{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "QUAL003", "name": "Magic number used as default arg", "shortDescription": {"text": "Magic number used as default arg"}, "fullDescription": {"text": "Using hardcoded default values for complex configuration objects makes the code brittle and difficult to manage. Consider using a dedicated factory or builder pattern.\n\nAuto-promoted from proposal 444 on 2026-05-12. Synth confidence: 0.85. FP estimate: 0.00."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP001", "name": "Crypto \u2014 plaintext HTTP for sensitive endpoint", "shortDescription": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "fullDescription": {"text": "Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SEC007", "name": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code.", "shortDescription": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "fullDescription": {"text": "Use yaml.safe_load() instead of yaml.load(). Avoid pickle for untrusted data."}, "properties": {"scanner": "repobility-threat-engine", "category": "deserialization", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT007", "name": "localStorage write failures are swallowed silently", "shortDescription": {"text": "localStorage write failures are swallowed silently"}, "fullDescription": {"text": "localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "AGT016", "name": "Codex session log reader may expose prompts or tool-call content", "shortDescription": {"text": "Codex session log reader may expose prompts or tool-call content"}, "fullDescription": {"text": "Codex session JSONL files can contain prompts, tool events, paths, and operational metadata, not only token counts. Token dashboards and exporters should avoid retaining or sharing raw session text."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.73, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC020", "name": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequen", "shortDescription": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "fullDescription": {"text": "Log only redacted, hashed, or last-four-style metadata. Rotate any secret that may have reached logs."}, "properties": {"scanner": "repobility-threat-engine", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/389"}, "properties": {"repository": "websitebutlers/codefire-app", "repoUrl": "https://github.com/websitebutlers/codefire-app.git", "branch": "main"}, "results": [{"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21924, "scanner": "repobility", "fingerprint": "a5825462c75a1be74cd610510fb5d551", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 100", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Context/Sources/CodeFire/Views/Browser/BrowserTab.swift"}, "region": {"startLine": 237}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21923, "scanner": "repobility", "fingerprint": "d51358e00bc86047f1d5c50440b4a553", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 5", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Context/Sources/CodeFire/Services/MCPServer.swift"}, "region": {"startLine": 102}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21922, "scanner": "repobility", "fingerprint": "a998c531737295f5570fb8756b2763d1", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 10", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Context/Sources/CodeFireMCP/main.swift"}, "region": {"startLine": 1275}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14033, "scanner": "repobility", "fingerprint": "0ac13e3688c20b9f30ed38852e9b53c7", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "Context/Sources/CodeFire/Views/Browser/BrowserTab.swift"}, "region": {"startLine": 211}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14032, "scanner": "repobility", "fingerprint": "4e42fd5457766ea9fb3fd8cb4ef573d2", "category": "crypto", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "scripts/package-app.sh"}, "region": {"startLine": 79}}}]}, {"ruleId": "SEC007", "level": "warning", "message": {"text": "[SEC007] Unsafe Deserialization: Unsafe deserialization can execute arbitrary code."