{"version": "2.1.0", "$schema": "https://json.schemastore.org/sarif-2.1.0.json", "runs": [{"tool": {"driver": {"name": "Repobility", "informationUri": "https://repobility.com", "rules": [{"id": "MINED111", "name": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or ", "shortDescription": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "fullDescription": {"text": "Either narrow the exception type, log the exception with `logger.exception(...)`, or re-raise after handling."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC045", "name": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a latera", "shortDescription": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use obj"}, "fullDescription": {"text": "For literal data structures: use ast.literal_eval(text) \u2014 only parses literals, raises on code.\nFor formula evaluation: use asteval or simpleeval (purpose-built sandboxes with allow-lists).\nFor Odoo: use odoo.tools.safe_eval(expr, locals_dict, mode='exec').\nIf you genuinely need to execute admin-stored code: require explicit super-admin permission AND log every execution with a stack trace."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "ERR001", "name": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG ", "shortDescription": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "fullDescription": {"text": "Log the error: `except Exception: logger.debug('cleanup failed', exc_info=True)`. Or handle specific exception types."}, "properties": {"scanner": "repobility-threat-engine", "category": "error_handling", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC134", "name": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left ", "shortDescription": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets"}, "fullDescription": {"text": "Move dummy values to fixtures / seed files. In application code, require these to come from config or fail closed. Add a CI grep that rejects 'lorem ipsum' and 'example.com' outside test files."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "medium", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN002", "name": "Browser storage is used for session token material", "shortDescription": {"text": "Browser storage is used for session token material"}, "fullDescription": {"text": "Prefer httpOnly, Secure, SameSite cookies or short-lived in-memory tokens. Avoid persistent browser storage for access, refresh, ID, or partner session tokens."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "medium", "confidence": 0.82, "cwe": "", "owasp": ""}}, {"id": "AIC003", "name": "Duplicated implementation block across source files", "shortDescription": {"text": "Duplicated implementation block across source files"}, "fullDescription": {"text": "Duplicated blocks are a common artifact when generated code is pasted or recreated instead of reused. They increase maintenance cost because every future bug fix must be found in multiple locations."}, "properties": {"scanner": "repobility-ai-code-hygiene", "category": "quality", "severity": "medium", "confidence": 0.86, "cwe": "", "owasp": ""}}, {"id": "SEC132", "name": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the la", "shortDescription": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on it"}, "fullDescription": {"text": "Python: `f\"prefix {var} suffix\"`. JS/TS: `` `prefix ${var} suffix` ``. Add a lint rule (pyupgrade UP032, eslint prefer-template) so future PRs catch this automatically."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "COMP001", "name": "[COMP001] High cognitive complexity: Function `list_keys` has cognitive complexity 10 (SonarSource scale). Cognitive com", "shortDescription": {"text": "[COMP001] High cognitive complexity: Function `list_keys` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all"}, "fullDescription": {"text": "Extract nested branches into named helper functions; flatten early-return / guard clauses; replace long if/elif chains with dispatch dicts or polymorphism. SonarQube's threshold for 'should refactor' is 15 \u2014 yours is 10."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "low", "confidence": 0.95, "cwe": "", "owasp": ""}}, {"id": "SEC006", "name": "[SEC006] XSS Risk: Direct HTML injection without sanitization.", "shortDescription": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "fullDescription": {"text": "Use textContent instead of innerHTML. Sanitize with DOMPurify."}, "properties": {"scanner": "repobility-threat-engine", "category": "injection", "severity": "low", "confidence": 0.4, "cwe": "", "owasp": ""}}, {"id": "MINED044", "name": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.", "shortDescription": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-532 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED056", "name": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order.", "shortDescription": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-682 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED045", "name": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong.", "shortDescription": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED064", "name": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.", "shortDescription": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED050", "name": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO ", "shortDescription": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-1188 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED062", "name": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model.", "shortDescription": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "fullDescription": {"text": "Review and fix per the pattern semantics."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC118", "name": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it", "shortDescription": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "fullDescription": {"text": "Use `uuid.uuid4()` (random) or `secrets.token_urlsafe()` for tokens. In Go, use `uuid.NewRandom()` (google/uuid)."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.1, "cwe": "", "owasp": ""}}, {"id": "MINED043", "name": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.", "shortDescription": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-319 / A02:2021 for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC029", "name": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 22 more): Same pattern found in 22 addi", "shortDescription": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "fullDescription": {"text": "Validate the URL against an allowlist BEFORE fetching:\n  ALLOWED = {'images.example.com', 'cdn.example.com'}\n  host = urlparse(url).hostname\n  if host not in ALLOWED: abort(400)\nOr use a server-side proxy (Imgproxy / serve-files-only-from-S3) that isolates outbound network access from the request handler.\nBlock private CIDRs explicitly: 10/8, 172.16/12, 192.168/16, 169.254/16."}, "properties": {"scanner": "repobility-threat-engine", "category": "ssrf", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC084", "name": "[SEC084] JS: require() with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[SEC084] JS: require() with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Use static imports or a static mapping `const modules = { foo: require('./foo') }`."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "MINED029", "name": "[MINED029] Kotlin Null Bang (and 3 more): Same pattern found in 3 additional files. Review if needed.", "shortDescription": {"text": "[MINED029] Kotlin Null Bang (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-476 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC128", "name": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 15 more): Same pattern found in 15 add", "shortDescription": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "fullDescription": {"text": "Add `await` before each async call, or chain with `.then`. If you intentionally want fire-and-forget, prefix with `void` (TS) or assign to `_` (Python with `asyncio.create_task`) to make the intent explicit and survive lint."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "info", "confidence": 0.2, "cwe": "", "owasp": ""}}, {"id": "SEC015", "name": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.", "shortDescription": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "fullDescription": {"text": "Use secrets module (Python) or crypto.getRandomValues() (JS) for security-sensitive randomness."}, "properties": {"scanner": "repobility-threat-engine", "category": "crypto", "severity": "info", "confidence": 0.15, "cwe": "", "owasp": ""}}, {"id": "MINED134", "name": "[MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar`", "shortDescription": {"text": "[MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar` is a .jar binary (59,203 bytes) committed to a repo that otherwise has 657 source files. Trojan binaries inside otherwi"}, "fullDescription": {"text": "Audit the binary's provenance. If it's vendored library code, document it in a VENDORED.md. If it's a build artifact, add the extension to .gitignore and rebuild from source."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED115", "name": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at ", "shortDescription": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compro"}, "fullDescription": {"text": "Replace with: `uses: actions/upload-artifact@<40-char-sha>  # v4` and let Dependabot bump it on a scheduled cadence."}, "properties": {"scanner": "repobility-supply-chain", "category": "dependency", "severity": "high", "confidence": 0.9, "cwe": "", "owasp": ""}}, {"id": "MINED108", "name": "[MINED108] `self.update_status` used but never assigned in __init__: Method `on_input_changed` of class `TranslationTabl", "shortDescription": {"text": "[MINED108] `self.update_status` used but never assigned in __init__: Method `on_input_changed` of class `TranslationTableScreen` reads `self.update_status`, but no assignment to it exists in __init__ (and no class-level fallback). This rais"}, "fullDescription": {"text": "Initialize `self.update_status = <default>` in __init__, or add a class-level default."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED106", "name": "[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / ex", "shortDescription": {"text": "[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "fullDescription": {"text": "Add an explicit assertion that captures the test's intent, or remove the test."}, "properties": {"scanner": "repobility-ast-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC085", "name": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. ", "shortDescription": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "fullDescription": {"text": "Use execFile / spawn with separate args array; never pass shell strings."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC083", "name": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported fr", "shortDescription": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "fullDescription": {"text": "Use a literal RegExp or whitelist-validate user input before constructing patterns."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "MINED001", "name": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInt", "shortDescription": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "fullDescription": {"text": "Review and fix per the pattern semantics. See CWE-755 /  for context."