Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.
Sign up free Scan another repo
105 of your 279 findings came from Repobility's proprietary detections. ✓ Repobility tags below mark them.

Scan timing: clone 7.18s · analysis 12.51s · 14.8 MB · GitHub preflight 438ms

zhouyoukang1234-spec/windsurf-assistant

https://github.com/zhouyoukang1234-spec/windsurf-assistant · scanned 2026-06-05 15:26 UTC (5 days ago) · 10 languages

745 raw signals (249 security + 496 graph) 0th percentile · Javascript · medium (20-100K LoC) System graph score 55 (lower by 16)

File as issue Image
UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days ago · v2 · 294 actionable findings from 2 signal sources. 203 repeated signals grouped for readability. Security checks, system graph analysis, and verified AI-agent feedback are merged into one review queue.

JSON
Combined
47.2
/100
Security checks
39
72 findings
System graph
55
100.0% cov · 222 findings
Critical
7
click to filter
Agents
6
0 votes
Crowd
0
reported
Score breakdown â 2026-05-18-v5
Component Sub-score Weight Contribution
structure_score 40.0 0.15 6.00
security_score 38.0 0.25 9.50
testing_score 23.0 0.20 4.60
documentation_score 60.4 0.15 9.06
practices_score 65.0 0.15 9.75
code_quality 4.0 0.10 0.40
Overall 1.00 39.3
Severity distribution — click a segment to filter
Active filters: excluding tests × Reset all
Severity: Critical 7 High 26 Medium 21 Low 180 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Security checks 72 System graph 222 Crowd 0 Layer: Quality 102 Security 26 Software 54 Cicd 2 Frontend 99 Api 11
Scan summary Quality grade F (39/100). Dimensions: security 38, maintainability 40. 249 findings (62 security). 91,045 lines analyzed.

Showing 234 of 294 actionable findings. 497 raw detector signals were grouped into reader-sized issues. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

critical Security checks security Secret conf 1.00 3 occurrences [SEC049] GCP API key: Google Cloud API key (AIza prefix). Ported from gitleaks gcp-api-key (MIT).
Restrict the key in Cloud Console (HTTP referrers / IP whitelist) and rotate. Move to Secret Manager.
3 files, 3 locations
Windsurf万法归宗/060-修复_Repair/_diag_zroliu.py:78
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/fix_auth.py:54
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/full_deploy.py:17
critical Security checks security secrets conf 0.95 6 occurrences Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
Gitleaks detected a committed secret or credential pattern.
3 files, 6 locations
Windsurf万法归宗/005-文档_docs/印记/印150_VM注入16token_cascade_per-token真本源_2026-05-18.md:161, 170, 182, 183 (4 hits)
packages/wam/extension.js:323
tests/_auth_smoke.cjs:30
critical Security checks security secrets conf 0.95 4 occurrences Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.
Gitleaks detected a committed secret or credential pattern.
3 files, 4 locations
packages/dao-core/README.md:25, 28 (2 hits)
Windsurf万法归宗/005-文档_docs/印记/印155续_实战收束_万源齐入_2026-05-19.md:131
Windsurf万法归宗/005-文档_docs/印记/印165_万法归宗_全链路贯通_2026-05-19.md:122
critical Security checks security secrets conf 0.95 Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
Gitleaks detected a committed secret or credential pattern.
Windsurf万法归宗/005-文档_docs/印记/印150_VM注入16token_cascade_per-token真本源_2026-05-18.md:166
critical Security checks security secrets conf 0.95 Discovered a potential basic authorization token provided in a curl command, which could compromise the curl accessed resource.
Gitleaks detected a committed secret or credential pattern.
Windsurf万法归宗/005-文档_docs/印记/印148_万法归宗_本源底层_2026-05-18.md:153
high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences Missing import: `email` used but not imported
The file uses `email.something(...)` but never imports `email`. This raises NameError at runtime the first time the line executes.
3 files, 3 locations
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/fix_auth.py:72
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/full_deploy.py:165
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/switch_account.py:195
critical Security checks security secrets conf 0.95 10 occurrences Uncovered a GCP API key, which could lead to unauthorized access to Google Cloud services and data breaches.
Gitleaks detected a committed secret or credential pattern.
10 files, 10 locations
Windsurf万法归宗/010-反代_Proxy/dao-agent/dao_agent.js:446
Windsurf万法归宗/060-修复_Repair/_179_total_diag.py:669
Windsurf万法归宗/060-修复_Repair/_diag_zroliu.py:78
Windsurf万法归宗/060-修复_Repair/_node_diag.py:43
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/fix_auth.py:54
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/switch_account.py:14
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/windsurf-switch.js:21
Windsurf万法归宗/060-修复_Repair/fb_test.js:6
critical System graph security Secrets conf 1.00 Possible secret in Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/inject_login.py
Detected pattern matching password_literal. Rotate the credential and move to a secret manager.
