{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "QUAL003", "name": "Magic number used as default arg", "shortDescription": {"text": "Magic number used as default arg"}, "fullDescription": {"text": "Using hardcoded default values for complex configuration objects makes the code brittle and difficult to manage. Consider using a dedicated factory or builder pattern.\n\nAuto-promoted from proposal 444 on 2026-05-12. Synth confidence: 0.85. FP estimate: 0.00."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "LOG001", "name": "PII printed to stdout/stderr", "shortDescription": {"text": "PII printed to stdout/stderr"}, "fullDescription": {"text": "Logging password/token/email/ssn directly to stdout."}, "properties": {"scanner": "repobility", "category": "logging", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "CRYP001", "name": "Crypto \u2014 plaintext HTTP for sensitive endpoint", "shortDescription": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "fullDescription": {"text": "Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"scanner": "repobility", "category": "crypto", "severity": "medium", "confidence": 0.45, "cwe": "", "owasp": ""}}, {"id": "XSS001", "name": "Cross-site scripting \u2014 dangerouslySetInnerHTML", "shortDescription": {"text": "Cross-site scripting \u2014 dangerouslySetInnerHTML"}, "fullDescription": {"text": "dangerouslySetInnerHTML bypasses Reacts JSX escaping. Pair with DOMPurify or never use with user data."}, "properties": {"scanner": "repobility", "category": "injection", "severity": "medium", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "ERR002", "name": "[ERR002] Empty Catch Block: Empty catch blocks hide errors.", "shortDescription": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "fullDescription": {"text": "Log the error or rethrow it. Use console.error() at minimum."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "AGT006", "name": "React interval is created without an explicit cleanup", "shortDescription": {"text": "React interval is created without an explicit cleanup"}, "fullDescription": {"text": "Intervals created in React hooks or components should be cleared on unmount. Missing cleanup can keep stale callbacks alive after recording, polling, or overlay components close."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AGT012", "name": "Agent control bridge may listen on a network interface without visible auth", "shortDescription": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "fullDescription": {"text": "Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN."}, "properties": {"scanner": "repobility-agent-runtime", "category": "quality", "severity": "medium", "confidence": 0.72, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "AIC004", "name": "Suspicious implementation file appears unreferenced", "shortDescription": {"text": "Suspicious implementation file appears unreferenced"}, "fullDescription": {"text": "A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.78, "cwe": "", "owasp": ""}}, {"id": "AIC001", "name": "Parallel implementation file sits beside a canonical file", "shortDescription": {"text": "Parallel implementation file sits beside a canonical file"}, "fullDescription": {"text": "AI-assisted edits often create a new sibling file instead of integrating the change into the existing module. That leaves two paths for future maintainers to understand and can hide the code that is actually wired into the app."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "QUAL005", "name": "Cluster of TODOs in one file", "shortDescription": {"text": "Cluster of TODOs in one file"}, "fullDescription": {"text": "Code path with a TODO/FIXME/HACK comment that gates correctness \u2014 left for later but never resolved."}, "properties": {"scanner": "repobility", "category": "quality", "severity": "low", "confidence": 0.85, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.25, "cwe": "", "owasp": ""}}, {"id": "SUPC001", "name": "Supply chain \u2014 curl | bash anti-pattern", "shortDescription": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "fullDescription": {"text": "curl ... | sh / bash \u2014 runs unverified network code."