}, "properties": {"repobilityId": 12664, "scanner": "repobility-threat-engine", "fingerprint": "5ada44768e9063cc0b22d1f3b4e32ad49d69fef0af5ed30f15bf8165a086913e", "category": "deserialization", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "yaml.load(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC007", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|deserialization|token|44|sec007"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/services/DesignDocParser.ts"}, "region": {"startLine": 44}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12662, "scanner": "repobility-threat-engine", "fingerprint": "0433ede32b0d4a2983b25d8013efef2fb1c8bb2cde9af019b59da8e82a73084e", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0433ede32b0d4a2983b25d8013efef2fb1c8bb2cde9af019b59da8e82a73084e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/views/ActivityView.tsx"}, "region": {"startLine": 256}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12661, "scanner": "repobility-threat-engine", "fingerprint": "0ce4d35fdf43b7239090df6e6cde0d163b8933f84839ea622ef503f3fbf95142", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0ce4d35fdf43b7239090df6e6cde0d163b8933f84839ea622ef503f3fbf95142"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/views/BrowserView.tsx"}, "region": {"startLine": 141}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 12660, "scanner": "repobility-threat-engine", "fingerprint": "51073f3bcfbdaf0666dd16030defed8f967a8fd005a4e6dc8183249fbf89e283", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|51073f3bcfbdaf0666dd16030defed8f967a8fd005a4e6dc8183249fbf89e283"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/views/AllProjectsView.tsx"}, "region": {"startLine": 56}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12654, "scanner": "repobility-agent-runtime", "fingerprint": "50af893373b4fac486c0ca626d12b763991bc5d7ddf71e4ba69f73f928f7ea49", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|50af893373b4fac486c0ca626d12b763991bc5d7ddf71e4ba69f73f928f7ea49"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/lib/projectAgentDefaults.ts"}, "region": {"startLine": 45}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12653, "scanner": "repobility-agent-runtime", "fingerprint": "e6cfb6ee483f30f8d7d90fac38137328a39bcbc5eaf53fb4f43d3ab3e4927bc7", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|e6cfb6ee483f30f8d7d90fac38137328a39bcbc5eaf53fb4f43d3ab3e4927bc7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/lib/clientTaskSignals.ts"}, "region": {"startLine": 38}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12652, "scanner": "repobility-agent-runtime", "fingerprint": "06466a1bf6342bdabc5b7a6e4bc6a9c59dd954d2bf9fb7026c7167b1cbdb205c", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|06466a1bf6342bdabc5b7a6e4bc6a9c59dd954d2bf9fb7026c7167b1cbdb205c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/layouts/MainLayout.tsx"}, "region": {"startLine": 85}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12651, "scanner": "repobility-agent-runtime", "fingerprint": "98eb7be75e2b08b901f8dad3abdfdd8b6d9a3c6d79c4474c7cc6128596413e83", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|98eb7be75e2b08b901f8dad3abdfdd8b6d9a3c6d79c4474c7cc6128596413e83"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/hooks/useBrowserTabs.ts"}, "region": {"startLine": 162}}}]}, {"ruleId": "AGT007", "level": "warning", "message": {"text": "localStorage write failures are swallowed silently"}, "properties": {"repobilityId": 12650, "scanner": "repobility-agent-runtime", "fingerprint": "7d5a8dd316fd9e4ff0dfeed2afb290934b0e4f19032ef65bf8f131c1f2e4b2b2", "category": "quality", "severity": "medium", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File writes to localStorage and has an empty or ignore-only catch block without QuotaExceededError handling.", "evidence": {"rule_id": "AGT007", "scanner": "repobility-agent-runtime", "references": ["https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage_API"], "correlation_key": "fp|7d5a8dd316fd9e4ff0dfeed2afb290934b0e4f19032ef65bf8f131c1f2e4b2b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Header/ProjectDropdown.tsx"}, "region": {"startLine": 64}}}]}, {"ruleId": "AGT016", "level": "warning", "message": {"text": "Codex session log reader may expose prompts or tool-call content"}, "properties": {"repobilityId": 12649, "scanner": "repobility-agent-runtime", "fingerprint": "8a25422ddcfd11d9f48b7fdc6c388957ce9f31a56092c06864d621ab43fb48b7", "category": "quality", "severity": "medium", "confidence": 0.73, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File reads Codex session JSONL or usage logs and references prompt/message/tool content without visible redaction controls.", "evidence": {"rule_id": "AGT016", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|8a25422ddcfd11d9f48b7fdc6c388957ce9f31a56092c06864d621ab43fb48b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/services/LiveCodexWatcher.