{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC127", "name": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedEr", "shortDescription": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or "}, "fullDescription": {"text": "Either implement the body, or fail closed at module-load time so the deploy can't ship a half-built route. A CI gate that fails build on `raise NotImplementedError` in non-abstract code catches this cleanly."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `extract_pptx` has cognitive complexity 16 (SonarSource scale). Cognitive ", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `extract_pptx` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion "}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 16."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Rename it to the domain concept it implements or merge it into the existing module it was meant to change."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "AIC009", "name": "Multiple AI-agent scaffold marker files are present", "shortDescription": {"text": "Multiple AI-agent scaffold marker files are present"}, "fullDescription": {"text": "Keep one current agent instruction file if it helps contributors, remove stale progress/completion markers, and make sure the README, tests, and CI describe the real supported behavior."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED055", "name": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of ", "shortDescription": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1357 / A06:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED059", "name": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message.", "shortDescription": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED058", "name": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or neve", "shortDescription": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-79 / A03:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if neede", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC040", "name": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional fil", "shortDescription": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "For plain text: use el.textContent = data.value (auto-escapes).\nFor HTML you need to render: el.innerHTML = DOMPurify.sanitize(html).\nFor React/Vue/Svelte: stop using innerHTML; use the framework's binding.\nWhen data comes from CV/PDF parsers, sanitize at the parser boundary too."}, "properties": {"scanner": "repobility-threat-engine", "category": "xss", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed.", "shortDescription": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod (and 55 more): Same pattern found in 55 additional files. Review if needed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_validate_must_exist_fails: Test function `test_validate_must_exist_fails` runs co", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_validate_must_exist_fails: Test function `test_validate_must_exist_fails` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifyi"}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.agent_tree` used but never assigned in __init__: Method `create_agents_tab` of class `ECCDashboard` rea", "shortDescription": {"text": "[MINED108] `self.agent_tree` used but never assigned in __init__: Method `create_agents_tab` of class `ECCDashboard` reads `self.agent_tree`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeErr"}, "fullDescription": {"text": "Initialize `self.agent_tree = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED004", "name": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums).", "shortDescription": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-327 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled ", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes e"}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED120", "name": "[MINED120] package.json `scripts.postinstall` runs network/exec on install: `scripts.postinstall: echo '\\n  ecc-universa", "shortDescription": {"text": "[MINED120] package.json `scripts.postinstall` runs network/exec on install: `scripts.postinstall: echo '\\n  ecc-universal installed!\\n  Run: npx ecc typescript\\n  Compat: npx ecc-install typescript\\n  Docs: https://git` runs during `npm ins"}, "fullDescription": {"text": "Move the logic to an explicit build step (npm run build), or remove the hook. Run with `--ignore-scripts` in CI to audit what depends on these hooks."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "critical", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scop", "shortDescription": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED024", "name": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk.", "shortDescription": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-95 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "critical", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/691"}, "properties": {"repository": "affaan-m/ECC", "repoUrl": "https://github.com/affaan-m/ECC", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 53965, "scanner": "repobility-ast-engine", "fingerprint": "83fcf9c073dbd46444aa65a8c47e143dac901afdd4589ce13942ca3d45a158a6", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|83fcf9c073dbd46444aa65a8c47e143dac901afdd4589ce13942ca3d45a158a6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/llm/tools/executor.py"}, "region": {"startLine": 54}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 53964, "scanner": "repobility-ast-engine", "fingerprint": "ff975042669d091a14f7c00c2b2b9e549e1d7b74fb173d9250fd369c89f56690", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff975042669d091a14f7c00c2b2b9e549e1d7b74fb173d9250fd369c89f56690"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/instinct-cli.py"}, "region": {"startLine": 762}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 53963, "scanner": "repobility-ast-engine", "fingerprint": "c1b190974902aaa6e2d7b79e1f08d771664a47eccf0868a8ed2667fad51645c3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c1b190974902aaa6e2d7b79e1f08d771664a47eccf0868a8ed2667fad51645c3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/instinct-cli.py"}, "region": {"startLine": 494}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 53944, "scanner": "repobility-ast-engine", "fingerprint": "95fa33fe51c8bc1ca798bf7faf8c3f7511bfaebfd0322cfbffbc4bdf453bd3ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|95fa33fe51c8bc1ca798bf7faf8c3f7511bfaebfd0322cfbffbc4bdf453bd3ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 816}}}]}, {"ruleId": "SEC127", "level": "warning", "message": {"text": "[SEC127] AI agent stub \u2014 TODO: implement / pass placeholder body: Function body left as TODO/pass/raise NotImplementedError after an AI scaffolding pass. The route appears to exist (and may even pass shallow CI), but invoking it crashes or silently no-ops. AI agents consistently emit these when their context window runs out mid-implementation. Production callers hitting these stubs is a classic AI-generated-incident."}, "properties": {"repobilityId": 53886, "scanner": "repobility-threat-engine", "fingerprint": "db182703302b83c89e9a29edcd33f1b4dd059dd85b0eae0ad69ccd0a35897945", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "def get_default_model(self) -> str:\n        raise NotImplementedError", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC127", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|db182703302b83c89e9a29edcd33f1b4dd059dd85b0eae0ad69ccd0a35897945"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/llm/core/interface.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 53881, "scanner": "repobility-threat-engine", "fingerprint": "6f8fda7162c7c174e7be9aaa7472be3d7ad6df7538ae77939daad9730dd253cd", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "} catch (_error) {\n    return null;\n  }", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|6f8fda7162c7c174e7be9aaa7472be3d7ad6df7538ae77939daad9730dd253cd"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/preview-pack-smoke.js"}, "region": {"startLine": 169}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `extract_pptx` has cognitive complexity 16 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=2, if=4, nested_bonus=9."