{"version":"1.162.0","results":[{"check_id":"javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket","path":".semgrepignore","start":{"line":15,"col":42,"offset":653},"end":{"line":15,"col":47,"offset":658},"extra":{"message":"Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.","metadata":{"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"asvs":{"control_id":"13.5.1 Insecure WebSocket","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x21-V13-API.md#v135-websocket-security-requirements","section":"V13: API and Web Service Verification Requirements","version":"4"},"category":"security","technology":["regex"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures","A04:2025 - Cryptographic Failures"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","confidence":"LOW","references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket","shortlink":"https://sg.run/GWyz"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"src/cli.ts","start":{"line":54,"col":74,"offset":1859},"end":{"line":54,"col":78,"offset":1863},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"src/cli.ts","start":{"line":57,"col":28,"offset":1970},"end":{"line":57,"col":42,"offset":1984},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"src/utils/setup.ts","start":{"line":39,"col":31,"offset":920},"end":{"line":39,"col":42,"offset":931},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"src/utils/slicer.ts","start":{"line":48,"col":34,"offset":1518},"end":{"line":48,"col":43,"offset":1527},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"src/utils/slicer.ts","start":{"line":48,"col":45,"offset":1529},"end":{"line":48,"col":53,"offset":1537},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"src/utils/slicer.ts","start":{"line":69,"col":34,"offset":2220},"end":{"line":69,"col":43,"offset":2229},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"src/utils/slicer.ts","start":{"line":69,"col":45,"offset":2231},"end":{"line":69,"col":53,"offset":2239},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"tests/architecture/routed-by-not-null.test.ts","start":{"line":131,"col":21,"offset":5962},"end":{"line":134,"col":4,"offset":6078},"extra":{"message":"RegExp() called with a `methodName` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"tools/knip-helpers/wrangler-knip.mjs","start":{"line":148,"col":25,"offset":5693},"end":{"line":150,"col":4,"offset":5783},"extra":{"message":"RegExp() called with a `className` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket","path":"workers/cairn-browser/Dockerfile","start":{"line":7,"col":19,"offset":465},"end":{"line":7,"col":24,"offset":470},"extra":{"message":"Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.","metadata":{"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"asvs":{"control_id":"13.5.1 Insecure WebSocket","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x21-V13-API.md#v135-websocket-security-requirements","section":"V13: API and Web Service Verification Requirements","version":"4"},"category":"security","technology":["regex"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures","A04:2025 - Cryptographic Failures"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","confidence":"LOW","references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket","shortlink":"https://sg.run/GWyz"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"dockerfile.security.missing-user.missing-user","path":"workers/cairn-browser/Dockerfile","start":{"line":115,"col":1,"offset":5865},"end":{"line":115,"col":42,"offset":5906},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nCMD [\"/app/scripts/sprite-entrypoint.sh\"]","metadata":{"cwe":["CWE-250: Execution with Unnecessary Privileges"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design","A06:2025 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","shortlink":"https://sg.run/Gbvn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/cicd-intake/src/repo-registry-client.ts","start":{"line":108,"col":7,"offset":3890},"end":{"line":108,"col":65,"offset":3948},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/context-keepr/src/rule-enforcement/rule-cairn-do.ts","start":{"line":492,"col":18,"offset":17023},"end":{"line":492,"col":66,"offset":17071},"extra":{"message":"RegExp() called with a `row` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/context-keepr/src/rule-enforcement/rule-cairn-do.ts","start":{"line":503,"col":19,"offset":17334},"end":{"line":503,"col":48,"offset":17363},"extra":{"message":"RegExp() called with a `row` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/__tests__/purge-attention-guard.test.ts","start":{"line":294,"col":21,"offset":9200},"end":{"line":294,"col":53,"offset":9232},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/durable-objects/vault-keeper.ts","start":{"line":457,"col":21,"offset":16492},"end":{"line":457,"col":69,"offset":16540},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/github.ts","start":{"line":146,"col":21,"offset":4840},"end":{"line":146,"col":51,"offset":4870},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/github.ts","start":{"line":202,"col":21,"offset":6592},"end":{"line":202,"col":51,"offset":6622},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/github.ts","start":{"line":238,"col":23,"offset":7971},"end":{"line":238,"col":84,"offset":8032},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/crypt-core/src/handlers/canary-cairn.ts","start":{"line":203,"col":19,"offset":7895},"end":{"line":203,"col":55,"offset":7931},"extra":{"message":"RegExp() called with a `rawPayload` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/persistence/wyrdweaver.ts","start":{"line":302,"col":11,"offset":10756},"end":{"line":302,"col":76,"offset":10821},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/circuit-shade.ts","start":{"line":274,"col":15,"offset":11814},"end":{"line":274,"col":69,"offset":11868},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/circuit-shade.ts","start":{"line":367,"col":11,"offset":15722},"end":{"line":367,"col":81,"offset":15792},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/epic-edict.ts","start":{"line":343,"col":9,"offset":12744},"end":{"line":343,"col":62,"offset":12797},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/fenrir-failover.ts","start":{"line":152,"col":13,"offset":6202},"end":{"line":152,"col":61,"offset":6250},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/fenrir-failover.ts","start":{"line":367,"col":9,"offset":14341},"end":{"line":367,"col":65,"offset":14397},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/gate-lore-keeper.ts","start":{"line":270,"col":11,"offset":10956},"end":{"line":270,"col":63,"offset":11008},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/handler-herald.ts","start":{"line":517,"col":11,"offset":25093},"end":{"line":517,"col":83,"offset":25165},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/handler-herald.ts","start":{"line":3054,"col":19,"offset":136862},"end":{"line":3054,"col":42,"offset":136885},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/linear-lore.ts","start":{"line":258,"col":13,"offset":10230},"end":{"line":258,"col":75,"offset":10292},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/crypt-core/src/router/nemesis-policy.ts","start":{"line":311,"col":18,"offset":11955},"end":{"line":311,"col":59,"offset":11996},"extra":{"message":"RegExp() called