Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
48 of your 93 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

can1357/oh-my-pi

https://github.com/can1357/oh-my-pi.git · scanned 2026-05-20 12:45 UTC (2 weeks, 2 days ago) · 10 languages

1174 findings (86 legacy + 1088 scanner) 11/13 scanners ran 53rd percentile · Rust · large (100-500K LoC) Scanner says 46 (higher by 23)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 2 weeks, 2 days ago · v2 · 630 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON
Combined
60.9
/100
Repobility
76
86 legacy
9-layer
46
100.0% cov · 544 gaps
Critical
2
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 60.0 0.15 9.00
security_score 100.0 0.25 25.00
testing_score 20.0 0.20 4.00
documentation_score 87.0 0.15 13.05
practices_score 72.0 0.15 10.80
code_quality 67.0 0.10 6.70
Overall 1.00 68.5
security_score may be inflated — optional security scanners were skipped on this fast scan
Severity distribution — click a segment to filter
Active filters: source: scanner × excluding tests × Reset all
Severity: Critical 2 High 98 Medium 52 Low 290 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 86 9-layer 544 Crowd 0 Layer: Cicd 21 Quality 328 Security 28 Software 113 Frontend 90 Hardware 7 Api 43
Scan summary Repository scanned at 45.7/100 with 100.0% coverage. It contains 13958 nodes across 30 cross-layer flows, written primarily in mixed languages. Engine surfaced 544 findings — concentrated in quality (285), frontend (90), software (79). Risk profile is high: 1 critical, 45 high, 48 medium. Recommended next step: open the quality layer findings first — that's where the highest-impact wins live.

Showing 376 of 630 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical 9-layer security secrets conf 1.00 Possible secret in packages/coding-agent/src/tools/eval.ts
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
packages/coding-agent/src/tools/eval.ts:617 secrets
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://${IMDS_HOST}/latest/meta-data/iam/security-credentials/ (packages/ai/src/providers/aws-credentials.ts:463)
`packages/ai/src/providers/aws-credentials.ts:463` calls `GET http://${IMDS_HOST}/latest/meta-data/iam/security-credentials/` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/<p>/latest/meta-data/iam/security-cr…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${port}/json/version (packages/coding-agent/src/tools/browser/attach.ts:87)
`packages/coding-agent/src/tools/browser/attach.ts:87` calls `GET http://127.0.0.1:${port}/json/version` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/json/version` If this points at an externa…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://localhost:11434/api/tags (packages/ai/test/context-overflow.test.ts:479)
`packages/ai/test/context-overflow.test.ts:479` calls `GET http://localhost:11434/api/tags` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/localhost:11434/api/tags` If this points at an external API, prefix it…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET http://localhost:11434/api/tags (packages/ai/test/stream.test.ts:1577)
`packages/ai/test/stream.test.ts:1577` calls `GET http://localhost:11434/api/tags` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/localhost:11434/api/tags` If this points at an external API, prefix it with `ht…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com${endpoint} (packages/coding-agent/src/web/scrapers/github.ts:99)
`packages/coding-agent/src/web/scrapers/github.ts:99` calls `GET https://api.github.com${endpoint}` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/<p>` If this points at an external API, prefix…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/${repo}/releases/latest (packages/coding-agent/src/utils/tools-manager.ts:119)
`packages/coding-agent/src/utils/tools-manager.ts:119` calls `GET https://api.github.com/repos/${repo}/releases/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/<p>/releases/latest`…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://api.github.com/repos/${repo}/releases/latest (scripts/check-spoofed-versions.ts:38)
`scripts/check-spoofed-versions.ts:38` calls `GET https://api.github.com/repos/${repo}/releases/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/<p>/releases/latest` If this points …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://models.dev/api.json (packages/ai/scripts/generate-models.ts:108)