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/inject_login.py:12
high Security checks quality Quality conf 1.00 ✓ Repobility 3 occurrences [MINED021] Path Traversal Os Join: os.path.join(user_dir, filename) where filename can contain "../" — directory escape.
Review and fix per the pattern semantics. See CWE-22 / A01:2021 for context.
3 files, 3 locations
Windsurf万法归宗/060-修复_Repair/_179_db_diag.py:6
Windsurf万法归宗/060-修复_Repair/_179_fix.py:13
Windsurf万法归宗/060-修复_Repair/_179_net_check.py:98
low Security checks security Injection conf 1.00 [SEC103] LDAP injection — non-constant search filter: User input concatenated into an LDAP search filter. Attackers inject `*)(uid=*` style payloads to bypass auth or enumerate accounts.
Escape with javax.naming.ldap.Rdn.escapeValue or equivalent. For python-ldap, use ldap.filter.escape_filter_chars. Better: use parameterized search APIs (Spring LdapTemplate filter encoders).
Windsurf万法归宗/060-修复_Repair/官方模式回归.py:84
high Security checks quality Quality conf 1.00 ✓ Repobility 18 occurrences `self.path` used but never assigned in __init__
Method `do_GET` of class `DashHandler` reads `self.path`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance.
lines 497, 498, 499, 500, 501, 502, 503, 504, +10 more
Windsurf万法归宗/060-修复_Repair/credit_toolkit.py:497, 498, 499, 500, 501, 502, 503, 504, +10 more (18 hits)
high Security checks software dependencies conf 0.90 ✓ Repobility Dockerfile FROM `gitpod/workspace-node:latest` not pinned by digest
`FROM gitpod/workspace-node:latest` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.
.gitpod.Dockerfile:1
low Security checks cicd CI/CD security conf 0.90 ✓ Repobility 43 occurrences GitHub Action is tag-pinned rather than SHA-pinned
Action `actions/github-script` pinned to mutable ref `@v7` uses a mutable tag or branch. Pin external actions to a reviewed full commit SHA when the workflow is security-sensitive.
12 files, 40 locations
.github/workflows/ci.yml:15, 18, 29, 38, 41, 53 (10 hits)
.github/workflows/dao-boot.yml:31, 33 (4 hits)
.github/workflows/dao-fleet-cloud.yml:98, 101 (4 hits)
.github/workflows/dao-fleet.yml:46, 49 (4 hits)
.github/workflows/dao-vm-free-loop.yml:39, 44 (4 hits)
.github/workflows/_enable_pages_once.yml:33 (2 hits)
.github/workflows/dao-fleet-keepalive.yml:34, 37 (2 hits)
.github/workflows/dao-vm-loop-a.yml:34, 37 (2 hits)
CI/CD securitySupply chainGitHub Actions
high Security checks security prompt injection conf 0.80 User-editable role instructions are inserted into the system prompt
Fleet or role instructions that users can edit should be treated as untrusted configuration. Prepending them to every system prompt lets stored text override runtime behavior.
web/legacy.html:241
high Security checks security prompt injection conf 0.80 User-editable role instructions are inserted into the system prompt
Fleet or role instructions that users can edit should be treated as untrusted configuration. Prepending them to every system prompt lets stored text override runtime behavior.
web/dao_app.js:915
high System graph api Wiring conf 1.00 Dangling fetch: GET /_devin-auth/password/login (_archive/wam-v17.42.20/extension.js:5110)
`_archive/wam-v17.42.20/extension.js:5110` calls `GET /_devin-auth/password/login` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/_devin-auth/password/login` If this points at an external API, prefix it with `https:…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET /api/notify-test (packages/wam/dao_stuck.js:2270)
`packages/wam/dao_stuck.js:2270` calls `GET /api/notify-test` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/notify-test` If this points at an external API, prefix it with `https://` so the matcher skips it.