}, "properties": {"repobilityId": 53876, "scanner": "repobility-threat-engine", "fingerprint": "fe39f6c3b7ec2b8f89d59a7761b251627d6d499b394be3c931f479196a722f01", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 16 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "extract_pptx", "breakdown": {"if": 4, "for": 2, "else": 1, "nested_bonus": 9}, "complexity": 16, "correlation_key": "fp|fe39f6c3b7ec2b8f89d59a7761b251627d6d499b394be3c931f479196a722f01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/frontend-slides/scripts/extract-pptx.py"}, "region": {"startLine": 18}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 53862, "scanner": "repobility-threat-engine", "fingerprint": "84751613c9f4d9df97509aa440d3c70051886aa4d238972175c25e71647afbd8", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|70|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/codex/merge-codex-config.js"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 53861, "scanner": "repobility-threat-engine", "fingerprint": "e3ac1fc56977148fef38bb110fe42c27cc0438ba3b805ef5f544638153fa1dd7", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|60|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/validate-no-personal-paths.js"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 53860, "scanner": "repobility-threat-engine", "fingerprint": "4da581c0e4412e44279cd0ef349ef98e8977ec28081649ea9173c45d90ae585d", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"eval(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|. token|233|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".opencode/tools/security-audit.ts"}, "region": {"startLine": 233}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53918, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d243f3d74fb218795238d2e4a3a54b427034e7a6acd72732d32aa5467498911", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/preview-pack-smoke.js", "duplicate_line": 81, "correlation_key": "fp|9d243f3d74fb218795238d2e4a3a54b427034e7a6acd72732d32aa5467498911"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/release-approval-gate.js"}, "region": {"startLine": 101}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53917, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b68229aaec5d512c4aef45b6e985674cd9486230a4c2dddc39c977fc1dff73e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/platform-audit.js", "duplicate_line": 218, "correlation_key": "fp|2b68229aaec5d512c4aef45b6e985674cd9486230a4c2dddc39c977fc1dff73e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/preview-pack-smoke.js"}, "region": {"startLine": 129}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53916, "scanner": "repobility-ai-code-hygiene", "fingerprint": "610eadffed0c5a9046583912e34552dd88018696e8803cea0b4168edd6673794", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/observability-readiness.js", "duplicate_line": 48, "correlation_key": "fp|610eadffed0c5a9046583912e34552dd88018696e8803cea0b4168edd6673794"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/preview-pack-smoke.js"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53915, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e38bf9b7f9afa85cec1cec6ce6ebe62dde534add52ad0ab13b826434cb6ae70f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/observability-readiness.js", "duplicate_line": 71, "correlation_key": "fp|e38bf9b7f9afa85cec1cec6ce6ebe62dde534add52ad0ab13b826434cb6ae70f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/platform-audit.js"}, "region": {"startLine": 228}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53914, "scanner": "repobility-ai-code-hygiene", "fingerprint": "07bbff0a93648d9fca0c5d09700ff846ed547823f8c79cb91b4f42e24af4a671", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/github-discussions.js", "duplicate_line": 13, "correlation_key": "fp|07bbff0a93648d9fca0c5d09700ff846ed547823f8c79cb91b4f42e24af4a671"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/platform-audit.js"}, "region": {"startLine": 188}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53913, "scanner": "repobility-ai-code-hygiene", "fingerprint": "998537422500c1a88ac2682453289ae8080484087a06190853fa3086fdfa9d0f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/discussion-audit.js", "duplicate_line": 31, "correlation_key": "fp|998537422500c1a88ac2682453289ae8080484087a06190853fa3086fdfa9d0f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/platform-audit.js"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53912, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0e81e60066050522f283336348ecc2aea1220c3dddb5dbeb19721ff6143132ca", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/discussion-audit.js", "duplicate_line": 60, "correlation_key": "fp|0e81e60066050522f283336348ecc2aea1220c3dddb5dbeb19721ff6143132ca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/observability-readiness.js"}, "region": {"startLine": 30}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53911, "scanner": "repobility-ai-code-hygiene", "fingerprint": "0646a915b6d0aa7dbfe876ac900d234d1442c49082f11d6f274ac27e3dfe5dfe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/doctor.js", "duplicate_line": 8, "correlation_key": "fp|0646a915b6d0aa7dbfe876ac900d234d1442c49082f11d6f274ac27e3dfe5dfe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/list-installed.js"}, "region": {"startLine": 8}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53910, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1a9c9d796b134e1e075260ae4d3ebdf89c62da9a6838240f3d07c7fb41ebabab", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/skill-evolution/tracker.js", "duplicate_line": 66, "correlation_key": "fp|1a9c9d796b134e1e075260ae4d3ebdf89c62da9a6838240f3d07c7fb41ebabab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/skill-evolution/versioning.js"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53909, "scanner": "repobility-ai-code-hygiene", "fingerprint": "19578e00b6c744f3a01cf80424acd4fbfff19e8c5ab11bb05920fa83572b567b", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/install-plan.js", "duplicate_line": 81, "correlation_key": "fp|19578e00b6c744f3a01cf80424acd4fbfff19e8c5ab11bb05920fa83572b567b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install/request.js"}, "region": {"startLine": 41}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53908, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e029f40a6388bc3197a3f1da3ac5ee526dfc702f8c04c544570cccece5814747", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-executor.js", "duplicate_line": 168, "correlation_key": "fp|e029f40a6388bc3197a3f1da3ac5ee526dfc702f8c04c544570cccece5814747"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install/apply.js"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5a231fd91469b00151884baaa11322b8170329280ff99c66f81ac0d8298eae89", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-targets/codebuddy-project.js", "duplicate_line": 21, "correlation_key": "fp|5a231fd91469b00151884baaa11322b8170329280ff99c66f81ac0d8298eae89"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install-targets/zed-project.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c3fbe01369d3d37227222b42e65444d65f37703a3e697dbf14348238e2194a68", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-targets/antigravity-project.js", "duplicate_line": 25, "correlation_key": "fp|c3fbe01369d3d37227222b42e65444d65f37703a3e697dbf14348238e2194a68"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install-targets/zed-project.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bdf656a00d2399e2cb1b46444d7aaa82a7b81f910911dc9ee9a9602525039e67", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-targets/codebuddy-project.js", "duplicate_line": 21, "correlation_key": "fp|bdf656a00d2399e2cb1b46444d7aaa82a7b81f910911dc9ee9a9602525039e67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install-targets/joycode-project.js"}, "region": {"startLine": 21}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "949627de0c21f7fd07ff5b477a2633f2c073eb06297e43638232b3cb74031c43", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-targets/antigravity-project.js", "duplicate_line": 25, "correlation_key": "fp|949627de0c21f7fd07ff5b477a2633f2c073eb06297e43638232b3cb74031c43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install-targets/joycode-project.