab7be3f92a74c657d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ce8b17680c3d436b69bec13b464947d17dbedf8fdc7b616ab7be3f92a74c657d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_circuit_breaker.py"}, "region": {"startLine": 167}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_timeout_raises"}, "properties": {"repobilityId": 117065, "scanner": "repobility-ast-engine", "fingerprint": "9e77d9e7f72f850616bd2f5cab84eb48a28f2b6d63f82e7244ffad8255156188", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9e77d9e7f72f850616bd2f5cab84eb48a28f2b6d63f82e7244ffad8255156188"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_circuit_breaker.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_threshold_raises"}, "properties": {"repobilityId": 117064, "scanner": "repobility-ast-engine", "fingerprint": "f8865553db731f22f78edf784706c070a5caa66a6f3eb58d2f259458e6328fab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f8865553db731f22f78edf784706c070a5caa66a6f3eb58d2f259458e6328fab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_circuit_breaker.py"}, "region": {"startLine": 38}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_watcher_called_on_status_change"}, "properties": {"repobilityId": 117063, "scanner": "repobility-ast-engine", "fingerprint": "f3cd43664e1fb49b66fdb012350ac26ab47a71cc32fa4f9c378b5b78ee523269", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f3cd43664e1fb49b66fdb012350ac26ab47a71cc32fa4f9c378b5b78ee523269"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_service_registry.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_invalid_query_raises_error"}, "properties": {"repobilityId": 117062, "scanner": "repobility-ast-engine", "fingerprint": "3dfd9316e9b5462969bb4219a8ffa1130ebdcbefb5ef35f4dd3428af28345c2c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3dfd9316e9b5462969bb4219a8ffa1130ebdcbefb5ef35f4dd3428af28345c2c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_database.py"}, "region": {"startLine": 94}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_connection_health_check"}, "properties": {"repobilityId": 117061, "scanner": "repobility-ast-engine", "fingerprint": "11c17b0b17ca951f032b6ec31d93b91d43328eb032bad5051ab22d0fa9663db4", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|11c17b0b17ca951f032b6ec31d93b91d43328eb032bad5051ab22d0fa9663db4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/unit/test_database.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_tier_assignment_C"}, "properties": {"repobilityId": 117060, "scanner": "repobility-ast-engine", "fingerprint": "057f4706023557336f4fba1fb6ee9725799a8f17789088155300840e5ce83443", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|057f4706023557336f4fba1fb6ee9725799a8f17789088155300840e5ce83443"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/cli/test_cookbook.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_playwright_adapter_raises_when_unavailable"}, "properties": {"repobilityId": 117059, "scanner": "repobility-ast-engine", "fingerprint": "fd69932cbf008094a739d861df0d70fa357d0621040dc8b11a430525092cd514", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fd69932cbf008094a739d861df0d70fa357d0621040dc8b11a430525092cd514"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/system/test_phase13_browser.py"}, "region": {"startLine": 23}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_sandbox_permission_check"}, "properties": {"repobilityId": 117058, "scanner": "repobility-ast-engine", "fingerprint": "aaf75ad44c7eb41ce49c84aa3b091adbf7fef2a0e7063b80151b2bc556d712d6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|aaf75ad44c7eb41ce49c84aa3b091adbf7fef2a0e7063b80151b2bc556d712d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/system/test_phase15_skills.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_require_premium_blocks_free"}, "properties": {"repobilityId": 117057, "scanner": "repobility-ast-engine", "fingerprint": "d37e60a885a8932fc9f1770118a1ccc191ed87ad558ca6f3a5a391dedfa6e998", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d37e60a885a8932fc9f1770118a1ccc191ed87ad558ca6f3a5a391dedfa6e998"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/system/test_phase16_license.py"}, "region": {"startLine": 227}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_wake_word"}, "properties": {"repobilityId": 117056, "scanner": "repobility-ast-engine", "fingerprint": "8ee924f09d1e9d5e21649e167eaa3e7453011ab6cdf74c506dbe5455270a50a6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8ee924f09d1e9d5e21649e167eaa3e7453011ab6cdf74c506dbe5455270a50a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/system/test_voice_pipeline.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_pipeline"}, "properties": {"repobilityId": 117055, "scanner": "repobility-ast-engine", "fingerprint": "8e4c6641c010fab248358ffde3f893c1b56a2af5be025417b0245a88ae844336", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8e4c6641c010fab248358ffde3f893c1b56a2af5be025417b0245a88ae844336"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/system/test_voice_pipeline.py"}, "region": {"startLine": 88}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_microphone"}, "properties": {"repobilityId": 117054, "scanner": "repobility-ast-engine", "fingerprint": "af3d658212587d41c8e77c6d18a31c3d258aca7ed1226fc559470b7154b75346", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|af3d658212587d41c8e77c6d18a31c3d258aca7ed1226fc559470b7154b75346"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/system/test_voice_pipeline.