https://github.com/tailcallhq/forgecode
· scanned 2026-05-15 23:19 UTC (2 weeks, 6 days ago)
· 10 languages
83 findings (18 legacy + 65 scanner) 12th percentile · Rust · large (100-500K LoC) Scanner says 85 (lower by 28)
Last scanned 2 weeks, 6 days ago · v1 · 18 findings from 1 source. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.
| Component | Sub-score | Weight | Contribution |
|---|---|---|---|
structure_score |
60.0 | 0.15 | 9.00 |
security_score |
86.8 | 0.25 | 21.70 |
testing_score |
16.0 | 0.20 | 3.20 |
documentation_score |
60.0 | 0.15 | 9.00 |
practices_score |
65.0 | 0.15 | 9.75 |
code_quality |
46.9 | 0.10 | 4.69 |
| Overall | 1.00 | 57.3 |
agent: 3.2 ·
threat: 10.0
All 1021 nodes from the latest scan, grouped by kind. Each node is a unit the engine identified (file, function, endpoint, table…). Most users won't need this view — it's primarily for debugging the engine's graph extraction or for AI agents that want to enumerate the project structure.
| Label | Layer | Status | Path |
|---|---|---|---|
clippy.toml |
software | healthy | clippy.toml |
rust-toolchain.toml |
software | healthy | rust-toolchain.toml |
Cross.toml |
software | healthy | Cross.toml |
renovate.json |
software | healthy | renovate.json |
Cargo.toml |
software | healthy | Cargo.toml |
.rustfmt.toml |
software | healthy | .rustfmt.toml |
README.md |
software | healthy | README.md |
vertex.json |
software | healthy | vertex.json |
package.json |
software | healthy | package.json |
diesel.toml |
software | healthy | diesel.toml |
package-lock.json |
software | healthy | package-lock.json |
insta.yaml |
software | healthy | insta.yaml |
_config.yml |
software | healthy | _config.yml |
AGENTS.md |
software | healthy | AGENTS.md |
rust-analyzer.toml |
software | healthy | rust-analyzer.toml |
forge.schema.json |
software | healthy | forge.schema.json |
devcontainer.json |
software | healthy | .devcontainer/devcontainer.json |
verification.ts |
software | healthy | benchmarks/verification.ts |
README.md |
software | healthy | benchmarks/README.md |
command-generator.ts |
software | healthy | benchmarks/command-generator.ts |
utils.ts |
software | healthy | benchmarks/utils.ts |
cli.ts |
software | healthy | benchmarks/cli.ts |
model.ts |
software | warning | benchmarks/model.ts |
parse.ts |
software | healthy | benchmarks/parse.ts |
task-executor.ts |
software | healthy | benchmarks/task-executor.ts |
tsconfig.json |
software | healthy | benchmarks/tsconfig.json |
task.yml |
software | healthy | benchmarks/evals/todo_write_usage/task.yml |
task.yml |
software | healthy | benchmarks/evals/commit_no_markdown/task.yml |
README.md |
software | healthy | benchmarks/evals/sem_search/README.md |
task.yml |
software | healthy | benchmarks/evals/sem_search/task.yml |
task.yml |
software | healthy | benchmarks/evals/echo/task.yml |
task.yml |
software | healthy | benchmarks/evals/search_over_find/task.yml |
task.yml |
software | healthy | benchmarks/evals/patch_exact_match/task.yml |
task.yml |
software | healthy | benchmarks/evals/read_over_cat/task.yml |
task.yml |
software | healthy | benchmarks/evals/create_skill/task.yml |
task.yml |
software | healthy | benchmarks/evals/refactoring_uses_patch/task.yml |
task.yml |
software | healthy | benchmarks/evals/suggest/task.yml |
task.yml |
software | healthy | benchmarks/evals/multi_file_patch/task.yml |
task.yml |
software | healthy | benchmarks/evals/redundant_cd_with_cwd/task.yml |
task.yml |
software | healthy | benchmarks/evals/parallel_tool_calls/task.yml |
test_validation.sh |
software | healthy | benchmarks/evals/semantic_search_quality/test_validation.sh |
test_queries.ts |
software | healthy | benchmarks/evals/semantic_search_quality/test_queries.ts |
README.md |
software | healthy | benchmarks/evals/semantic_search_quality/README.md |
test_context.json |
software | healthy | benchmarks/evals/semantic_search_quality/test_context.json |
task.yml |
software | healthy | benchmarks/evals/semantic_search_quality/task.yml |
run_eval.sh |