`packages/ai/scripts/generate-models.ts:108` calls `GET https://models.dev/api.json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/models.dev/api.json` If this points at an external API, prefix it with `http…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/${PACKAGE}/latest (packages/coding-agent/src/cli/update-cli.ts:117)
`packages/coding-agent/src/cli/update-cli.ts:117` calls `GET https://registry.npmjs.org/${PACKAGE}/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/registry.npmjs.org/<p>/latest` If this points at an ex…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://registry.npmjs.org/@oh-my-pi/pi-coding-agent/latest (packages/coding-agent/src/main.ts:71)
`packages/coding-agent/src/main.ts:71` calls `GET https://registry.npmjs.org/@oh-my-pi/pi-coding-agent/latest` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/registry.npmjs.org/@oh-my-pi/pi-coding-agent/lates…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://www.googleapis.com/oauth2/v1/userinfo?alt=json (packages/ai/src/utils/oauth/google-oauth-shared.ts:23)
`packages/ai/src/utils/oauth/google-oauth-shared.ts:23` calls `GET https://www.googleapis.com/oauth2/v1/userinfo?alt=json` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.googleapis.com/oauth2/v1/userinfo`…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: GET https://www.perplexity.ai/api/auth/csrf (packages/ai/src/utils/oauth/perplexity.ts:101)
`packages/ai/src/utils/oauth/perplexity.ts:101` calls `GET https://www.perplexity.ai/api/auth/csrf` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.perplexity.ai/api/auth/csrf` If this points at an externa…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://api.fireworks.ai/inference/v1/chat/completions (packages/ai/test/firepass.live.ts:119)
`packages/ai/test/firepass.live.ts:119` calls `POST https://api.fireworks.ai/inference/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.fireworks.ai/inference/v1/chat/completions` If th…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://generativelanguage.googleapis.com/v1beta/models/${encodeURIComponent(model)}:generateContent (packages/coding-agent/src/tools/image-gen.ts:1164)
`packages/coding-agent/src/tools/image-gen.ts:1164` calls `POST https://generativelanguage.googleapis.com/v1beta/models/${encodeURIComponent(model)}:generateContent` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/ht…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://openrouter.ai/api/v1/chat/completions (packages/coding-agent/src/tools/image-gen.ts:1073)
`packages/coding-agent/src/tools/image-gen.ts:1073` calls `POST https://openrouter.ai/api/v1/chat/completions` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/openrouter.ai/api/v1/chat/completions` If this poi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.perplexity.ai/api/auth/signin-email (packages/ai/src/utils/oauth/perplexity.ts:118)
`packages/ai/src/utils/oauth/perplexity.ts:118` calls `POST https://www.perplexity.ai/api/auth/signin-email` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.perplexity.ai/api/auth/signin-email` If this poi…
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: POST https://www.perplexity.ai/api/auth/signin-otp (packages/ai/src/utils/oauth/perplexity.ts:144)
`packages/ai/src/utils/oauth/perplexity.ts:144` calls `POST https://www.perplexity.ai/api/auth/signin-otp` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/www.perplexity.ai/api/auth/signin-otp` If this points …
wiringdangling-fetchfetch
high 9-layer api wiring conf 1.00 Dangling fetch: PUT http://${IMDS_HOST}/latest/api/token (packages/ai/src/providers/aws-credentials.ts:455)
`packages/ai/src/providers/aws-credentials.ts:455` calls `PUT http://${IMDS_HOST}/latest/api/token` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/<p>/latest/api/token` If this points at an external API, prefi…
wiringdangling-fetchfetch
high 9-layer hardware supply-chain conf 1.00 Dockerfile pipes a remote installer into a shell
Executing downloaded code during image build gives the remote endpoint build-time code execution. Prefer pinned packages or verify downloaded installers by checksum/signature.
Dockerfile:41 supply-chaindockerremote-installer
high 9-layer hardware supply-chain conf 1.00 Dockerfile pipes a remote installer into a shell
Executing downloaded code during image build gives the remote endpoint build-time code execution. Prefer pinned packages or verify downloaded installers by checksum/signature.