}, "properties": {"scanner": "repobility", "category": "supply_chain", "severity": "high", "confidence": 0.85, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/313"}, "properties": {"repository": "mksglu/context-mode", "repoUrl": "https://github.com/mksglu/context-mode", "branch": "main"}, "results": [{"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21932, "scanner": "repobility", "fingerprint": "f5a6d61f6bdfd7e0568ffeaeed9c23a1", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 2048", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/session/snapshot.ts"}, "region": {"startLine": 8}}}]}, {"ruleId": "QUAL003", "level": "warning", "message": {"text": "Magic number used as default arg"}, "properties": {"repobilityId": 21931, "scanner": "repobility", "fingerprint": "bbdf5378dc6f0ce8e7f0c1a500c8bbdf", "category": "quality", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "default 2", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "magic-number-default"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/truncate.ts"}, "region": {"startLine": 94}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 17001, "scanner": "repobility", "fingerprint": "7237d8d553291ad4bd4a68fabdbf18bc", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log(\n    `\\nEstimated token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/live-benchmark.ts"}, "region": {"startLine": 267}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 17000, "scanner": "repobility", "fingerprint": "e22db87efab7e7b07f6defd28cd7ed00", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log(\"  Claude's context window: 200,000 token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/ecosystem-benchmark.ts"}, "region": {"startLine": 582}}}]}, {"ruleId": "LOG001", "level": "warning", "message": {"text": "PII printed to stdout/stderr"}, "properties": {"repobilityId": 16999, "scanner": "repobility", "fingerprint": "b2874776dcafa3ca130736b0f99a62e9", "category": "logging", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "console.log(\n    `  Claude's context window:  200,000 token", "aljefra_cwe": ["CWE-532"], "aljefra_owasp": "A09:2021", "aljefra_pattern_slug": "print-pii"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/context-comparison.ts"}, "region": {"startLine": 430}}}]}, {"ruleId": "CRYP001", "level": "warning", "message": {"text": "Crypto \u2014 plaintext HTTP for sensitive endpoint"}, "properties": {"repobilityId": 14184, "scanner": "repobility", "fingerprint": "092363cbf2dc445b13139765950c7ec1", "category": "crypto", "severity": "medium", "confidence": 0.45, "triageState": "open", "verdict": "likely_fp", "isResolved": false, "reason": " | [R34-retro auto-suppress: test/fixture path]", "evidence": {"snippet": "http://", "aljefra_cwe": ["CWE-319"], "aljefra_owasp": "A02:2021", "aljefra_pattern_slug": "http-not-https"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/hook-integration.test.ts"}, "region": {"startLine": 108}}}]}, {"ruleId": "XSS001", "level": "warning", "message": {"text": "Cross-site scripting \u2014 dangerouslySetInnerHTML"}, "properties": {"repobilityId": 13440, "scanner": "repobility", "fingerprint": "6988ba7de2ae96953671fcc853fb7c8b", "category": "injection", "severity": "medium", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "dangerouslySetInnerHTML", "aljefra_cwe": ["CWE-79"], "aljefra_owasp": "A03:2021", "aljefra_pattern_slug": "react-dangerously-set-html"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/github-issues.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 9912, "scanner": "repobility-threat-engine", "fingerprint": "f165c280f078b797c3e269574c557f9fb749760ce770517822a8745056739660", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".catch(() => {})", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f165c280f078b797c3e269574c557f9fb749760ce770517822a8745056739660"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "insight/src/routes/index.tsx"}, "region": {"startLine": 574}}}]}, {"ruleId": "ERR002", "level": "warning", "message": {"text": "[ERR002] Empty Catch Block: Empty catch blocks hide errors."}, "properties": {"repobilityId": 9911, "scanner": "repobility-threat-engine", "fingerprint": "8b6c682095b457fa72cc091b7d7e6e4a42e1859e9c24c51b543a237165ec088a", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "catch(e){}", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR002", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|8b6c682095b457fa72cc091b7d7e6e4a42e1859e9c24c51b543a237165ec088a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.ts"}, "region": {"startLine": 97}}}]}, {"ruleId": "AGT006", "level": "warning", "message": {"text": "React interval is created without an explicit cleanup"}, "properties": {"repobilityId": 9909, "scanner": "repobility-agent-runtime", "fingerprint": "78a70959ad41321df426164af25d88f1935d971c70c892d8b28644a012bfe9cc", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File uses setInterval with useEffect or hook-style code and no clearInterval cleanup was found.", "evidence": {"rule_id": "AGT006", "scanner": "repobility-agent-runtime", "references": ["https://react.dev/reference/react/useEffect"], "correlation_key": "fp|78a70959ad41321df426164af25d88f1935d971c70c892d8b28644a012bfe9cc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.ts"}, "region": {"startLine": 1245}}}]}, {"ruleId": "AGT012", "level": "warning", "message": {"text": "Agent control bridge may listen on a network interface without visible auth"}, "properties": {"repobilityId": 