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12648, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ce16a2bf42fd0b84d2befe9b6127f4a92a2ed94109eadd8b1562e7365e49fa6c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/renderer/hooks/useGlobalTasks.ts", "duplicate_line": 51, "correlation_key": "fp|ce16a2bf42fd0b84d2befe9b6127f4a92a2ed94109eadd8b1562e7365e49fa6c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/hooks/useTasks.ts"}, "region": {"startLine": 95}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12647, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ff46b22b0f6d49c01f442948dd3b32679913ce998ec69751eb3f5fefb429c59a", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/renderer/components/Header/ProjectDropdown.tsx", "duplicate_line": 114, "correlation_key": "fp|ff46b22b0f6d49c01f442948dd3b32679913ce998ec69751eb3f5fefb429c59a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Sidebar/Sidebar.tsx"}, "region": {"startLine": 42}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12646, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2dca0a399171b5cca51068df103db4f2d1d9b7cdf2acb843d06335de9e5b91ed", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/renderer/components/Header/ProjectDropdown.tsx", "duplicate_line": 686, "correlation_key": "fp|2dca0a399171b5cca51068df103db4f2d1d9b7cdf2acb843d06335de9e5b91ed"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Sidebar/ProjectItem.tsx"}, "region": {"startLine": 40}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12645, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c58f7124e8718d4f84980526a73ef6634cdd7eb3dce3f1dcb7b9c6d0647eea76", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/renderer/components/Header/ProjectSettingsModal.tsx", "duplicate_line": 5, "correlation_key": "fp|c58f7124e8718d4f84980526a73ef6634cdd7eb3dce3f1dcb7b9c6d0647eea76"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Sidebar/ProjectItem.tsx"}, "region": {"startLine": 39}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12644, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c9ec8c3924af46814bbb7779b696d94a3bf992eb9b10e7cb2d5a63da2f3b40a5", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/renderer/components/Reviews/ReviewRequestCard.tsx", "duplicate_line": 3, "correlation_key": "fp|c9ec8c3924af46814bbb7779b696d94a3bf992eb9b10e7cb2d5a63da2f3b40a5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/SessionSummary/SharedSummaryCard.tsx"}, "region": {"startLine": 4}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12643, "scanner": "repobility-ai-code-hygiene", "fingerprint": "99730bb398e1ed8f154e4002bf02999beec748658043c4b5f1743822bdc7f471", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/renderer/components/Kanban/TaskCard.tsx", "duplicate_line": 74, "correlation_key": "fp|99730bb398e1ed8f154e4002bf02999beec748658043c4b5f1743822bdc7f471"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Presence/PresenceAvatars.tsx"}, "region": {"startLine": 9}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12642, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f18034751dd638c58a13340c10b4499486cf53488666cdadbf4d5bccdbcbc5b2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/renderer/components/Header/ProjectDropdown.tsx", "duplicate_line": 686, "correlation_key": "fp|f18034751dd638c58a13340c10b4499486cf53488666cdadbf4d5bccdbcbc5b2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/renderer/components/Header/ProjectSettingsModal.tsx"}, "region": {"startLine": 6}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12641, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3974f8ecc6969867ce5a7b5400978b7fa0fdd1c26aa0fc769fd4d6f1d6be8f1d", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/main/windows/MainWindow.ts", "duplicate_line": 34, "correlation_key": "fp|3974f8ecc6969867ce5a7b5400978b7fa0fdd1c26aa0fc769fd4d6f1d6be8f1d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/windows/ProjectWindow.ts"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12640, "scanner": "repobility-ai-code-hygiene", "fingerprint": "815ae85d409943da45f5f9387d41fa554ca7f4fe6e7310cf8380cb4d43d966b8", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/main/services/agent-chat/ClaudeAgentSession.ts", "duplicate_line": 74, "correlation_key": "fp|815ae85d409943da45f5f9387d41fa554ca7f4fe6e7310cf8380cb4d43d966b8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/services/agent-chat/CodexAppServerSession.ts"}, "region": {"startLine": 