Dockerfile:122 supply-chaindockerremote-installer
high 9-layer security auth conf 1.00 FastAPI POST `add_assignees` without auth dependency — python/robomp/src/proxy/server.py:470
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:470 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `add_issue_labels` without auth dependency — python/robomp/src/proxy/server.py:457
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:457 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `api_cancel` without auth dependency — python/robomp/src/server.py:632
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/server.py:632 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `api_trigger` without auth dependency — python/robomp/src/server.py:548
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/server.py:548 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `close_issue` without auth dependency — python/robomp/src/proxy/server.py:493
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:493 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `git_clone_endpoint` without auth dependency — python/robomp/src/proxy/server.py:531
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:531 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `git_fetch_endpoint` without auth dependency — python/robomp/src/proxy/server.py:550
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:550 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `git_fetch_ref_endpoint` without auth dependency — python/robomp/src/proxy/server.py:561
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:561 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `git_push_endpoint` without auth dependency — python/robomp/src/proxy/server.py:571
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:571 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `open_pull_request` without auth dependency — python/robomp/src/proxy/server.py:413
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:413 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `post_comment` without auth dependency — python/robomp/src/proxy/server.py:400
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:400 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `replay` without auth dependency — python/robomp/src/server.py:462
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/server.py:462 authowaspauth.fastapi.unauth_mutation
high 9-layer security auth conf 1.00 FastAPI POST `request_reviewers` without auth dependency — python/robomp/src/proxy/server.py:438
`@router.post` decorator with no `Depends(get_current_user)` or auth-shaped dependency in its signature. Mutating endpoints should require authentication unless explicitly public.
python/robomp/src/proxy/server.py:438 authowaspauth.fastapi.unauth_mutation
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in crates/brush-builtins-vendored/src/let_.rs:30
Found a known-risky pattern (eval_used). Review and replace if possible.
crates/brush-builtins-vendored/src/let_.rs:30 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in crates/brush-core-vendored/src/expansion.rs:1245
Found a known-risky pattern (eval_used). Review and replace if possible.
crates/brush-core-vendored/src/expansion.rs:1245 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in crates/brush-core-vendored/src/interp.rs:1270
Found a known-risky pattern (eval_used). Review and replace if possible.
crates/brush-core-vendored/src/interp.rs:1270 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in crates/brush-core-vendored/src/shell/execution.rs:289
Found a known-risky pattern (eval_used). Review and replace if possible.
crates/brush-core-vendored/src/shell/execution.rs:289 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'eval_used' in packages/coding-agent/src/eval/py/runner.py:376
Found a known-risky pattern (eval_used). Review and replace if possible.
packages/coding-agent/src/eval/py/runner.py:376 owaspeval_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/coding-agent/src/eval/py/runner.py:719
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/coding-agent/src/eval/py/runner.py:719 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/coding-agent/src/extensibility/custom-commands/types.ts:21
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/coding-agent/src/extensibility/custom-commands/types.ts:21 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/coding-agent/src/extensibility/custom-tools/types.ts:47
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/coding-agent/src/extensibility/custom-tools/types.ts:47 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/coding-agent/src/extensibility/extensions/loader.ts:216
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/coding-agent/src/extensibility/extensions/loader.ts:216 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/coding-agent/src/extensibility/extensions/types.ts:981
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/coding-agent/src/extensibility/extensions/types.ts:981 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/coding-agent/src/extensibility/hooks/loader.ts:135
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/coding-agent/src/extensibility/hooks/loader.ts:135 owaspexec_used
high 9-layer security owasp conf 1.00 Insecure pattern 'exec_used' in packages/coding-agent/src/extensibility/hooks/types.ts:570
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/coding-agent/src/extensibility/hooks/types.ts:570 owaspexec_used
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/scripts/generate-models.ts:339
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/auth-broker/client.ts:38
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/model-manager.ts:20