software | healthy | benchmarks/evals/semantic_search_quality/run_eval.sh |
run_tests.sh |
software | healthy | benchmarks/evals/semantic_search_quality/run_tests.sh |
llm_judge.ts |
software | healthy | benchmarks/evals/semantic_search_quality/llm_judge.ts |
github-pr-description.md |
software | healthy | commands/github-pr-description.md |
tool-guidelines.md |
software | healthy | docs/tool-guidelines.md |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
.devcontainer |
software | healthy | .devcontainer |
benchmarks |
software | healthy | benchmarks |
evals |
software | healthy | benchmarks/evals |
todo_write_usage |
software | healthy | benchmarks/evals/todo_write_usage |
commit_no_markdown |
software | healthy | benchmarks/evals/commit_no_markdown |
sem_search |
software | healthy | benchmarks/evals/sem_search |
echo |
software | healthy | benchmarks/evals/echo |
search_over_find |
software | healthy | benchmarks/evals/search_over_find |
patch_exact_match |
software | healthy | benchmarks/evals/patch_exact_match |
read_over_cat |
software | healthy | benchmarks/evals/read_over_cat |
create_skill |
software | healthy | benchmarks/evals/create_skill |
refactoring_uses_patch |
software | healthy | benchmarks/evals/refactoring_uses_patch |
suggest |
software | healthy | benchmarks/evals/suggest |
multi_file_patch |
software | healthy | benchmarks/evals/multi_file_patch |
redundant_cd_with_cwd |
software | healthy | benchmarks/evals/redundant_cd_with_cwd |
parallel_tool_calls |
software | healthy | benchmarks/evals/parallel_tool_calls |
semantic_search_quality |
software | healthy | benchmarks/evals/semantic_search_quality |
commands |
software | healthy | commands |
docs |
software | healthy | docs |
scripts |
software | healthy | scripts |
templates |
software | healthy | templates |
crates |
software | healthy | crates |
forge_snaps |
software | healthy | crates/forge_snaps |
src |
software | healthy | crates/forge_snaps/src |
forge_eventsource |
software | healthy | crates/forge_eventsource |
src |
software | healthy | crates/forge_eventsource/src |
forge_markdown_stream |
software | healthy | crates/forge_markdown_stream |
src |
software | healthy | crates/forge_markdown_stream/src |
forge_eventsource_stream |
software | healthy | crates/forge_eventsource_stream |
src |
software | healthy | crates/forge_eventsource_stream/src |
forge_embed |
software | healthy | crates/forge_embed |
src |
software | healthy | crates/forge_embed/src |
forge_test_kit |
software | healthy | crates/forge_test_kit |
src |
software | healthy | crates/forge_test_kit/src |
forge_template |
software | healthy | crates/forge_template |
src |
software | healthy | crates/forge_template/src |
forge_ci |
software | healthy | crates/forge_ci |
tests |
software | healthy | crates/forge_ci/tests |
src |
software | healthy | crates/forge_ci/src |
steps |
software | healthy | crates/forge_ci/src/steps |
workflows |
software | healthy | crates/forge_ci/src/workflows |
jobs |
software | healthy | crates/forge_ci/src/jobs |
forge_app |
software | healthy | crates/forge_app |
src |
software | healthy | crates/forge_app/src |
truncation |
software | healthy | crates/forge_app/src/truncation |
fixtures |
software | healthy | crates/forge_app/src/fixtures |
dto |
software | healthy | crates/forge_app/src/dto |
google |
software | healthy | crates/forge_app/src/dto/google |
openai |
software | healthy | crates/forge_app/src/dto/openai |
fixtures |
software | healthy | crates/forge_app/src/dto/openai/fixtures |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
validateRegex |
software | healthy | benchmarks/verification.ts:validateRegex |
validateShellCommand |
software | healthy | benchmarks/verification.ts:validateShellCommand |
runValidations |
software | healthy | benchmarks/verification.ts:runValidations |
allValidationsPassed |
software | healthy | benchmarks/verification.ts:allValidationsPassed |
countPassed |
software | healthy | benchmarks/verification.ts:countPassed |
