{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "AUC001", "name": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobilit", "shortDescription": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "fullDescription": {"text": "The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"scanner": "repobility-access-control", "category": "auth", "severity": "medium", "confidence": 0.92, "cwe": "CWE-285", "owasp": "WSTG-AUTHZ"}}, {"id": "AGT015", "name": "Remote install command pipes network code directly to a shell", "shortDescription": {"text": "Remote install command pipes network code directly to a shell"}, "fullDescription": {"text": "Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified."}, "properties": {"scanner": "repobility-agent-runtime", "category": "dependency", "severity": "medium", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "WEB005", "name": "robots.txt does not advertise a sitemap", "shortDescription": {"text": "robots.txt does not advertise a sitemap"}, "fullDescription": {"text": "Sitemap directives in robots.txt help crawlers and AI agents find the canonical public URL inventory quickly."}, "properties": {"scanner": "repobility-web-presence", "category": "quality", "severity": "low", "confidence": 0.74, "cwe": "", "owasp": ""}}, {"id": "ERR003", "name": "[ERR003] Ignored Error (Go): Ignoring error return values.", "shortDescription": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "fullDescription": {"text": "Handle the error or use errcheck linter."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC002", "name": "Source file name looks like an AI patch artifact", "shortDescription": {"text": "Source file name looks like an AI patch artifact"}, "fullDescription": {"text": "Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.62, "cwe": "", "owasp": ""}}, {"id": "AIC007", "name": "Generated build artifact directory is present at repository root", "shortDescription": {"text": "Generated build artifact directory is present at repository root"}, "fullDescription": {"text": "Committed build outputs and caches make scans slower, confuse duplicate-code checks, and give AI agents stale generated code to imitate."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.7, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/409"}, "properties": {"repository": "cli/cli", "repoUrl": "https://github.com/cli/cli.git", "branch": "trunk"}, "results": [{"ruleId": "AUC001", "level": "warning", "message": {"text": "[AUC001] No Repobility access matrix policy found: The repository uses web/API frameworks but does not define .repobility/access.yml or equivalent authorization documentation."}, "properties": {"repobilityId": 16326, "scanner": "repobility-access-control", "fingerprint": "f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10", "category": "auth", "severity": "medium", "confidence": 0.92, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Static route and framework evidence require project-owner confirmation.", "evidence": {"scanner": "repobility-access-control", "frameworks": ["GraphQL"], "expected_files": [".repobility/access.yml", ".repobility/access.yaml", ".repobility/access.json", ".repobility/authorization.yml"], "correlation_key": "fp|f1305052c3ba1e6c1cdb5dccc19e58a8168cf78b176658f32b1fc823df3e9d10"}}}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 16320, "scanner": "repobility-agent-runtime", "fingerprint": "579436d105e3183e347c50a88f725470e12e9e4da700cb651a4326ddfa12853d", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|579436d105e3183e347c50a88f725470e12e9e4da700cb651a4326ddfa12853d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/install_windows.md"}, "region": {"startLine": 94}}}]}, {"ruleId": "AGT015", "level": "warning", "message": {"text": "Remote install command pipes network code directly to a shell"}, "properties": {"repobilityId": 16319, "scanner": "repobility-agent-runtime", "fingerprint": "37c52d62720ff58f5687e194103890d968f8e1004588135ce252bcf8a834ce71", "category": "dependency", "severity": "medium", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File contains a remote download piped directly to a shell without visible checksum or signature verification.", "evidence": {"rule_id": "AGT015", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|37c52d62720ff58f5687e194103890d968f8e1004588135ce252bcf8a834ce71"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "docs/install_macos.md"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16318, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e359f0d1c4851837970733d194aeddca2b7d8c25b202e0c862cf301e47649204", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/issue/close/close.go", "duplicate_line": 39, "correlation_key": "fp|e359f0d1c4851837970733d194aeddca2b7d8c25b202e0c862cf301e47649204"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/issue/develop/develop.go"}, "region": {"startLine": 75}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16317, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c4994918271cc7ebf63a3ddfa3bb64badb255a99cec37208680c85304c4f7b90", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/issue/close/close.go", "duplicate_line": 