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/provider-models/ollama.ts:74
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/providers/aws-credentials.ts:463
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/usage/gemini.ts:126
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/usage/google-antigravity.ts:130
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/cursor.ts:99
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/github-copilot.ts:110
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/gitlab-duo.ts:65
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/google-antigravity.ts:84
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/google-gemini-cli.ts:77
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/google-oauth-shared.ts:63
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/kilo.ts:22
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/kimi.ts:100
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/src/utils/oauth/perplexity.ts:101
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/test/anthropic-retry.test.ts:41
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/test/auth-broker-wire.test.ts:68
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/test/copilot-retry.test.ts:146
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/ai/test/firepass.live.ts:119
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/cli.ts:5
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/cli/update-cli.ts:117
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/mcp/json-rpc.ts:60
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/mcp/oauth-flow.ts:215
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/mcp/smithery-connect.ts:63
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/mcp/smithery-registry.ts:315
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/sdk.ts:921
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/tools/gh.ts:2959
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/tools/image-gen.ts:341
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/kagi.ts:139
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/parallel.ts:296
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/scrapers/github.ts:99
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/scrapers/types.ts:109
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/search/providers/anthropic.ts:117
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/search/providers/brave.ts:83
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/search/providers/codex.ts:337
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/search/providers/exa.ts:176
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/src/web/search/providers/perplexity.ts:333
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/coding-agent/test/core/python-tool-bridge.test.ts:39
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/stats/src/client/api.ts:14
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — python/robomp/web/src/api.ts:71
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
integrityfragile-runtimerobustness
medium 9-layer hardware security conf 1.00 Dockerfile runs as root: Dockerfile
No non-root USER set. Containers running as root expand the blast radius of any vulnerability inside the image.
securitycontainer
medium 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
softprops/action-gh-release@v2 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:331 supply-chaingithub-actionspinned-dependencies
medium 9-layer cicd supply-chain conf 1.00 GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
.github/workflows/ci.yml supply-chaingithub-actionsleast-privilege
medium 9-layer security owasp conf 1.00 Insecure pattern 'subprocess_shell_true' in packages/coding-agent/src/eval/py/runner.py:544
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
packages/coding-agent/src/eval/py/runner.py:544 owaspsubprocess_shell_true
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — packages/coding-agent/src/eval/py/runner.py:297
`subprocess.Popen(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — python/robomp/src/natives_cache.py:147
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
medium 9-layer quality integrity conf 1.00 Network/subprocess call without timeout or try/except — python/robomp/src/sandbox.py:292
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
integrityfragile-runtimerobustness
low 9-layer quality maintenance conf 1.00 163 TODO/FIXME markers
High count of TODO/FIXME/HACK markers — track them as issues so they're not forgotten.
maintenance
low 9-layer quality integrity conf 1.00 77 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `DEVELOPER_DIR`, `DISPLAY`, `EXA_API_KEY`, `FIREPASS_API_KEY`, `GH_CONFIG_DIR`, `GH_HOST`, `GH_TOKEN`, `GIT_ASKPASS` + 69 more. Add them (with a placeholder/comment) to .env.example so onboarding doesn't break.
integrityconfig-drift
low 9-layer hardware coverage conf 1.00 Containers defined but no K8s/orchestration manifest found
Repo has Dockerfiles/compose but no Kubernetes/Nomad manifests. If the target deployment is K8s, the manifests may live in a separate ops repo.
coveragedeployment
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: python:3.12-slim-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:83 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: python:3.12-slim-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:103 supply-chaindockerpinned-dependencies
low 9-layer hardware supply-chain conf 1.00 Docker base image is tag-pinned but not digest-pinned: rust:1.86-slim-bookworm
Container tags can be retagged upstream. Pin production base images to a reviewed digest (`image@sha256:...`) when reproducibility and supply-chain integrity matter.