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8b908c447c3d12b07ca1aa7a2e89e55eb1ceb3f9c6e064a88a7e6eae7af1dc2e", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-executor.js", "duplicate_line": 167, "correlation_key": "fp|8b908c447c3d12b07ca1aa7a2e89e55eb1ceb3f9c6e064a88a7e6eae7af1dc2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install-targets/cursor-project.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "dff882d14b05fe15fe166b9ce864677546768e76e42cb229192cda97b11984bc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-targets/antigravity-project.js", "duplicate_line": 25, "correlation_key": "fp|dff882d14b05fe15fe166b9ce864677546768e76e42cb229192cda97b11984bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install-targets/codebuddy-project.js"}, "region": {"startLine": 14}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "51f01f60b3d82ac83e4c217c16185d3e887573f1cfce46a3ca74ae8e5689308f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/lib/install-targets/claude-home.js", "duplicate_line": 1, "correlation_key": "fp|51f01f60b3d82ac83e4c217c16185d3e887573f1cfce46a3ca74ae8e5689308f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/lib/install-targets/claude-project.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "308725070062f493313aa620430d7c9a5eabe2279cd9a11f3c1c62ab0708fe69", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/catalog.js", "duplicate_line": 77, "correlation_key": "fp|308725070062f493313aa620430d7c9a5eabe2279cd9a11f3c1c62ab0708fe69"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/install-plan.js"}, "region": {"startLine": 103}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6bb34d6a60288a4be50433c0bfdb38b31373d47c62b24f2e0604ac8bf7883b31", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/session-activity-tracker.js", "duplicate_line": 517, "correlation_key": "fp|6bb34d6a60288a4be50433c0bfdb38b31373d47c62b24f2e0604ac8bf7883b31"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/session-end-marker.js"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "bb0c487986a24e3d31537763994b2b1184040a668b17fd7fcc46edb93c606ce2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/mcp-health-check.js", "duplicate_line": 78, "correlation_key": "fp|bb0c487986a24e3d31537763994b2b1184040a668b17fd7fcc46edb93c606ce2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/run-with-flags.js"}, "region": {"startLine": 13}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53897, "scanner": "repobility-ai-code-hygiene", "fingerprint": "cdf22ef67b0a37d1d9044d3197730c08dd2fb85c1b37e4f51cb14d08ceae6fb2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/governance-capture.js", "duplicate_line": 210, "correlation_key": "fp|cdf22ef67b0a37d1d9044d3197730c08dd2fb85c1b37e4f51cb14d08ceae6fb2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/run-with-flags.js"}, "region": {"startLine": 12}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53896, "scanner": "repobility-ai-code-hygiene", "fingerprint": "91c1932f20fb185975beb1f24838129f106d8e24cc643bbf33882e6e60ccc85c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/post-bash-build-complete.js", "duplicate_line": 12, "correlation_key": "fp|91c1932f20fb185975beb1f24838129f106d8e24cc643bbf33882e6e60ccc85c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/pre-bash-tmux-reminder.js"}, "region": {"startLine": 19}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53895, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4bd45cdedd9ef1cd06a224e920b86e692d20d80d011a34d13151a9b661f16af5", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/pre-bash-git-push-reminder.js", "duplicate_line": 14, "correlation_key": "fp|4bd45cdedd9ef1cd06a224e920b86e692d20d80d011a34d13151a9b661f16af5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/pre-bash-tmux-reminder.js"}, "region": {"startLine": 18}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53894, "scanner": "repobility-ai-code-hygiene", "fingerprint": "06152f4dc08dfb51a28bea5669b0931e24b1079179d04695df4eec7511fbd7ee", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/post-bash-build-complete.js", "duplicate_line": 12, "correlation_key": "fp|06152f4dc08dfb51a28bea5669b0931e24b1079179d04695df4eec7511fbd7ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/pre-bash-git-push-reminder.js"}, "region": {"startLine": 15}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53893, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2d539f63de460e29166ad1589b99bf6c3a8cd2970cc531650c04c33be0d700dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/ecc-metrics-bridge.js", "duplicate_line": 170, "correlation_key": "fp|2d539f63de460e29166ad1589b99bf6c3a8cd2970cc531650c04c33be0d700dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/post-edit-accumulator.js"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53892, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fada5d63b9b953a299109d2972e993f5a87797829bc4be7969c3d2144efe8d76", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/post-bash-build-complete.js", "duplicate_line": 14, "correlation_key": "fp|fada5d63b9b953a299109d2972e993f5a87797829bc4be7969c3d2144efe8d76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/post-bash-pr-created.js"}, "region": {"startLine": 24}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53891, "scanner": "repobility-ai-code-hygiene", "fingerprint": "37e47363a17518b732fa9cc18dde2250f2e89e5455cb0734e00186d8701feab2", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/observe-runner.js", "duplicate_line": 18, "correlation_key": "fp|37e47363a17518b732fa9cc18dde2250f2e89e5455cb0734e00186d8701feab2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/plugin-hook-bootstrap.js"}, "region": {"startLine": 26}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53890, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5f078f0046cb5d45586953c993484bfad0908ae5744118641d3e3255e214a732", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "scripts/hooks/governance-capture.js", "duplicate_line": 208, "correlation_key": "fp|5f078f0046cb5d45586953c993484bfad0908ae5744118641d3e3255e214a732"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/mcp-health-check.js"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 53889, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2988f6330b7a77e10036dadd6f59f91e752279ceecc72c130c679ff6b0ebba22", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".codebuddy/install.js", "duplicate_line": 94, "correlation_key": "fp|2988f6330b7a77e10036dadd6f59f91e752279ceecc72c130c679ff6b0ebba22"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codebuddy/uninstall.js"}, "region": {"startLine": 71}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 53888, "scanner": "repobility-ai-code-hygiene", "fingerprint": "8d56a4f7d0ce84454a039e71d628f804cda981b2584caa8fd99fb45866716471", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "update", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|8d56a4f7d0ce84454a039e71d628f804cda981b2584caa8fd99fb45866716471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/auto-update.js"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC009", "level": "note", "message": {"text": "Multiple AI-agent scaffold marker files are present"}, "properties": {"repobilityId": 53887, "scanner": "repobility-ai-code-hygiene", "fingerprint": "32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb", "category": "quality", "severity": "low", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains several AI-agent scaffold marker files.", "evidence": {"markers": [".github/copilot-instructions.md", "AGENTS.md", "CLAUDE.md"], "rule_id": "AIC009", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|32459e18838866b083b985fd53ac32d4e825aa20af779d902253d8278f625dfb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/copilot-instructions.md"}, "region": {"startLine": 1}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `extract_content` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: elif=3, if=2, nested_bonus=2, or=1."}, "properties": {"repobilityId": 53875, "scanner": "repobility-threat-engine", "fingerprint": "4290d50cd223e9b9e908a45841a74f989d6a845f79699ad83f625502f5272fee", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 8 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "extract_content", "breakdown": {"if": 2, "or": 1, "elif": 3, "nested_bonus": 2}, "complexity": 8, "correlation_key": "fp|4290d50cd223e9b9e908a45841a74f989d6a845f79699ad83f625502f5272fee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/insaits-security-monitor.