{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT013", "name": "Agent auto-approve or skip-permissions mode is easy to enable", "shortDescription": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "fullDescription": {"text": "Require an explicit isolated profile for auto-approve modes. Keep safe defaults interactive, add visible warnings, and block these modes when the workspace contains secrets or production deploy credentials."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.68, "cwe": "", "owasp": ""}}, {"id": "AGT016", "name": "Codex session log reader may expose prompts or tool-call content", "shortDescription": {"text": "Codex session log reader may expose prompts or tool-call content"}, "fullDescription": {"text": "Parse only usage metadata by default. Redact prompts, tool arguments, file paths, and message content before storage, telemetry, export, screenshots, or support bundles."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.73, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `play_sound` has cognitive complexity 21 (SonarSource scale). Cognitive co", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `play_sound` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion al"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 21."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC136", "name": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns ", "shortDescription": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, retur"}, "fullDescription": {"text": "Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Extract the shared behavior into one function/module or delete the inactive duplicate after proving which path is used."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "low", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_CI", "name": "No CI/CD configuration found", "shortDescription": {"text": "No CI/CD configuration found"}, "fullDescription": {"text": "Add a CI/CD pipeline: create .github/workflows/ci.yml for GitHub Actions with steps to lint, test, and build on every push and pull request."}, "properties": {"scanner": "repobility-core", "category": "practices", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "CORE_NO_TESTS", "name": "No test files found in a documentation, catalog, or template-heavy repository", "shortDescription": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "fullDescription": {"text": "If this repository ships runnable code, add focused tests for those examples or templates. If it is documentation/catalog content only, mark the finding as accepted or add a .repobilityignore note."}, "properties": {"scanner": "repobility-core", "category": "testing", "severity": "info", "confidence": 0.35, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/910"}, "properties": {"repository": "shanraisshan/claude-code-best-practice", "repoUrl": "https://github.com/shanraisshan/claude-code-best-practice", "branch": "main"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85279, "scanner": "repobility-ast-engine", "fingerprint": "8c9e9737a9b6fcb855eafebf360833e8a5e65d1d7cff5454a2e6b8120d10eec2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|8c9e9737a9b6fcb855eafebf360833e8a5e65d1d7cff5454a2e6b8120d10eec2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 154}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85278, "scanner": "repobility-ast-engine", "fingerprint": "fc51dc53e722d756cc058089f44ee1c9751155c92745b2688b8101f2b2f0dc2a", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fc51dc53e722d756cc058089f44ee1c9751155c92745b2688b8101f2b2f0dc2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 362}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85277, "scanner": "repobility-ast-engine", "fingerprint": "087354fc19a72594a61139221d37c5e432166ec6da90a9c9749da1f649850a9e", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|087354fc19a72594a61139221d37c5e432166ec6da90a9c9749da1f649850a9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 194}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85276, "scanner": "repobility-ast-engine", "fingerprint": "da02a8dde6a8fabb1b5beea757cb36948d4c3b29fb14c332a1a9473c7a873da8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|da02a8dde6a8fabb1b5beea757cb36948d4c3b29fb14c332a1a9473c7a873da8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/scripts/hooks.py"}, "region": {"startLine": 298}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85275, "scanner": "repobility-ast-engine", "fingerprint": "c3f613c83ef58542d03c6975b15f3b8b12fdb779d461119da15d315f016583df", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c3f613c83ef58542d03c6975b15f3b8b12fdb779d461119da15d315f016583df"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/scripts/hooks.py"}, "region": {"startLine": 