with a `condition` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/orchestration-processor.ts","start":{"line":59,"col":21,"offset":1975},"end":{"line":59,"col":73,"offset":2027},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/runner-processor.ts","start":{"line":99,"col":21,"offset":3433},"end":{"line":99,"col":73,"offset":3485},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/specter-steward.ts","start":{"line":754,"col":15,"offset":28253},"end":{"line":754,"col":70,"offset":28308},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/watchdog-processor.ts","start":{"line":134,"col":9,"offset":5084},"end":{"line":134,"col":66,"offset":5141},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/watchdog-processor.ts","start":{"line":326,"col":11,"offset":13097},"end":{"line":326,"col":80,"offset":13166},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/crypt-core/src/router/wraith-dispatch.ts","start":{"line":1543,"col":20,"offset":67784},"end":{"line":1543,"col":47,"offset":67811},"extra":{"message":"RegExp() called with a `r` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/xray-oracle.ts","start":{"line":504,"col":13,"offset":21084},"end":{"line":504,"col":75,"offset":21146},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/crypt-core/src/router/xray-oracle.ts","start":{"line":621,"col":11,"offset":24543},"end":{"line":621,"col":67,"offset":24599},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/ft-model-scout/src/hf-poller.ts","start":{"line":79,"col":18,"offset":2479},"end":{"line":79,"col":54,"offset":2515},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/ft-model-scout/src/index.ts","start":{"line":91,"col":21,"offset":3249},"end":{"line":91,"col":69,"offset":3297},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/ft-model-scout/src/ollama-poller.ts","start":{"line":114,"col":18,"offset":3842},"end":{"line":114,"col":67,"offset":3891},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/lore-watcher/src/webhook-push.ts","start":{"line":104,"col":21,"offset":3432},"end":{"line":104,"col":56,"offset":3467},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/phantom-forge/vitest.config.ts","start":{"line":35,"col":46,"offset":1256},"end":{"line":35,"col":48,"offset":1258},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.detect-child-process.detect-child-process","path":"workers/sluagh-sprite-runtime/src/handlers/verify-handler.ts","start":{"line":81,"col":25,"offset":3179},"end":{"line":81,"col":35,"offset":3189},"extra":{"message":"Detected calls to child_process from a function argument `executable`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. ","metadata":{"cwe":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection","A05:2025 - Injection"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html#do-not-use-dangerous-functions"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-child-process.js","category":"security","technology":["javascript"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["audit"],"likelihood":"LOW","impact":"HIGH","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Command Injection"],"source":"https://semgrep.dev/r/javascript.lang.security.detect-child-process.detect-child-process","shortlink":"https://sg.run/l2lo"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-sprite-runtime/src/handlers/verify-handler.ts","start":{"line":145,"col":39,"offset":5498},"end":{"line":145,"col":54,"offset":5513},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-sprite-runtime/src/handlers/verify-handler.ts","start":{"line":290,"col":53,"offset":10319},"end":{"line":290,"col":56,"offset":10322},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server","path":"workers/sluagh-swarm/runtime/warm-pool-server.js","start":{"line":134,"col":16,"offset":4411},"end":{"line":134,"col":20,"offset":4415},"extra":{"message":"Checks for any usage of http servers instead of https servers. Encourages the usage of https protocol instead of http, which does not have TLS and is therefore unencrypted. Using http can lead to man-in-the-middle attacks in which the attacker is able to read sensitive information.","metadata":{"likelihood":"LOW","impact":"MEDIUM","confidence":"LOW","category":"security","cwe":"CWE-319: Cleartext Transmission of Sensitive Information","owasp":["A02:2021 - Cryptographic Failures","A03:2017 - Sensitive Data Exposure","A04:2025 - Cryptographic Failures"],"references":["https://nodejs.org/api/http.html#http_class_http_agent","https://groups.google.com/g/rubyonrails-security/c/NCCsca7TEtY"],"subcategory":["audit"],"technology":["node.js"],"vulnerability":"Insecure Transport","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/problem-based-packs.insecure-transport.js-node.using-http-server.using-http-server","shortlink":"https://sg.run/x1zL"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/__tests__/reaper-timer.test.ts","start":{"line":38,"col":38,"offset":1614},"end":{"line":38,"col":45,"offset":1621},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/__tests__/reaper-timer.test.ts","start":{"line":53,"col":38,"offset":2153},"end":{"line":53,"col":45,"offset":2160},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/doom-dispatch.ts","start":{"line":310,"col":7,"offset":11774},"end":{"line":310,"col":50,"offset":11817},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/__tests__/cairn-workspace.test.ts","start":{"line":40,"col":30,"offset":1644},"end":{"line":40,"col":37,"offset":1651},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/__tests__/cairn-workspace.test.ts","start":{"line":40,"col":60,"offset":1674},"end":{"line":40,"col":64,"offset":1678},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/__tests__/cairn-workspace.test.ts","start":{"line":44,"col":34,"offset":1793},"end":{"line":44,"col":42,"offset":1801},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/__tests__/cairn-workspace.test.ts","start":{"line":47,"col":34,"offset":1919},"end":{"line":47,"col":42,"offset":1927},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/handlers/batch-continuation.ts","start":{"line":87,"col":7,"offset":3086},"end":{"line":87,"col":83,"offset":3162},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/handlers/cairn-coder.ts","start":{"line":835,"col":26,"offset":37521},"end":{"line":835,"col":66,"offset":37561},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/__tests__/orphan-detection.test.ts","start":{"line":46,"col":25,"offset":1661},"end":{"line":46,"col":32,"offset":1668},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/__tests__/orphan-detection.test.ts","start":{"line":46,"col":34,"offset":1670},"end":{"line