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `main` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=2, if=6, nested_bonus=1."}, "properties": {"repobilityId": 53874, "scanner": "repobility-threat-engine", "fingerprint": "1dcae52911fdea680735c7bd31b13bb9a746964ebcead5ae04dd438f588b81fe", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "else": 1, "except": 2, "nested_bonus": 1}, "complexity": 10, "correlation_key": "fp|1dcae52911fdea680735c7bd31b13bb9a746964ebcead5ae04dd438f588b81fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/insaits-security-monitor.py"}, "region": {"startLine": 187}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 53847, "scanner": "repobility-threat-engine", "fingerprint": "a4dc25a9df41a7f47ab3a4c30c137b1ed32deac357cc923c01e4a502f0abccdc", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "'[ECC] To review: gh pr review ' + pr + ' --repo '", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a4dc25a9df41a7f47ab3a4c30c137b1ed32deac357cc923c01e4a502f0abccdc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".cursor/hooks/after-shell-execution.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 53885, "scanner": "repobility-threat-engine", "fingerprint": "3b3c5d30ad6a28ff210acf1719bf4b9c6e58e6db1a89d9e5232ebc8b284281ad", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3b3c5d30ad6a28ff210acf1719bf4b9c6e58e6db1a89d9e5232ebc8b284281ad"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/llm/cli/selector.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 53884, "scanner": "repobility-threat-engine", "fingerprint": "bb8891b68dae4930b29be4016d869a0e3124bf89bf841eee82ebb466ffebedc5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|bb8891b68dae4930b29be4016d869a0e3124bf89bf841eee82ebb466ffebedc5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/llm/core/interface.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 53883, "scanner": "repobility-threat-engine", "fingerprint": "2d572ad3f8898a36abbeeed239bb1ac6876021bc1584f7f326f34530a4bfff4c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2d572ad3f8898a36abbeeed239bb1ac6876021bc1584f7f326f34530a4bfff4c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/videodb/scripts/ws_listener.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 53877, "scanner": "repobility-threat-engine", "fingerprint": "49c7adc690aaef0cba0539e188460f8671984ef7c4ebdb1c821d1535a2aa7f56", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "main", "breakdown": {"if": 6, "else": 1, "except": 2, "nested_bonus": 1}, "aggregated": true, "complexity": 10, "correlation_key": "fp|49c7adc690aaef0cba0539e188460f8671984ef7c4ebdb1c821d1535a2aa7f56", "aggregated_count": 15}}}, {"ruleId": "MINED055", "level": "none", "message": {"text": "[MINED055] Npm Install No Lockfile: Production image runs npm install (resolves new versions on every build) instead of npm ci."}, "properties": {"repobilityId": 53873, "scanner": "repobility-threat-engine", "fingerprint": "5c655ba69d32a974a6d92a6ff6950c29689e4f88702ecf2cad492ad0a308a638", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "npm-install-no-lockfile", "owasp": "A06:2021", "cwe_ids": ["CWE-1357"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348030+00:00", "triaged_in_corpus": 12, "observations_count": 317602, "ai_coder_pattern_id": 42}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5c655ba69d32a974a6d92a6ff6950c29689e4f88702ecf2cad492ad0a308a638"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/insaits-security-monitor.py"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 53870, "scanner": "repobility-threat-engine", "fingerprint": "8cd8059743f198f0f5d92af2a6fbd428888e9be20e07fe611f3f7315aa388870", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8cd8059743f198f0f5d92af2a6fbd428888e9be20e07fe611f3f7315aa388870"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aura/adapter.py"}, "region": {"startLine": 64}}}]}, {"ruleId": "MINED059", "level": "none", "message": {"text": "[MINED059] Rust Expect In Prod: .expect(...) panics same as unwrap with a custom message."}, "properties": {"repobilityId": 53866, "scanner": "repobility-threat-engine", "fingerprint": "7c9c2b42c81df8c86cb07ac1b1f9860ecf1767d1f54062d0645c131536b35fe8", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "rust-expect-in-prod", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["rust"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348039+00:00", "triaged_in_corpus": 12, "observations_count": 175379, "ai_coder_pattern_id": 112}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7c9c2b42c81df8c86cb07ac1b1f9860ecf1767d1f54062d0645c131536b35fe8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc2/src/session/output.rs"}, "region": {"startLine": 166}}}]}, {"ruleId": "MINED058", "level": "none", "message": {"text": "[MINED058] React Dangerously Set Html: dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"repobilityId": 53865, "scanner": "repobility-threat-engine", "fingerprint": "78a1bd12ac8a7918ef0e16f3f5bc3ada86b46750fd76d300e7c80e6ee060b8bb", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-dangerously-set-html", "owasp": "A03:2021", "cwe_ids": ["CWE-79"], "languages": ["javascript", "typescript"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348037+00:00", "triaged_in_corpus": 12, "observations_count": 255650, "ai_coder_pattern_id": 49}, "scanner": "repobility-threat-engine", "correlation_key": "fp|78a1bd12ac8a7918ef0e16f3f5bc3ada86b46750fd76d300e7c80e6ee060b8bb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".opencode/tools/security-audit.ts"}, "region": {"startLine": 235}}}]}, {"ruleId": "SEC045", "level": "none", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 53863, "scanner": "repobility-threat-engine", "fingerprint": "c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb", "category": "injection", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|c59edcd8286991ab7caac4493f8f01b268fef2a5d218265ad20f6e2d1172fefb"}}}, {"ruleId": "SEC085", "level": "none", "message": {"text": "[SEC085] JS: child_process.exec with non-literal (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 53859, "scanner": "repobility-threat-engine", "fingerprint": "4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|4434170c810fa43bf20566276ceaa9e55e65938a7f2140721f4fd2599ad87936"}}}, {"ruleId": "SEC040", "level": "none", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 53855, "scanner": "repobility-threat-engine", "fingerprint": "5604b0415ef1c219adfd5f12877e5f4c0affdedeba09d684a49e22087970a270", "category": "xss", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|5604b0415ef1c219adfd5f12877e5f4c0affdedeba09d684a49e22087970a270"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 53851, "scanner": "repobility-threat-engine", "fingerprint": "b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162", "category": "credential_exposure", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|b6edddaddab6b62ff63a87b52b7d7b3bab2a5af6b4d7361c1238d18c2c6e3162"}}}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 53850, "scanner": "repobility-threat-engine", "fingerprint": "cb3bab309e4f75ba16b21b332d0d1de089158b2d57a15c5e23754c2c24a19aac", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "console.log(`ECC2 database: ${app.config.dbPath}`)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|scripts/control-pane.js|3|console.log ecc2 database: app.config.dbpath"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/control-pane.js"}, "region": {"startLine": 36}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 53849, "scanner": "repobility-threat-engine", "fingerprint": "69718cdbd7a42b71ee01e8eeff0dacfbdf8abdb6d90f7b61905e560ddd7bf561", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "console.error('Usage: merge-codex-config.js <config.toml> [--dry-run]')", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|21|console.error usage: merge-codex-config.js config.toml --dry-run"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/codex/merge-codex-config.js"}, "region": {"startLine": 218}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 53848, "scanner": "repobility-threat-engine", "fingerprint": "c94b5faa03553085d5b8d9c063bb11d305153c2a868d3b1795f1e79939e60f4b", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.error('[ECC] WARNING: Potential secret detected in prompt!')