38, "correlation_key": "fp|c4994918271cc7ebf63a3ddfa3bb64badb255a99cec37208680c85304c4f7b90"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/issue/delete/delete.go"}, "region": {"startLine": 36}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16316, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e4bd0c1a38c618a39922d595d2e02ca6113472ff2597520075d321c71ca21f2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/gpg-key/delete/http.go", "duplicate_line": 43, "correlation_key": "fp|5e4bd0c1a38c618a39922d595d2e02ca6113472ff2597520075d321c71ca21f2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/gpg-key/list/http.go"}, "region": {"startLine": 50}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16315, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fb9dae26e453cb68987b1be403ec3a431739a8bcaf6b329c90068e1302be3417", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/gist/edit/edit.go", "duplicate_line": 126, "correlation_key": "fp|fb9dae26e453cb68987b1be403ec3a431739a8bcaf6b329c90068e1302be3417"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/gist/rename/rename.go"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16314, "scanner": "repobility-ai-code-hygiene", "fingerprint": "35f193de5d3be96432ef4477341378262f0d4cd546e549699d47fc4f8c213d6c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/codespace/jupyter.go", "duplicate_line": 29, "correlation_key": "fp|35f193de5d3be96432ef4477341378262f0d4cd546e549699d47fc4f8c213d6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/codespace/ssh.go"}, "region": {"startLine": 157}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16313, "scanner": "repobility-ai-code-hygiene", "fingerprint": "028bb3dfbf8000832e708bcee13fa24e2c8499f937a0ed7b86619ae2b1e30e83", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/codespace/jupyter.go", "duplicate_line": 28, "correlation_key": "fp|028bb3dfbf8000832e708bcee13fa24e2c8499f937a0ed7b86619ae2b1e30e83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/codespace/ports.go"}, "region": {"startLine": 193}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16312, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6d4e43de7104b67e4b17dad31d6f4df337b76be84058669bbbc7a5a14390fe67", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/codespace/jupyter.go", "duplicate_line": 26, "correlation_key": "fp|6d4e43de7104b67e4b17dad31d6f4df337b76be84058669bbbc7a5a14390fe67"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/codespace/logs.go"}, "region": {"startLine": 28}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16311, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d5b3d72ce4abe961f5153f57b2dba07d02c7a0ca229cfa705016fbc3ce1afed0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/auth/logout/logout.go", "duplicate_line": 62, "correlation_key": "fp|d5b3d72ce4abe961f5153f57b2dba07d02c7a0ca229cfa705016fbc3ce1afed0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/auth/switch/switch.go"}, "region": {"startLine": 61}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16310, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5e016d6ea4e93d0c901f2b66efd6c01fdb23ae728b2eae7a27eb90b9a546adfc", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "pkg/cmd/agent-task/create/create.go", "duplicate_line": 201, "correlation_key": "fp|5e016d6ea4e93d0c901f2b66efd6c01fdb23ae728b2eae7a27eb90b9a546adfc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/agent-task/view/view.go"}, "region": {"startLine": 288}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16309, "scanner": "repobility-ai-code-hygiene", "fingerprint": "54f5de8dd6d83e32d2275c192241478a0e3ed283afad418e4b8e1a9a74296d51", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "internal/prompter/huh_prompter.go", "duplicate_line": 63, "correlation_key": "fp|54f5de8dd6d83e32d2275c192241478a0e3ed283afad418e4b8e1a9a74296d51"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/prompter/prompter.go"}, "region": {"startLine": 104}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16308, "scanner": "repobility-ai-code-hygiene", "fingerprint": "277b52f4d170f350a091b529cf060b0995283a798d0c1d2ea092e269e5c1e139", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "context/remote.go", "duplicate_line": 47, "correlation_key": "fp|277b52f4d170f350a091b529cf060b0995283a798d0c1d2ea092e269e5c1e139"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "git/objects.go"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 16307, "scanner": "repobility-ai-code-hygiene", "fingerprint": "05a0f619395991c90c7592291e4e8111dcd6c092879699c74681627f8633b665", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "api/queries_issue.go", "duplicate_line": 46, "correlation_key": "fp|05a0f619395991c90c7592291e4e8111dcd6c092879699c74681627f8633b665"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/queries_pr.go"}, "region": {"startLine": 96}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 16306, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d768720681658f0ad722b4fde2ad0fb03f2604f85d62c6a0351170e438a11f7b", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v2", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|d768720681658f0ad722b4fde2ad0fb03f2604f85d62c6a0351170e438a11f7b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/queries_projects_v2.