":46,"col":37,"offset":1673},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/diff-repair.ts","start":{"line":278,"col":36,"offset":11048},"end":{"line":278,"col":43,"offset":11055},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/diff-repair.ts","start":{"line":310,"col":44,"offset":12871},"end":{"line":310,"col":51,"offset":12878},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/diff-repair.ts","start":{"line":377,"col":46,"offset":15330},"end":{"line":377,"col":53,"offset":15337},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/diff-repair.ts","start":{"line":377,"col":55,"offset":15339},"end":{"line":377,"col":62,"offset":15346},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/diff-repair.ts","start":{"line":813,"col":31,"offset":33487},"end":{"line":813,"col":38,"offset":33494},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/fs-helpers.ts","start":{"line":234,"col":47,"offset":10066},"end":{"line":234,"col":50,"offset":10069},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/fs-helpers.ts","start":{"line":272,"col":51,"offset":11247},"end":{"line":272,"col":58,"offset":11254},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/fs-helpers.ts","start":{"line":272,"col":60,"offset":11256},"end":{"line":272,"col":64,"offset":11260},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/changed-tests-gate.test.ts","start":{"line":101,"col":32,"offset":4339},"end":{"line":101,"col":45,"offset":4352},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/changed-tests-gate.test.ts","start":{"line":101,"col":58,"offset":4365},"end":{"line":101,"col":68,"offset":4375},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/changed-tests-gate.test.ts","start":{"line":103,"col":28,"offset":4456},"end":{"line":103,"col":38,"offset":4466},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/changed-tests-gate.test.ts","start":{"line":111,"col":32,"offset":4696},"end":{"line":111,"col":42,"offset":4706},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/changed-tests-gate.test.ts","start":{"line":116,"col":57,"offset":5093},"end":{"line":116,"col":67,"offset":5103},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/patch-coverage-gate.test.ts","start":{"line":101,"col":25,"offset":3825},"end":{"line":101,"col":32,"offset":3832},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/patch-coverage-gate.test.ts","start":{"line":103,"col":32,"offset":3922},"end":{"line":103,"col":35,"offset":3925},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/changed-tests-gate.ts","start":{"line":326,"col":26,"offset":12272},"end":{"line":326,"col":39,"offset":12285},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/changed-tests-gate.ts","start":{"line":352,"col":29,"offset":13104},"end":{"line":352,"col":42,"offset":13117},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/patch-coverage-gate.ts","start":{"line":174,"col":34,"offset":7023},"end":{"line":174,"col":47,"offset":7036},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/patch-coverage-gate.ts","start":{"line":174,"col":49,"offset":7038},"end":{"line":174,"col":57,"offset":7046},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/patch-coverage-gate.ts","start":{"line":440,"col":14,"offset":15927},"end":{"line":440,"col":40,"offset":15953},"extra":{"message":"RegExp() called with a `pattern` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/reachability-gate.ts","start":{"line":173,"col":18,"offset":6396},"end":{"line":173,"col":44,"offset":6422},"extra":{"message":"RegExp() called with a `allowed` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/gates/reachability-gate.ts","start":{"line":253,"col":31,"offset":9336},"end":{"line":253,"col":44,"offset":9349},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":94,"col":29,"offset":3174},"end":{"line":94,"col":36,"offset":3181},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":210,"col":30,"offset":6613},"end":{"line":210,"col":33,"offset":6616},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":210,"col":35,"offset":6618},"end":{"line":210,"col":45,"offset":6628},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":237,"col":37,"offset":7696},"end":{"line":237,"col":48,"offset":7707},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":237,"col":50,"offset":7709},"end":{"line":237,"col":59,"offset":7718},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":317,"col":23,"offset":10752},"end":{"line":317,"col":30,"offset":10759},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":317,"col":32,"offset":10761},"end":{"line":317,"col":35,"offset":10764},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":325,"col":30,"offset":11075},"end":{"line":325,"col":37,"offset":11082},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","start":{"line":325,"col":39,"offset":11084},"end":{"line":325,"col":42,"offset":11087},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":160,"col":30,"offset":5993},"end":{"line":160,"col":38,"offset":6001},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":160,"col":40,"offset":6003},"end":{"line":160,"col":49,"offset":6012},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":162,"col":48,"offset":6098},"end":{"line":162,"col":54,"offset":6104},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":162,"col":56,"offset":6106},"end":{"line":162,"col":62,"offset":6112},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":169,"col":56,"offset":6352},"end":{"line":169,"col":62,"offset":6358},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":169,"col":64,"offset":6360},"end":{"line":169,"col":76,"offset":6372},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":251,"col":46,"offset":9474},"end":{"line":251,"col":53,"offset":9481},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":268,"col":46,"offset":10335},"end":{"line":268,"col":53,"offset":10342},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":327,"col":53,"offset":12979},"end":{"line":327,"col":60,"offset":12986},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":331,"col":45,"offset":13203},"end":{"line":331,"col":52,"offset":13210},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":337,"col":41,"offset":13462},"end":{"line":337,"col":45,"offset":13466},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":342,"col":60,"offset":13702},"end":{"line":342,"col":72,"offset":13714},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":451,"col":35,"offset":18384},"end":{"line":451,"col":42,"offset":18391},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":451,"col":44,"offset":18393},"end":{"line":451,"col":45,"offset":18394},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":503,"col":52,"offset":20691},"end":{"line":503,"col":62,"offset":20701},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":517,"col":66,"offset":21107},"end":{"line":517,"col":73,"offset":21114},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":517,"col":75,"offset":21116},"end":{"line":517,"col":76,"offset":21117},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":524,"col":73,"offset":21445},"end":{"line":524,"col":80,"offset":21452},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","start":{"line":524,"col":82,"offset":21454},"end":{"line":524,"col":83,"offset":21455},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/reachability-gate.ts","start":{"line":147,"col":51,"offset":5668},"end":{"line":147,"col":58,"offset":5675},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/reachability-gate.ts","start":{"line":147,"col":60,"offset":5677},"end":{"line":147,"col":63,"offset":5680},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/sluagh-swarm/src/handlers/cairn-coder/reachability-gate.ts","start":{"line":169,"col":10,"offset":6553},"end":{"line":169,"col":40,"offset":6583},"extra":{"message":"RegExp() called