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "SEC013", "name": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows ", "shortDescription": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "fullDescription": {"text": "Use os.path.realpath() and verify the path starts with your expected base directory. Use secure_filename() for uploads."}, "properties": {"scanner": "repobility-threat-engine", "category": "path_traversal", "severity": "high", "confidence": 0.8, "cwe": "", "owasp": ""}}, {"id": "MINED099", "name": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded dir", "shortDescription": {"text": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials."}, "fullDescription": {"text": "Move the secret to an environment variable or secret manager. Rotate the exposed credential immediately \u2014 assume it is compromised."}, "properties": {"scanner": "repobility-threat-engine", "category": "quality", "severity": "high", "confidence": 1.0, "cwe": "", "owasp": ""}}, {"id": "JRN009", "name": "Secret-like setting is echoed into a password input value", "shortDescription": {"text": "Secret-like setting is echoed into a password input value"}, "fullDescription": {"text": "Never prefill secret fields with stored values. Show a masked status such as configured/not configured, require explicit rotation to replace the value, and return the raw key only once at creation time."}, "properties": {"scanner": "repobility-journey-contract", "category": "auth", "severity": "high", "confidence": 0.83, "cwe": "", "owasp": ""}}]}}, "automationDetails": {"id": "repobility/199"}, "properties": {"repository": "rikkahub/rikkahub", "repoUrl": "https://github.com/rikkahub/rikkahub", "branch": "master"}, "results": [{"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 50680, "scanner": "repobility-ast-engine", "fingerprint": "4985e884b3bed0f4634d2a8d829f514c51b2947ec5c87e8aaff41d2f4b6a9710", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4985e884b3bed0f4634d2a8d829f514c51b2947ec5c87e8aaff41d2f4b6a9710"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 333}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 50658, "scanner": "repobility-ast-engine", "fingerprint": "14fedbde39137872f4998ca0338e911201bc5e98bf22560b39cd60b515711423", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|14fedbde39137872f4998ca0338e911201bc5e98bf22560b39cd60b515711423"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/xml_parser.py"}, "region": {"startLine": 29}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 50654, "scanner": "repobility-ast-engine", "fingerprint": "6f98e32e9a8a71263067d04bfdf45a2ca84496c1c67813e2d6c7cca10bdd45ab", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|6f98e32e9a8a71263067d04bfdf45a2ca84496c1c67813e2d6c7cca10bdd45ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 176}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 50653, "scanner": "repobility-ast-engine", "fingerprint": "dc55f877aaca785718d218c8a66026000d8cf9da25114f83f72fd1acd22485fe", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|dc55f877aaca785718d218c8a66026000d8cf9da25114f83f72fd1acd22485fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 260}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 50652, "scanner": "repobility-ast-engine", "fingerprint": "7d67e746dab183bbf9b53c53be2e1b0d6cb420b37c46fe7cd298fbe7a28ef5c2", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|7d67e746dab183bbf9b53c53be2e1b0d6cb420b37c46fe7cd298fbe7a28ef5c2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 145}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 50651, "scanner": "repobility-ast-engine", "fingerprint": "10c27cf24aa5ea8b83cafb63eecc505887f627fd875362727b05a6c346dc206b", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|10c27cf24aa5ea8b83cafb63eecc505887f627fd875362727b05a6c346dc206b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 85}}}]}, {"ruleId": "MINED111", "level": "warning", "message": {"text": "[MINED111] Bare except continues silently: Bare `except:` (or `except Exception:`) that runs code without re-raising or logging the exception. Hides real failures and makes bugs hard to diagnose."}, "properties": {"repobilityId": 50650, "scanner": "repobility-ast-engine", "fingerprint": "b97aa9ad387bbe8040d039d4b31026221783265cc17efaff0cd9083da58b1117", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "bare-except-without-pass", "owasp": null, "cwe_ids": [], "languages": ["python"], "observations_count": 21610}, "scanner": "repobility-ast-engine", "correlation_key": "fp|b97aa9ad387bbe8040d039d4b31026221783265cc17efaff0cd9083da58b1117"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 30}}}]}, {"ruleId": "SEC045", "level": "warning", "message": {"text": "[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data \u2014 even admin-stored data \u2014 is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ cleared) are escapable: attackers use object introspection (().__class__.__mro__[-1].__subclasses__()) to reach os.system. CWE-95 (eval injection)."}, "properties": {"repobilityId": 50613, "scanner": "repobility-threat-engine", "fingerprint": "4490f8b4323fce5e153673714622edbefc84ddde209665dc83002eab95dfff47", "category": "injection", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": ".exec(", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC045", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "code|injection|token|29|sec045"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/markdown/markdown.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "ERR001", "level": "warning", "message": {"text": "[ERR001] Silent Exception Swallowing: Silently swallowing all exceptions hides bugs. Even in cleanup code, log at DEBUG level."}, "properties": {"repobilityId": 50610, "scanner": "repobility-threat-engine", "fingerprint": "3b95f9b27018bdb7ee819ebe56bc2d08475e248a95ca86317c424f4c82b0b617", "category": "error_handling", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "except Exception:\n            pass", "reason": "Pattern matched with no mitigating context found", "rule_id": "ERR001", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|3b95f9b27018bdb7ee819ebe56bc2d08475e248a95ca86317c424f4c82b0b617"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/dead_entry_finder.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC134", "level": "warning", "message": {"text": "[SEC134] AI scaffold leftover \u2014 Lorem ipsum / example.com / John Doe in code: Lorem ipsum / John Doe / example.com left in non-test code. AI agents emit these as 'reasonable defaults' when they don't know real values; the human then forgets to swap them. In production, these break demo flows, send mail to a real example.com host (it's owned by IANA), and leak that the codebase had an AI scaffolding pass."}, "properties": {"repobilityId": 50597, "scanner": "repobility-threat-engine", "fingerprint": "1297216ade35268939d106d43c58d4e56051f81678739d26a8f271e6f7c6f3d9", "category": "quality", "severity": "medium", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"Lorem ipsum dolor sit amet", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC134", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1297216ade35268939d106d43c58d4e56051f81678739d26a8f271e6f7c6f3d9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/debug/DebugVM.kt"}, "region": {"startLine": 55}}}]}, {"ruleId": "JRN002", "level": "warning", "message": {"text": "Browser storage is used for session token material"}, "properties": {"repobilityId": 6145, "scanner": "repobility-journey-contract", "fingerprint": "7f55711131c67949524f4c276e5f103b4870131719e0cc9efcd97b6d2bc58d49", "category": "auth", "severity": "medium", "confidence": 0.82, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "Storage API call references token-like key or value names.", "evidence": {"rule_id": "JRN002", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|web-ui/app/services/api.ts|109|jrn002"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/services/api.ts"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6139, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ceafe0e5a0044cf22ce6a745122a26f2fd238d9e461199dfc8982eaa7001f96c", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/extensions/QuickMessagesPage.kt", "duplicate_line": 202, "correlation_key": "fp|ceafe0e5a0044cf22ce6a745122a26f2fd238d9e461199dfc8982eaa7001f96c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/extensions/SkillsPage.kt"}, "region": {"startLine": 232}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6133, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2919f6cc010acf3811600fb8639ac151966c65d2b237b6e3e1bcf95504148a35", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/McpPicker.kt", "duplicate_line": 73, "correlation_key": "fp|2919f6cc010acf3811600fb8639ac151966c65d2b237b6e3e1bcf95504148a35"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/SearchPicker.kt"}, "region": {"startLine": 73}}}]}, {"ruleId": "AIC003", "level": "warning", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6132, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2b3d81fa691d71c86dfd4f102083930ffe31fb8c9f3893239766682beb2bc8e0", "category": "quality", "severity": "medium", "confidence": 0.86, "triageState": "fixed", "verdict": "confirmed", "isResolved": true, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/activity/SafeModeActivity.kt", "duplicate_line": 171, "correlation_key": "fp|2b3d81fa691d71c86dfd4f102083930ffe31fb8c9f3893239766682beb2bc8e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/AssistantPicker.kt"}, "region": {"startLine": 122}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50645, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a252857fbc3e0284f579e486ab2a7f4db55717a2f1bda32416df090d966c0dd7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "document/src/main/java/me/rerere/document/DocxParser.kt", "duplicate_line": 161, "correlation_key": "fp|a252857fbc3e0284f579e486ab2a7f4db55717a2f1bda32416df090d966c0dd7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "document/src/main/java/me/rerere/document/PptxParser.kt"}, "region": {"startLine": 221}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50644, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b0d631fd25820db285bdce6dbe7f7ad7bfe699d9870c62291b6e575948aa1854", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "document/src/main/java/com/artifex/mupdf/fitz/Rect.java", "duplicate_line": 138, "correlation_key": "fp|b0d631fd25820db285bdce6dbe7f7ad7bfe699d9870c62291b6e575948aa1854"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "document/src/main/java/com/artifex/mupdf/fitz/RectI.java"}, "region": {"startLine": 103}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50643, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fe831358a2a84ef2956028694f6b01cd09ea5efd5069376769f61866b3c9ff39", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/AutumnTheme.kt", "duplicate_line": 89, "correlation_key": "fp|fe831358a2a84ef2956028694f6b01cd09ea5efd5069376769f61866b3c9ff39"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/SpringTheme.kt"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50642, "scanner": "repobility-ai-code-hygiene", "fingerprint": "084767d0f2eb836b9cfbe1d0a9efe5699c2ea134b4bfb0aacc328cf1e26f9e04", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/AutumnTheme.kt", "duplicate_line": 