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET http://127.0.0.1:${s.port}/health (web/dao_app.js:1116)
`web/dao_app.js:1116` calls `GET http://127.0.0.1:${s.port}/health` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/http:/127.0.0.1:/<p>/health` If this points at an external API, prefix it with `https://` so the mat…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: GET https://api.github.com/gists?per_page=100 (web/dao_app.js:1193)
`web/dao_app.js:1193` calls `GET https://api.github.com/gists?per_page=100` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/gists` If this points at an external API, prefix it with `https://` so…
Dangling fetchFetch
high System graph api Wiring conf 1.00 Dangling fetch: POST https://api.github.com/repos/${owner}/${repo}/actions/workflows/dao-fleet-cloud.yml/dispatches (web/dao_app.js:1365)
`web/dao_app.js:1365` calls `POST https://api.github.com/repos/${owner}/${repo}/actions/workflows/dao-fleet-cloud.yml/dispatches` but no backend route matches that path. This is a runtime 404 waiting to happen. Tool: fetch Normalized path used for matching: `/https:/api.github.com/repos/<p>/<p>/ac…
Dangling fetchFetch
high System graph security security conf 1.00 Insecure pattern 'exec_used' in 130-道独立体_Standalone/01-VM/vm-side/dao_nano_public.js:14
Found a known-risky pattern (exec_used). Review and replace if possible.
130-道独立体_Standalone/01-VM/vm-side/dao_nano_public.js:14 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in n.js:7
Found a known-risky pattern (exec_used). Review and replace if possible.
n.js:7 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in packages/dao-proxy-min/extension.js:1183
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/dao-proxy-min/extension.js:1183 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in packages/dao-proxy-min/package.json:101
Found a known-risky pattern (exec_used). Review and replace if possible.
packages/dao-proxy-min/package.json:101 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/extension.js:1150
Found a known-risky pattern (exec_used). Review and replace if possible.
Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/extension.js:1150 Exec used
high System graph security security conf 1.00 Insecure pattern 'exec_used' in Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/package.json:100
Found a known-risky pattern (exec_used). Review and replace if possible.
Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/package.json:100 Exec used
low Security checks quality Error handling conf 1.00 3 occurrences [ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level.
Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types.
3 files, 3 locations
Windsurf万法归宗/060-修复_Repair/_deep_probe.py:272
Windsurf万法归宗/060-修复_Repair/_trajectory_guard.py:105
Windsurf万法归宗/060-修复_Repair/官方模式回归.py:38
medium Security checks quality Error handling conf 1.00 3 occurrences [ERR002] Empty Catch Block: Empty catch blocks hide errors.
Log the error or rethrow it. Use console.error() at minimum.
3 files, 3 locations
Windsurf万法归宗/060-修复_Repair/_build_server.js:169
packages/dao-injector/extension/content.js:113
packages/dao-injector/extension/inject.js:213
medium Security checks security path traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
packages/dao-proxy-min/install.sh:194
medium Security checks security path traversal conf 1.00 [SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
Validate extracted paths with os.path.realpath() and ensure they stay within the target directory.
Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/install.sh:194
low Security checks quality Quality conf 1.00 3 occurrences [SEC136] AI-typical over-broad exception handler swallowing all errors: Catch-all exception block that silently returns success or no-ops. AI agents reach for this pattern when a flaky test or an unfamiliar API throws — wrap, swallow, return success. Real bugs are masked, observability is destroyed, and callers think the operation worked. CWE-396 (improperly-generalized exception). Distinct from intentional fallback because there's no log line and the success value is fabricated.
Catch the specific exception type, log at error level with full exception info, and return a failure-shaped result. If the operation is genuinely best-effort, log at warning and document why in a comment so the next reader (or scanner) knows.
3 files, 3 locations
Windsurf万法归宗/060-修复_Repair/_proxy_split.py:39
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/full_deploy.py:41
Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/read_run_logs.js:34
high Security checks quality Quality conf 0.72 Agent control bridge may listen on a network interface without visible auth
Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN.
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/server.js:2
medium Security checks quality Quality Average file size is 532 lines (recommend <300)
Refactor large files by extracting related functions into separate modules. Target files with 300+ lines first. Use the Single Responsibility Principle — each module should have one clear purpose.
low Security checks quality Error handling conf 0.55 ✓ Repobility 25 occurrences Broad exception handler needs review
This handler catches Exception/BaseException. It is actionable when it swallows errors without logging, re-raising, or returning a structured error. Handlers that intentionally convert exceptions into typed error results should not be treated as high risk.
9 files, 25 locations
Windsurf万法归宗/060-修复_Repair/credit_toolkit.py:85, 105, 109, 572, 580, 587, 603, 619, +1 more (9 hits)
Windsurf万法归宗/060-修复_Repair/_179_net_check.py:28, 37, 56, 71 (4 hits)
Windsurf万法归宗/060-修复_Repair/_179_fix.py:48, 118, 199 (3 hits)
Windsurf万法归宗/060-修复_Repair/_proxy_split.py:39, 49, 58 (3 hits)
Windsurf万法归宗/060-修复_Repair/_anti_fingerprint.py:168, 342 (2 hits)
Windsurf万法归宗/060-修复_Repair/_deep_probe.py:264
Windsurf万法归宗/060-修复_Repair/_laptop_diag.py:24
Windsurf万法归宗/060-修复_Repair/_lt_fix2.py:23
Error handlingquality
high Security checks software dependencies conf 0.90 12 occurrences GitHub Action `actions/checkout@v4` is 2 major version(s) behind (latest v6.0.3)
`uses: actions/checkout@v4` is 2 major version(s) behind the latest published release v6.0.3. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage for.