with a `symbol` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/slop-detection.ts","start":{"line":50,"col":51,"offset":1940},"end":{"line":50,"col":58,"offset":1947},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-coder/slop-detection.ts","start":{"line":50,"col":60,"offset":1949},"end":{"line":50,"col":64,"offset":1953},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/handlers/cairn-coder/slop-detection.ts","start":{"line":179,"col":9,"offset":6868},"end":{"line":179,"col":50,"offset":6909},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":238,"col":51,"offset":9004},"end":{"line":238,"col":58,"offset":9011},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":238,"col":60,"offset":9013},"end":{"line":238,"col":64,"offset":9017},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":265,"col":34,"offset":9853},"end":{"line":265,"col":41,"offset":9860},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":265,"col":43,"offset":9862},"end":{"line":265,"col":47,"offset":9866},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":271,"col":32,"offset":10029},"end":{"line":271,"col":39,"offset":10036},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":271,"col":41,"offset":10038},"end":{"line":271,"col":45,"offset":10042},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":389,"col":53,"offset":14290},"end":{"line":389,"col":60,"offset":14297},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-lats.ts","start":{"line":389,"col":62,"offset":14299},"end":{"line":389,"col":63,"offset":14300},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-workspace.ts","start":{"line":1029,"col":34,"offset":43230},"end":{"line":1029,"col":42,"offset":43238},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-workspace.ts","start":{"line":1033,"col":45,"offset":43448},"end":{"line":1033,"col":55,"offset":43458},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-workspace.ts","start":{"line":1057,"col":30,"offset":44263},"end":{"line":1057,"col":37,"offset":44270},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-workspace.ts","start":{"line":1059,"col":31,"offset":44366},"end":{"line":1059,"col":39,"offset":44374},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-workspace.ts","start":{"line":1060,"col":32,"offset":44418},"end":{"line":1060,"col":40,"offset":44426},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/cairn-workspace.ts","start":{"line":1060,"col":42,"offset":44428},"end":{"line":1060,"col":50,"offset":44436},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":437,"col":39,"offset":17331},"end":{"line":437,"col":51,"offset":17343},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":438,"col":46,"offset":17396},"end":{"line":438,"col":55,"offset":17405},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":449,"col":39,"offset":17862},"end":{"line":449,"col":51,"offset":17874},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":460,"col":44,"offset":18441},"end":{"line":460,"col":56,"offset":18453},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":467,"col":46,"offset":18755},"end":{"line":467,"col":56,"offset":18765},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":467,"col":58,"offset":18767},"end":{"line":467,"col":68,"offset":18777},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":478,"col":44,"offset":19359},"end":{"line":478,"col":54,"offset":19369},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":478,"col":56,"offset":19371},"end":{"line":478,"col":66,"offset":19381},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":964,"col":34,"offset":38275},"end":{"line":964,"col":41,"offset":38282},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":970,"col":32,"offset":38450},"end":{"line":970,"col":39,"offset":38457},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":975,"col":40,"offset":38670},"end":{"line":975,"col":50,"offset":38680},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":975,"col":52,"offset":38682},"end":{"line":975,"col":62,"offset":38692},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":977,"col":29,"offset":38780},"end":{"line":977,"col":39,"offset":38790},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":977,"col":41,"offset":38792},"end":{"line":977,"col":51,"offset":38802},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/grave-guardian.ts","start":{"line":135,"col":38,"offset":4954},"end":{"line":135,"col":54,"offset":4970},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.detect-child-process.detect-child-process","path":"workers/sluagh-swarm/src/handlers/run-command-handler.ts","start":{"line":103,"col":27,"offset":4450},"end":{"line":103,"col":36,"offset":4459},"extra":{"message":"Detected calls to child_process from a function argument `job`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. ","metadata":{"cwe":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection","A05:2025 - Injection"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html#do-not-use-dangerous-functions"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-child-process.js","category":"security","technology":["javascript"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["audit"],"likelihood":"LOW","impact":"HIGH","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Command