processValidations |
software | healthy | benchmarks/verification.ts:processValidations |
loadCsvData |
software | healthy | benchmarks/command-generator.ts:loadCsvData |
createCrossProduct |
software | healthy | benchmarks/command-generator.ts:createCrossProduct |
generateCommand |
software | healthy | benchmarks/command-generator.ts:generateCommand |
generateCommands |
software | healthy | benchmarks/command-generator.ts:generateCommands |
to |
software | healthy | benchmarks/command-generator.ts:to |
getContextsFromSources |
software | healthy | benchmarks/command-generator.ts:getContextsFromSources |
formatTimestamp |
software | healthy | benchmarks/utils.ts:formatTimestamp |
minutes |
software | healthy | benchmarks/utils.ts:minutes |
escapeRegex |
software | healthy | benchmarks/utils.ts:escapeRegex |
createTempDir |
software | healthy | benchmarks/utils.ts:createTempDir |
parseCsvAsync |
software | healthy | benchmarks/utils.ts:parseCsvAsync |
main |
software | healthy | benchmarks/cli.ts:main |
const |
software | healthy | benchmarks/cli.ts:const |
parseCliArgs |
software | healthy | benchmarks/parse.ts:parseCliArgs |
executeTask |
software | healthy | benchmarks/task-executor.ts:executeTask |
to |
software | healthy | benchmarks/task-executor.ts:to |
checkValidations |
software | healthy | benchmarks/task-executor.ts:checkValidations |
evaluateQueries |
software | healthy | benchmarks/evals/semantic_search_quality/test_queries.ts:ev… |
formatEvaluation |
software | healthy | benchmarks/evals/semantic_search_quality/test_queries.ts:fo… |
getScoreEmoji |
software | healthy | benchmarks/evals/semantic_search_quality/test_queries.ts:ge… |
promptUser |
software | healthy | benchmarks/evals/semantic_search_quality/test_queries.ts:pr… |
main |
software | healthy | benchmarks/evals/semantic_search_quality/test_queries.ts:ma… |
parseArgs |
software | healthy | benchmarks/evals/semantic_search_quality/llm_judge.ts:parse… |
extractSemanticSearchCalls |
software | healthy | benchmarks/evals/semantic_search_quality/llm_judge.ts:extra… |
evaluateWithLLM |
software | healthy | benchmarks/evals/semantic_search_quality/llm_judge.ts:evalu… |
implementation |
software | healthy | benchmarks/evals/semantic_search_quality/llm_judge.ts:imple… |
formatEvaluation |
software | healthy | benchmarks/evals/semantic_search_quality/llm_judge.ts:forma… |
main |
software | healthy | benchmarks/evals/semantic_search_quality/llm_judge.ts:main |
makeMockApi |
software | healthy | .github/scripts/bounty/tests/sync-pr.test.ts:makeMockApi |
recordAdd |
software | healthy | .github/scripts/bounty/tests/sync-pr.test.ts:recordAdd |
recordRemove |
software | healthy | .github/scripts/bounty/tests/sync-pr.test.ts:recordRemove |
recordComment |
software | healthy | .github/scripts/bounty/tests/sync-pr.test.ts:recordComment |
makeIssue |
software | healthy | .github/scripts/bounty/tests/sync-pr.test.ts:makeIssue |
makePr |
software | healthy | .github/scripts/bounty/tests/sync-pr.test.ts:makePr |
labelNames |
software | healthy | .github/scripts/bounty/tests/sync-pr.test.ts:labelNames |
makeIssue |
software | healthy | .github/scripts/bounty/tests/rules.test.ts:makeIssue |
makePr |
software | healthy | .github/scripts/bounty/tests/rules.test.ts:makePr |
labelNames |
software | healthy | .github/scripts/bounty/tests/rules.test.ts:labelNames |
issueState |
software | healthy | .github/scripts/bounty/tests/rules.test.ts:issueState |
makeMockApi |
software | healthy | .github/scripts/bounty/tests/sync-issue.test.ts:makeMockApi |
makeIssue |
software | healthy | .github/scripts/bounty/tests/sync-issue.test.ts:makeIssue |
labelNames |
software | healthy | .github/scripts/bounty/tests/sync-issue.test.ts:labelNames |
makeMockApi |
software | healthy | .github/scripts/bounty/tests/sync-all-issues.test.ts:makeMo… |
makeIssue |
software | healthy | .github/scripts/bounty/tests/sync-all-issues.test.ts:makeIs… |
Showing first 50 of this kind. Full payload available via the JSON button at the top of the page.