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|. token|1|console.error ecc warning: potential secret detected in prompt"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".cursor/hooks/before-submit-prompt.js"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod (and 55 more): Same pattern found in 55 additional files. Review if needed."}, "properties": {"repobilityId": 53846, "scanner": "repobility-threat-engine", "fingerprint": "1a71cdd9449fcef9daaacfb94f9cdea7c8a7484542a93158922da4de88f0e36b", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 55 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|1a71cdd9449fcef9daaacfb94f9cdea7c8a7484542a93158922da4de88f0e36b", "aggregated_count": 55}}}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 53845, "scanner": "repobility-threat-engine", "fingerprint": "6f4362267494cc1158e7f8de57552dca7e1d1851f18b174432c1fe2caacc52a2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|6f4362267494cc1158e7f8de57552dca7e1d1851f18b174432c1fe2caacc52a2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".cursor/hooks/after-mcp-execution.js"}, "region": {"startLine": 9}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 53844, "scanner": "repobility-threat-engine", "fingerprint": "dd3a1acd5721807902164d8d9001f1e5b1ec1cf57de05132b30301da7483ef8b", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|dd3a1acd5721807902164d8d9001f1e5b1ec1cf57de05132b30301da7483ef8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codebuddy/uninstall.js"}, "region": {"startLine": 143}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 53843, "scanner": "repobility-threat-engine", "fingerprint": "5629b0dc46bb7201d2922eee31d029cce83f2233dbc3dcbb25e05f81ab72e467", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|5629b0dc46bb7201d2922eee31d029cce83f2233dbc3dcbb25e05f81ab72e467"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codebuddy/install.js"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_must_exist_fails: Test function `test_validate_must_exist_fails` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53962, "scanner": "repobility-ast-engine", "fingerprint": "0f3dcb98105d9d2aa6a3f089543845a69e978688d21a6aa5238c884ff496f6b8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0f3dcb98105d9d2aa6a3f089543845a69e978688d21a6aa5238c884ff496f6b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/test_parse_instinct.py"}, "region": {"startLine": 309}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_rejects_proc: Test function `test_validate_rejects_proc` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53961, "scanner": "repobility-ast-engine", "fingerprint": "8bcb1a64e9d5deecedb8037de6225f4f9b8d1a63da38ed2387ba97fc9675bb43", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8bcb1a64e9d5deecedb8037de6225f4f9b8d1a63da38ed2387ba97fc9675bb43"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/test_parse_instinct.py"}, "region": {"startLine": 304}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_rejects_usr: Test function `test_validate_rejects_usr` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53960, "scanner": "repobility-ast-engine", "fingerprint": "02a9c506f96618a36315641ef776eae9c5029fb3da1263d7731d3e283858629c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|02a9c506f96618a36315641ef776eae9c5029fb3da1263d7731d3e283858629c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/test_parse_instinct.py"}, "region": {"startLine": 299}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_rejects_var_log: Test function `test_validate_rejects_var_log` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53959, "scanner": "repobility-ast-engine", "fingerprint": "09611aa6f0081977a4850240266319cc6eff515289ce77e80a9da1fbeac13368", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|09611aa6f0081977a4850240266319cc6eff515289ce77e80a9da1fbeac13368"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/test_parse_instinct.py"}, "region": {"startLine": 294}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_validate_rejects_etc: Test function `test_validate_rejects_etc` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53958, "scanner": "repobility-ast-engine", "fingerprint": "45e38ef8934c7ad3b27ae9e6c3877758892efc06fee9b632e5d2a93ddd4981dc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|45e38ef8934c7ad3b27ae9e6c3877758892efc06fee9b632e5d2a93ddd4981dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/continuous-learning-v2/scripts/test_parse_instinct.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_nonexistent_file_raises: Test function `test_nonexistent_file_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53957, "scanner": "repobility-ast-engine", "fingerprint": "a7dd0fb965daf628d11a306a5979fc0e09ccd515bcc86859e2e03c8d98e679f2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a7dd0fb965daf628d11a306a5979fc0e09ccd515bcc86859e2e03c8d98e679f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-comply/tests/test_parser.py"}, "region": {"startLine": 49}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rc1_without_max_turns_marker_still_raises: Test function `test_rc1_without_max_turns_marker_still_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53956, "scanner": "repobility-ast-engine", "fingerprint": "7a9f5ddb0f44161ea96e1b2ffd6668ba8634f71efe1a82ba05757cf99d63b15e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7a9f5ddb0f44161ea96e1b2ffd6668ba8634f71efe1a82ba05757cf99d63b15e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-comply/tests/test_runner.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rc1_with_max_turns_marker_returns_normally: Test function `test_rc1_with_max_turns_marker_returns_normally` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53955, "scanner": "repobility-ast-engine", "fingerprint": "711c91ba910ecbf77452b6faf51c18fa202f610b073e1fb029d53d5170dd5636", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|711c91ba910ecbf77452b6faf51c18fa202f610b073e1fb029d53d5170dd5636"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-comply/tests/test_runner.py"}, "region": {"startLine": 113}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_tolerates_missing_executable: Test function `test_tolerates_missing_executable` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53954, "scanner": "repobility-ast-engine", "fingerprint": "fa2018eb2e233187a9c4215376fcd97da315ddde766f895f4fb37c10932abe12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa2018eb2e233187a9c4215376fcd97da315ddde766f895f4fb37c10932abe12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/skill-comply/tests/test_runner.py"}, "region": {"startLine": 67}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rejects_bad_did: Test function `test_rejects_bad_did` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53953, "scanner": "repobility-ast-engine", "fingerprint": "9895d00fca0a27c5179d65ab8eeb24ba532511182678eecd5e219cfd33ce81ac", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9895d00fca0a27c5179d65ab8eeb24ba532511182678eecd5e219cfd33ce81ac"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aura/tests/test_adapter.py"}, "region": {"startLine": 131}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_fail_open_does_not_pass_reachable_unknown: Test function `test_fail_open_does_not_pass_reachable_unknown` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53952, "scanner": "repobility-ast-engine", "fingerprint": "fe9e32d3af0006667a1c9bacb584707a788e5a39836658e00204f5b9f758bb15", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fe9e32d3af0006667a1c9bacb584707a788e5a39836658e00204f5b9f758bb15"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aura/tests/test_adapter.py"}, "region": {"startLine": 116}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gate_fail_closed_on_unreachable: Test function `test_gate_fail_closed_on_unreachable` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53951, "scanner": "repobility-ast-engine", "fingerprint": "fc80dccf202b6b26dc9bf63d56cba01864274b258f9c3db5a1ac235e7b1266f6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc80dccf202b6b26dc9bf63d56cba01864274b258f9c3db5a1ac235e7b1266f6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aura/tests/test_adapter.py"}, "region": {"startLine": 103}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_strict_allow_rejects_new: Test function `test_strict_allow_rejects_new` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53950, "scanner": "repobility-ast-engine", "fingerprint": "6652aebb3f89d587c82805172c25c22b0a534aaa5f2b081186b55c025343f8ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6652aebb3f89d587c82805172c25c22b0a534aaa5f2b081186b55c025343f8ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aura/tests/test_adapter.py"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_gate_rejects_unknown_by_default: Test function `test_gate_rejects_unknown_by_default` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53949, "scanner": "repobility-ast-engine", "fingerprint": "89afd04495dfd20c9674be2ca6aacb62c91d7c2002833e4024b65f92b0f5e7bf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|89afd04495dfd20c9674be2ca6aacb62c91d7c2002833e4024b65f92b0f5e7bf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aura/tests/test_adapter.py"}, "region": {"startLine": 84}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_register_template_rejects_empty_inputs: Test function `test_register_template_rejects_empty_inputs` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53948, "scanner": "repobility-ast-engine", "fingerprint": "cf41327505fffa7813e1e37cc4ca39f2729c81f1aa1a96ca3d4d4a254226127a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cf41327505fffa7813e1e37cc4ca39f2729c81f1aa1a96ca3d4d4a254226127a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_templates.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_openai_provider_rejects_empty_or_filtered_responses: Test function `test_openai_provider_rejects_empty_or_filtered_responses` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53947, "scanner": "repobility-ast-engine", "fingerprint": "5e3b33982f8aedacf8e9f86d0212d23a48b9e6b13a6f959adffb832b14f26ab3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e3b33982f8aedacf8e9f86d0212d23a48b9e6b13a6f959adffb832b14f26ab3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_provider_tools.py"}, "region": {"startLine": 95}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_invalid_provider_raises: Test function `test_invalid_provider_raises` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53946, "scanner": "repobility-ast-engine", "fingerprint": "8926c8d361395451be35443c406bb3e98a065616eb4663ea302412ac351c5ef2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8926c8d361395451be35443c406bb3e98a065616eb4663ea302412ac351c5ef2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_resolver.py"}, "region": {"startLine": 36}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_rejects_config_with_keyword_options: Test function `test_rejects_config_with_keyword_options` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 53945, "scanner": "repobility-ast-engine", "fingerprint": "be49a6f8d1a10fcd7f0b916e4fc4cc923b3a3548aefa379d85df347f550fbcab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|be49a6f8d1a10fcd7f0b916e4fc4cc923b3a3548aefa379d85df347f550fbcab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/test_builder.py"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.agent_tree` used but never assigned in __init__: Method `create_agents_tab` of class `ECCDashboard` reads `self.agent_tree`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53943, "scanner": "repobility-ast-engine", "fingerprint": "1d72e0e2f4e5c853feb3cc8d596d26ea1816576357dee75c60500c8c0acbe926", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|1d72e0e2f4e5c853feb3cc8d596d26ea1816576357dee75c60500c8c0acbe926"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 409}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.agent_count_label` used but never assigned in __init__: Method `create_agents_tab` of class `ECCDashboard` reads `self.agent_count_label`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53942, "scanner": "repobility-ast-engine", "fingerprint": "381a75449fa2bf5f9cc4279292b9d5d9eefe71b562c90d7715e8e816a6ddbe5f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|381a75449fa2bf5f9cc4279292b9d5d9eefe71b562c90d7715e8e816a6ddbe5f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 397}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.agent_search` used but never assigned in __init__: Method `create_agents_tab` of class `ECCDashboard` reads `self.agent_search`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53941, "scanner": "repobility-ast-engine", "fingerprint": "13164e1b079003af47aaccf8c30424c5027ae9ee19b4a8ddfedc3af401331f9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|13164e1b079003af47aaccf8c30424c5027ae9ee19b4a8ddfedc3af401331f9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 392}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.logo_image` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.logo_image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53940, "scanner": "repobility-ast-engine", "fingerprint": "4259fb76a9dcfa4254a6eb3537c1dc926fe59b18b681fb347ba6a73fff609645", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4259fb76a9dcfa4254a6eb3537c1dc926fe59b18b681fb347ba6a73fff609645"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 349}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.status_label` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.status_label`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53939, "scanner": "repobility-ast-engine", "fingerprint": "5667b5819d52b1a87a736b23335b6f8e2708f10668a59aad7796d3626b19bf12", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5667b5819d52b1a87a736b23335b6f8e2708f10668a59aad7796d3626b19bf12"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 376}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.notebook` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.notebook`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53938, "scanner": "repobility-ast-engine", "fingerprint": "8fe68e87c1b63efd4a3a8f71c487695a16399537680dd6b1fa5bb0bbb423a03d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8fe68e87c1b63efd4a3a8f71c487695a16399537680dd6b1fa5bb0bbb423a03d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 360}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.version_label` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.version_label`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53937, "scanner": "repobility-ast-engine", "fingerprint": "967dbcd631a7ea989042f2688d9a5d8548ca9208bd8f789a3c5534a0ba1fbc4d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|967dbcd631a7ea989042f2688d9a5d8548ca9208bd8f789a3c5534a0ba1fbc4d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 356}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.title_label` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.title_label`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53936, "scanner": "repobility-ast-engine", "fingerprint": "298ef43ade06aeb4ed27472512be4e00af92ab8229c47d57031254fc0087f503", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|298ef43ade06aeb4ed27472512be4e00af92ab8229c47d57031254fc0087f503"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 354}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_settings_tab` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.create_settings_tab`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53935, "scanner": "repobility-ast-engine", "fingerprint": "635aeec9c1ae306c7a4894e2d247a9665e571ab7553d3fe28282b40023d6ac26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|635aeec9c1ae306c7a4894e2d247a9665e571ab7553d3fe28282b40023d6ac26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 367}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_rules_tab` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.create_rules_tab`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53934, "scanner": "repobility-ast-engine", "fingerprint": "cb9ac8cd8ac9cbf65a5ac498ea0e14732fc9895bdae55bb22ac8eeb176643a65", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|cb9ac8cd8ac9cbf65a5ac498ea0e14732fc9895bdae55bb22ac8eeb176643a65"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 366}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_commands_tab` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.create_commands_tab`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53933, "scanner": "repobility-ast-engine", "fingerprint": "6f1103cdbe3cd9a28b3d56718263ab1dbc2cf0b5237e8d84a85561991253a5c6", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f1103cdbe3cd9a28b3d56718263ab1dbc2cf0b5237e8d84a85561991253a5c6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 