9908, "scanner": "repobility-agent-runtime", "fingerprint": "44c11364673957ea3ae9a68a209b9859762ebf6a2a568e528cf8810d02ce4c3c", "category": "quality", "severity": "medium", "confidence": 0.72, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "File combines agent-control wording with an HTTP/SSE/WebSocket listener on an all-interface host and no visible auth guard.", "evidence": {"rule_id": "AGT012", "scanner": "repobility-agent-runtime", "references": [], "correlation_key": "fp|44c11364673957ea3ae9a68a209b9859762ebf6a2a568e528cf8810d02ce4c3c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.ts"}, "region": {"startLine": 93}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9907, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0e57f3c103b793b8a3a311be15a0a8b004d4ee2e0993dbc7a30da963e73618c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/claude-code/index.ts", "duplicate_line": 112, "correlation_key": "fp|b0e57f3c103b793b8a3a311be15a0a8b004d4ee2e0993dbc7a30da963e73618c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/gemini-cli/index.ts"}, "region": {"startLine": 222}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9906, "scanner": "repobility-ai-code-hygiene", "fingerprint": "7de82cf2f2fddc0f08f565e8f9edd9b300b20caebf1027fc9d1f8c8087748bba", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/codex/index.ts", "duplicate_line": 173, "correlation_key": "fp|7de82cf2f2fddc0f08f565e8f9edd9b300b20caebf1027fc9d1f8c8087748bba"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/gemini-cli/index.ts"}, "region": {"startLine": 97}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9905, "scanner": "repobility-ai-code-hygiene", "fingerprint": "839e4788ea8ac4c2f086fddb13c2fc29a9150f64b33f636b62046c079b403ce2", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/claude-code-base.ts", "duplicate_line": 55, "correlation_key": "fp|839e4788ea8ac4c2f086fddb13c2fc29a9150f64b33f636b62046c079b403ce2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/gemini-cli/index.ts"}, "region": {"startLine": 90}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9904, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1d8c239f533b6beb5fb996ebed70ff4715db0bc24c0e59c4f67f62847b17a31b", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/antigravity/index.ts", "duplicate_line": 8, "correlation_key": "fp|1d8c239f533b6beb5fb996ebed70ff4715db0bc24c0e59c4f67f62847b17a31b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/gemini-cli/index.ts"}, "region": {"startLine": 10}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9903, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4cd2eb9ac289666f5a4c17a25e59dcea86e7b801dd162c2f6e1928877236f59f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/claude-code/hooks.ts", "duplicate_line": 58, "correlation_key": "fp|4cd2eb9ac289666f5a4c17a25e59dcea86e7b801dd162c2f6e1928877236f59f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/gemini-cli/hooks.ts"}, "region": {"startLine": 25}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9902, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f59f10b9136000c6805172372f8da6770b3a07d4b905b8d0fccddda99d71acc9", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/copilot-base.ts", "duplicate_line": 287, "correlation_key": "fp|f59f10b9136000c6805172372f8da6770b3a07d4b905b8d0fccddda99d71acc9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/cursor/index.ts"}, "region": {"startLine": 465}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9901, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b3d023f343ccc05d49b34be8f62fc03a0573476d6b4131e6a55b8595b1ab2323", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/codex/index.ts", "duplicate_line": 173, "correlation_key": "fp|b3d023f343ccc05d49b34be8f62fc03a0573476d6b4131e6a55b8595b1ab2323"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/cursor/index.ts"}, "region": {"startLine": 111}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9900, "scanner": "repobility-ai-code-hygiene", "fingerprint": "16fc0639b3f0a71f95a51ba6bf8770db17638ef3170de1d6fe0a8a71d206526f", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/claude-code-base.ts", "duplicate_line": 56, "correlation_key": "fp|16fc0639b3f0a71f95a51ba6bf8770db17638ef3170de1d6fe0a8a71d206526f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/cursor/index.ts"}, "region": {"startLine": 105}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9899, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e126a471107414dd1a4c80574c6719a86b6d428f780ef0d6231282216dda8810", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/claude-code-base.ts", "duplicate_line": 55, "correlation_key": "fp|e126a471107414dd1a4c80574c6719a86b6d428f780ef0d6231282216dda8810"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/copilot-base.ts"}, "region": {"startLine": 