89, "correlation_key": "fp|084767d0f2eb836b9cfbe1d0a9efe5699c2ea134b4bfb0aacc328cf1e26f9e04"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/SakuraTheme.kt"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50641, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a11dde70c9fe41c6f2b65f457ad806b6d7624c1569eefbdcaf7fd2b5a7a76550", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/AutumnTheme.kt", "duplicate_line": 89, "correlation_key": "fp|a11dde70c9fe41c6f2b65f457ad806b6d7624c1569eefbdcaf7fd2b5a7a76550"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/OceanTheme.kt"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50640, "scanner": "repobility-ai-code-hygiene", "fingerprint": "78d518d7e6707d99f4c0b41e352b5a6d89e050040fce08abc2bea287f3741e42", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/AutumnTheme.kt", "duplicate_line": 89, "correlation_key": "fp|78d518d7e6707d99f4c0b41e352b5a6d89e050040fce08abc2bea287f3741e42"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/theme/presets/BlackTheme.kt"}, "region": {"startLine": 89}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50639, "scanner": "repobility-ai-code-hygiene", "fingerprint": "b60949d21dae4f797a09dcdf87fced4c3e57b1f14abf6da6819220bdde1baf60", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/components/message/ChatMessageTranslation.kt", "duplicate_line": 73, "correlation_key": "fp|b60949d21dae4f797a09dcdf87fced4c3e57b1f14abf6da6819220bdde1baf60"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/translator/TranslatorPage.kt"}, "region": {"startLine": 213}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50638, "scanner": "repobility-ai-code-hygiene", "fingerprint": "9d12250cfb3f767e9eb5d653e28b239082689e87c72ee6ccc5250c47458af2dc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/components/CustomThemeButton.kt", "duplicate_line": 37, "correlation_key": "fp|9d12250cfb3f767e9eb5d653e28b239082689e87c72ee6ccc5250c47458af2dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/components/PresetThemeButton.kt"}, "region": {"startLine": 117}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50637, "scanner": "repobility-ai-code-hygiene", "fingerprint": "02b42872b8cc086bec0d38268b4f8fe96954005541f4d3828174bf96ddf0bfcc", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/assistant/detail/AssistantDetailPage.kt", "duplicate_line": 70, "correlation_key": "fp|02b42872b8cc086bec0d38268b4f8fe96954005541f4d3828174bf96ddf0bfcc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingThemePage.kt"}, "region": {"startLine": 108}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50636, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1f0819865254cdd58daf83205275090036a2b297d8aedb8ebe7f5aebf7aa16f7", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/extensions/ExtensionsPage.kt", "duplicate_line": 36, "correlation_key": "fp|1f0819865254cdd58daf83205275090036a2b297d8aedb8ebe7f5aebf7aa16f7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingThemePage.kt"}, "region": {"startLine": 107}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50635, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5005b20795c7641f5411a5df2cd318ae7d9307bdcf5a4f0e23c7a2d7be81c139", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingProviderPage.kt", "duplicate_line": 198, "correlation_key": "fp|5005b20795c7641f5411a5df2cd318ae7d9307bdcf5a4f0e23c7a2d7be81c139"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingSpeechPage.kt"}, "region": {"startLine": 301}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50634, "scanner": "repobility-ai-code-hygiene", "fingerprint": "472073b7ad367a5c0cd5df6b2fa9dac58cb4b9aaf2c0855017d9fa0843e2ce3a", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesNotificationPage.kt", "duplicate_line": 59, "correlation_key": "fp|472073b7ad367a5c0cd5df6b2fa9dac58cb4b9aaf2c0855017d9fa0843e2ce3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesUIPage.kt"}, "region": {"startLine": 109}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50633, "scanner": "repobility-ai-code-hygiene", "fingerprint": "fff2c39d6a3b7ca8a2bd2ee4c01a4a9cc4acb2616f5d84becff625fe874df333", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesGeneralPage.kt", "duplicate_line": 48, "correlation_key": "fp|fff2c39d6a3b7ca8a2bd2ee4c01a4a9cc4acb2616f5d84becff625fe874df333"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesUIPage.kt"}, "region": {"startLine": 103}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50632, "scanner": "repobility-ai-code-hygiene", "fingerprint": "65e3983ec43c24febce2b02ffb352431fda62eeac671ffa8d5ac82bb93251915", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesNotificationPage.kt", "duplicate_line": 59, "correlation_key": "fp|65e3983ec43c24febce2b02ffb352431fda62eeac671ffa8d5ac82bb93251915"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesThemePage.kt"}, "region": {"startLine": 55}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50631, "scanner": "repobility-ai-code-hygiene", "fingerprint": "5b9d7b9d3ccfb0c2580abfb6d5b2ce45ae3ef46b6e79a8ac9a465bf31f202c33", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesGeneralPage.kt", "duplicate_line": 48, "correlation_key": "fp|5b9d7b9d3ccfb0c2580abfb6d5b2ce45ae3ef46b6e79a8ac9a465bf31f202c33"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesThemePage.kt"}, "region": {"startLine": 49}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50630, "scanner": "repobility-ai-code-hygiene", "fingerprint": "ee7741504bc0cc6936c610481d0c9771d053ba8663df58228708056707b35279", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesNotificationPage.kt", "duplicate_line": 59, "correlation_key": "fp|ee7741504bc0cc6936c610481d0c9771d053ba8663df58228708056707b35279"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesPage.kt"}, "region": {"startLine": 44}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50629, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6daf85cb1c78734dbd984dd5846150adc62c0a33a415c014223a43b664031e98", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesGeneralPage.kt", "duplicate_line": 48, "correlation_key": "fp|6daf85cb1c78734dbd984dd5846150adc62c0a33a415c014223a43b664031e98"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesPage.kt"}, "region": {"startLine": 38}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50628, "scanner": "repobility-ai-code-hygiene", "fingerprint": "d80e820f69665359314544673decf9528ab728863ede1bf62517758238dc93d6", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesGeneralPage.kt", "duplicate_line": 48, "correlation_key": "fp|d80e820f69665359314544673decf9528ab728863ede1bf62517758238dc93d6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/setting/SettingPreferencesNotificationPage.kt"}, "region": {"startLine": 53}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50627, "scanner": "repobility-ai-code-hygiene", "fingerprint": "2bd21c408a81d81c13b22a8bdc582f8aaa99dffaea660a44ef53a945bd70265c", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/extensions/QuickMessagesPage.kt", "duplicate_line": 202, "correlation_key": "fp|2bd21c408a81d81c13b22a8bdc582f8aaa99dffaea660a44ef53a945bd70265c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/extensions/SkillsPage.kt"}, "region": {"startLine": 266}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50626, "scanner": "repobility-ai-code-hygiene", "fingerprint": "4205c81dee3274f1b11b74d49f39a91665fe44c7417c3cf1efa64ac69da354af", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/McpPicker.kt", "duplicate_line": 74, "correlation_key": "fp|4205c81dee3274f1b11b74d49f39a91665fe44c7417c3cf1efa64ac69da354af"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/SearchPicker.kt"}, "region": {"startLine": 74}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 50625, "scanner": "repobility-ai-code-hygiene", "fingerprint": "c48736858d06394f1782151c39b1ddb95fe987671cf2a23d504eb702368afa11", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/activity/SafeModeActivity.kt", "duplicate_line": 172, "correlation_key": "fp|c48736858d06394f1782151c39b1ddb95fe987671cf2a23d504eb702368afa11"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/AssistantPicker.kt"}, "region": {"startLine": 123}}}]}, {"ruleId": "SEC132", "level": "note", "message": {"text": "[SEC132] String concat where the language has interpolation (AI style drift): String built by concatenation where the language has cleaner interpolation (Python f-strings since 3.6, JS template literals since ES6). Not a vulnerability on its own, but a style signature of cross-language AI rewrites \u2014 the model wrote idiomatic Java/C# and then translated mechanically. When this style appears in only *some* files of a repo, it's a strong indicator of an AI-driven rewrite that needs a human review p"}, "properties": {"repobilityId": 50612, "scanner": "repobility-threat-engine", "fingerprint": "cc356abf7c9b612b01dd6856b64479cee23b1ede17db2f98450dc056aea09a61", "category": "quality", "severity": "low", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "\"https://example.com/search?q=\" + encoded + \"&limit=\"", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC132", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|cc356abf7c9b612b01dd6856b64479cee23b1ede17db2f98450dc056aea09a61"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "search/src/main/java/me/rerere/search/SearchService.kt"}, "region": {"startLine": 321}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `list_keys` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, for=1, if=5, nested_bonus=3."}, "properties": {"repobilityId": 50605, "scanner": "repobility-threat-engine", "fingerprint": "769b87e6c2b4f8b3832716972ecbdc12ff517f8cecc085fb11306c5e4558e25e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "list_keys", "breakdown": {"if": 5, "for": 1, "else": 1, "nested_bonus": 3}, "complexity": 10, "correlation_key": "fp|769b87e6c2b4f8b3832716972ecbdc12ff517f8cecc085fb11306c5e4558e25e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 272}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `set` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, if=5, nested_bonus=2, ternary=1."}, "properties": {"repobilityId": 50604, "scanner": "repobility-threat-engine", "fingerprint": "85ca964f05af51fcb075ae9322248439b22c4d02dbf3eefc4d5125cfe2ba9199", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 10 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "set", "breakdown": {"if": 5, "else": 1, "except": 1, "ternary": 1, "nested_bonus": 2}, "complexity": 10, "correlation_key": "fp|85ca964f05af51fcb075ae9322248439b22c4d02dbf3eefc4d5125cfe2ba9199"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 216}}}]}, {"ruleId": "COMP001", "level": "note", "message": {"text": "[COMP001] High cognitive complexity: Function `add` has cognitive complexity 12 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand \u2014 nested branches, boolean chains, and recursion all weigh in. Breakdown: else=1, except=1, if=7, nested_bonus=3."}, "properties": {"repobilityId": 50603, "scanner": "repobility-threat-engine", "fingerprint": "4c24f83e95e8e254c8f1df98b0991fb997fe25236a8b8e969f1d1a95c6dc2c9e", "category": "quality", "severity": "low", "confidence": 0.95, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "AST-derived cognitive complexity score = 12 (severity threshold for low: 8+).", "evidence": {"scanner": "repobility-threat-engine", "function": "add", "breakdown": {"if": 7, "else": 1, "except": 1, "nested_bonus": 3}, "complexity": 12, "correlation_key": "fp|4c24f83e95e8e254c8f1df98b0991fb997fe25236a8b8e969f1d1a95c6dc2c9e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC006", "level": "note", "message": {"text": "[SEC006] XSS Risk: Direct HTML injection without sanitization."