12 files, 12 locations
.github/workflows/ci.yml:15
.github/workflows/dao-boot.yml:31
.github/workflows/dao-fleet-cloud.yml:98
.github/workflows/dao-fleet.yml:46
.github/workflows/dao-main-shell.yml:11
.github/workflows/dao-vm-free-loop.yml:39
.github/workflows/dao-vm-loop-a.yml:34
.github/workflows/dao-vm-loop-b.yml:31
high Security checks software dependencies conf 0.90 GitHub Action `actions/configure-pages@v5` is 1 major version(s) behind (latest v6.0.0)
`uses: actions/configure-pages@v5` is 1 major version(s) behind the latest published release v6.0.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage f…
.github/workflows/deploy-pages.yml:48
high Security checks software dependencies conf 0.90 GitHub Action `actions/github-script@v7` is 2 major version(s) behind (latest v9.0.0)
`uses: actions/github-script@v7` is 2 major version(s) behind the latest published release v9.0.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage for.
.github/workflows/_enable_pages_once.yml:33
high Security checks software dependencies conf 0.90 10 occurrences GitHub Action `actions/setup-node@v4` is 2 major version(s) behind (latest v6.4.0)
`uses: actions/setup-node@v4` is 2 major version(s) behind the latest published release v6.4.0. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage for.
10 files, 10 locations
.github/workflows/ci.yml:18
.github/workflows/dao-boot.yml:33
.github/workflows/dao-fleet-cloud.yml:101
.github/workflows/dao-fleet.yml:49
.github/workflows/dao-vm-free-loop.yml:44
.github/workflows/dao-vm-loop-a.yml:37
.github/workflows/dao-vm-loop-b.yml:34
.github/workflows/dao-vm-loop-c.yml:34
high Security checks software dependencies conf 0.90 GitHub Action `actions/upload-artifact@v4` is 3 major version(s) behind (latest v7.0.1)
`uses: actions/upload-artifact@v4` is 3 major version(s) behind the latest published release v7.0.1. Old action majors run on deprecated runner images / Node versions and miss upstream fixes. This is the exact 'outdated GitHub Action' class Dependabot raises — and which Repobility had no coverage f…
.github/workflows/ci.yml:29
high Security checks quality Quality conf 0.80 3 occurrences localStorage write failures are swallowed silently
localStorage quotas are small and writes can fail. Catching storage errors without a user-visible warning causes silent data loss when notes, images, or snapshots exceed quota.
3 files, 3 locations
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/app/page.tsx:331
packages/wam/extension.js:7776
web/dao_github_sync.js:174
medium Security checks software dependencies conf 0.90 npm package `@types/react-dom` is 1 major version(s) behind (18.3.7 -> 19.2.3)
`@types/react-dom` is pinned/resolved at 18.3.7 but the latest stable release on the npm registry is 19.2.3 (1 major version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/package.json
medium Security checks quality Quality conf 0.78 Public web service has no security.txt
security.txt gives researchers and customers a safe disclosure channel. Public web apps and APIs should publish it under /.well-known/security.txt.
.well-known/security.txt
high Security checks software dependencies conf 0.70 4 occurrences Remote install command pipes network code directly to a shell
Agent helper projects often publish one-line installers. `curl | sh` style commands are convenient, but they bypass review unless the script is pinned, signed, or checksum-verified.
4 files, 4 locations
Windsurf万法归宗/005-文档_docs/印记/印155续_实战收束_万源齐入_2026-05-19.md:145
Windsurf万法归宗/005-文档_docs/印记/印200_道法自然_本地引擎链闭环_VM真自治边界_2026-05-22.md:101
scripts/dao/vm_bootstrap.sh:12
scripts/dao/vm_total.sh:23
medium Security checks quality Quality conf 0.78 4 occurrences Suspicious implementation file appears unreferenced
A file created as a fixed/new/final/copy variant is not referenced by imports or path-like strings in the rest of the repository. This is a strong sign that an agent produced code beside the active application path.