Dockerfile:30 supply-chaindockerpinned-dependencies
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/auth-broker/types.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/auth-broker/wire-schemas.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/models.json.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/usage.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/utils/oauth/cerebras.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/utils/oauth/firepass.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/utils/oauth/fireworks.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/utils/oauth/nanogpt.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/utils/oauth/synthetic.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/src/utils/oauth/together.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/abort-source-tracker.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/anthropic-oauth.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/anthropic-prefill.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/anthropic-retry.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/anthropic-thinking-immutability.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/api-registry.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/auth-broker-refresher.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/auth-gateway-cache-key.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/auth-storage-oauth-refresh-race.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/aws-sigv4.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/cursor-exec-handlers.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/github-copilot-headers.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/github-copilot-oauth.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/google-thinking-signature.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/issue-772-repro.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/issue-830-repro.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/issue-847-repro.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/issue-887-repro.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/issue-957-repro.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/json-parse.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/kagi-login.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/kilo-login.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/models-cost.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/nanogpt-login.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/ollama-cloud-login.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/ollama-provider.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/openai-codex-include.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/openai-codex.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/openai-completions-progress-chunk.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/openai-responses-developer-role.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/rate-limit-utils.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/remote-auth-store.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/schema-dereference.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/schema-helpers.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/service-tier-premium-requests.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/tool-argument-coercion.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/utils-responses-id.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/zenmux-login.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: packages/ai/test/zenmux-provider.test.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer software dead-code-candidate conf 1.00 File has no detected symbols: types/assets/index.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
dead-code-candidate
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/cache@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:86 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/cache@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:152 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/download-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:173 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/cache@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:210 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/cache@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:278 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/download-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:284 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/upload-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:310 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/download-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:325 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/cache@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:352 supply-chaingithub-actionspinned-dependencies
low 9-layer cicd supply-chain conf 1.00 GitHub Action is tag-pinned rather than SHA-pinned
actions/download-artifact@v4 can move without a code change in this repo. Pin third-party actions to a reviewed 40-character commit SHA.
.github/workflows/ci.yml:358 supply-chaingithub-actionspinned-dependencies
low 9-layer quality integrity conf 1.00 Legacy-named symbol `_atomic_copy` in python/robomp/src/natives_cache.py:204
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `absOld` in packages/coding-agent/src/lsp/index.ts:368
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `auth_credentials_legacy` in packages/ai/src/auth-storage.ts:3378
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `daysOld` in packages/coding-agent/src/debug/report-bundle.ts:338
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `endOld` in packages/coding-agent/src/edit/modes/patch.ts:430
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `history_legacy` in packages/coding-agent/src/session/history-storage.ts:241
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `item_legacy` in packages/ai/test/utils-responses-id.test.ts:33
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `migrateFromLegacy` in packages/coding-agent/src/config/settings.ts:480