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_file_security"}, "properties": {"repobilityId": 117053, "scanner": "repobility-ast-engine", "fingerprint": "7163860ee49c014f8bc843f7d6e078ed2e707f7c5d8e2498b011b0bd38f9f10c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7163860ee49c014f8bc843f7d6e078ed2e707f7c5d8e2498b011b0bd38f9f10c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/services/test_sandboxd.py"}, "region": {"startLine": 126}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "Phantom test coverage: test_provider_profile"}, "properties": {"repobilityId": 117049, "scanner": "repobility-ast-engine", "fingerprint": "820e87175704e9a6224d99689938da3a97706f0574ce6104240bcf363230c6e1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|820e87175704e9a6224d99689938da3a97706f0574ce6104240bcf363230c6e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawos_core/catalog.py"}, "region": {"startLine": 623}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._start_step` used but never assigned in __init__"}, "properties": {"repobilityId": 117022, "scanner": "repobility-ast-engine", "fingerprint": "6a918fbeadf1775474f8d14d66f74f54dc4b98a15b2036a0312223a3db5747ff", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6a918fbeadf1775474f8d14d66f74f54dc4b98a15b2036a0312223a3db5747ff"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 264}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_completed_steps` used but never assigned in __init__"}, "properties": {"repobilityId": 117021, "scanner": "repobility-ast-engine", "fingerprint": "8157baec97558f6902d75ef874054a8e9244e3d7f2c3a938384dcfadb909c7d5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8157baec97558f6902d75ef874054a8e9244e3d7f2c3a938384dcfadb909c7d5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 245}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._resume_workflow` used but never assigned in __init__"}, "properties": {"repobilityId": 117020, "scanner": "repobility-ast-engine", "fingerprint": "ed9685df668b92018ef06b6a888a3ca028c356b8b85b6d132747df2129ed8e00", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ed9685df668b92018ef06b6a888a3ca028c356b8b85b6d132747df2129ed8e00"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._complete_run` used but never assigned in __init__"}, "properties": {"repobilityId": 117019, "scanner": "repobility-ast-engine", "fingerprint": "8453254dd9a1eaa21a30dbdfa20903d5c5433e2c360f8b92cab6de33aa094be6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8453254dd9a1eaa21a30dbdfa20903d5c5433e2c360f8b92cab6de33aa094be6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 231}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._execute_workflow` used but never assigned in __init__"}, "properties": {"repobilityId": 117018, "scanner": "repobility-ast-engine", "fingerprint": "2dded5569f3b475d334df2448cce1130a0fc670731e7d13b1eee3bb0a8f555f1", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2dded5569f3b475d334df2448cce1130a0fc670731e7d13b1eee3bb0a8f555f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 225}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._complete_run` used but never assigned in __init__"}, "properties": {"repobilityId": 117017, "scanner": "repobility-ast-engine", "fingerprint": "2285b02444c1144f826b64051f6a14fe613524429b2c688af6706ab1610496ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2285b02444c1144f826b64051f6a14fe613524429b2c688af6706ab1610496ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 226}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_pending_run` used but never assigned in __init__"}, "properties": {"repobilityId": 117016, "scanner": "repobility-ast-engine", "fingerprint": "c347b7394a9fd1098a63f234349a9d7c6764ee5cb6c2a2e35f51c4a78084ae5b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c347b7394a9fd1098a63f234349a9d7c6764ee5cb6c2a2e35f51c4a78084ae5b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 213}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._create_run` used but never assigned in __init__"}, "properties": {"repobilityId": 117015, "scanner": "repobility-ast-engine", "fingerprint": "d630efbaded960f08de84329baf06f1a1f4706cd17097cbfb9a758c92cade2d7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d630efbaded960f08de84329baf06f1a1f4706cd17097cbfb9a758c92cade2d7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/durable_engine.py"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._file_type_reason` used but never assigned in __init__"}, "properties": {"repobilityId": 117014, "scanner": "repobility-ast-engine", "fingerprint": "bf14be292dc28662ba673dadf8684b44e441f101c67020e7bd3907c75bace3dd", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bf14be292dc28662ba673dadf8684b44e441f101c67020e7bd3907c75bace3dd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 202}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_platform` used but never assigned in __init__"}, "properties": {"repobilityId": 117013, "scanner": "repobility-ast-engine", "fingerprint": "769c8cce8ac265172f85111ea887b32e5f2afb387a31a06df8e525c195680b52", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|769c8cce8ac265172f85111ea887b32e5f2afb387a31a06df8e525c195680b52"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 