}, "properties": {"repobilityId": 6141, "scanner": "repobility-threat-engine", "fingerprint": "0a485d38d1faa0b58cf7b3364bbd741c93d8aa163653e744238ebdc284d11daa", "category": "injection", "severity": "low", "confidence": 0.4, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "evidence": {"match": ".innerHTML = r", "reason": "No user-input source (request/query/fetch/URL) found \u2014 may be static content", "rule_id": "SEC006", "scanner": "repobility-threat-engine", "confidence": 0.4, "correlation_key": "code|injection|token|114|sec006"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/workbench/workbench-host.tsx"}, "region": {"startLine": 114}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6140, "scanner": "repobility-ai-code-hygiene", "fingerprint": "e9b9c77fa41bf7b3db8cd6283ea776ba0c5af46d0f33550b944371102381e704", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/favorite/FavoritePage.kt", "duplicate_line": 135, "correlation_key": "fp|e9b9c77fa41bf7b3db8cd6283ea776ba0c5af46d0f33550b944371102381e704"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/history/HistoryPage.kt"}, "region": {"startLine": 174}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6138, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6b902842d3710c563a07dc6fb2687ecf89debe3737b3a365d12b00b42de631fe", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/pages/assistant/detail/AssistantDetailPage.kt", "duplicate_line": 70, "correlation_key": "fp|6b902842d3710c563a07dc6fb2687ecf89debe3737b3a365d12b00b42de631fe"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/extensions/ExtensionsPage.kt"}, "region": {"startLine": 37}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6137, "scanner": "repobility-ai-code-hygiene", "fingerprint": "6e50fbee1faae254073a1bed4d12b6fe6673571ee3838828b6406f3b795dc5a3", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/components/ui/UIAvatar.kt", "duplicate_line": 181, "correlation_key": "fp|6e50fbee1faae254073a1bed4d12b6fe6673571ee3838828b6406f3b795dc5a3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/assistant/detail/BackgroundPicker.kt"}, "region": {"startLine": 113}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6136, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3d8716225a50089aa7bbb8c14a269686a7241f71b9545b5346054c3e3ebe6422", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/components/ui/icons/DiscordIcon.kt", "duplicate_line": 17, "correlation_key": "fp|3d8716225a50089aa7bbb8c14a269686a7241f71b9545b5346054c3e3ebe6422"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ui/icons/TencentQQIcon.kt"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6135, "scanner": "repobility-ai-code-hygiene", "fingerprint": "f80f7f94464b80c6912d965e81e1e6fca8733486b440b03ede77d1e7b81aad92", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/components/ui/icons/DiscordIcon.kt", "duplicate_line": 17, "correlation_key": "fp|f80f7f94464b80c6912d965e81e1e6fca8733486b440b03ede77d1e7b81aad92"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ui/icons/Heart.kt"}, "region": {"startLine": 17}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6134, "scanner": "repobility-ai-code-hygiene", "fingerprint": "58d91905f0b11ff8471fb66f58152d497d912a3b10ba8ca1b060848d73879488", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/ChatInput.kt", "duplicate_line": 744, "correlation_key": "fp|58d91905f0b11ff8471fb66f58152d497d912a3b10ba8ca1b060848d73879488"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ui/TextArea.kt"}, "region": {"startLine": 178}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6131, "scanner": "repobility-ai-code-hygiene", "fingerprint": "3698233b8f407269e1bdac87c22e6eec9f4a761c50d4523c402f4099e62a8d01", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "app/src/main/java/me/rerere/rikkahub/data/sync/S3Sync.kt", "duplicate_line": 103, "correlation_key": "fp|3698233b8f407269e1bdac87c22e6eec9f4a761c50d4523c402f4099e62a8d01"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/sync/webdav/WebDavSync.kt"}, "region": {"startLine": 116}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6130, "scanner": "repobility-ai-code-hygiene", "fingerprint": "1211a576f958834cbf5a80bd75f51805d12a6b288532719225192917c9ad0ac4", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ai/src/main/java/me/rerere/ai/provider/providers/ClaudeProvider.kt", "duplicate_line": 212, "correlation_key": "fp|1211a576f958834cbf5a80bd75f51805d12a6b288532719225192917c9ad0ac4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai/src/main/java/me/rerere/ai/provider/providers/openai/ResponseAPI.kt"}, "region": {"startLine": 150}}}]}, {"ruleId": "AIC003", "level": "note", "message": {"text": "Duplicated implementation block across source files"}, "properties": {"repobilityId": 6129, "scanner": "repobility-ai-code-hygiene", "fingerprint": "a3076b6859e591bbf253ef83e2b377fae69529ce70c9fd889c13bb39cd94ee4f", "category": "quality", "severity": "low", "confidence": 0.86, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "A normalized source-code window appears in two different non-test files.", "evidence": {"lines": 12, "rule_id": "AIC003", "scanner": "repobility-ai-code-hygiene", "references": ["https://jscpd.dev/"], "duplicate_file": "ai/src/main/java/me/rerere/ai/provider/providers/openai/ChatCompletionsAPI.kt", "duplicate_line": 188, "correlation_key": "fp|a3076b6859e591bbf253ef83e2b377fae69529ce70c9fd889c13bb39cd94ee4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai/src/main/java/me/rerere/ai/provider/providers/openai/ResponseAPI.kt"}, "region": {"startLine": 136}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 50624, "scanner": "repobility-threat-engine", "fingerprint": "4a92a2e1775cc873e0f15dddece4ad3f9d963ce8d66d25c82b04564fb5e95818", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|4a92a2e1775cc873e0f15dddece4ad3f9d963ce8d66d25c82b04564fb5e95818"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/copy.ts"}, "region": {"startLine": 34}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 50623, "scanner": "repobility-threat-engine", "fingerprint": "3a4469f100f46ed986ab4be3c51ab359a5b760b2d4a941dc3724a636bca9ea0d", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|3a4469f100f46ed986ab4be3c51ab359a5b760b2d4a941dc3724a636bca9ea0d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/stores/hooks/use-settings-subscription.ts"}, "region": {"startLine": 24}}}]}, {"ruleId": "MINED044", "level": "none", "message": {"text": "[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed."}, "properties": {"repobilityId": 50622, "scanner": "repobility-threat-engine", "fingerprint": "7c192817245beb88f4c8ff6f84a7e94b85a234acd5e67e96ad01396abf726889", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "js-console-log-prod", "owasp": null, "cwe_ids": ["CWE-532"], "languages": ["javascript", "typescript", "tsx", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348003+00:00", "triaged_in_corpus": 10, "observations_count": 1940833, "ai_coder_pattern_id": 102}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7c192817245beb88f4c8ff6f84a7e94b85a234acd5e67e96ad01396abf726889"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/hooks/use-conversation-list.ts"}, "region": {"startLine": 152}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 50621, "scanner": "repobility-threat-engine", "fingerprint": "b812fdc1f5317886c7355c4b61538580753f75577630e073fcd485d37e1e49b4", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b812fdc1f5317886c7355c4b61538580753f75577630e073fcd485d37e1e49b4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/root.tsx"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 50620, "scanner": "repobility-threat-engine", "fingerprint": "d96b6fc989060a8f3ef818f874d8895fc2699b3e158a1a9f7464af49caed9b48", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d96b6fc989060a8f3ef818f874d8895fc2699b3e158a1a9f7464af49caed9b48"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/ui/slider.tsx"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED056", "level": "none", "message": {"text": "[MINED056] React Key As Index: key={index} in map() \u2014 re-renders the wrong elements on re-order."}, "properties": {"repobilityId": 50619, "scanner": "repobility-threat-engine", "fingerprint": "7516890aecf615456fe585ecff5375000ffeb13bed560a4f54baecb3b135a38a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "react-key-as-index", "owasp": null, "cwe_ids": ["CWE-682"], "languages": ["typescript", "tsx", "javascript", "jsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348032+00:00", "triaged_in_corpus": 12, "observations_count": 299917, "ai_coder_pattern_id": 135}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7516890aecf615456fe585ecff5375000ffeb13bed560a4f54baecb3b135a38a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/message/chain-of-thought.tsx"}, "region": {"startLine": 89}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 50618, "scanner": "repobility-threat-engine", "fingerprint": "2f8c504fd53b70fa7212a50d6112bd6e735b335f7770f673ca077d77f3b2de53", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|2f8c504fd53b70fa7212a50d6112bd6e735b335f7770f673ca077d77f3b2de53"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/stores/slices/chat-input-slice.ts"}, "region": {"startLine": 93}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 50617, "scanner": "repobility-threat-engine", "fingerprint": "e5524072138d1235e7547ec9f05744f79f928e5e8678f8c940bcad168faf8e3a", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|e5524072138d1235e7547ec9f05744f79f928e5e8678f8c940bcad168faf8e3a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/theme-provider.tsx"}, "region": {"startLine": 100}}}]}, {"ruleId": "MINED045", "level": "none", "message": {"text": "[MINED045] Ts Non Null Assertion: x! asserts not null - bypasses null checks - TypeError if wrong."}, "properties": {"repobilityId": 50616, "scanner": "repobility-threat-engine", "fingerprint": "1f24292b4423e10b857a1a104bf635b3a5b6759ec6b3227950b5f88f017b1958", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "ts-non-null-assertion", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["typescript", "tsx"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348005+00:00", "triaged_in_corpus": 12, "observations_count": 1810954, "ai_coder_pattern_id": 105}, "scanner": "repobility-threat-engine", "correlation_key": "fp|1f24292b4423e10b857a1a104bf635b3a5b6759ec6b3227950b5f88f017b1958"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/message/chain-of-thought.tsx"}, "region": {"startLine": 222}}}]}, {"ruleId": "MINED064", "level": "none", "message": {"text": "[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services."}, "properties": {"repobilityId": 50611, "scanner": "repobility-threat-engine", "fingerprint": "042a29f02a552164b0667428c27b727f009380483d7e07f2ae315d233dd3bda2", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-input-call", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348050+00:00", "triaged_in_corpus": 12, "observations_count": 66378, "ai_coder_pattern_id": 124}, "scanner": "repobility-threat-engine", "correlation_key": "fp|042a29f02a552164b0667428c27b727f009380483d7e07f2ae315d233dd3bda2"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/widgets/edit_modal.