Injection"],"source":"https://semgrep.dev/r/javascript.lang.security.detect-child-process.detect-child-process","shortlink":"https://sg.run/l2lo"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/runner-revenant.ts","start":{"line":28,"col":49,"offset":1164},"end":{"line":28,"col":57,"offset":1172},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/verify-handler.ts","start":{"line":92,"col":53,"offset":3620},"end":{"line":92,"col":61,"offset":3628},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/handlers/verify-handler.ts","start":{"line":244,"col":53,"offset":8494},"end":{"line":244,"col":56,"offset":8497},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/healing/session-health.ts","start":{"line":63,"col":11,"offset":2933},"end":{"line":63,"col":63,"offset":2985},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/llm-client.ts","start":{"line":232,"col":9,"offset":9410},"end":{"line":232,"col":49,"offset":9450},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/ogham-executor.ts","start":{"line":675,"col":19,"offset":28367},"end":{"line":675,"col":92,"offset":28440},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/ogham.ts","start":{"line":303,"col":23,"offset":10495},"end":{"line":303,"col":50,"offset":10522},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/ogham.ts","start":{"line":306,"col":21,"offset":10582},"end":{"line":306,"col":48,"offset":10609},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/terminal/pty-handler.ts","start":{"line":486,"col":19,"offset":17501},"end":{"line":486,"col":73,"offset":17555},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/terminal/pty-handler.ts","start":{"line":581,"col":24,"offset":20818},"end":{"line":581,"col":76,"offset":20870},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sluagh-swarm/src/terminal/pty-handler.ts","start":{"line":603,"col":19,"offset":21514},"end":{"line":603,"col":70,"offset":21565},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/utils/context-delta-cache.ts","start":{"line":188,"col":51,"offset":6202},"end":{"line":188,"col":59,"offset":6210},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","path":"workers/sluagh-swarm/src/utils/context-delta-cache.ts","start":{"line":188,"col":61,"offset":6212},"end":{"line":188,"col":68,"offset":6219},"extra":{"message":"Detected possible user input going into a `path.join` or `path.resolve` function. This could possibly lead to a path traversal vulnerability,  where the attacker can access arbitrary files stored in the file system. Instead, be sure to sanitize or validate user input first.","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["javascript","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.path-traversal.path-join-resolve-traversal.path-join-resolve-traversal","shortlink":"https://sg.run/OPqk"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.detect-child-process.detect-child-process","path":"workers/sluagh-swarm/src/utils/glyph-grafter.ts","start":{"line":189,"col":25,"offset":7006},"end":{"line":189,"col":32,"offset":7013},"extra":{"message":"Detected calls to child_process from a function argument `command`. This could lead to a command injection if the input is user controllable. Try to avoid calls to child_process, and if it is needed ensure user input is correctly sanitized or sandboxed. ","metadata":{"cwe":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection","A05:2025 - Injection"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html#do-not-use-dangerous-functions"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-child-process.js","category":"security","technology":["javascript"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["audit"],"likelihood":"LOW","impact":"HIGH","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Command Injection"],"source":"https://semgrep.dev/r/javascript.lang.security.detect-child-process.detect-child-process","shortlink":"https://sg.run/l2lo"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/spec-herald/src/arch.ts","start":{"line":24,"col":14,"offset":938},"end":{"line":24,"col":67,"offset":991},"extra":{"message":"RegExp() called with a `field` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","path":"workers/sprite-forge/src/sprite-provision.ts","start":{"line":308,"col":15,"offset":14068},"end":{"line":308,"col":84,"offset":14137},"extra":{"message":"Detected string concatenation with a non-literal variable in a util.format / console.log function. If an attacker injects a format specifier in the string, it will forge the log message. Try to use constant values for the format string.","metadata":{"cwe":["CWE-134: Use of Externally-Controlled Format String"],"owasp":["A01:2021 - Broken Access Control","A01:2025 - Broken Access Control"],"category":"security","technology":["javascript"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"LOW","confidence":"LOW","references":["https://cwe.mitre.org/data/definitions/134.html"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring","shortlink":"https://sg.run/7Y5R"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/true-north/src/anti-pattern-scanner.ts","start":{"line":125,"col":27,"offset":4013},"end":{"line":125,"col":60,"offset":4046},"extra":{"message":"RegExp() called with a `pattern` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/veil-vision/src/veil-edict.ts","start":{"line":163,"col":10,"offset":5608},"end":{"line":163,"col":35,"offset":5633},"extra":{"message":"RegExp() called with a `pattern` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/veil-vision/src/wraith-read.ts","start":{"line":56,"col":19,"offset":2660},"end":{"line":56,"col":73,"offset":2714},"extra":{"message":"RegExp() called with a `tag` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/veil-vision/src/wraith-read.ts","start":{"line":67,"col":25,"offset":3146},"end":{"line":67,"col":61,"offset":3182},"extra":{"message":"RegExp() called with a `tag` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","path":"workers/veil-vision/src/wraith-read.ts","start":{"line":78,"col":19,"offset":3490},"end":{"line":78,"col":74,"offset":3545},"extra":{"message":"RegExp() called with a `tag` function argument, this might allow an attacker to cause a Regular Expression Denial-of-Service (ReDoS) within your application as RegExP blocks the main thread. For this reason, it is recommended to use hardcoded regexes instead. If your regex is run on user-controlled input, consider performing input validation or use a regex checking/sanitization library such as https://www.npmjs.com/package/recheck to verify that the regex does not appear vulnerable to ReDoS.","metadata":{"owasp":["A05:2021 - Security Misconfiguration","A06:2017 - Security Misconfiguration","A02:2025 - Security Misconfiguration"],"cwe":["CWE-1333: Inefficient Regular Expression Complexity"],"references":["https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS"],"source-rule-url":"https://github.com/nodesecurity/eslint-plugin-security/blob/master/rules/detect-non-literal-regexp.js","category":"security","technology":["javascript"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Denial-of-Service (DoS)"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.detect-non-literal-regexp.detect-non-literal-regexp","shortlink":"https://sg.run/gr65"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket","path":"workers/void-vein/src/proxy/ws-proxy.ts","start":{"line":120,"col":47,"offset":4269},"end":{"line":120,"col":52,"offset":4274},"extra":{"message":"Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.","metadata":{"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"asvs":{"control_id":"13.5.1 Insecure WebSocket","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x21-V13-API.md#v135-websocket-security-requirements","section":"V13: API and Web Service Verification Requirements","version":"4"},"category":"security","technology":["regex"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures","A04:2025 - Cryptographic Failures"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","confidence":"LOW","references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/javascript.lang.security.detect-insecure-websocket.detect-insecure-websocket","shortlink":"https://sg.run/GWyz"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}}],"errors":[{"code":3,"level":"warn","type":["PartialParsing",[{"path":"test/agent-regression/smoke.sh","start":{"line":49,"col":37,"offset":0},"end":{"line":49,"col":43,"offset":6}}]],"message":"Syntax error at line test/agent-regression/smoke.sh:49:\n `* 1000` was unexpected","path":"test/agent-regression/smoke.sh","spans":[{"file":"test/agent-regression/smoke.sh","start":{"line":49,"col":37,"offset":0},"end":{"line":49,"col":43,"offset":6}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/crypt-core/src/router/__tests__/aws-pyre-listener.test.ts","start":{"line":107,"col":73,"offset":0},"end":{"line":107,"col":76,"offset":3}}]],"message":"Syntax error at line workers/crypt-core/src/router/__tests__/aws-pyre-listener.test.ts:107:\n `>()` was unexpected","path":"workers/crypt-core/src/router/__tests__/aws-pyre-listener.test.ts","spans":[{"file":"workers/crypt-core/src/router/__tests__/aws-pyre-listener.test.ts","start":{"line":107,"col":73,"offset":0},"end":{"line":107,"col":76,"offset":3}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/crypt-core/src/router/diff-context-snapshotter.ts","start":{"line":132,"col":1,"offset":0},"end":{"line":132,"col":2,"offset":1}}]],"message":"Syntax error at line workers/crypt-core/src/router/diff-context-snapshotter.ts:132:\n `}` was unexpected","path":"workers/crypt-core/src/router/diff-context-snapshotter.ts","spans":[{"file":"workers/crypt-core/src/router/diff-context-snapshotter.ts","start":{"line":132,"col":1,"offset":0},"end":{"line":132,"col":2,"offset":1}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/crypt-core/src/router/llm.ts","start":{"line":1305,"col":35,"offset":0},"end":{"line":1305,"col":73,"offset":38}}]],"message":"Syntax error at line workers/crypt-core/src/router/llm.ts:1305:\n `import('../types').CircuitBreakerState` was unexpected","path":"workers/crypt-core/src/router/llm.ts","spans":[{"file":"workers/crypt-core/src/router/llm.ts","start":{"line":1305,"col":35,"offset":0},"end":{"line":1305,"col":73,"offset":38}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/crypt-core/src/router/phantom-persist.ts","start":{"line":2296,"col":19,"offset":0},"end":{"line":2296,"col":57,"offset":38}}]],"message":"Syntax error at line workers/crypt-core/src/router/phantom-persist.ts:2296:\n `import('../types').CircuitBreakerState` was unexpected","path":"workers/crypt-core/src/router/phantom-persist.ts","spans":[{"file":"workers/crypt-core/src/router/phantom-persist.ts","start":{"line":2296,"col":19,"offset":0},"end":{"line":2296,"col":57,"offset":38}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/crypt-core/src/router/route-warden.ts","start":{"line":541,"col":39,"offset":0},"end":{"line":541,"col":79,"offset":40}}]],"message":"Syntax error at line workers/crypt-core/src/router/route-warden.ts:541:\n `import('./lore-sentinel').LoreRiskSignal` was unexpected","path":"workers/crypt-core/src/router/route-warden.ts","spans":[{"file":"workers/crypt-core/src/router/route-warden.ts","start":{"line":541,"col":39,"offset":0},"end":{"line":541,"col":79,"offset":40}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/crypt-core/src/router/wraith-warden.ts","start":{"line":2216,"col":41,"offset":0},"end":{"line":2216,"col":81,"offset":40}}]],"message":"Syntax error at line workers/crypt-core/src/router/wraith-warden.ts:2216:\n `import('./lore-sentinel').LoreRiskSignal` was unexpected","path":"workers/crypt-core/src/router/wraith-warden.ts","spans":[{"file":"workers/crypt-core/src/router/wraith-warden.ts","start":{"line":2216,"col":41,"offset":0},"end":{"line":2216,"col":81,"offset":40}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/spec-herald/src/markdown.ts","start":{"line":97,"col":25,"offset":0},"end":{"line":99,"col":6,"offset":36}}]],"message":"Syntax error at line workers/spec-herald/src/markdown.ts:97:\n `/<!--HERALD_BLOCK_(\\d+)-->/g;\n\n  let` was unexpected","path":"workers/spec-herald/src/markdown.ts","spans":[{"file":"workers/spec-herald/src/markdown.ts","start":{"line":97,"col":25,"offset":0},"end":{"line":99,"col":6,"offset":36}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"workers/veil-vision/src/wraith-read.ts","start":{"line":268,"col":35,"offset":0},"end":{"line":268,"col":36,"offset":1}},{"path":"workers/veil-vision/src/wraith-read.ts","start":{"line":271,"col":3,"offset":0},"end":{"line":276,"col":8,"offset":129}}]],"message":"Syntax error at line workers/veil-vision/src/wraith-read.ts:268:\n `/` was unexpected","path":"workers/veil-vision/src/wraith-read.ts","spans":[{"file":"workers/veil-vision/src/wraith-read.ts","start":{"line":268,"col":35,"offset":0},"end":{"line":268,"col":36,"offset":1}},{"file":"workers/veil-vision/src/wraith-read.ts","start":{"line":271,"col":3,"offset":0},"end":{"line":276,"col":8,"offset":129}}]}],"paths":{"scanned":[".agent/CLAUDE.md",".agent/core-rules.yaml",".agent/reports/2026-04-26-attention-rehydrate.md",".agent/workflows/0_resume.md",".agent/workflows/1_track_dev.md",".agent/workflows/2_ogham_protocol.md",".agent/workflows/3_secrets.md",".agent/workflows/4_extract_certs.md",".agent/workflows/5_sluagh_activation.md",".agent/workflows/agent-quality-gate.md",".agent/workflows/agent-worktree-contract.md",".agent/workflows/documentation-standards.md",".agent/workflows/file-structure.md",".agent/workflows/idea-ingestion.md",".agent/workflows/intent.md",".agent/workflows/issue-tracking.md",".agent/workflows/naming-taxonomy.md",".agent/workflows/project-management.md",".agent/workflows/secure-secrets.md",".agent/workflows/startup.md",".agent/workflows/stuck-protocol.md",".agent/workflows/worktree-dispatch-template.md",".agent/workflows/worktree-hee-haw-collision.md",".antigravity/config",".bifrost/cache-anchors.json",".bifrost/cache-anchors.schema.json",".bifrost/deploy-manifest.json",".bifrost/infra.json",".bifrost/nornsloom-log.md",".bifrost/nornsloom-seed.mjs",".bifrost/nornsloom-state.json",".bifrost/projects.json",".cursor/rules.cursorrules",".gemini/rules/generated.md",".github/dependabot.yml",".github/workflows/README.md",".github/workflows/semgrep.yml",".gitignore",".husky/post-commit",".husky/pre-commit",".husky/pre-push",".npmrc",".semgrep/README.md",".semgrep/bifrost.yml",".semgrepignore",".vscode/settings.json",".wip-w3-dash-pwa",".wip-w3-registry",".workspaces/surface-optimization/CLAUDE.md",".workspaces/surface-optimization/IMPORTED.md",".workspaces/surface-optimization/NEXT_SESSION.md",".workspaces/surface-optimization/README.md",".workspaces/surface-optimization/assets/rift-root-logo.svg",".workspaces/surface-optimization/audits/.gitkeep",".workspaces/surface-optimization/audits/2026-05-05-fly-reaper-verify.md",".workspaces/surface-optimization/aws/NEXT_SESSION.md",".