98}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9898, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b546fa167450601cad54bd25a39ce5c3c33dcfb4e6e72b22b6abc8655aa56ebc", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/antigravity/index.ts", "duplicate_line": 10, "correlation_key": "fp|b546fa167450601cad54bd25a39ce5c3c33dcfb4e6e72b22b6abc8655aa56ebc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/copilot-base.ts"}, "region": {"startLine": 11}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9897, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b928bd4477e874fe9bc120394c3eb17336f9070972a4e73aa7ebe57f03dfbda3", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/antigravity/index.ts", "duplicate_line": 143, "correlation_key": "fp|b928bd4477e874fe9bc120394c3eb17336f9070972a4e73aa7ebe57f03dfbda3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/codex/index.ts"}, "region": {"startLine": 499}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 9896, "scanner": "repobility-ai-code-hygiene", "fingerprint": "27f70403c491e4a42a1d5fa6c823c375970aa87dea18071e05f509d22e3b4df6", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "src/adapters/claude-code-base.ts", "duplicate_line": 55, "correlation_key": "fp|27f70403c491e4a42a1d5fa6c823c375970aa87dea18071e05f509d22e3b4df6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/adapters/codex/index.ts"}, "region": {"startLine": 166}}}]}, {"ruleId": "AIC004", "level": "warning", "message": {"text": "Suspicious implementation file appears unreferenced"}, "properties": {"repobilityId": 9895, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ac4c1da69773f06b3630246c7a68c6d36497ed38f97efb2190d62b8afed35d25", "category": "quality", "severity": "medium", "confidence": 0.78, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Patch-style source file has no detected inbound reference from other repository files.", "evidence": {"suffix": "v04", "rule_id": "AIC004", "scanner": "repobility-ai-code-hygiene", "references": ["https://knip.dev/", "https://github.com/jendrikseipp/vulture"], "correlation_key": "fp|ac4c1da69773f06b3630246c7a68c6d36497ed38f97efb2190d62b8afed35d25"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/live-benchmark-v04.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "AIC001", "level": "warning", "message": {"text": "Parallel implementation file sits beside a canonical file"}, "properties": {"repobilityId": 9894, "scanner": "repobility-ai-code-hygiene", "fingerprint": "da9e9379ef60af1b4e3db6a7cd9cb806926cb45fa4e7e0ca5420a894df9576ee", "category": "quality", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Source filename has a patch-style suffix and a same-directory canonical sibling exists.", "evidence": {"suffix": "v04", "rule_id": "AIC001", "scanner": "repobility-ai-code-hygiene", "references": ["https://arxiv.org/abs/2601.15195", "https://knip.dev/"], "canonical_file": "tests/live-benchmark.ts", "correlation_key": "fp|da9e9379ef60af1b4e3db6a7cd9cb806926cb45fa4e7e0ca5420a894df9576ee"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/live-benchmark-v04.ts"}, "region": {"startLine": 1}}}]}, {"ruleId": "QUAL005", "level": "note", "message": {"text": "Cluster of TODOs in one file"}, "properties": {"repobilityId": 22209, "scanner": "repobility", "fingerprint": "363a631dd9878fe6b7f70138bdadac38", "category": "quality", "severity": "low", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "TODO in the code acknowledging this issue:\\n\\n```javascript\\n// packages/react-reconciler/src/ReactProfilerTimer.js\\n\\n// TODO: This should really be one per Transition lane.\\nexport let transitionCla", "aljefra_cwe": null, "aljefra_owasp": null, "aljefra_pattern_slug": "todo-bomb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "tests/fixtures/github-issues.json"}, "region": {"startLine": 1}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 9910, "scanner": "repobility-threat-engine", "fingerprint": "f700aca081befb6c4395e00717c0fc8461d9ad4b5416d30dddfc6bc14e9afe4b", "category": "crypto", "severity": "info", "confidence": 0.25, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.25, "correlation_key": "code|crypto|src/server.ts|2409|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.ts"}, "region": {"startLine": 2409}}}]}, {"ruleId": "SUPC001", "level": "error", "message": {"text": "Supply chain \u2014 curl | bash anti-pattern"}, "properties": {"repobilityId": 15553, "scanner": "repobility", "fingerprint": "2ef32fa582952856311514768cc2a195", "category": "supply_chain", "severity": "high", "confidence": 0.85, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"snippet": "curl -fsSL https://bun.sh/install | bash", "aljefra_cwe": ["CWE-494"], "aljefra_owasp": "A08:2021", "aljefra_pattern_slug": "curl-pipe-bash"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "src/server.ts"}, "region": {"startLine": 1735}}}]}]}]}