289}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85274, "scanner": "repobility-ast-engine", "fingerprint": "f583e47546fa3ffad15c9daf6ebd08e9f3362e4b9b47028be68fb655d7629e47", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f583e47546fa3ffad15c9daf6ebd08e9f3362e4b9b47028be68fb655d7629e47"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/scripts/hooks.py"}, "region": {"startLine": 249}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85273, "scanner": "repobility-ast-engine", "fingerprint": "d76e7d2a179c20bbf70655f4da8ad092f71804179506cc70470fcc69949d17ee", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d76e7d2a179c20bbf70655f4da8ad092f71804179506cc70470fcc69949d17ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/scripts/hooks.py"}, "region": {"startLine": 240}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85272, "scanner": "repobility-ast-engine", "fingerprint": "b53015a446bea70247bcd8be3af5cf9895dcadbb4e04f57e9bb651cda8aa5ed8", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b53015a446bea70247bcd8be3af5cf9895dcadbb4e04f57e9bb651cda8aa5ed8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/scripts/hooks.py"}, "region": {"startLine": 198}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85271, "scanner": "repobility-ast-engine", "fingerprint": "87e0580878f66403737d2c10fb133f4c73e7307721099e875464e49405640c09", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|87e0580878f66403737d2c10fb133f4c73e7307721099e875464e49405640c09"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/scripts/hooks.py"}, "region": {"startLine": 476}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 85270, "scanner": "repobility-ast-engine", "fingerprint": "600018eedc7ac901a2e4bd37e1122a2dfa3b59e53dafe6eb425fd0739dbf1e64", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|600018eedc7ac901a2e4bd37e1122a2dfa3b59e53dafe6eb425fd0739dbf1e64"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".claude/hooks/scripts/hooks.py"}, "region": {"startLine": 261}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 85269, "scanner": "repobility-agent-runtime", "fingerprint": "47aab9c8fdc80089afa877480c769f703a544965b52e1b7784e7bcb2640b0c23", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|47aab9c8fdc80089afa877480c769f703a544965b52e1b7784e7bcb2640b0c23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "best-practice/claude-settings.md"}, "region": {"startLine": 258}}}]}, {"ruleId": "AGT013", "level": "warning", "message": {"text": "Agent auto-approve or skip-permissions mode is easy to enable"}, "properties": {"repobilityId": 85268, "scanner": "repobility-agent-runtime", "fingerprint": "9727ece4823491425a8fbab88bc147cf5ce109a98639a825c468a6eb7d2d93c0", "category": "quality", "severity": "medium", "confidence": 0.68, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File exposes or configures a broad agent auto-approval mode without enough local guard wording.", "evidence": {"rule_id": "AGT013", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|9727ece4823491425a8fbab88bc147cf5ce109a98639a825c468a6eb7d2d93c0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "best-practice/claude-cli-startup-flags.md"}, "region": {"startLine": 66}}}]}, {"ruleId": "AGT016", "level": "warning", "message": {"text": "Codex session log reader may expose prompts or tool-call content"}, "properties": {"repobilityId": 85267, "scanner": "repobility-agent-runtime", "fingerprint": "834e7254fbbc58712c0bd770f7ec9aed00d665affb0debb8143c892cfccb90c5", "category": "quality", "severity": "medium", "confidence": 0.73, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File reads Codex session JSONL or usage logs and references prompt/message/tool content without visible redaction controls.", "evidence": {"rule_id": "AGT016", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|834e7254fbbc58712c0bd770f7ec9aed00d665affb0debb8143c892cfccb90c5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 3}}}]}, {"ruleId": "COMP001", "level": "warning", "message": {"text": "[COMP001] High cognitive complexity: Function `play_sound` has cognitive complexity 21 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=2, except=2, for=1, if=5, nested_bonus=10, ternary=1."}, "properties": {"repobilityId": 85262, "scanner": "repobility-threat-engine", "fingerprint": "d3c527d8250d6c02d72a38444c08088b6f5d4892a0ff38de22c94d8237483b2e", "category": "quality", "severity": "medium", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 21 (severity threshold for medium: 15+).", "evidence": {"scanner": "repobility-threat-engine", "function": "play_sound", "breakdown": {"if": 5, "for": 1, "else": 2, "except": 2, "ternary": 1, "nested_bonus": 10}, "complexity": 21, "correlation_key": "fp|d3c527d8250d6c02d72a38444c08088b6f5d4892a0ff38de22c94d8237483b2e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 101}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 85261, "scanner": "repobility-threat-engine", "fingerprint": "d58b2e414813ab80986ea9f8b07b667fde51c694cc9a74586f70fd4a1ce3648d", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n                pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d58b2e414813ab80986ea9f8b07b667fde51c694cc9a74586f70fd4a1ce3648d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 182}}}]}, {"ruleId": "SEC136", "level": "warning", "message": {"text": "[SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws \u2014 wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated."}, "properties": {"repobilityId": 85258, "scanner": "repobility-threat-engine", "fingerprint": "9b04b123c1181f8211888988d946d8ded6af79e0be25319b56b70ee2bcfe8fa3", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "try:\n                with open(local_config_path, \"r\", encoding=\"utf-8\") as f:\n                    l", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC136", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|9b04b123c1181f8211888988d946d8ded6af79e0be25319b56b70ee2bcfe8fa3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 179}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 85266, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7f6b5968e2f72c9f1040b5693f9b495a8a2bf3bbd8aa91bc52cd56220291b8fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": ".claude/hooks/scripts/hooks.py", "duplicate_line": 65, "correlation_key": "fp|7f6b5968e2f72c9f1040b5693f9b495a8a2bf3bbd8aa91bc52cd56220291b8fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 47}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `parse_args` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, if=4, nested_bonus=4."}, "properties": {"repobilityId": 85264, "scanner": "repobility-threat-engine", "fingerprint": "c59ecfb980919609d47ab978accadde90eb07da231b578e4842f5602b2b62fe9", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 9 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "parse_args", "breakdown": {"if": 4, "except": 1, "nested_bonus": 4}, "complexity": 9, "correlation_key": "fp|c59ecfb980919609d47ab978accadde90eb07da231b578e4842f5602b2b62fe9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 286}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `get_audio_player` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: continue=1, elif=2, else=1, except=1, for=1, if=1, nested_bonus=3."}, "properties": {"repobilityId": 85263, "scanner": "repobility-threat-engine", "fingerprint": "651282e9da2e7ac444c5fc915607bc6d80c740ab31d42b7bff1a0a55c1972da5", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "get_audio_player", "breakdown": {"if": 1, "for": 1, "elif": 2, "else": 1, "except": 1, "continue": 1, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|651282e9da2e7ac444c5fc915607bc6d80c740ab31d42b7bff1a0a55c1972da5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 85265, "scanner": "repobility-threat-engine", "fingerprint": "33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "play_sound", "breakdown": {"if": 5, "for": 1, "else": 2, "except": 2, "ternary": 1, "nested_bonus": 10}, "aggregated": true, "complexity": 21, "correlation_key": "fp|33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "aggregated_count": 1}}}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 85260, "scanner": "repobility-threat-engine", "fingerprint": "17997c960b175adab97a9ba108f2fa83e51a9b162e0a824b52898df50015acc4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|17997c960b175adab97a9ba108f2fa83e51a9b162e0a824b52898df50015acc4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 183}}}]}, {"ruleId": "CORE_NO_CI", "level": "none", "message": {"text": "No CI/CD configuration found"}, "properties": {"repobilityId": 85257, "scanner": "repobility-core", "fingerprint": "ca5da3551af97272c4f099fc472740148135a15816b81b90bd862e8f91ec66ce", "category": "practices", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy.", "rule_id": "CORE_NO_CI", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|practices|core_no_ci"}}}, {"ruleId": "CORE_NO_TESTS", "level": "none", "message": {"text": "No test files found in a documentation, catalog, or template-heavy repository"}, "properties": {"repobilityId": 85256, "scanner": "repobility-core", "fingerprint": "69cfb3536a8ccff500ccafcd681fc8d4bc9f4eda6689da02ddec81654bd9fd15", "category": "testing", "severity": "info", "confidence": 0.35, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "evidence": {"reason": "Repository shape is documentation, catalog, skill, or template-heavy rather than a conventional runnable application.", "rule_id": "CORE_NO_TESTS", "scanner": "repobility-core", "confidence": 0.35, "correlation_key": "repo|testing|core_no_tests"}}}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 85259, "scanner": "repobility-threat-engine", "fingerprint": "0ec8ee29229b30000c128725d7cb615407ddba82a36a29f647b7ed3c0aa8ea9f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|0ec8ee29229b30000c128725d7cb615407ddba82a36a29f647b7ed3c0aa8ea9f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".codex/hooks/scripts/hooks.py"}, "region": {"startLine": 182}}}]}]}]}