workspaces/surface-optimization/aws/audits/2026-05-05-hard-caps.md",".workspaces/surface-optimization/azure/NEXT_SESSION.md",".workspaces/surface-optimization/caps.md",".workspaces/surface-optimization/cloudflare/security-txt-edge/src/index.js",".workspaces/surface-optimization/cloudflare/security-txt-edge/wrangler.toml",".workspaces/surface-optimization/email/zones-prep/.gitignore",".workspaces/surface-optimization/email/zones-prep/NEXT-SESSION.md",".workspaces/surface-optimization/email/zones-prep/README.md",".workspaces/surface-optimization/email/zones-prep/_RESUME.md",".workspaces/surface-optimization/email/zones-prep/_email-summary.md",".workspaces/surface-optimization/email/zones-prep/_scaffolds/cf-email-sender/README.md",".workspaces/surface-optimization/email/zones-prep/_scaffolds/cf-email-sender/index.js",".workspaces/surface-optimization/email/zones-prep/_scaffolds/cf-email-sender/wrangler.toml.template",".workspaces/surface-optimization/email/zones-prep/_token-scope-matrix.md",".workspaces/surface-optimization/email/zones-prep/ggamed.cc/resend-add.json",".workspaces/surface-optimization/email/zones-prep/ggamed.cc/worker/index.js",".workspaces/surface-optimization/email/zones-prep/ggamed.cc/worker/wrangler.toml",".workspaces/surface-optimization/email/zones-prep/mock1ngbb.com/migrations/soak-reminder/worker.js",".workspaces/surface-optimization/email/zones-prep/mock1ngbb.com/migrations/soak-reminder/wrangler.toml",".workspaces/surface-optimization/email/zones-prep/mock1ngbb.com/resend-existing.json",".workspaces/surface-optimization/email/zones-prep/mock1ngbb.com/sender/index.js",".workspaces/surface-optimization/email/zones-prep/mock1ngbb.com/sender/wrangler.toml",".workspaces/surface-optimization/email/zones-prep/mock1ngbb.com/worker/README.md",".workspaces/surface-optimization/email/zones-prep/riftroot.com/resend-add.json",".workspaces/surface-optimization/email/zones-prep/riftroot.com/worker/index.js",".workspaces/surface-optimization/email/zones-prep/riftroot.com/worker/wrangler.toml",".workspaces/surface-optimization/email/zones-prep/rootedloosely.com/resend-add.json",".workspaces/surface-optimization/email/zones-prep/rootedloosely.com/worker/index.js",".workspaces/surface-optimization/email/zones-prep/rootedloosely.com/worker/wrangler.toml",".workspaces/surface-optimization/gcp/NEXT_SESSION.md",".workspaces/surface-optimization/grafana/.gitkeep",".workspaces/surface-optimization/nvidia/NEXT_SESSION.md",".worktrees/MANIFEST.json","AGENTS.md","ATTENTION-npm-ci-orphans.md","CLAUDE.md","DEAD_LETTER_TRIAGE.md","KEYS_NEEDED.md","LEARNINGS.md","LICENSE","Makefile","README.md","SECRETS_SETUP.md","STATUS.md","app/src/components/settings/ModelKeyPanel.tsx","app/src/pages/LoginPage.tsx","app/src/pages/ObservabilityPage.tsx","app/src/utils/environment.ts","assets/icons/erebus_1.png","assets/icons/erebus_2.png","assets/icons/erebus_3.png","assets/icons/erebus_4.png","bifrost-resume.md","biome.json","bootstrap.cmd","eslint-rules/__tests__/no-trivial-assertions.test.mjs","eslint-rules/no-hardcoded-model-id.mjs","eslint-rules/no-trivial-assertions.mjs","eslint.config.mjs","fixtures/semgrep/bad-examples.ts","fixtures/semgrep/handlers-fixture/bad-handler.ts","fixtures/semgrep/src-fixture/bad-worktree-import.ts","infra/claude-hooks/README.md","infra/claude-hooks/aws-cost-gate.py","infra/claude-hooks/aws-cost-gate.sh","infra/claude-hooks/build-staleness-guard.sh","infra/claude-hooks/cf-token-guard.sh","infra/claude-hooks/clear-guard.sh","infra/claude-hooks/context-oracle-init.sh","infra/claude-hooks/install.sh","infra/claude-hooks/no-fabrication-reminder.sh","infra/claude-hooks/push-deploy-reminder.sh","infra/claude-hooks/secret-gate.py","infra/claude-hooks/secret-gate.sh","infra/claude-hooks/settings.json.template","infra/claude-hooks/ship-claim-reminder.sh","infra/launchd/.deprecated/com.mock1ngbb.chrome-cdp.plist","infra/local-obs/.env.example","infra/local-obs/README.md","infra/local-obs/alloy/config.alloy","infra/local-obs/compose.yml","infra/local-obs/grafana/dashboards/claude-code.json","infra/local-obs/grafana/provisioning/alerting/claude-code-alerts.yaml","infra/local-obs/grafana/provisioning/alerting/contact-points.yaml","infra/local-obs/grafana/provisioning/dashboards/provider.yaml","infra/local-obs/grafana/provisioning/datasources/datasources.yaml","infra/local-obs/loki/loki.yaml","infra/local-obs/mimir/mimir.yaml","infra/local-obs/tempo/tempo.yaml","infra/sprites/ci-runner/Dockerfile","infra/sprites/ci-runner/README.md","infra/sprites/ci-runner/entrypoint.sh","knip.json","knip.workspaces.config.ts","memory/2026-04-14-perplexity-win.md","memory/MEMORY.md","meta-beta.md","package-lock.json","package.json","packages/biome-config/README.md","packages/biome-config/biome.json","packages/biome-config/package.json","renovate.json","rules/no-bleached-names.grit","scripts-ambient.d.ts","shared/types/agent.ts","shared/types/env.ts","shared/types/error-schema.ts","shared/types/index.ts","shared/types/job.ts","shared/types/r2-artifacts.ts","shared/types/task.ts","sluagh-manifest.json","src/cli.ts","src/codex-cairn.ts","src/codex-chronicle.ts","src/commands/bench.ts","src/commands/codex.ts","src/commands/perplexity.ts","src/commands/seed.ts","src/commands/verify.ts","src/infra/config.ts","src/models.ts","src/perplexity-client.ts","src/types/codex.ts","src/types/perplexity.ts","src/utils/detective.ts","src/utils/fetch-with-timeout.ts","src/utils/logger.ts","src/utils/retry.ts","src/utils/setup.ts","src/utils/slicer.ts","src/utils/verifier.ts","src/utils/windows.ts","stryker.conf.mjs","test/agent-regression/README.md","test/agent-regression/prompts/perplexity-scrape.txt","test/agent-regression/smoke.sh","test/e2e/browser.setup.ts","test/e2e/smoke.test.ts","tests/_harness/deterministic.ts","tests/_harness/vitest-setup.ts","tests/architecture/README.md","tests/architecture/doom-dealer-only-writer.test.ts","tests/architecture/helpers.ts","tests/architecture/invariant-counter-wired.test.ts","tests/architecture/routed-by-not-null.test.ts","tests/cache-anchor/inject.test.mjs","tests/cache-anchor/loader.test.mjs","tests/cache-anchor/staleness.test.mjs","tests/cf-dns-edit-probe.test.ts","tests/exemplar-curator.test.ts","tests/fixtures/cutover-load/cdp-jobs/01-render-html.json","tests/fixtures/cutover-load/cdp-jobs/02-render-markdown.json","tests/fixtures/cutover-load/cdp-jobs/03-render-screenshot.json","tests/fixtures/cutover-load/cdp-jobs/04-perplexity-render.json","tests/fixtures/cutover-load/cdp-jobs/05-pdf-capture.json","tests/fixtures/cutover-load/cdp-jobs/06-meta-extract.json","tests/fixtures/cutover-load/cdp-jobs/07-render-with-proxy.json","tests/fixtures/cutover-load/cdp-jobs/08-grave-glyph-extract.json","tests/fixtures/cutover-load/cdp-jobs/09-quality-assess.json","tests/fixtures/cutover-load/cdp-jobs/10-batch-render.json","tests/fixtures/cutover-load/queue-messages/01-doc-fetch-sprites-quickstart.json","tests/fixtures/cutover-load/queue-messages/02-doc-fetch-sprites-cli.json","tests/fixtures/cutover-load/queue-messages/03