365}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_skills_tab` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.create_skills_tab`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53932, "scanner": "repobility-ast-engine", "fingerprint": "82fcc5c40ff10916fce55f07005a37ea0e3a887f1d0b40837bf354f647f68c3f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|82fcc5c40ff10916fce55f07005a37ea0e3a887f1d0b40837bf354f647f68c3f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 364}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.create_agents_tab` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.create_agents_tab`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53931, "scanner": "repobility-ast-engine", "fingerprint": "6309faf8cfb5ae7c8e77da92a204ada80733245ca7c48c767ecfdf1d7af57cb3", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6309faf8cfb5ae7c8e77da92a204ada80733245ca7c48c767ecfdf1d7af57cb3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 363}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.logo_image` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.logo_image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53930, "scanner": "repobility-ast-engine", "fingerprint": "4b247dd3eb562e249dfb93d02a01038199733ff2c3086dd6891af42c2fe2c1db", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b247dd3eb562e249dfb93d02a01038199733ff2c3086dd6891af42c2fe2c1db"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 348}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.logo_image` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.logo_image`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53929, "scanner": "repobility-ast-engine", "fingerprint": "e808c8e02b665d08fc50e1182306c37fb7a5256f28ba8f976a9956d7b386f4e2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e808c8e02b665d08fc50e1182306c37fb7a5256f28ba8f976a9956d7b386f4e2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 347}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.status_label` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.status_label`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53928, "scanner": "repobility-ast-engine", "fingerprint": "bdda7349095659dc1947c76eb910f1020187b20c117364b1385259c1f8f7d0bc", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|bdda7349095659dc1947c76eb910f1020187b20c117364b1385259c1f8f7d0bc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 373}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.notebook` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.notebook`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53927, "scanner": "repobility-ast-engine", "fingerprint": "8fe7fdf88321a9811a94cd77e32b682dc7b97e2f2973a0bee7f8006b34955bd2", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8fe7fdf88321a9811a94cd77e32b682dc7b97e2f2973a0bee7f8006b34955bd2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 359}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.version_label` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.version_label`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53926, "scanner": "repobility-ast-engine", "fingerprint": "679451cd73743b8ed755d4988638e4fc0e08a8bc38fa70ccf2c34c45eb35fa26", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|679451cd73743b8ed755d4988638e4fc0e08a8bc38fa70ccf2c34c45eb35fa26"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 355}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.title_label` used but never assigned in __init__: Method `create_widgets` of class `ECCDashboard` reads `self.title_label`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53925, "scanner": "repobility-ast-engine", "fingerprint": "4b1debe863211e4f923a3295a8c0c1f63cb242868c10e9f787217540534a22c7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4b1debe863211e4f923a3295a8c0c1f63cb242868c10e9f787217540534a22c7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 353}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.winfo_screenheight` used but never assigned in __init__: Method `center_window` of class `ECCDashboard` reads `self.winfo_screenheight`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53924, "scanner": "repobility-ast-engine", "fingerprint": "6bf7d1aa0b9019116a8351b9666169def4aa9503b9524acc385727bf99429b20", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6bf7d1aa0b9019116a8351b9666169def4aa9503b9524acc385727bf99429b20"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 333}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.winfo_screenwidth` used but never assigned in __init__: Method `center_window` of class `ECCDashboard` reads `self.winfo_screenwidth`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53923, "scanner": "repobility-ast-engine", "fingerprint": "0aee8ec85f47d274b14db15a6a43ba1e7f802b5efa67462f40e554593974f26d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0aee8ec85f47d274b14db15a6a43ba1e7f802b5efa67462f40e554593974f26d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 332}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.geometry` used but never assigned in __init__: Method `center_window` of class `ECCDashboard` reads `self.geometry`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53922, "scanner": "repobility-ast-engine", "fingerprint": "6667ce362240597b51c37ffdaebe8a234aabc48f91d67ea9de9bd548771987a7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6667ce362240597b51c37ffdaebe8a234aabc48f91d67ea9de9bd548771987a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 334}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.winfo_height` used but never assigned in __init__: Method `center_window` of class `ECCDashboard` reads `self.winfo_height`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53921, "scanner": "repobility-ast-engine", "fingerprint": "282dc5e0f391d61c09f7e79d4013b393c936af5247ac90ff97cff6141e26cf04", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|282dc5e0f391d61c09f7e79d4013b393c936af5247ac90ff97cff6141e26cf04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 331}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.winfo_width` used but never assigned in __init__: Method `center_window` of class `ECCDashboard` reads `self.winfo_width`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53920, "scanner": "repobility-ast-engine", "fingerprint": "6cca04a1979ecfb20e6769f11571527e6906f2b5d3c01b8ee7a12c031fbe44ba", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6cca04a1979ecfb20e6769f11571527e6906f2b5d3c01b8ee7a12c031fbe44ba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 330}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.update_idletasks` used but never assigned in __init__: Method `center_window` of class `ECCDashboard` reads `self.update_idletasks`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 53919, "scanner": "repobility-ast-engine", "fingerprint": "e542aa474d904e52ffacb102b22702d63b386f55b8802265b71612d444baebcf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|e542aa474d904e52ffacb102b22702d63b386f55b8802265b71612d444baebcf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ecc_dashboard.py"}, "region": {"startLine": 329}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 53882, "scanner": "repobility-threat-engine", "fingerprint": "2f1ec38cebb042b946dffaa3ee94cff522253dd21371fccb357ca8d39207bd05", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f1ec38cebb042b946dffaa3ee94cff522253dd21371fccb357ca8d39207bd05"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/videodb/scripts/ws_listener.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 53879, "scanner": "repobility-threat-engine", "fingerprint": "cd5e76b442a6b1fc8dafc9bb4a808d7b8002732eec2379d3769203c0fe0511ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cd5e76b442a6b1fc8dafc9bb4a808d7b8002732eec2379d3769203c0fe0511ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/stop-format-typecheck.js"}, "region": {"startLine": 43}}}]}, {"ruleId": "MINED004", "level": "error", "message": {"text": "[MINED004] Weak Crypto: MD5/SHA1/DES/RC4 used for security context (not just checksums)."