https://github.com/humanlayer/12-factor-agents.git ·
lang: typescript ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
AIC003 Duplicated implementation block across source files |
low | 30 |
MINED113 Express POST/PUT/DELETE/PATCH route without auth |
high | 25 |
MINED052 Ts Any Typed |
info | 3 |
MINED044 Js Console Log Prod |
info | 3 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 3 |
SEC128 Async function without await — fire-and-forget Promise (AI … |
high | 3 |
SEC135 Auth/permission check missing on AI-generated endpoint |
high | 3 |
MINED049 Print Pii |
info | 1 |
CORE_NO_CI No CI/CD configuration found |
medium | 1 |
MINED067 Python Requests No Timeout |
info | 1 |
COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
workshops/2025-07-16/hack/analyze_log_capture.py:9
· conf 0.95
[COMP001] High cognitive complexity: Function `check_logs` has cognitive complexity 41 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested b…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
workshops/2025-07-16/hack/inspect_notebook.py:9
· conf 0.95
[COMP001] High cognitive complexity: Function `inspect_notebook` has cognitive complexity 66 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — ne…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/08-server.ts:9
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/09-server.ts:12
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/09-server.ts:46
· conf 0.80
[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH)…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/10-server.ts:12
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/10-server.ts:60
· conf 0.80
[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH)…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12-1-server-init.ts:31
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12-1-server-init.ts:79
· conf 0.80
[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH)…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12aa-server.ts:31
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12aa-server.ts:78
· conf 0.80
[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated rout…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12a-server.ts:30
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12a-server.ts:77
· conf 0.80
[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated rout…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12b-server.ts:13
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12b-server.ts:61
· conf 0.80
[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH)…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12b-server.ts:110
· conf 0.80
[MINED113] Express POST /webhook/response has no auth: Express route POST /webhook/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on un…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12-server.ts:31
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05-17/walkthrough/12-server.ts:78
· conf 0.80
[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated rout…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/10-server.ts:12
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/10-server.ts:60
· conf 0.80
[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH)…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/12-1-server-init.ts:31
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/12-1-server-init.ts:79
· conf 0.80
[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH)…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/12a-server.ts:30
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/12a-server.ts:77
· conf 0.80
[MINED113] Express POST /webhook has no auth: Express route POST /webhook declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated rout…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/12b-server.ts:13
· conf 0.80
[MINED113] Express POST /thread has no auth: Express route POST /thread declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on unauthenticated routes…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/12b-server.ts:61
· conf 0.80
[MINED113] Express POST /thread/:id/response has no auth: Express route POST /thread/:id/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH)…MINED113
Express POST/PUT/DELETE/PATCH route without auth
CWE-306CWE-862
workshops/2025-05/walkthrough/12b-server.ts:110
· conf 0.80
[MINED113] Express POST /webhook/response has no auth: Express route POST /webhook/response declared without an auth middleware in its handler chain. Destructive methods (POST/PUT/DELETE/PATCH) on un…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
packages/create-12-factor-agent/template/src/server.ts:116
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
workshops/2025-05-17/walkthrough/09-server.ts:20
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC128
Async function without await — fire-and-forget Promise (AI mistake)
workshops/2025-05-17/walkthrough/10-server.ts:20
· conf 1.00
[SEC128] Async function without await — fire-and-forget Promise (AI mistake): Async call invoked without `await` returns an unhandled Promise. The outer function resolves before the inner work comple…SEC135
Auth/permission check missing on AI-generated endpoint
workshops/2025-05-17/walkthrough/08-server.ts:9
· conf 1.00
[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we…SEC135
Auth/permission check missing on AI-generated endpoint
workshops/2025-05-17/walkthrough/09-server.ts:12
· conf 1.00
[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we…SEC135
Auth/permission check missing on AI-generated endpoint
workshops/2025-05-17/walkthrough/10-server.ts:12
· conf 1.00
[SEC135] Auth/permission check missing on AI-generated endpoint: Mutating HTTP endpoint generated by an AI agent without an auth decorator or middleware. The number-one production-incident pattern we…CORE_NO_CI
No CI/CD configuration found
No CI/CD configuration foundAIC003
Duplicated implementation block across source files
workshops/2025-05-17/sections/02-calculator-tools/src/agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/sections/02-calculator-tools/src/cli.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/sections/03-tool-loop/src/agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/sections/03-tool-loop/src/cli.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/sections/03-tool-loop/walkthrough/03-agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/sections/03-tool-loop/walkthrough/03b-agent.ts:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/01-agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/01-cli.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/03-agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/03-agent.ts:5
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/03b-agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/03b-agent.ts:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/05-agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/05-agent.ts:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/07-agent.ts:13
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/07-agent.ts:42
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/07b-agent.ts:25
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/07b-agent.ts:54
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/10-agent.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/10-agent.ts:33
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/10-agent.ts:62
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/10-server.ts:3
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/11b-cli.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/11c-cli.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/11c-cli.ts:58
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/12-1-server-init.ts:25
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/12-1-server-init.ts:37
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/12a-server.ts:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/12a-server.ts:5
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
workshops/2025-05-17/walkthrough/12-server.ts:5
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
hack/contributors_markdown/contributors_markdown.py:32
· conf 0.95
[COMP001] High cognitive complexity: Function `fetch_contributors` has cognitive complexity 8 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — n…MINED044
Js Console Log Prod
CWE-532
packages/create-12-factor-agent/template/src/agent.ts:56
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
packages/create-12-factor-agent/template/src/server.ts:60
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED044
Js Console Log Prod
CWE-532
packages/walkthroughgen/examples/typescript/walkthrough/01-index.ts:2
· conf 1.00
[MINED044] Js Console Log Prod: console.log left in code. Should be replaced with logger or removed.MINED049
Print Pii
CWE-532
workshops/2025-07-16/walkthroughgen_py.py:66
· conf 1.00
[MINED049] Print Pii: Logging password/token/email/ssn directly to stdout.MINED052
Ts Any Typed
CWE-704
packages/create-12-factor-agent/template/src/agent.ts:5
· conf 1.00
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.MINED052
Ts Any Typed
CWE-704
workshops/2025-05-17/sections/01-cli-and-agent/walkthrough/01-agent.ts:8
· conf 1.00
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.MINED052
Ts Any Typed
CWE-704
workshops/2025-05-17/sections/02-calculator-tools/src/agent.ts:8
· conf 1.00
[MINED052] Ts Any Typed: : any used as type annotation. Defeats TypeScript type safety.MINED064
Python Input Call
workshops/2025-07-16/walkthrough/05-main.py:7
· conf 1.00
[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.MINED067
Python Requests No Timeout
CWE-400
hack/contributors_markdown/contributors_markdown.py:42
· conf 1.00
[MINED067] Python Requests No Timeout: requests.get/post/etc. without timeout= can hang forever.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/42840ac0-4990-44e7-b03f-0fd3300b35e5/.