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "WEB005", "level": "note", "message": {"text": "robots.txt does not advertise a sitemap"}, "properties": {"repobilityId": 16327, "scanner": "repobility-web-presence", "fingerprint": "ee69964d49e763a6476e2b70d013dae19fc351d9f701a29e737a3c3d1c163441", "category": "quality", "severity": "low", "confidence": 0.74, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Discovered robots file or route lacks a Sitemap directive.", "evidence": {"rule_id": "WEB005", "scanner": "repobility-web-presence", "references": ["https://www.rfc-editor.org/rfc/rfc9309", "https://www.sitemaps.org/protocol.html"], "correlation_key": "fp|ee69964d49e763a6476e2b70d013dae19fc351d9f701a29e737a3c3d1c163441"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/scripts/spam-detection/eval-prompts.yml"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 16323, "scanner": "repobility-threat-engine", "fingerprint": "0a89606f1198514b16861c32a7e1a72f15c8d748909d5eec04744c391e82738e", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = io.Copy(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0a89606f1198514b16861c32a7e1a72f15c8d748909d5eec04744c391e82738e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/update/update.go"}, "region": {"startLine": 124}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 16322, "scanner": "repobility-threat-engine", "fingerprint": "d784370a547f534113db3369a06b011e566b01b176979e0dc3245d4b74251acf", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = jsoncolor.Write(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d784370a547f534113db3369a06b011e566b01b176979e0dc3245d4b74251acf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "internal/telemetry/telemetry.go"}, "region": {"startLine": 192}}}]}, {"ruleId": "ERR003", "level": "note", "message": {"text": "[ERR003] Ignored Error (Go): Ignoring error return values."}, "properties": {"repobilityId": 16321, "scanner": "repobility-threat-engine", "fingerprint": "b74733a6517b3c6436615a4bf3c5d535d6dc1e39aa3141f3a147034e97c77eed", "category": "error_handling", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "_ = ghrepo.FromURL(", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b74733a6517b3c6436615a4bf3c5d535d6dc1e39aa3141f3a147034e97c77eed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "context/remote.go"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC002", "level": "note", "message": {"text": "Source file name looks like an AI patch artifact"}, "properties": {"repobilityId": 16305, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4af351cb821a893e0808addb6a646c3ff790e506cc070aa55699759d158ceac9", "category": "quality", "severity": "low", "confidence": 0.62, "triageState": "open", "verdict": "needs_review", "isResolved": false, "reason": "Source filename contains a temporary or patch-style suffix.", "evidence": {"suffix": "v2", "rule_id": "AIC002", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|4af351cb821a893e0808addb6a646c3ff790e506cc070aa55699759d158ceac9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "api/queries_projects_v2.go"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC007", "level": "note", "message": {"text": "Generated build artifact directory is present at repository root"}, "properties": {"repobilityId": 16304, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1", "category": "quality", "severity": "low", "confidence": 0.7, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Repository root contains a common generated artifact directory.", "evidence": {"rule_id": "AIC007", "scanner": "repobility-ai-code-hygiene", "directory": "build", "references": ["https://git-scm.com/docs/gitignore", "https://arxiv.org/abs/2601.15195"], "correlation_key": "fp|9ce25f11f897b8a8b2478fd0136724866f111b604484c20a5c690bce80d94da1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "build"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 16325, "scanner": "repobility-threat-engine", "fingerprint": "224f8471467a756a9f9360c0a71d405b679635ae5c9c473dd2cf1b0b19bed76b", "category": "credential_exposure", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe context pattern detected", "evidence": {"match": "print(config.io.Out, out)", "reason": "Safe context pattern detected", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "secret|token|15|print config.io.out out"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "pkg/cmd/project/view/view.go"}, "region": {"startLine": 157}}}]}, {"ruleId": "ERR003", "level": "none", "message": {"text": "[ERR003] Ignored Error (Go) (and 84 more): Same pattern found in 84 additional files. Review if needed."}, "properties": {"repobilityId": 16324, "scanner": "repobility-threat-engine", "fingerprint": "a906773994ba230dcba41423a2a9b02c0cbc7d0132d934aa92926a15e54fb2ce", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 84 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 84 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR003", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|a906773994ba230dcba41423a2a9b02c0cbc7d0132d934aa92926a15e54fb2ce"}}}]}]}