4 files, 4 locations
Windsurf万法归宗/060-修复_Repair/_179_fix.py:1
Windsurf万法归宗/060-修复_Repair/_apply_cascade_tabs_fix.js:1
Windsurf万法归宗/060-修复_Repair/_final_deep_fix.py:1
Windsurf万法归宗/060-修复_Repair/_lt_fix.py:1
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — _archive/wam-v17.42.20/extension.js:5110
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/dao-injector/extension/sw.js:267
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/dao-proxy-min/extension.js:2364
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — packages/dao-proxy-min/media/webview-app.js:55
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Windsurf万法归宗/005-文档_docs/经/dao_acquire.js:31
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/extension.js:2331
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph quality Integrity conf 1.00 `fetch()` without try/.catch or AbortSignal — workers/dao-vm-gateway.js:13
Bare `fetch(...)` will throw an unhandled rejection on network failure. Wrap in try/catch, attach a `.catch(...)`, or pass an AbortSignal with a timeout.
runtime safetyRobustness
medium System graph cicd CI/CD security conf 1.00 7 occurrences GitHub Actions workflow grants broad write permissions
CI tokens with write permissions increase blast radius when an action, dependency, or PR workflow is compromised. Prefer job-level least-privilege permissions.
7 files, 7 locations
.github/workflows/_enable_pages_once.yml
.github/workflows/dao-vm-free-loop.yml
.github/workflows/dao-vm-loop-a.yml
.github/workflows/dao-vm-loop-b.yml
.github/workflows/dao-vm-loop-c.yml
.github/workflows/dao-vm-loop-d.yml
.github/workflows/deploy-pages.yml
CI/CD securitySupply chainGithub actions
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in .github/workflows/dao-exec.yml:28
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
.github/workflows/dao-exec.yml:28 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in .github/workflows/dao-main-shell.yml:29
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
.github/workflows/dao-main-shell.yml:29 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'subprocess_shell_true' in .github/workflows/dao-shell.yml:50
Found a known-risky pattern (subprocess_shell_true). Review and replace if possible.
.github/workflows/dao-shell.yml:50 Subprocess shell true
medium System graph security security conf 1.00 Insecure pattern 'weak_hash' in Windsurf万法归宗/060-修复_Repair/ws_repatch.py:474
Found a known-risky pattern (weak_hash). Review and replace if possible.
Windsurf万法归宗/060-修复_Repair/ws_repatch.py:474 Weak hash
medium System graph quality Integrity conf 1.00 Network/subprocess call without timeout or try/except — Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/switch_account.py:79
`subprocess.run(...)` here lacks both a `timeout=` arg and an enclosing try/except. This is exactly the class of bug that took down our git-clone earlier (HTTP/2 stream cancel surfaced as a fatal). Add a `timeout=` and wrap in try/except, or use a wrapper that retries.
runtime safetyRobustness
medium System graph quality Tests conf 1.00 Very low test-to-source ratio
10 test file(s) for 162 source file(s) (ratio 0.06). Consider adding integration or unit tests for critical paths.
Coverage
low Security checks software Race condition conf 1.00 [SEC124] TOCTOU file access (os.access then open): Check-then-use file pattern (access/exists then open) lets an attacker swap the file between check and use (symlink attack). `mktemp` is deprecated for the same reason.
Use `os.open(path, os.O_CREAT | os.O_EXCL | os.O_WRONLY)` for atomic create-only. Use `tempfile.NamedTemporaryFile()` (not `mktemp`). For locking, use `fcntl.flock`.
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/full_deploy.py:239
low Security checks quality Quality conf 0.68 Archive or legacy directory is mixed into the active repository root
Archive, old, backup, or legacy directories at the root often hide obsolete implementations that AI agents can copy from or accidentally rewire.
_archive:1
low Security checks quality Quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code.
Windsurf万法归宗/060-修复_Repair/_final_deep_fix.py:1
low Security checks quality Quality conf 0.64 Duplicate top-level symbol appears in a patch-style file
A generated replacement file defining the same public function or class name as another module can mean the new logic is not actually wired into the running code.
Windsurf万法归宗/060-修复_Repair/_lt_fix.py:1
low Security checks quality Quality conf 0.60 23 occurrences Duplicated implementation block across source files
Duplicate implementation blocks are maintenance debt. Keep them visible, but they are not a high-severity defect unless the duplicated logic is security-sensitive or drifting.