| Label | Layer | Status | Path |
|---|---|---|---|
auth::crates/forge_services/src/mcp/service.rs |
security | healthy | crates/forge_services/src/mcp/service.rs |
auth::crates/forge_repo/src/provider/provider.json |
security | healthy | crates/forge_repo/src/provider/provider.json |
auth::crates/forge_infra/src/auth/mcp_credentials.rs |
security | healthy | crates/forge_infra/src/auth/mcp_credentials.rs |
auth::crates/forge_main/src/ui.rs |
security | healthy | crates/forge_main/src/ui.rs |
auth::crates/forge_app/src/dto/anthropic/transforms/mcp_too… |
security | healthy | crates/forge_app/src/dto/anthropic/transforms/mcp_tool_name… |
auth::crates/forge_repo/src/provider/openai.rs |
security | healthy | crates/forge_repo/src/provider/openai.rs |
auth::crates/forge_infra/src/auth/http/standard.rs |
security | healthy | crates/forge_infra/src/auth/http/standard.rs |
auth::crates/forge_config/src/config.rs |
security | healthy | crates/forge_config/src/config.rs |
auth::benchmarks/evals/sem_search/task.yml |
security | healthy | benchmarks/evals/sem_search/task.yml |
auth::crates/forge_infra/src/auth/mcp_token_storage.rs |
security | healthy | crates/forge_infra/src/auth/mcp_token_storage.rs |
auth::crates/forge_domain/src/auth/oauth_config.rs |
security | healthy | crates/forge_domain/src/auth/oauth_config.rs |
auth::crates/forge_infra/src/auth/util.rs |
security | healthy | crates/forge_infra/src/auth/util.rs |
auth::crates/forge_repo/src/provider/anthropic.rs |
security | healthy | crates/forge_repo/src/provider/anthropic.rs |
auth::crates/forge_domain/tests/fixtures/conversation.json |
security | healthy | crates/forge_domain/tests/fixtures/conversation.json |
auth::crates/forge_main/src/cli.rs |
security | healthy | crates/forge_main/src/cli.rs |
auth::crates/forge_infra/src/auth/strategy.rs |
security | healthy | crates/forge_infra/src/auth/strategy.rs |
auth::crates/forge_repo/src/provider/openai_responses/repos… |
security | healthy | crates/forge_repo/src/provider/openai_responses/repository.… |
auth::crates/forge_domain/src/auth/auth_method.rs |
security | healthy | crates/forge_domain/src/auth/auth_method.rs |
auth::crates/forge_infra/src/auth/http/anthropic.rs |
security | healthy | crates/forge_infra/src/auth/http/anthropic.rs |
auth::crates/forge_domain/src/mcp.rs |
security | healthy | crates/forge_domain/src/mcp.rs |
auth::crates/forge_domain/src/auth/auth_context.rs |
security | healthy | crates/forge_domain/src/auth/auth_context.rs |
auth::crates/forge_markdown_stream/src/table.rs |
security | healthy | crates/forge_markdown_stream/src/table.rs |
auth::crates/forge_app/src/infra.rs |
security | healthy | crates/forge_app/src/infra.rs |
auth::crates/forge_infra/src/mcp_client.rs |
security | healthy | crates/forge_infra/src/mcp_client.rs |
auth::crates/forge_domain/src/tools/catalog.rs |
security | healthy | crates/forge_domain/src/tools/catalog.rs |
auth::crates/forge_domain/src/auth/credentials.rs |
security | healthy | crates/forge_domain/src/auth/credentials.rs |
auth::crates/forge_repo/src/provider/google.rs |
security | healthy | crates/forge_repo/src/provider/google.rs |
auth::crates/forge_main/src/oauth_callback.rs |
security | healthy | crates/forge_main/src/oauth_callback.rs |
auth::crates/forge_api/src/api.rs |
security | healthy | crates/forge_api/src/api.rs |
auth::crates/forge_app/src/agent_provider_resolver.rs |
security | healthy | crates/forge_app/src/agent_provider_resolver.rs |
auth::crates/forge_app/src/dto/anthropic/transforms/auth_sy… |
security | healthy | crates/forge_app/src/dto/anthropic/transforms/auth_system_m… |
auth::crates/forge_domain/src/auth/auth_token_response.rs |
security | healthy | crates/forge_domain/src/auth/auth_token_response.rs |
auth::.github/ISSUE_TEMPLATE/provider_integration.yml |
security | healthy | .github/ISSUE_TEMPLATE/provider_integration.yml |
auth::forge.schema.json |
security | healthy | forge.schema.json |
| Label | Layer | Status | Path |
|---|---|---|---|
sync-all-issues |
cicd | healthy | .github/workflows/bounty.yml |
sync-pr |
cicd | healthy | .github/workflows/bounty.yml |
build |
cicd | healthy | .github/workflows/ci.yml |
zsh_rprompt_perf |
cicd | healthy | .github/workflows/ci.yml |
draft_release |
cicd | healthy | .github/workflows/ci.yml |
draft_release_pr |
cicd | healthy | .github/workflows/ci.yml |
build_release |
cicd | healthy | .github/workflows/ci.yml |
build_release_pr |