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `msg_legacy` in packages/ai/test/azure-openai-responses-stream.test.ts:272
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `msg_legacy` in packages/ai/test/openai-responses-history-payload.test.ts:536
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `msg_v2` in packages/ai/test/openai-codex-stream.test.ts:1688
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `parseEvalCellsLegacy` in packages/coding-agent/src/export/html/template.generated.ts:2
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `parseEvalCellsLegacy` in packages/coding-agent/src/export/html/template.js:1263
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `premium_requests_priority_v1` in packages/stats/test/priority-premium-requests.test.ts:140
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `rest_v1` in packages/coding-agent/src/web/scrapers/wikipedia.ts:27
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `settings_legacy` in packages/coding-agent/src/session/agent-storage.ts:177
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `test_populate_cross_device_falls_back_to_copy` in python/robomp/tests/test_natives_cache.py:269
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `turns_old` in packages/ai/src/providers/cursor/gen/agent_pb.ts:2377
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `user_message_links_v1` in packages/stats/src/db.ts:40
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `user_message_links_v1` in packages/stats/test/behavior-backfill.test.ts:87
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Legacy-named symbol `wire_v1` in packages/coding-agent/test/agent-session-tool-rebuild-skip.test.ts:321
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
integritylegacy-markerdead-code
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 10 places
Functions with the same first-5-line body hash: python/robomp/src/host_tools.py:execute, python/robomp/src/host_tools.py:execute, python/robomp/src/host_tools.py:execute, python/robomp/src/host_tools.py:execute This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see http…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: scripts/session-stats/harmony_backtest.py:tool_dict, scripts/session-stats/harmony_backtest.py:text_dict This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why th…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: packages/coding-agent/src/eval/py/runner.py:decorator, packages/coding-agent/src/eval/py/runner.py:decorator This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document wh…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/omp-rpc/src/omp_rpc/client.py:abort_retry, python/omp-rpc/src/omp_rpc/client.py:abort This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separa…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/omp-rpc/src/omp_rpc/client.py:prompt, python/omp-rpc/src/omp_rpc/client.py:prompt_and_wait This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're s…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/omp-rpc/src/omp_rpc/client.py:run_tool, python/omp-rpc/src/omp_rpc/client.py:run This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/db.py:record_event, python/robomp/src/db.py:replace_event_if_state_in This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/db.py:admit_submission, python/robomp/src/db.py:record_submission This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/sandbox.py:workspace_key, python/robomp/src/sandbox.py:workspace_key This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/sandbox.py:clone_pool, python/robomp/src/sandbox.py:clone_pool This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/sandbox.py:fetch_pool, python/robomp/src/sandbox.py:fetch_pool This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/sandbox.py:fetch_base_ref, python/robomp/src/sandbox.py:fetch_base_ref This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/persona.py:followup_comment, python/robomp/src/persona.py:directive This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/github_client.py:request_sync, python/robomp/src/github_client.py:request This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separat…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: python/robomp/src/logging_config.py:format, python/robomp/src/logging_config.py:format This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separate.
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: python/robomp/src/proxy_client.py:list_issues, python/robomp/src/github_backend.py:list_issues, python/robomp/src/github_client.py:list_issues This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hy…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: python/robomp/src/proxy_client.py:open_pull_request, python/robomp/src/github_backend.py:open_pull_request, python/robomp/src/github_client.py:open_pull_request This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https:…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: python/robomp/src/proxy_client.py:request_reviewers, python/robomp/src/github_backend.py:request_reviewers, python/robomp/src/github_client.py:request_reviewers This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https:…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: python/robomp/src/proxy_client.py:push_branch, python/robomp/src/sandbox.py:push_branch, python/robomp/src/sandbox.py:push_branch This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Conso…
integrityduplicatedry
low 9-layer quality integrity conf 1.00 Near-duplicate function bodies in 4 places
Functions with the same first-5-line body hash: python/robomp/src/tasks.py:triage_issue, python/robomp/src/tasks.py:handle_comment, python/robomp/src/tasks.py:handle_review, python/robomp/src/tasks.py:handle_pr_conversation This is *the* AI-coder failure mode (4× more duplication in vibe-coded rep…
integrityduplicatedry
low 9-layer cicd supply-chain conf 1.00 package.json defines install-time lifecycle scripts
preinstall/install/postinstall/prepare scripts execute during dependency installation. Review them carefully for network calls, obfuscation, shell execution, or credential access.