12 files, 17 locations
Windsurf万法归宗/060-修复_Repair/_lt_fix3.py:2, 3 (2 hits)
Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_chat_methods.js:32, 104 (2 hits)
Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_json.js:11, 35 (2 hits)
Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_raw_chat.js:34, 47 (2 hits)
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/inject_zyk.py:14, 62 (2 hits)
Windsurf万法归宗/010-反代_Proxy/dao-agent/unwind.js:7
Windsurf万法归宗/030-额度_Credits/临时账号福利/dao_credit_force.js:70
Windsurf万法归宗/060-修复_Repair/_diag_editor_state.js:1
duplicationquality
low Security checks software dependencies conf 0.90 3 occurrences npm package `@types/vscode` is minor version(s) behind (^1.84.0 -> 1.120.0)
`@types/vscode` is pinned/resolved at ^1.84.0 but the latest stable release on the npm registry is 1.120.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
3 files, 3 locations
Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-max/package.json
Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/package.json
packages/dao-proxy-min/package.json
low Security checks software dependencies conf 0.90 3 occurrences npm package `@vscode/vsce` is minor version(s) behind (^3.6.0 -> 3.9.2)
`@vscode/vsce` is pinned/resolved at ^3.6.0 but the latest stable release on the npm registry is 3.9.2 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
3 files, 3 locations
Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-max/package.json
Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/package.json
packages/dao-proxy-min/package.json
low Security checks software dependencies conf 0.90 npm package `autoprefixer` is minor version(s) behind (10.4.24 -> 10.5.0)
`autoprefixer` is pinned/resolved at 10.4.24 but the latest stable release on the npm registry is 10.5.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/package.json
low Security checks software dependencies conf 0.90 npm package `postcss` is minor version(s) behind (8.4.31 -> 8.5.15)
`postcss` is pinned/resolved at 8.4.31 but the latest stable release on the npm registry is 8.5.15 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/package.json
low Security checks software dependencies conf 0.90 npm package `ws` is minor version(s) behind (8.19.0 -> 8.21.0)
`ws` is pinned/resolved at 8.19.0 but the latest stable release on the npm registry is 8.21.0 (minor version(s) behind). Outdated dependencies accumulate unpatched bugs and make future security upgrades harder. This is the version-currency signal Dependabot version-update PRs raise.
Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/package.json
low Security checks quality Quality conf 0.50 Public web app has no humans.txt
humans.txt is optional, but it gives operators and reviewers a simple place to find ownership, contact, and important public documentation links.
humans.txt
low Security checks quality Quality conf 0.72 Public web app has no sitemap
A sitemap gives search engines, docs crawlers, and AI agents a structured list of public pages. Without one, important docs and product pages are easy to miss.
sitemap.xml
high Security checks quality Quality conf 0.62 4 occurrences Source file name looks like an AI patch artifact
Files named as final, fixed, copy, new, or backup are often temporary patch artifacts. They may be legitimate, but they deserve review before becoming production surface area.
4 files, 4 locations
Windsurf万法归宗/060-修复_Repair/_179_fix.py:1
Windsurf万法归宗/060-修复_Repair/_apply_cascade_tabs_fix.js:1
Windsurf万法归宗/060-修复_Repair/_final_deep_fix.py:1
Windsurf万法归宗/060-修复_Repair/_lt_fix.py:1
low System graph quality Integrity conf 1.00 102 env vars used in code but missing from .env.example
Drift between code and config docs. The first few: `ACCOUNTS_FILE`, `ANTHROPIC_API_KEY`, `APPDATA`, `AWS_REGION`, `BIND`, `CF_URL`, `CF_URL_MASTER`, `CLOUD_REGION` + 94 more. Add them (with a placeholder/comment) to .env.example so onboarding doesn't break.
config drift
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/wam/_read_vscdb.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: packages/wam/_vscdb_helper.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: scripts/build-vsix.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_179_db_diag.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_179_fix.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_apply_cascade_tabs_fix.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_apply_fix_to_windsurf.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_diag_all_entries.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_diag_auxiliary_state.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_diag_cascade_tabs2.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_diag_cascade_tabs4.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_diag_leveldb_current.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_locate_patch_point.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_locate_shutdown_reset.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_lt_vacuum.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_root_analysis/_find_request.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_dump.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/check_wam.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/check_wam2.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/diag2.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/fix_auth.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/fix_settings.py
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/next-env.d.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/next.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/postcss.config.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/web/tailwind.config.ts
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/060-修复_Repair/tests/_dao_dump_req.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/_update_version.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/accounts_audit.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/chat_direct.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_check_secret.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph software Dead code candidate conf 1.00 File has no detected symbols: Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_drop_first.js
Source file with no class/function declarations — possible config, dead code, or scratch file.