cicd | healthy | .github/workflows/ci.yml |
update_release_draft |
cicd | healthy | .github/workflows/release-drafter.yml |
lint |
cicd | healthy | .github/workflows/autofix.yml |
build_release |
cicd | healthy | .github/workflows/release.yml |
npm_release |
cicd | healthy | .github/workflows/release.yml |
homebrew_release |
cicd | healthy | .github/workflows/release.yml |
stale |
cicd | healthy | .github/workflows/stale.yml |
label-sync |
cicd | healthy | .github/workflows/labels.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
down.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-13-054241… |
up.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-13-054241… |
down.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-15-000000… |
up.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-15-000000… |
down.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-09-12-065740… |
up.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-09-12-065740… |
down.sql |
data | healthy | crates/forge_repo/src/database/migrations/2026-02-16-130933… |
up.sql |
data | healthy | crates/forge_repo/src/database/migrations/2026-02-16-130933… |
down.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-09-12-065405… |
up.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-09-12-065405… |
down.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-10-16-000000… |
up.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-10-16-000000… |
down.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-22-061212… |
up.sql |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-22-061212… |
| Label | Layer | Status | Path |
|---|---|---|---|
RUSTFLAGS |
cicd | healthy | — |
NPM_ACCESS |
cicd | healthy | — |
HOMEBREW_ACCESS |
cicd | healthy | — |
DAYS_BEFORE_PR_STALE |
cicd | healthy | — |
DAYS_BEFORE_ISSUE_CLOSE |
cicd | healthy | — |
POSTHOG_API_SECRET |
cicd | healthy | — |
DAYS_BEFORE_ISSUE_STALE |
cicd | healthy | — |
DAYS_BEFORE_PR_CLOSE |
cicd | healthy | — |
GITHUB_TOKEN |
cicd | healthy | — |
OPENROUTER_API_KEY |
cicd | healthy | — |
NPM_TOKEN |
cicd | healthy | — |
| Label | Layer | Status | Path |
|---|---|---|---|
gha::bounty |
cicd | healthy | .github/workflows/bounty.yml |
gha::ci |
cicd | healthy | .github/workflows/ci.yml |
gha::release-drafter |
cicd | healthy | .github/workflows/release-drafter.yml |
gha::autofix |
cicd | healthy | .github/workflows/autofix.yml |
gha::release |
cicd | healthy | .github/workflows/release.yml |
gha::stale |
cicd | healthy | .github/workflows/stale.yml |
gha::labels |
cicd | healthy | .github/workflows/labels.yml |
| Label | Layer | Status | Path |
|---|---|---|---|
workspace |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-13-054241… |
indexing_auth |
data | healthy | crates/forge_repo/src/database/migrations/2025-11-15-000000… |
conversations |
data | healthy | crates/forge_repo/src/database/migrations/2025-09-12-065405… |
| Label | Layer | Status | Path |
|---|---|---|---|
vps::azure |
hardware | healthy | Cross.toml |
vps::aws |
hardware | healthy | Cargo.toml |
vps::gcp |
hardware | healthy | package-lock.json |
| Label | Layer | Status | Path |
|---|---|---|---|
127.0.0.1 |
network | healthy | crates/forge_infra/src/http.rs |
192.168.1.1 |
network | healthy | crates/forge_main/src/model.rs |
| Label | Layer | Status | Path |
|---|---|---|---|
repobility-clone-bxadp_ab |
software | healthy | /tmp/repobility-clone-bxadp_ab |
| Label | Layer | Status | Path |
|---|---|---|---|
GitHubRestApi |
software | healthy | .github/scripts/bounty/src/api.ts:GitHubRestApi |
| Label | Layer | Status | Path |
|---|---|---|---|
grpc::ForgeService |
api | healthy | crates/forge_repo/proto/forge.proto |
| Label | Layer | Status | Path |
|---|---|---|---|
sqlite |
data | healthy | crates/forge_infra/Cargo.toml |
| Label | Layer | Status | Path |
|---|---|---|---|
port:8080 |
network | healthy | crates/forge_app/src/terminal_context.rs |
| Label | Layer | Status | Path |
|---|---|---|---|
nginx |
network | healthy | crates/forge_app/src/terminal_context.rs |
| Label | Layer | Status | Path |
|---|---|---|---|
gpu (detected) |
hardware | healthy | forge.schema.json |
This page is publicly accessible at:
https://repobility.com/scan/f3936e4f-3dd3-4cb7-ad33-e59891b846af/
To check status programmatically (no auth required):
curl -s https://repobility.com/api/v1/public/scan/f3936e4f-3dd3-4cb7-ad33-e59891b846af/Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.