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 50609, "scanner": "repobility-threat-engine", "fingerprint": "8599cb1e4144222865b8ca7f0a5b175aabb387c45272590256238b8ae991530c", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|8599cb1e4144222865b8ca7f0a5b175aabb387c45272590256238b8ae991530c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/translator.py"}, "region": {"startLine": 15}}}]}, {"ruleId": "MINED050", "level": "none", "message": {"text": "[MINED050] Stub Only Function: Function declared but body is just pass, return None, raise NotImplementedError, or TODO comment."}, "properties": {"repobilityId": 50608, "scanner": "repobility-threat-engine", "fingerprint": "f5e58e4d69832d6c7db03e7ceb1c122a4cda81b14508cf45c266c911f2abf910", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "stub-only-function", "owasp": null, "cwe_ids": ["CWE-1188"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348017+00:00", "triaged_in_corpus": 12, "observations_count": 633513, "ai_coder_pattern_id": 2}, "scanner": "repobility-threat-engine", "correlation_key": "fp|f5e58e4d69832d6c7db03e7ceb1c122a4cda81b14508cf45c266c911f2abf910"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/dead_entry_finder.py"}, "region": {"startLine": 61}}}]}, {"ruleId": "COMP001", "level": "none", "message": {"text": "[COMP001] High cognitive complexity (and 1 more): Same pattern found in 1 additional files. Review if needed."}, "properties": {"repobilityId": 50606, "scanner": "repobility-threat-engine", "fingerprint": "33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 1 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"scanner": "repobility-threat-engine", "function": "add", "breakdown": {"if": 7, "else": 1, "except": 1, "nested_bonus": 3}, "aggregated": true, "complexity": 12, "correlation_key": "fp|33f8a11bb9950391724aaaf564313c9967d2e5a2c97736723f8a42124b41d155", "aggregated_count": 1}}}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 50602, "scanner": "repobility-threat-engine", "fingerprint": "212f55bb80ddb09c7ef72c2847028ce4314f3be50251852d1c92de8ad824d0dc", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|212f55bb80ddb09c7ef72c2847028ce4314f3be50251852d1c92de8ad824d0dc"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/models/entry.py"}, "region": {"startLine": 7}}}]}, {"ruleId": "MINED062", "level": "none", "message": {"text": "[MINED062] Python Dataclass No Fields: @dataclass over an empty class \u2014 unfinished model."}, "properties": {"repobilityId": 50601, "scanner": "repobility-threat-engine", "fingerprint": "699c30d8dcf241e22dcb40f379d95aeafadfda5cf809e4bf7b3a755bdff48009", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "python-dataclass-no-fields", "owasp": null, "cwe_ids": [], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.348046+00:00", "triaged_in_corpus": 10, "observations_count": 92448, "ai_coder_pattern_id": 144}, "scanner": "repobility-threat-engine", "correlation_key": "fp|699c30d8dcf241e22dcb40f379d95aeafadfda5cf809e4bf7b3a755bdff48009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/config.py"}, "region": {"startLine": 12}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 50600, "scanner": "repobility-threat-engine", "fingerprint": "6e2de124543bb201f9a05f530a0f06b00e48b3518d47a64b9955903fa8ba587c", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|53|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "speech/src/main/java/me/rerere/tts/provider/providers/SystemTTSProvider.kt"}, "region": {"startLine": 53}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 50599, "scanner": "repobility-threat-engine", "fingerprint": "5abaef5d6b14f6b06ab787d269d8e2da4582690fff182ce4085d426a78fca2fa", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|41|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "speech/src/main/java/me/rerere/tts/controller/TextChunker.kt"}, "region": {"startLine": 41}}}]}, {"ruleId": "SEC118", "level": "none", "message": {"text": "[SEC118] UUIDv1 / UUIDv3 used for security-sensitive identifier: UUIDv1 encodes the MAC address and timestamp, making it predictable. Used as a session token or password-reset key, it's enumerable."}, "properties": {"repobilityId": 50598, "scanner": "repobility-threat-engine", "fingerprint": "4630d985ee4b8f9cab5642fdac47b79ff9235236573493db4bdf0292c1c43ecd", "category": "crypto", "severity": "info", "confidence": 0.1, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Safe pattern 'randomUUID' detected on same line", "evidence": {"match": "UUID.randomUUID()", "reason": "Safe pattern 'randomUUID' detected on same line", "rule_id": "SEC118", "scanner": "repobility-threat-engine", "confidence": 0.1, "correlation_key": "code|crypto|token|96|sec118"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/web/WebApiModule.kt"}, "region": {"startLine": 96}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 50596, "scanner": "repobility-threat-engine", "fingerprint": "356b8813afcbe736cc813d745c14b749fd8901cfbc71d71258912119403587ef", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|356b8813afcbe736cc813d745c14b749fd8901cfbc71d71258912119403587ef"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/service/WebServerService.kt"}, "region": {"startLine": 110}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 50595, "scanner": "repobility-threat-engine", "fingerprint": "cdb0fb67f26a534a0be7b1b01dee7b78b37007fe11389bd327eadcec4aac0bca", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|cdb0fb67f26a534a0be7b1b01dee7b78b37007fe11389bd327eadcec4aac0bca"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/sync/s3/S3Config.kt"}, "region": {"startLine": 21}}}]}, {"ruleId": "MINED043", "level": "none", "message": {"text": "[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data."}, "properties": {"repobilityId": 50594, "scanner": "repobility-threat-engine", "fingerprint": "767eb64b1887a145d1442f364b8541993aefa57c3bd3325f6644b021f23adae5", "category": "quality", "severity": "info", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "http-not-https", "owasp": "A02:2021", "cwe_ids": ["CWE-319"], "precision": 0.917, "promoted_at": "2026-05-18T14:01:32.347999+00:00", "triaged_in_corpus": 12, "observations_count": 4113831, "ai_coder_pattern_id": 15}, "scanner": "repobility-threat-engine", "correlation_key": "fp|767eb64b1887a145d1442f364b8541993aefa57c3bd3325f6644b021f23adae5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/sync/s3/AwsSignatureV4.kt"}, "region": {"startLine": 104}}}]}, {"ruleId": "SEC029", "level": "none", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input (and 22 more): Same pattern found in 22 additional files. Review if needed."}, "properties": {"repobilityId": 50593, "scanner": "repobility-threat-engine", "fingerprint": "2e3607151b79226e1f988d03377240b01f057a39282b8ee7334800f3ede61bb1", "category": "ssrf", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 22 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|2e3607151b79226e1f988d03377240b01f057a39282b8ee7334800f3ede61bb1"}}}, {"ruleId": "SEC084", "level": "none", "message": {"text": "[SEC084] JS: require() with non-literal (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 50588, "scanner": "repobility-threat-engine", "fingerprint": "8ce8a1367a2a0d9794a6d1f712fc9c846b60dcbe21c8f164bcea91d350a68bc9", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|8ce8a1367a2a0d9794a6d1f712fc9c846b60dcbe21c8f164bcea91d350a68bc9"}}}, {"ruleId": "MINED029", "level": "none", "message": {"text": "[MINED029] Kotlin Null Bang (and 3 more): Same pattern found in 3 additional files. Review if needed."}, "properties": {"repobilityId": 50584, "scanner": "repobility-threat-engine", "fingerprint": "7126a6b089599369028fc59009719671c05c758a810bac071472cbd88da90269", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 3 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "aggregated": true, "correlation_key": "fp|7126a6b089599369028fc59009719671c05c758a810bac071472cbd88da90269", "aggregated_count": 3}}}, {"ruleId": "SEC128", "level": "none", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake) (and 15 more): Same pattern found in 15 additional files. Review if needed."}, "properties": {"repobilityId": 50579, "scanner": "repobility-threat-engine", "fingerprint": "626b968a51905fab68488b914668d7d2e59a6d38ac62d921861aaee76f35958d", "category": "quality", "severity": "info", "confidence": 0.2, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "evidence": {"reason": "Deduplicated summary only: 15 additional occurrences found. The top occurrences remain visible as actionable findings.", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 0.2, "correlation_key": "fp|626b968a51905fab68488b914668d7d2e59a6d38ac62d921861aaee76f35958d"}}}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 6143, "scanner": "repobility-threat-engine", "fingerprint": "2213bcdf8e268513e40e0df40b443597c5bc00272f452d0b32c4be214160e2fc", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|611|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/ui/sidebar.tsx"}, "region": {"startLine": 611}}}]}, {"ruleId": "SEC015", "level": "none", "message": {"text": "[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable."}, "properties": {"repobilityId": 6142, "scanner": "repobility-threat-engine", "fingerprint": "fcd5ad562dde584b061b810b8ce2488e5e23401dfd99e4e16e5bfe1bd65467d1", "category": "crypto", "severity": "info", "confidence": 0.15, "triageState": "false_positive", "verdict": "likely_fp", "isResolved": true, "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "evidence": {"match": "Math.random()", "reason": "Weak PRNG appears to be used for non-security behavior (UI, sampling, demos, shuffling, or backoff), not for secrets", "rule_id": "SEC015", "scanner": "repobility-threat-engine", "confidence": 0.15, "correlation_key": "code|crypto|token|111|sec015"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/workbench/workbench-host.tsx"}, "region": {"startLine": 111}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `gradle/wrapper/gradle-wrapper.jar` committed in source repo: `gradle/wrapper/gradle-wrapper.jar` is a .jar binary (59,203 bytes) committed to a repo that otherwise has 657 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 50691, "scanner": "repobility-supply-chain", "fingerprint": "8b09564a333a83cd899957c0138b264c5163619a3a99a22c407c9bf374b01cda", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|8b09564a333a83cd899957c0138b264c5163619a3a99a22c407c9bf374b01cda"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/wrapper/gradle-wrapper.