67}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12639, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d44f0d6ec121ce017aee7c70982330e8875f300c1b08c15854c417f2c4bd703f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/main/services/LiveCodexWatcher.ts", "duplicate_line": 59, "correlation_key": "fp|d44f0d6ec121ce017aee7c70982330e8875f300c1b08c15854c417f2c4bd703f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/services/LiveSessionWatcher.ts"}, "region": {"startLine": 51}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12638, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d881d139ae0a7732254309df7b73a049498a3269a29c0824228dc64b0387395", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/main/services/ClaudeCLIService.ts", "duplicate_line": 12, "correlation_key": "fp|9d881d139ae0a7732254309df7b73a049498a3269a29c0824228dc64b0387395"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/services/EmailTriageService.ts"}, "region": {"startLine": 29}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 12637, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f8d8d8ee9b08060c0cd0070f5f8648429d71b083785ad3487b3ebd7bafc04626", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "electron/src/main/database/dao/SessionDAO.ts", "duplicate_line": 44, "correlation_key": "fp|f8d8d8ee9b08060c0cd0070f5f8648429d71b083785ad3487b3ebd7bafc04626"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/ipc/session-handlers.ts"}, "region": {"startLine": 35}}}]}, {"ruleId": "ERR002", "level": "none", "message": {"text": "[ERR002] Empty Catch Block (and 21 more): Same pattern found in 21 additional files. Review if needed."}, "properties": {"repobilityId": 12663, "scanner": "repobility-threat-engine", "fingerprint": "f6816d3f22e1f5f74638e78b2dbf99f0e6bebe1fbd88935af96ed56567c55027", "category": "error_handling", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 21 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f6816d3f22e1f5f74638e78b2dbf99f0e6bebe1fbd88935af96ed56567c55027"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security (and 2 more): Same pattern found in 2 additional files. Review if needed."}, "properties": {"repobilityId": 12659, "scanner": "repobility-threat-engine", "fingerprint": "f78b05f3525efdc18a5d1983ba1263e47eaa8a772967c623a7aa23730bd5139a", "category": "crypto", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 2 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|f78b05f3525efdc18a5d1983ba1263e47eaa8a772967c623a7aa23730bd5139a"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12658, "scanner": "repobility-threat-engine", "fingerprint": "8cee0dc344e399c4b0f037b0269a91a86ddde5f72c2965fc4002e4f4e327c424", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|landing/assets/codefire.js|38|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "landing/assets/codefire.js"}, "region": {"startLine": 38}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12657, "scanner": "repobility-threat-engine", "fingerprint": "6e3f1fc7109d417d968daecca76244872232f5d7d8a69768bb8e3f31aa9e8f0e", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|token|199|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/services/ImageGenerationService.ts"}, "region": {"startLine": 199}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 12656, "scanner": "repobility-threat-engine", "fingerprint": "21afc79866346ac63a2d4f578b2efa7b91e7a265b5e69f9f84fe3ef7a6824460", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|electron/src/mcp/server.ts|2680|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/mcp/server.ts"}, "region": {"startLine": 2680}}}]}, {"ruleId": "SEC020", "level": "none", "message": {"text": "[SEC020] Secret Printed to Logs: Debug or diagnostic code appears to print a credential-bearing value. This is a frequent AI-assisted coding failure: the helper exposes the exact value needed for troubleshooting."}, "properties": {"repobilityId": 12655, "scanner": "repobility-threat-engine", "fingerprint": "6083b8d59cf22d54b21e93656eaed9cc697ae542e7277002b33c28fe84d48258", "category": "credential_exposure", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "evidence": {"match": "console.log('[Main] GitHub token auto-discovered from gh CLI')", "reason": "Log message mentions credential-related metadata but does not print a credential-bearing value", "rule_id": "SEC020", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "secret|electron/src/main/index.ts|44|console.log main github token auto-discovered from gh cli"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "electron/src/main/index.ts"}, "region": {"startLine": 447}}}]}]}]}