}, "properties": {"repobilityId": 53878, "scanner": "repobility-threat-engine", "fingerprint": "579a68f1d5afa681ca979fce6bfd6f76611cbf3af329f967ee26beb7c8cfec47", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "weak-crypto", "owasp": "A02:2021", "cwe_ids": ["CWE-327"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347906+00:00", "triaged_in_corpus": 15, "observations_count": 303181, "ai_coder_pattern_id": 13}, "scanner": "repobility-threat-engine", "correlation_key": "fp|579a68f1d5afa681ca979fce6bfd6f76611cbf3af329f967ee26beb7c8cfec47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/post-edit-accumulator.js"}, "region": {"startLine": 27}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 53872, "scanner": "repobility-threat-engine", "fingerprint": "a420b48c470f3db4153ef64c6f8d8b3e61842e5b94ba411f6f8ebbce97d4c2e9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a420b48c470f3db4153ef64c6f8d8b3e61842e5b94ba411f6f8ebbce97d4c2e9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/session-end.js"}, "region": {"startLine": 260}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 53871, "scanner": "repobility-threat-engine", "fingerprint": "f40c1b3c289e8c205cba45776261f5ac784dae15d76978755ee8e3846b527c79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(`${", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f40c1b3c289e8c205cba45776261f5ac784dae15d76978755ee8e3846b527c79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/check-unicode-safety.js"}, "region": {"startLine": 63}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 53869, "scanner": "repobility-threat-engine", "fingerprint": "1d41a14e833a939e7e1216b7284ff1245d81f0f67d7fb847156f203a81891695", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1d41a14e833a939e7e1216b7284ff1245d81f0f67d7fb847156f203a81891695"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/llm/providers/ollama.py"}, "region": {"startLine": 73}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 53868, "scanner": "repobility-threat-engine", "fingerprint": "ba1afdacc0afd262a09fdd2e61ed01ca46659b2df2e44ac069f4af5c0497f2a7", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "URL(f", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|ba1afdacc0afd262a09fdd2e61ed01ca46659b2df2e44ac069f4af5c0497f2a7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "skills/ios-icon-gen/scripts/generate_icons.swift"}, "region": {"startLine": 118}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 53867, "scanner": "repobility-threat-engine", "fingerprint": "0ab13e526b591d557a68b855a2528d45f7d83b18832d8c87a0b991b8fb256fd1", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "urllib.request.urlopen(r", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ab13e526b591d557a68b855a2528d45f7d83b18832d8c87a0b991b8fb256fd1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "integrations/aura/adapter.py"}, "region": {"startLine": 132}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 53858, "scanner": "repobility-threat-engine", "fingerprint": "e38bc6f05ecaa82090e6aeb44d0d82ee00aebf3042ebac8b0d32ac154982a250", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(raw", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|e38bc6f05ecaa82090e6aeb44d0d82ee00aebf3042ebac8b0d32ac154982a250"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/codex/merge-codex-config.js"}, "region": {"startLine": 70}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 53857, "scanner": "repobility-threat-engine", "fingerprint": "c0e0d6675e1d2604b26fffbcaed782e4706f86075b701e728bf4844cb58255b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|c0e0d6675e1d2604b26fffbcaed782e4706f86075b701e728bf4844cb58255b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/ci/validate-no-personal-paths.js"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 53856, "scanner": "repobility-threat-engine", "fingerprint": "0d51c2fd8877fe01a3416dfd07f60d4c7198a76d7cb54912254066b658d2dac9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "execSync(command", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0d51c2fd8877fe01a3416dfd07f60d4c7198a76d7cb54912254066b658d2dac9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".opencode/tools/git-summary.ts"}, "region": {"startLine": 52}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 53854, "scanner": "repobility-threat-engine", "fingerprint": "4b1537482a7461877b82c9692ef4f9bfcd88a7c2d9aa1c854b56b31d7f60d4e1", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map(([key, area]) => `| [${area.name}](./${key}.md) | ${area.files.length} files | ${area.directorie", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|4b1537482a7461877b82c9692ef4f9bfcd88a7c2d9aa1c854b56b31d7f60d4e1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/codemaps/generate.ts"}, "region": {"startLine": 247}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 53853, "scanner": "repobility-threat-engine", "fingerprint": "261f95cfd67af46f2690c31d131639f7d8a4ad284c20501b57822697f469e870", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((f) => `- ${f.file}: ${f.percentage.toFixed(1)}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|261f95cfd67af46f2690c31d131639f7d8a4ad284c20501b57822697f469e870"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".opencode/tools/check-coverage.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "SEC040", "level": "error", "message": {"text": "[SEC040] innerHTML XSS \u2014 template literal with server-supplied data: Setting .innerHTML with a template literal that interpolates server-supplied or user-supplied data is the canonical stored/reflected XSS vector. The browser parses the HTML and executes any <script> or event-handler attributes in the data. CWE-79. Especially dangerous when the data comes from a CV parser, profile field, or any user-input pipeline."}, "properties": {"repobilityId": 53852, "scanner": "repobility-threat-engine", "fingerprint": "44af17653c3693353484da6a838a10f348af242ca0bdfa1dedb3b1eb1b3139c1", "category": "xss", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "map((p) => `git diff ${p.path}", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC040", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|44af17653c3693353484da6a838a10f348af242ca0bdfa1dedb3b1eb1b3139c1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".opencode/tools/changed-files.ts"}, "region": {"startLine": 60}}}]}, {"ruleId": "MINED120", "level": "error", "message": {"text": "[MINED120] package.json `scripts.postinstall` runs network/exec on install: `scripts.postinstall: echo '\\n  ecc-universal installed!\\n  Run: npx ecc typescript\\n  Compat: npx ecc-install typescript\\n  Docs: https://git` runs during `npm install` on every developer's machine and in every CI build. Common crypto-miner / data-exfiltration vector. Even when intentional, the hook should be reviewed and pinned."}, "properties": {"repobilityId": 53966, "scanner": "repobility-supply-chain", "fingerprint": "1e945a47c403c78b2e6e065a847d08d5e8145e2383ea6057f2c27f90c892d3d4", "category": "dependency", "severity": "critical", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "npm-postinstall-hook", "owasp": "A08:2021", "cwe_ids": ["CWE-506"], "languages": ["javascript"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1e945a47c403c78b2e6e065a847d08d5e8145e2383ea6057f2c27f90c892d3d4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "package.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 53880, "scanner": "repobility-threat-engine", "fingerprint": "2edf93a5b4d0cff479c539c6c609a60662021aad88cd21606cb29ab9c80f341d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(scriptPath", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2edf93a5b4d0cff479c539c6c609a60662021aad88cd21606cb29ab9c80f341d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/hooks/run-with-flags.js"}, "region": {"startLine": 134}}}]}, {"ruleId": "MINED024", "level": "error", "message": {"text": "[MINED024] Js Eval Usage: eval() executes arbitrary code. Code injection risk."}, "properties": {"repobilityId": 53864, "scanner": "repobility-threat-engine", "fingerprint": "9d51a9d71806e18e586637ab1716dbcf130737318d20869a8bf42393ef61b9b8", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-eval-usage", "owasp": null, "cwe_ids": ["CWE-95"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347954+00:00", "triaged_in_corpus": 20, "observations_count": 35589, "ai_coder_pattern_id": 103}, "scanner": "repobility-threat-engine", "correlation_key": "fp|9d51a9d71806e18e586637ab1716dbcf130737318d20869a8bf42393ef61b9b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".opencode/tools/security-audit.ts"}, "region": {"startLine": 233}}}]}]}]}