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `app/src/main/jniLibs/x86_64/libsimple.so` committed in source repo: `app/src/main/jniLibs/x86_64/libsimple.so` is a .so binary (8,743,904 bytes) committed to a repo that otherwise has 657 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 50690, "scanner": "repobility-supply-chain", "fingerprint": "1492d0544efb0127250078dfe5dcce4d87be61e5391e1bcf0027100ae0e2aee6", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|1492d0544efb0127250078dfe5dcce4d87be61e5391e1bcf0027100ae0e2aee6"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/jniLibs/x86_64/libsimple.so"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `app/src/main/jniLibs/arm64-v8a/libsimple.so` committed in source repo: `app/src/main/jniLibs/arm64-v8a/libsimple.so` is a .so binary (9,076,576 bytes) committed to a repo that otherwise has 657 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 50689, "scanner": "repobility-supply-chain", "fingerprint": "524f993d3fd423999ddf7e5b2516bfcfbd5289099ee62dd72d1cf4c98bdc5dd0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|524f993d3fd423999ddf7e5b2516bfcfbd5289099ee62dd72d1cf4c98bdc5dd0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/jniLibs/arm64-v8a/libsimple.so"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `document/src/main/jniLibs/x86_64/libmupdf_java.so` committed in source repo: `document/src/main/jniLibs/x86_64/libmupdf_java.so` is a .so binary (9,818,488 bytes) committed to a repo that otherwise has 657 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 50688, "scanner": "repobility-supply-chain", "fingerprint": "debf8ac09dcb8cf37d18fed9b092dec5883979c5ba367bf612242405810a33a9", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|debf8ac09dcb8cf37d18fed9b092dec5883979c5ba367bf612242405810a33a9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "document/src/main/jniLibs/x86_64/libmupdf_java.so"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `document/src/main/jniLibs/arm64-v8a/libmupdf_java.so` committed in source repo: `document/src/main/jniLibs/arm64-v8a/libmupdf_java.so` is a .so binary (9,444,584 bytes) committed to a repo that otherwise has 657 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 50687, "scanner": "repobility-supply-chain", "fingerprint": "2a467b5a5b75bf64add04eafc067c033f2c94f3dfbfb158a23144bca50df5b8b", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|2a467b5a5b75bf64add04eafc067c033f2c94f3dfbfb158a23144bca50df5b8b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "document/src/main/jniLibs/arm64-v8a/libmupdf_java.so"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED134", "level": "error", "message": {"text": "[MINED134] Binary file `gradle/vineflower.jar` committed in source repo: `gradle/vineflower.jar` is a .jar binary (1,633,863 bytes) committed to a repo that otherwise has 657 source files. Trojan binaries inside otherwise-normal source repos are a known supply-chain attack: a compromised dependency or PR slips in a binary that gets executed by build scripts."}, "properties": {"repobilityId": 50686, "scanner": "repobility-supply-chain", "fingerprint": "f6ed958eb4bb4b19d82860b930662e6bb03a1aab3a38f9edc14fce1613752ac7", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "suspicious-binary-in-src", "owasp": null, "cwe_ids": ["CWE-506"], "languages": ["any"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|f6ed958eb4bb4b19d82860b930662e6bb03a1aab3a38f9edc14fce1613752ac7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "gradle/vineflower.jar"}, "region": {"startLine": 1}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v4`: `uses: actions/upload-artifact@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 50685, "scanner": "repobility-supply-chain", "fingerprint": "7d57056700fd75535c59a4da348f4d73a42bf37ba63ea9f87394443e367ac192", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|7d57056700fd75535c59a4da348f4d73a42bf37ba63ea9f87394443e367ac192"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 46}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/cache` pinned to mutable ref `@v4`: `uses: actions/cache@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 50684, "scanner": "repobility-supply-chain", "fingerprint": "4f47962ca7e156ab07590218670e531abb844fffabfe0c7514df0a4998da4306", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|4f47962ca7e156ab07590218670e531abb844fffabfe0c7514df0a4998da4306"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 22}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/setup-java` pinned to mutable ref `@v4`: `uses: actions/setup-java@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 50683, "scanner": "repobility-supply-chain", "fingerprint": "833502efca5133f16830b2a99d7fdcc500988e94692a4fcb4f4cf6c90a1aa6e0", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|833502efca5133f16830b2a99d7fdcc500988e94692a4fcb4f4cf6c90a1aa6e0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 16}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/checkout` pinned to mutable ref `@v4`: `uses: actions/checkout@v4` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 50682, "scanner": "repobility-supply-chain", "fingerprint": "55504908fed18240e5fc79162c10670f4b864e2f852ee1bb53e3ac67867486b3", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|55504908fed18240e5fc79162c10670f4b864e2f852ee1bb53e3ac67867486b3"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/release.yml"}, "region": {"startLine": 11}}}]}, {"ruleId": "MINED115", "level": "error", "message": {"text": "[MINED115] Action `actions/github-script` pinned to mutable ref `@v7`: `uses: actions/github-script@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate."}, "properties": {"repobilityId": 50681, "scanner": "repobility-supply-chain", "fingerprint": "ebff47d2d3b33e1c83743059afb036d34e34f5337a8ee83308e4bfbdce3447f1", "category": "dependency", "severity": "high", "confidence": 0.9, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "gha-mutable-ref", "owasp": "A08:2021", "cwe_ids": ["CWE-829"], "languages": ["yaml"], "observations_count": 0}, "scanner": "repobility-supply-chain", "correlation_key": "fp|ebff47d2d3b33e1c83743059afb036d34e34f5337a8ee83308e4bfbdce3447f1"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": ".github/workflows/close-blank-issues.yml"}, "region": {"startLine": 13}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.update_status` used but never assigned in __init__: Method `on_input_changed` of class `TranslationTableScreen` reads `self.update_status`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50679, "scanner": "repobility-ast-engine", "fingerprint": "c7de90555f7abe97783064764342b193dab2fa4df06db6333c1b221b7ad7fbe5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|c7de90555f7abe97783064764342b193dab2fa4df06db6333c1b221b7ad7fbe5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 210}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.apply_filters` used but never assigned in __init__: Method `on_input_changed` of class `TranslationTableScreen` reads `self.apply_filters`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50678, "scanner": "repobility-ast-engine", "fingerprint": "0470439cb349b545ba85af01c4b83915ec884c91a1f000e068406e64d233ae77", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0470439cb349b545ba85af01c4b83915ec884c91a1f000e068406e64d233ae77"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 209}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.query_one` used but never assigned in __init__: Method `update_status` of class `TranslationTableScreen` reads `self.query_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50677, "scanner": "repobility-ast-engine", "fingerprint": "96224809ff4c77fb29eb8af3fb44dffc0fc2e6e4b7cfe8c8f420d0e0186831cb", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|96224809ff4c77fb29eb8af3fb44dffc0fc2e6e4b7cfe8c8f420d0e0186831cb"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 203}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.query_one` used but never assigned in __init__: Method `update_status` of class `TranslationTableScreen` reads `self.query_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50676, "scanner": "repobility-ast-engine", "fingerprint": "70db8d5ad1016883d43e098a3cbfba40a788e1c37fd2542ad79fe1ef8e031593", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|70db8d5ad1016883d43e098a3cbfba40a788e1c37fd2542ad79fe1ef8e031593"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 192}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.query_one` used but never assigned in __init__: Method `refresh_table` of class `TranslationTableScreen` reads `self.query_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50675, "scanner": "repobility-ast-engine", "fingerprint": "81997f874448ade0261005f81fc434447104cf1f8ad112e7a04079974cdf293d", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|81997f874448ade0261005f81fc434447104cf1f8ad112e7a04079974cdf293d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 157}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.refresh_table` used but never assigned in __init__: Method `apply_filters` of class `TranslationTableScreen` reads `self.refresh_table`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50674, "scanner": "repobility-ast-engine", "fingerprint": "956ce192f96bbda3b8276e22bc61484a83c19b13bfc2bdb1263b903f320eabc8", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|956ce192f96bbda3b8276e22bc61484a83c19b13bfc2bdb1263b903f320eabc8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 153}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.notify` used but never assigned in __init__: Method `load_entries` of class `TranslationTableScreen` reads `self.notify`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50673, "scanner": "repobility-ast-engine", "fingerprint": "a44e1b99c2b929716986da1e84bc8efdabaeef0e8951eedc8ec1617ef5ff7815", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a44e1b99c2b929716986da1e84bc8efdabaeef0e8951eedc8ec1617ef5ff7815"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 122}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.update_status` used but never assigned in __init__: Method `load_entries` of class `TranslationTableScreen` reads `self.update_status`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50672, "scanner": "repobility-ast-engine", "fingerprint": "2f538473273d52d5c82f0865394a89a50768a167d4528d7a03c5c8d329578e2a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|2f538473273d52d5c82f0865394a89a50768a167d4528d7a03c5c8d329578e2a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 125}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.apply_filters` used but never assigned in __init__: Method `load_entries` of class `TranslationTableScreen` reads `self.apply_filters`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50671, "scanner": "repobility-ast-engine", "fingerprint": "993e73d4ef74355c57c1a2ebea62047c3e6d18602db2a51fc7909585e446d987", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|993e73d4ef74355c57c1a2ebea62047c3e6d18602db2a51fc7909585e446d987"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 124}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.query_one` used but never assigned in __init__: Method `on_mount` of class `TranslationTableScreen` reads `self.query_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50670, "scanner": "repobility-ast-engine", "fingerprint": "ef631fe9d324c75ae2ce6fc479414bbb0314eb9b5fe41b51ea251606320a66ab", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ef631fe9d324c75ae2ce6fc479414bbb0314eb9b5fe41b51ea251606320a66ab"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 75}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.load_entries` used but never assigned in __init__: Method `on_mount` of class `TranslationTableScreen` reads `self.load_entries`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50669, "scanner": "repobility-ast-engine", "fingerprint": "f90f2d9a2feab70077d0fa5ba031961dc8cdf00104b6a554a3cf9d40a57cae4f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f90f2d9a2feab70077d0fa5ba031961dc8cdf00104b6a554a3cf9d40a57cae4f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 86}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.query_one` used but never assigned in __init__: Method `on_mount` of class `TranslationTableScreen` reads `self.query_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50668, "scanner": "repobility-ast-engine", "fingerprint": "fa08c3dcaf48f39164c37f087eebe90a5f96507c508e53baf68babce4ba2c45c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fa08c3dcaf48f39164c37f087eebe90a5f96507c508e53baf68babce4ba2c45c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/translation_table.py"}, "region": {"startLine": 78}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.app` used but never assigned in __init__: Method `action_quit` of class `ModuleSelectScreen` reads `self.app`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50667, "scanner": "repobility-ast-engine", "fingerprint": "ff3c1735ac1ea1bae4d1c80b23ab5f78f23585b989ee2a010e66fbfea430e83f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|ff3c1735ac1ea1bae4d1c80b23ab5f78f23585b989ee2a010e66fbfea430e83f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/module_select.py"}, "region": {"startLine": 69}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.app` used but never assigned in __init__: Method `on_list_view_selected` of class `ModuleSelectScreen` reads `self.app`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50666, "scanner": "repobility-ast-engine", "fingerprint": "72338fd1818ab8717763c44fa129a6db3f4293e26a56cfd3e16dff23d5cfb771", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|72338fd1818ab8717763c44fa129a6db3f4293e26a56cfd3e16dff23d5cfb771"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/screens/module_select.