180}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_platform` used but never assigned in __init__"}, "properties": {"repobilityId": 117012, "scanner": "repobility-ast-engine", "fingerprint": "ff8f57e5037f70352f8db6aa9cf33543955a28f957f326dee36b562f3b7eddc6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff8f57e5037f70352f8db6aa9cf33543955a28f957f326dee36b562f3b7eddc6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._profile_bonus` used but never assigned in __init__"}, "properties": {"repobilityId": 117011, "scanner": "repobility-ast-engine", "fingerprint": "cdb18622dfde4bafcfcb95a1dcb0079bb2805844aadc824caf4047c33857f02a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cdb18622dfde4bafcfcb95a1dcb0079bb2805844aadc824caf4047c33857f02a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 205}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._file_type_bonus` used but never assigned in __init__"}, "properties": {"repobilityId": 117010, "scanner": "repobility-ast-engine", "fingerprint": "b5a3a4c35573e9c9d491406294598d14ed38dd14cfe7d65528abadf1f28fcd3c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b5a3a4c35573e9c9d491406294598d14ed38dd14cfe7d65528abadf1f28fcd3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._score` used but never assigned in __init__"}, "properties": {"repobilityId": 117009, "scanner": "repobility-ast-engine", "fingerprint": "6d6cd2172104cb6076eaaa205b64d674d462fda7f96831d0acd1c35890faefce", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6d6cd2172104cb6076eaaa205b64d674d462fda7f96831d0acd1c35890faefce"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 109}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self.scan` used but never assigned in __init__"}, "properties": {"repobilityId": 117008, "scanner": "repobility-ast-engine", "fingerprint": "22cf8affed8e2b9cfa48c3a1fa8e2b4ce3d9eb17a3268bf0ad2fb0e11f6cb494", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|22cf8affed8e2b9cfa48c3a1fa8e2b4ce3d9eb17a3268bf0ad2fb0e11f6cb494"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._check_ports` used but never assigned in __init__"}, "properties": {"repobilityId": 117007, "scanner": "repobility-ast-engine", "fingerprint": "45fa7946f540577d941f3dd0fa764001f1a31a8c2d1c54db2c39d27499ccddac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45fa7946f540577d941f3dd0fa764001f1a31a8c2d1c54db2c39d27499ccddac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._scan_file_types` used but never assigned in __init__"}, "properties": {"repobilityId": 117006, "scanner": "repobility-ast-engine", "fingerprint": "028c5bd367be86075b42e86c25350879c6beda1ec443664c9fcab5868914db89", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|028c5bd367be86075b42e86c25350879c6beda1ec443664c9fcab5868914db89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/discovery.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_platform` used but never assigned in __init__"}, "properties": {"repobilityId": 117005, "scanner": "repobility-ast-engine", "fingerprint": "8a414466dcc4098b771cea986fdf2e053c0ed947721ff72402415046f16dcfe7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8a414466dcc4098b771cea986fdf2e053c0ed947721ff72402415046f16dcfe7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 293}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._current_platform` used but never assigned in __init__"}, "properties": {"repobilityId": 117004, "scanner": "repobility-ast-engine", "fingerprint": "bd30f3b1fdb95445e88e5e31e58626a241676c2f7fe197a62b725e3c9f17836a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bd30f3b1fdb95445e88e5e31e58626a241676c2f7fe197a62b725e3c9f17836a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._normalize_platform` used but never assigned in __init__"}, "properties": {"repobilityId": 117003, "scanner": "repobility-ast-engine", "fingerprint": "fc20523517ae53cfd84e3bc5cbd2e10aedab0ab79d8a4280adf0dbd7d6c2e91a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc20523517ae53cfd84e3bc5cbd2e10aedab0ab79d8a4280adf0dbd7d6c2e91a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 292}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._current_platform` used but never assigned in __init__"}, "properties": {"repobilityId": 117002, "scanner": "repobility-ast-engine", "fingerprint": "69d76c4cfd3e21f6bcf19e6e369fbd8c2b118edfb5efbb6e49bdd46a87210717", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|69d76c4cfd3e21f6bcf19e6e369fbd8c2b118edfb5efbb6e49bdd46a87210717"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 171}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._get_agent` used but never assigned in __init__"}, "properties": {"repobilityId": 117001, "scanner": "repobility-ast-engine", "fingerprint": "6bca8d309c12b271f4b5dc0df53e9d6f542c2a147718779b53a5923837ee7dab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bca8d309c12b271f4b5dc0df53e9d6f542c2a147718779b53a5923837ee7dab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._gate_policyd` used but never assigned in __init__"}, "properties": {"repobilityId": 