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 2 places
Functions with the same first-5-line body hash: Windsurf万法归宗/060-修复_Repair/_diag_zroliu.py:run, Windsurf万法归宗/060-修复_Repair/_node_diag.py:run This is *the* AI-coder failure mode (4× more duplication in vibe-coded repos — see https://jw.hn/ai-code-hygiene). Consolidate or document why they're separa…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 2 occurrences Near-duplicate function bodies in 3 places
Functions with the same first-5-line body hash: Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/full_deploy.py:v10_encrypt, Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/inject_zyk.py:v10_encrypt, Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/i…
2 occurrences
repo-level (2 hits)
duplicatesduplication
low System graph quality Integrity conf 1.00 Near-duplicate function bodies in 6 places
Functions with the same first-5-line body hash: Windsurf万法归宗/060-修复_Repair/_lt_fix3.py:ex, Windsurf万法归宗/060-修复_Repair/_lt_fix2.py:ex, Windsurf万法归宗/060-修复_Repair/_laptop_diag2.py:exec_cmd, Windsurf万法归宗/060-修复_Repair/_lt_quick.py:ex This is *the* AI-coder failure mode (4× more duplication in vibe-co…
duplicatesduplication
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `_grewWhileOld` in packages/wam/dao_stuck.js:1291
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `dao_local_v2` in Windsurf万法归宗/010-反代_Proxy/server.js:24
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `dao_local_v2` in Windsurf万法归宗/060-修复_Repair/backend/server.js:22
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `fingerprint_backup` in Windsurf万法归宗/060-修复_Repair/_deep_probe.py:215
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `has_old` in Windsurf万法归宗/060-修复_Repair/ws_repatch.py:368
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `last_backup` in Windsurf万法归宗/060-修复_Repair/patch_continue_bypass.py:231
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph quality Integrity conf 1.00 Old/deprecated-named symbol `product_backup` in Windsurf万法归宗/060-修复_Repair/patch_rate_limit_bypass.py:174
Names with suffixes like `_old`, `_v1`, `_deprecated` usually indicate replaced-but-not-removed code (typical AI-coder leftover). Confirm and delete, or rename if it's the active version.
old markerDead code
low System graph software Dead code conf 1.00 Possibly dead Python function: cmd_fix
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Windsurf万法归宗/060-修复_Repair/官方模式回归.py:130
low System graph software Dead code conf 1.00 Possibly dead Python function: cmd_verify
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Windsurf万法归宗/060-修复_Repair/官方模式回归.py:203
low System graph software Dead code conf 1.00 Possibly dead Python function: do_GET
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Windsurf万法归宗/060-修复_Repair/credit_toolkit.py:496
low System graph software Dead code conf 1.00 Possibly dead Python function: log_message
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Windsurf万法归宗/060-修复_Repair/credit_toolkit.py:540
low System graph software Dead code conf 1.00 Possibly dead Python function: parse_reset_seconds
No callers detected by AST scan in this repo. Could be exported for external callers or a framework handler.
Windsurf万法归宗/060-修复_Repair/ws_repatch.py:406
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — 130-道独立体_Standalone/01-VM/vm-side/dao_nano_public.js:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — _archive/wam-v17.42.20/_wam_e2e.js:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — _archive/wam-v17.42.20/extension.js:1629
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — dao_proxy.js:66
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — n.js:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-core/cloud_engine.js:1748
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-core/fleet_vm_unit.js:1230
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-core/windsurf_auth.js:434
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-pool/cli.js:89
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-vm/vm_direct.js:517
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-vm/vm_status.js:82
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-vm/vm_tunnel.js:146
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/dao-vm/vm_up.js:428
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/wam/dao_stuck.js:312
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — packages/wam/extension.js:909
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — scripts/build-vsix.js:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — scripts/deploy.js:58
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — web/dao_app.js:74
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/005-文档_docs/经/dao_acquire.js:427
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/010-反代_Proxy/dao-agent/dao_agent.js:1025
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/010-反代_Proxy/dao-agent/setup.js:135
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/010-反代_Proxy/dao-agent/test_acp.js:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/010-反代_Proxy/dao-agent/unwind.js:65
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/010-反代_Proxy/server.js:112
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_apply_cascade_tabs_fix.js:28
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_apply_fix_to_windsurf.js:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_build_server.js:287
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_179_statedb.js:24
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_all_entries.js:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_auxiliary_state.js:18
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_cascade_tabs.js:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_cascade_tabs2.js:21
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_cascade_tabs3.js:21
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_cascade_tabs4.js:19
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_editor_state.js:20
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_leveldb_current.js:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_leveldb_deep.js:9
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_mode_check.js:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_open_sessions_key.js:15
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_remote_179_compare.js:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_diag_workbench_mode.js:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_locate_Ait_function.js:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_locate_Dln_prefix.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_locate_Iii_function.js:14
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_locate_patch_point.js:10
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_locate_shutdown_reset.js:12
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_find_request.js:13
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_find_z.js:8
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_cascade_flow.js:103
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_chat.js:53
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_chat_methods.js:75
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_dump.js:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_full_chat.js:49