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dismiss` used but never assigned in __init__: Method `action_cancel` of class `EditModal` reads `self.dismiss`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50665, "scanner": "repobility-ast-engine", "fingerprint": "5e86f60943e7fa22fb8a875bfedc810f09f7ee1a71aea3bcd01b9f155a732630", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|5e86f60943e7fa22fb8a875bfedc810f09f7ee1a71aea3bcd01b9f155a732630"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/widgets/edit_modal.py"}, "region": {"startLine": 66}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.query_one` used but never assigned in __init__: Method `action_save` of class `EditModal` reads `self.query_one`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50664, "scanner": "repobility-ast-engine", "fingerprint": "9729d7fda5c9c5deb80b1fa89c08fc798a2a25fdd2648480cc4aa05eca7f5818", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|9729d7fda5c9c5deb80b1fa89c08fc798a2a25fdd2648480cc4aa05eca7f5818"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/widgets/edit_modal.py"}, "region": {"startLine": 59}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.dismiss` used but never assigned in __init__: Method `action_save` of class `EditModal` reads `self.dismiss`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50663, "scanner": "repobility-ast-engine", "fingerprint": "0829ed30bbd87ce881c708eb6d8b4538dd3eed67ae230aa0442bb6341d0ebb02", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|0829ed30bbd87ce881c708eb6d8b4538dd3eed67ae230aa0442bb6341d0ebb02"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/widgets/edit_modal.py"}, "region": {"startLine": 62}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.action_cancel` used but never assigned in __init__: Method `on_button_pressed` of class `EditModal` reads `self.action_cancel`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50662, "scanner": "repobility-ast-engine", "fingerprint": "fb1684ee980db22824a7b77fd42c166360279a41089278ae8658868af0a42e79", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|fb1684ee980db22824a7b77fd42c166360279a41089278ae8658868af0a42e79"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/widgets/edit_modal.py"}, "region": {"startLine": 53}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.action_save` used but never assigned in __init__: Method `on_button_pressed` of class `EditModal` reads `self.action_save`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50661, "scanner": "repobility-ast-engine", "fingerprint": "de6ad96330271327bb81eaeb007943aa5f1dab065186a75ada66d7f8fa38f96a", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|de6ad96330271327bb81eaeb007943aa5f1dab065186a75ada66d7f8fa38f96a"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/widgets/edit_modal.py"}, "region": {"startLine": 51}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.translate_batch` used but never assigned in __init__: Method `translate_all_missing` of class `AITranslator` reads `self.translate_batch`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50660, "scanner": "repobility-ast-engine", "fingerprint": "4d7849ca8328dc9cc86fe1bba8fb04a9911b35a57ed655e39419206652d9d5da", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|4d7849ca8328dc9cc86fe1bba8fb04a9911b35a57ed655e39419206652d9d5da"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/translator.py"}, "region": {"startLine": 129}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 50659, "scanner": "repobility-ast-engine", "fingerprint": "f85d6d8c010147ab5c2819bb12c32e931a5efc8357ca329ac79542c89a93c965", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f85d6d8c010147ab5c2819bb12c32e931a5efc8357ca329ac79542c89a93c965"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/translator.py"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.find_referenced_keys` used but never assigned in __init__: Method `mark_dead_entries` of class `DeadEntryFinder` reads `self.find_referenced_keys`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50657, "scanner": "repobility-ast-engine", "fingerprint": "d80d886fa045a6744e7d4319714867336732e139dd03f7b37f4979ee0dbb28b0", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|d80d886fa045a6744e7d4319714867336732e139dd03f7b37f4979ee0dbb28b0"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/dead_entry_finder.py"}, "region": {"startLine": 68}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._extract_keys_from_file` used but never assigned in __init__: Method `find_referenced_keys` of class `DeadEntryFinder` reads `self._extract_keys_from_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50656, "scanner": "repobility-ast-engine", "fingerprint": "987b17c7dc3a2f560784c7ec193f37b0bd540fcfd61742b3832c20ecf95bd594", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|987b17c7dc3a2f560784c7ec193f37b0bd540fcfd61742b3832c20ecf95bd594"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/dead_entry_finder.py"}, "region": {"startLine": 48}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self._extract_keys_from_file` used but never assigned in __init__: Method `find_referenced_keys` of class `DeadEntryFinder` reads `self._extract_keys_from_file`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50655, "scanner": "repobility-ast-engine", "fingerprint": "f03e9f0285bfe3ff7ea81eb812b5cad351dce488843bebe4e065383c7d65b7b7", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|f03e9f0285bfe3ff7ea81eb812b5cad351dce488843bebe4e065383c7d65b7b7"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/dead_entry_finder.py"}, "region": {"startLine": 37}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_async: Test function `test_async` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 50649, "scanner": "repobility-ast-engine", "fingerprint": "292a07adfbd9fdf4a6960b1e5d85588bf3d43a748c9d5c94905aab9b0711da2b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|292a07adfbd9fdf4a6960b1e5d85588bf3d43a748c9d5c94905aab9b0711da2b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 74}}}]}, {"ruleId": "MINED106", "level": "error", "message": {"text": "[MINED106] Phantom test coverage: test_connection: Test function `test_connection` runs code but contains no assert / expect / should call \u2014 it passes regardless of behaviour. Adds line coverage without verifying anything."}, "properties": {"repobilityId": 50648, "scanner": "repobility-ast-engine", "fingerprint": "add632748b41a20243fe33d51488fc3bd76b135274b042c2349681652c272349", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "phantom-test-coverage", "owasp": null, "cwe_ids": ["CWE-1126"], "languages": ["python"], "observations_count": 982154}, "scanner": "repobility-ast-engine", "correlation_key": "fp|add632748b41a20243fe33d51488fc3bd76b135274b042c2349681652c272349"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/main.py"}, "region": {"startLine": 56}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.notify` used but never assigned in __init__: Method `action_help` of class `LocaleTuiApp` reads `self.notify`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50647, "scanner": "repobility-ast-engine", "fingerprint": "a1af83dcc4cae0904d4902adf75a0cda613a1b7f0c883420f18d5f6fa4aa69b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|a1af83dcc4cae0904d4902adf75a0cda613a1b7f0c883420f18d5f6fa4aa69b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/app.py"}, "region": {"startLine": 39}}}]}, {"ruleId": "MINED108", "level": "error", "message": {"text": "[MINED108] `self.push_screen` used but never assigned in __init__: Method `on_mount` of class `LocaleTuiApp` reads `self.push_screen`, but no assignment to it exists in __init__ (and no class-level fallback). This raises AttributeError the first time the method runs against an instance."}, "properties": {"repobilityId": 50646, "scanner": "repobility-ast-engine", "fingerprint": "3639b7647a3bdea8938faca298fefdededa6ebbdcf8f138aaaa6e79152e2cea9", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "", "isResolved": false, "reason": "", "evidence": {"mined": true, "mining": {"slug": "self-attr-never-set", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["python"], "observations_count": 25998}, "scanner": "repobility-ast-engine", "correlation_key": "fp|3639b7647a3bdea8938faca298fefdededa6ebbdcf8f138aaaa6e79152e2cea9"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/app.py"}, "region": {"startLine": 35}}}]}, {"ruleId": "SEC085", "level": "error", "message": {"text": "[SEC085] JS: child_process.exec with non-literal: child_process.exec with user-derived input enables command injection. Ported from eslint-plugin-security detect-child-process (Apache-2.0)."}, "properties": {"repobilityId": 50615, "scanner": "repobility-threat-engine", "fingerprint": "2c88a552e9b535c7205522553cf5d79e41cf8614c0d4407002220b8f46d1888b", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "exec(content", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC085", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|2c88a552e9b535c7205522553cf5d79e41cf8614c0d4407002220b8f46d1888b"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/markdown/markdown.tsx"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC083", "level": "error", "message": {"text": "[SEC083] JS: new RegExp() with non-literal: new RegExp(<variable>) \u2014 variable input can craft a ReDoS pattern. Ported from eslint-plugin-security detect-non-literal-regexp (Apache-2.0)."}, "properties": {"repobilityId": 50614, "scanner": "repobility-threat-engine", "fingerprint": "a03b17dfe80787ed64154ecbdbfea1c97755e8745a308a48ec1ba9db8c91f9b5", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "new RegExp(CODE_BLOCK_REGEX", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC083", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|a03b17dfe80787ed64154ecbdbfea1c97755e8745a308a48ec1ba9db8c91f9b5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/markdown/markdown.tsx"}, "region": {"startLine": 28}}}]}, {"ruleId": "MINED001", "level": "error", "message": {"text": "[MINED001] Bare Except Pass: except: pass or except Exception: pass \u2014 silently swallows everything including KeyboardInterrupt and bugs."