117000, "scanner": "repobility-ast-engine", "fingerprint": "b441722c1b17da035f925dec7965041120a2e33ad25f191f14b40b5fbbf12298", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b441722c1b17da035f925dec7965041120a2e33ad25f191f14b40b5fbbf12298"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 188}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._emit` used but never assigned in __init__"}, "properties": {"repobilityId": 116999, "scanner": "repobility-ast-engine", "fingerprint": "f033e61a2ed8317ecc0e8d66480e1a31a4d9abe97c6feb09ff45ed9bac62ada8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f033e61a2ed8317ecc0e8d66480e1a31a4d9abe97c6feb09ff45ed9bac62ada8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 237}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "`self._supports_platform` used but never assigned in __init__"}, "properties": {"repobilityId": 116998, "scanner": "repobility-ast-engine", "fingerprint": "f17f617c1c28523054f1872e5d2a178a599bb9401087df50d78ce2c23b1259bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f17f617c1c28523054f1872e5d2a178a599bb9401087df50d78ce2c23b1259bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "workflows/engine.py"}, "region": {"startLine": 166}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 117208, "scanner": "repobility-threat-engine", "fingerprint": "30b72e2ff2c6bc5a6d02e072ab1895c4ef5436f1da9d83102f470f7ad075a5b1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(self", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|30b72e2ff2c6bc5a6d02e072ab1895c4ef5436f1da9d83102f470f7ad075a5b1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawos_core/feature_gate.py"}, "region": {"startLine": 90}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 117080, "scanner": "repobility-ast-engine", "fingerprint": "078949981cbed7f76e75191bb36a7412fd6a072ed56cd5c2a4a09cccaec491ca", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|078949981cbed7f76e75191bb36a7412fd6a072ed56cd5c2a4a09cccaec491ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/notebooks/main.py"}, "region": {"startLine": 405}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `html` used but not imported"}, "properties": {"repobilityId": 117079, "scanner": "repobility-ast-engine", "fingerprint": "2bd90993642024e0ead70f1e38968c4faf966e7858378960c190dedac01db064", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2bd90993642024e0ead70f1e38968c4faf966e7858378960c190dedac01db064"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tools/web/fetch.py"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `subprocess` used but not imported"}, "properties": {"repobilityId": 117076, "scanner": "repobility-ast-engine", "fingerprint": "0250d1c7a2ce798ddba1d39cf2815f3959de1d03b92e316e09c8f9c78efb5ff1", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0250d1c7a2ce798ddba1d39cf2815f3959de1d03b92e316e09c8f9c78efb5ff1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/dashd/api.py"}, "region": {"startLine": 2870}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 117072, "scanner": "repobility-ast-engine", "fingerprint": "edbb7136eff155f9500dbca6707751625334a11fdfe377036eb24db1c9d86387", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|edbb7136eff155f9500dbca6707751625334a11fdfe377036eb24db1c9d86387"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "services/memd/service.py"}, "region": {"startLine": 525}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `queue` used but not imported"}, "properties": {"repobilityId": 117052, "scanner": "repobility-ast-engine", "fingerprint": "f9e7a94c68599c1edf300cb21db86dd2ea9dfd7c67ff4047250d850eea83ea5f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f9e7a94c68599c1edf300cb21db86dd2ea9dfd7c67ff4047250d850eea83ea5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "archive/legacy/capabilityd/service.py"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `subprocess` used but not imported"}, "properties": {"repobilityId": 117051, "scanner": "repobility-ast-engine", "fingerprint": "2e58b56427db352cf1ff02b30b21fade423fc49b4b361de08a8e3a6a558309c0", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2e58b56427db352cf1ff02b30b21fade423fc49b4b361de08a8e3a6a558309c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/skill.py"}, "region": {"startLine": 83}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `multiprocessing` used but not imported"}, "properties": {"repobilityId": 117050, "scanner": "repobility-ast-engine", "fingerprint": "26fb138d490cfcb9b66c7d0fb295448f8e448be77146ecdd6d11adc639b4990b", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|26fb138d490cfcb9b66c7d0fb295448f8e448be77146ecdd6d11adc639b4990b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawctl/commands/cookbook.py"}, "region": {"startLine": 52}}}]}, {"ruleId": "MINED107", "level": "error", "message": {"text": "Missing import: `stat` used but not imported"}, "properties": {"repobilityId": 117048, "scanner": "repobility-ast-engine", "fingerprint": "40c2c317e9d401adacf248542519701b4195cc581f2944bec1d71f87da80815f", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "missing-import-python", "owasp": "A06:2021", "cwe_ids": ["CWE-1075"], "languages": ["python"], "observations_count": 2192}, "scanner": "repobility-ast-engine", "correlation_key": "fp|40c2c317e9d401adacf248542519701b4195cc581f2944bec1d71f87da80815f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "clawos_core/platform.py"}, "region": {"startLine": 156}}}]}]}]}