package.json supply-chainnpminstall-scripts
low 9-layer software dead-code conf 1.00 Possibly dead Python function: handle_message_end
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/edit_benchmark_common.py:679 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: handle_message_start
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/edit_benchmark_common.py:661 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: handle_message_update
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/edit_benchmark_common.py:667 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: handle_tool_count
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/edit_benchmark_common.py:749 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: handle_tool_start
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/edit_benchmark_common.py:688 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: iter_failed
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/tool_io.py:241 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: iter_paths
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/tool_io.py:262 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: iter_results
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/tool_io.py:234 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: iter_successful
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/tool_io.py:248 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: iter_with_diff
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/tool_io.py:255 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: millions
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/session-stats/plot_tools.py:182 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: positive_int
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/analyze_small_edits.py:98 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_agent_end
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1066 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_auto_retry_end
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1041 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_auto_retry_start
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1036 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_message_end
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1046 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_message_update
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1095 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_notification
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1001 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_tool_execution_end
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1032 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_tool_execution_start
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1021 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_tool_execution_update
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1028 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_turn_end
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1017 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_turn_start
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1012 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: record_ui
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1005 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: run_benchmark_for_model
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/edit_benchmark_common.py:706 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: run_model_sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1140 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: run_oracle_review_sync
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/rate-edit-tool.py:1375 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: sample_reservoir
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/tool_io.py:282 dead-code
low 9-layer software dead-code conf 1.00 Possibly dead Python function: take
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
scripts/tool_io.py:270 dead-code
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/scripts/generate-models.ts:84
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/src/cli.ts:70
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/aws-credentials.test.ts:121
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/context-overflow.test.ts:87
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/firepass.live.ts:22
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/handoff.test.ts:316
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/image-limits.test.ts:210
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/image-tool-result.test.ts:30
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/stream.test.ts:227
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/tool-call-without-result.test.ts:51
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/ai/test/total-tokens.test.ts:85
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/bench/rendering.ts:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/bench/session-tree-nav.bench.ts:82
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/extensions/chalk-logger.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/01-minimal.ts:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/02-custom-model.ts:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/03-custom-prompt.ts:23
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/04-skills.ts:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/06-extensions.ts:37
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/06-hooks.ts:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/07-context-files.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/08-prompt-templates.ts:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/08-slash-commands.ts:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/09-api-keys-and-oauth.ts:25
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/examples/sdk/11-sessions.ts:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/scripts/format-prompts.ts:49
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/scripts/generate-docs-index.ts:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/scripts/generate-template.ts:33
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/commands/init-xdg.ts:21
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/config-cli.ts:272
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/grep-cli.ts:77
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/grievances-cli.ts:41
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/plugin-cli.ts:219
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/setup-cli.ts:127
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/stats-cli.ts:134
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/cli/update-cli.ts:224
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/src/config/model-resolver.ts:1267
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/test/checkpoint-rpc-qa.ts:148
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/test/compaction.test.ts:903
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/test/core/apply-patch-adverserial.test.ts:42
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/test/core/apply-patch-regression.test.ts:339
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/test/core/apply-patch.test.ts:91
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/test/rpc-example.ts:28
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/coding-agent/test/test-theme-colors.ts:7
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/natives/bench/grep.ts:86
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/natives/scripts/build-native.ts:177
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/natives/scripts/gen-enums.ts:141
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/stats/build.ts:38
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/stats/scripts/generate-client-bundle.ts:64
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/stats/src/index.ts:50
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/stats/src/server.ts:141
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/swarm-extension/src/cli.ts:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/bench/kitty-sequence.ts:34
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/bench/parse-key.ts:66
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/bench/sanitize.ts:307
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/bench/text-layout.ts:23
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/bench/width.ts:89
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/src/components/tab-bar.ts:45
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/test/image-test.ts:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/test/key-tester.ts:22
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/tui/test/markdown.test.ts:1019
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/typescript-edit-benchmark/src/generate.ts:115
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/typescript-edit-benchmark/src/index.ts:109
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/typescript-edit-benchmark/src/runner.ts:1290
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — packages/utils/src/stream.ts:198
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — scripts/bench-edit-hashline-sep.ts:75
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — scripts/check-spoofed-versions.ts:85
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — scripts/ci-build-native.ts:41
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak
low 9-layer frontend frontend-quality conf 1.00 Stray `console.log` in TS/JS — scripts/ci-release-build-binaries.ts:108
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
frontend-qualityfq.console-leak

Showing first 300 of 376. Refine filters or use the legacy findings page for deep search.

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/e1693738-f0c2-4ae2-888c-ee3b2d99a3c3/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/e1693738-f0c2-4ae2-888c-ee3b2d99a3c3/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.