}, "properties": {"repobilityId": 50607, "scanner": "repobility-threat-engine", "fingerprint": "b658eb04dcb264682c866dbc6bcd49b694a245e68c4b8f9ad6f0fb0376afca9c", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "bare-except-pass", "owasp": null, "cwe_ids": ["CWE-755"], "languages": ["python"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347744+00:00", "triaged_in_corpus": 15, "observations_count": 1550824, "ai_coder_pattern_id": 6}, "scanner": "repobility-threat-engine", "correlation_key": "fp|b658eb04dcb264682c866dbc6bcd49b694a245e68c4b8f9ad6f0fb0376afca9c"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "locale-tui/src/services/dead_entry_finder.py"}, "region": {"startLine": 60}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 50592, "scanner": "repobility-threat-engine", "fingerprint": "f70b2d0211a60054cc186bf0438631051fd4218daa5ea83f08a537a65c5c2c16", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(c", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|f70b2d0211a60054cc186bf0438631051fd4218daa5ea83f08a537a65c5c2c16"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/webview/WebView.kt"}, "region": {"startLine": 153}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 50591, "scanner": "repobility-threat-engine", "fingerprint": "d809ec6f3283c1f8ae8f58e241f6a1e4aa783dacb3d2dbf1a6fdc834075596c4", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n                            u", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|d809ec6f3283c1f8ae8f58e241f6a1e4aa783dacb3d2dbf1a6fdc834075596c4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ai/AttachmentChips.kt"}, "region": {"startLine": 77}}}]}, {"ruleId": "SEC029", "level": "error", "message": {"text": "[SEC029] Server-Side Request Forgery (SSRF) \u2014 outbound HTTP from user input: Outbound HTTP request to a user-controlled URL without allowlist validation. Attackers can probe internal services (169.254.169.254 metadata, internal Kubernetes endpoints, file:// URIs), exfiltrate data, or pivot through your network. SSRF is OWASP A10:2021 and a frequent foothold in cloud breaches."}, "properties": {"repobilityId": 50590, "scanner": "repobility-threat-engine", "fingerprint": "1c2b5bf5964b28ab08514f8c36e20b3cbe26c75e6bcbac7175b96b9a91c135c8", "category": "ssrf", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "Url(\n                    a", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC029", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|1c2b5bf5964b28ab08514f8c36e20b3cbe26c75e6bcbac7175b96b9a91c135c8"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/sync/importer/CherryStudioProviderImporter.kt"}, "region": {"startLine": 59}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 50589, "scanner": "repobility-threat-engine", "fingerprint": "d9345432c55f39944ba959881075fed2f1c0a9574314d2f46ac03a72f0916aad", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(childAsset).use { input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|44|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/db/fts/SimpleDictManager.kt"}, "region": {"startLine": 44}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 50583, "scanner": "repobility-threat-engine", "fingerprint": "10a391e2e8837353b549ade3b2f66c1a6826151bab5d18e9eea4ef3b83e9be40", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|10a391e2e8837353b549ade3b2f66c1a6826151bab5d18e9eea4ef3b83e9be40"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/ai/tools/SearchTools.kt"}, "region": {"startLine": 63}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 50582, "scanner": "repobility-threat-engine", "fingerprint": "7fa65cb5ccc5896d80dd2e74e487a6198cfb7bf4d5e33765ef8f3a50daa0f510", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|7fa65cb5ccc5896d80dd2e74e487a6198cfb7bf4d5e33765ef8f3a50daa0f510"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai/src/main/java/me/rerere/ai/util/KeyRoulette.kt"}, "region": {"startLine": 71}}}]}, {"ruleId": "MINED029", "level": "error", "message": {"text": "[MINED029] Kotlin Null Bang: x!! throws NullPointerException if x is null. Bypasses Kotlins null safety."}, "properties": {"repobilityId": 50581, "scanner": "repobility-threat-engine", "fingerprint": "d48f1103eb7fc6cc3d1837a2cbec924b16f54c545579eed1d191f360cfb5e62f", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "kotlin-null-bang", "owasp": null, "cwe_ids": ["CWE-476"], "languages": ["kotlin"], "precision": 1.0, "promoted_at": "2026-05-18T14:01:32.347966+00:00", "triaged_in_corpus": 15, "observations_count": 7344, "ai_coder_pattern_id": 155}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d48f1103eb7fc6cc3d1837a2cbec924b16f54c545579eed1d191f360cfb5e62f"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai/src/main/java/me/rerere/ai/util/ErrorParser.kt"}, "region": {"startLine": 25}}}]}, {"ruleId": "MINED099", "level": "error", "message": {"text": "[MINED099] Hardcoded Secret: API key, AWS access key, GitHub token, Slack token, OpenAI key, or private key embedded directly in source. AI assistants frequently leak demo credentials."}, "properties": {"repobilityId": 50580, "scanner": "repobility-threat-engine", "fingerprint": "d0dfb5e3ae1e06ff9906735cb133bb8942d8c4f511b7c148e550d287e6db827e", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"mined": true, "mining": {"slug": "hardcoded-secret", "owasp": "A07:2021", "cwe_ids": ["CWE-798"], "languages": [], "precision": 1.0, "promoted_at": "2026-05-18T15:01:13.611213+00:00", "triaged_in_corpus": 8, "observations_count": 88419, "ai_coder_pattern_id": 9}, "scanner": "repobility-threat-engine", "correlation_key": "fp|d0dfb5e3ae1e06ff9906735cb133bb8942d8c4f511b7c148e550d287e6db827e"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai/src/main/java/me/rerere/ai/provider/providers/vertex/ServiceAccountTokenProvider.kt"}, "region": {"startLine": 136}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 50578, "scanner": "repobility-threat-engine", "fingerprint": "0871326061e4fbc087ca35b5fc5dd16fdb406761d9bd091ab4998a18526d8ecf", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "settingsStore.update(settings)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|0871326061e4fbc087ca35b5fc5dd16fdb406761d9bd091ab4998a18526d8ecf"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/pages/assistant/AssistantVM.kt"}, "region": {"startLine": 29}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 50577, "scanner": "repobility-threat-engine", "fingerprint": "bf6727a3c87f52dc427733c1b1ea5669ff05fb7798682d9ebdf72cc8a144bd23", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "dao.update(file)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|bf6727a3c87f52dc427733c1b1ea5669ff05fb7798682d9ebdf72cc8a144bd23"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/repository/FilesRepository.kt"}, "region": {"startLine": 16}}}]}, {"ruleId": "SEC128", "level": "error", "message": {"text": "[SEC128] Async function without await \u2014 fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work completes \u2014 DB writes lost, emails not sent, race conditions. This is one of the top-3 errors AI coders make: they understand async-shape but drop the await keyword when chaining multiple ops. Surfaces as flaky tests or silently dropped data in production."}, "properties": {"repobilityId": 50576, "scanner": "repobility-threat-engine", "fingerprint": "b3f82edcc64ab90024aed0637e3301f06c31d6609ee970fac9c1307d3b3c5190", "category": "quality", "severity": "high", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "sig.update(data)", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC128", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|b3f82edcc64ab90024aed0637e3301f06c31d6609ee970fac9c1307d3b3c5190"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "ai/src/main/java/me/rerere/ai/provider/providers/vertex/ServiceAccountTokenProvider.kt"}, "region": {"startLine": 147}}}]}, {"ruleId": "JRN009", "level": "error", "message": {"text": "Secret-like setting is echoed into a password input value"}, "properties": {"repobilityId": 6146, "scanner": "repobility-journey-contract", "fingerprint": "e4560912da6e007e1d5c26d5a3e30f43301307287256c73f8b43df9b98201a3f", "category": "auth", "severity": "high", "confidence": 0.83, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "A password or secret-named input is populated from a secret-like variable instead of a masked placeholder.", "evidence": {"rule_id": "JRN009", "scanner": "repobility-journey-contract", "references": ["https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html"], "correlation_key": "code|auth|token|66|jrn009"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "web-ui/app/components/web-auth-gate.tsx"}, "region": {"startLine": 66}}}]}, {"ruleId": "SEC013", "level": "error", "message": {"text": "[SEC013] Path Traversal \u2014 User Input in File Path: User-controlled input used in file path without sanitization. Allows reading arbitrary files."}, "properties": {"repobilityId": 6144, "scanner": "repobility-threat-engine", "fingerprint": "544a1736fc83031cf86b94e5ebf6f50bb6b9496d2773982b00f024d0086e092e", "category": "path_traversal", "severity": "high", "confidence": 0.8, "triageState": "open", "verdict": "likely", "isResolved": false, "reason": "User-controlled input detected in file path construction", "evidence": {"match": "open(assetPath).use { input", "reason": "User-controlled input detected in file path construction", "rule_id": "SEC013", "scanner": "repobility-threat-engine", "confidence": 0.8, "correlation_key": "code|path_traversal|token|28|sec013"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/web/routes/AIIconRoutes.kt"}, "region": {"startLine": 28}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 50587, "scanner": "repobility-threat-engine", "fingerprint": "7d2a90b36ac90bb908ed0a2f8769c2ac7b9d2dccc0ef473157370d6fc63246e5", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(Algorithm", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7d2a90b36ac90bb908ed0a2f8769c2ac7b9d2dccc0ef473157370d6fc63246e5"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/web/WebApiModule.kt"}, "region": {"startLine": 197}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 50586, "scanner": "repobility-threat-engine", "fingerprint": "029175aa827dee1e42c578143af7004ae4d3727913403b9afe1d7f1ff82e434d", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(value", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|029175aa827dee1e42c578143af7004ae4d3727913403b9afe1d7f1ff82e434d"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/ui/components/ui/ShareSheet.kt"}, "region": {"startLine": 100}}}]}, {"ruleId": "SEC084", "level": "error", "message": {"text": "[SEC084] JS: require() with non-literal: require(<variable>) loads arbitrary modules \u2014 equivalent to eval at module scope. Ported from eslint-plugin-security detect-non-literal-require (Apache-2.0)."}, "properties": {"repobilityId": 50585, "scanner": "repobility-threat-engine", "fingerprint": "7cfc1c36c7fd4c793a909f6d56e111c3e9f75141d9a517026b5355c3465c6ce4", "category": "quality", "severity": "critical", "confidence": 1.0, "triageState": "open", "verdict": "confirmed", "isResolved": false, "reason": "Pattern matched with no mitigating context found", "evidence": {"match": "require(target", "reason": "Pattern matched with no mitigating context found", "rule_id": "SEC084", "scanner": "repobility-threat-engine", "confidence": 1.0, "correlation_key": "fp|7cfc1c36c7fd4c793a909f6d56e111c3e9f75141d9a517026b5355c3465c6ce4"}}, "locations": [{"physicalLocation": {"artifactLocation": {"uri": "app/src/main/java/me/rerere/rikkahub/data/ai/tools/SkillsTools.kt"}, "region": {"startLine": 74}}}]}]}]}