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_json.js:55
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_minimal.js:53
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_raw_chat.js:87
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_root_analysis/_probe_stream.js:28
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/_yin194_helper.js:56
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/brain.js:50
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/server.js:29
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/agent-remote-repair-main/remote-agent/windsurf-switch.js:204
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/backend/server.js:98
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/fb_test.js:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/tests/_dao_capture_test.js:138
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/tests/_dao_dump_req.js:11
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/tests/_dao_e2e_test.js:109
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/tests/_dao_get_csrf.js:6
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/tests/_dao_test_models.js:59
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/060-修复_Repair/tests/_quick_model_test.js:55
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/_sync_origin.js:56
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/_update_version.js:26
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/accounts_audit.js:20
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/chat_direct.js:34
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/chat_nostream.js:102
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/chat_via_proxy.js:122
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hd_dispatch.js:37
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hd_push.js:136
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hd_push2.js:34
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hd_set_secret.js:100
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hd_verify.js:78
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hd_wait_tunnel.js:38
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hdougle_login.js:275
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/gh_curl.js:180
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_check_secret.js:18
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_drop_first.js:17
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_to_hdougle.js:51
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_verify.js:186
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/probe_gh_models.js:136
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/read_proxy_logs.js:42
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/read_run_logs.js:40
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/set_secret_api.js:61
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/verify_pat.js:16
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph frontend Frontend quality conf 1.00 Stray `console.log` in TS/JS — Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/dao_proxy.js:66
Replace with the toast helper, an error boundary, or remove. `console.warn` / `console.error` are acceptable. Why: Hygiene — easy to leak debug output. Rule id: fq.console-leak
Fq console leak
low System graph api Wiring conf 1.00 Unused endpoint: DELETE /repos/hdougle/windsurf-assistant/actions/secrets/DAO_JWT
`Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_drop_first.js` declares `DELETE /repos/hdougle/windsurf-assistant/actions/secrets/DAO_JWT` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Other…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /repos/hdougle/windsurf-assistant/actions/secrets
`Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_check_secret.js` declares `GET /repos/hdougle/windsurf-assistant/actions/secrets` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /repos/hdougle/windsurf-assistant/actions/secrets/public-key
`Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_drop_first.js` declares `GET /repos/hdougle/windsurf-assistant/actions/secrets/public-key` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Other…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: GET /user
`Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/dao_hd_push2.js` declares `GET /user` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider removing or documenting w…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PUT /repos/hdougle/windsurf-assistant/actions/secrets/ACCOUNTS
`Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/lj_drop_first.js` declares `PUT /repos/hdougle/windsurf-assistant/actions/secrets/ACCOUNTS` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwi…
Unused endpoint
low System graph api Wiring conf 1.00 Unused endpoint: PUT /repos/owner/repo/contents/path
`Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/_hdougle_测试/gh_curl.js` declares `PUT /repos/owner/repo/contents/path` but no frontend code we scanned calls it. This is fine if the endpoint serves external clients (mobile app, third-party, server-side webhooks). Otherwise it's dead code — consider remo…
Unused endpoint
low System graph quality Complexity conf 1.00 Very large file: _archive/wam-v17.42.20/_wam_e2e.js (2240 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: _archive/wam-v17.42.20/extension.js (11328 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: dao_proxy.js (2570 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: packages/dao-core/cloud_engine.js (1844 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: packages/dao-core/fleet_vm_unit.js (1601 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: packages/dao-proxy-min/extension.js (3137 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: packages/wam/dao_stuck.js (2959 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: packages/wam/extension.js (10466 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: web/dao_app.js (3453 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Windsurf万法归宗/010-反代_Proxy/dao-agent/dao_agent.js (1526 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Windsurf万法归宗/010-反代_Proxy/server.js (2793 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Windsurf万法归宗/060-修复_Repair/backend/server.js (1944 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-max/extension.js (2079 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-max/webview/app.js (1738 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Windsurf万法归宗/070-插件_Plugins/020-道VSIX_DaoAgi/dao-proxy-min/extension.js (3104 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
low System graph quality Complexity conf 1.00 Very large file: Windsurf万法归宗/130-道独立体_Standalone/05-GitHub/dao_proxy.js (2382 lines)
Files with >800 lines often hide complexity hotspots and discourage tests.
For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.
For AI agents + API integrations
Email me when this repo regresses
Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.
API access

This page is publicly accessible at: https://repobility.com/scan/f833405c-b5d5-423e-926f-75cc8b93ff75/

To check status programmatically (no auth required): 

curl -s https://repobility.com/api/v1/public/scan/f833405c-b5d5-423e-926f-75cc8b93ff75/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.