-doc-fetch-fly-machines.json","tests/fixtures/cutover-load/queue-messages/04-doc-fetch-playwright.json","tests/fixtures/cutover-load/queue-messages/05-doc-fetch-cf-workers.json","tests/fixtures/cutover-load/queue-messages/06-doc-fetch-sprites-auth.json","tests/fixtures/cutover-load/queue-messages/07-doc-fetch-fly-deploy.json","tests/fixtures/cutover-load/queue-messages/08-doc-fetch-wrangler.json","tests/fixtures/cutover-load/queue-messages/09-doc-fetch-sprites-llms.json","tests/fixtures/cutover-load/queue-messages/10-doc-fetch-gemini-models.json","tests/fixtures/cutover-load/sluagh-tasks/01-cairn-coder.json","tests/fixtures/cutover-load/sluagh-tasks/02-ritual-reaper.json","tests/fixtures/cutover-load/sluagh-tasks/03-forge-flame.json","tests/fixtures/cutover-load/sluagh-tasks/04-run-command.json","tests/fixtures/cutover-load/sluagh-tasks/05-fetch-url.json","tests/fixtures/cutover-load/sluagh-tasks/06-verify.json","tests/fixtures/cutover-load/sluagh-tasks/07-review.json","tests/fixtures/cutover-load/sluagh-tasks/08-orchestrator.json","tests/fixtures/cutover-load/sluagh-tasks/09-dep-update.json","tests/fixtures/cutover-load/sluagh-tasks/10-attention.json","tests/fixtures/cutover-load/sluagh-tasks/11-echo-eidolon.json","tests/fixtures/cutover-load/sluagh-tasks/12-wyrd-watch.json","tests/fixtures/cutover-load/sluagh-tasks/13-vision-arbiter.json","tests/fixtures/cutover-load/sluagh-tasks/14-xray-herald.json","tests/fixtures/cutover-load/sluagh-tasks/15-arch-reviewer.json","tests/fixtures/cutover-load/sluagh-tasks/16-rift-ingester.json","tests/fixtures/cutover-load/sluagh-tasks/17-grave-guardian.json","tests/fixtures/cutover-load/sluagh-tasks/18-scribe-storm.json","tests/fixtures/cutover-load/sluagh-tasks/19-iron-arbiter.json","tests/fixtures/cutover-load/sluagh-tasks/20-pattern-pilgrim.json","tests/fixtures/cutover-load/webhook-deliveries/INDEX.md","tests/fixtures/cutover-load/webhook-deliveries/README.md","tests/fixtures/cutover-load/webhook-deliveries/pr-admin-ping.json","tests/fixtures/cutover-load/webhook-deliveries/pr-merge-squash.json","tests/fixtures/cutover-load/webhook-deliveries/pr-opened.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-0229376.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-0563968.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-1487488.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-2180992.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-5433984.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-5450880.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-5926272.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-6150400.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-9302912.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-28-9551616.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-4383360.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-5012224.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-8245376.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-8881024.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-8945792.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-9149952.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-9200256.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-9755264.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-29-9804544.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-0563072.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-0595840.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-0909056.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-1520128.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-1960064.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-2289664.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-2633856.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-3589760.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-4554240.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-7120640.json","tests/fixtures/cutover-load/webhook-deliveries/push-2026-04-30-8254592.json","tests/fixtures/cutover-load/webhook-deliveries/push-main-branch.json","tests/fixtures/cutover-load/webhook-deliveries/workflow_run-completed.json","tests/grafana-dashboard-token-scope.test.ts","tests/hooks/rules-session-start.test.mjs","tests/integration/dynamic-sandbox-e2e.ts","tests/integration/prompt-bandit-compiler.test.ts","tests/integration/prompt-compiler.test.ts","tests/integration/rules-enforcement-smoke.ts","tests/test-sdk.ts","tests/uds-put-metadata-allowlist.test.mjs","tools/bf-daemon/.gitignore","tools/bf-daemon/README.md","tools/bf-daemon/cmd/bf/main.go","tools/bf-daemon/cmd/bf-daemon/keychain_darwin.go","tools/bf-daemon/cmd/bf-daemon/keychain_linux.go","tools/bf-daemon/cmd/bf-daemon/main.go","tools/bf-daemon/examples/docker-mount-test.sh","tools/bf-daemon/go.mod","tools/bf-daemon/go.sum","tools/bf-daemon/install/bf-daemon.service","tools/bf-daemon/install/com.bifrost.bf-daemon.plist","tools/bf-daemon/install/install.sh","tools/bf-daemon/internal/annals/client.go","tools/bf-daemon/internal/cache/cache.go","tools/bf-daemon/internal/doctor/bindings.go","tools/bf-daemon/internal/doctor/bindings_test.go","tools/bf-daemon/internal/doctor/doctor.go","tools/bf-daemon/internal/fanout/fanout.go","tools/bf-daemon/internal/ipc/protocol.go","tools/bf-daemon/internal/kv/client.go","tools/bf-daemon/internal/registry/registry.go","tools/bf-daemon/internal/registry/registry_test.go","tools/external-refs.README.md","tools/external-refs.json","tools/external-refs.schema.json","tools/knip-helpers/wrangler-knip.mjs","tsconfig.json","turbo.json","vitest.architecture.config.ts","vitest.config.ts","workers/README.md","workers/annals-of-ankou/.agent/skills/INDEX.md","workers/annals-of-ankou/ARCHITECTURE.md","workers/annals-of-ankou/CLAUDE.md","workers/annals-of-ankou/Dockerfile","workers/annals-of-ankou/package.json","workers/annals-of-ankou/schema.sql","workers/annals-of-ankou/src/archival-cursor.ts","workers/annals-of-ankou/src/build-stamp.ts","workers/annals-of-ankou/src/errata-echo.ts","workers/annals-of-ankou/src/event-reducers.ts","workers/annals-of-ankou/src/event-schema.ts","workers/annals-of-ankou/src/event-upcasters.ts","workers/annals-of-ankou/src/governance-chain.ts","workers/annals-of-ankou/src/governance-sql.ts","workers/annals-of-ankou/src/index.ts","workers/annals-of-ankou/src/projections.ts","workers/annals-of-ankou/src/schemas/git-schemas.ts","workers/annals-of-ankou/test/correlation-trace.test.ts","workers/annals-of-ankou/test/domain-classifier.test.ts","workers/annals-of-ankou/test/event-schema.test.ts","workers/annals-of-ankou/test/event-upcasters.test.ts","workers/annals-of-ankou/test/fixtures/events.json","workers/annals-of-ankou/test/global-setup.ts","workers/annals-of-ankou/test/governance-chain.test.ts","workers/annals-of-ankou/test/integration.test.ts","workers/annals-of-ankou/test/miniflare-env.ts","workers/annals-of-ankou/test/snapshots.test.ts","workers/annals-of-ankou/test/topic-registry.test.ts","workers/annals-of-ankou/tsconfig.json","workers/annals-of-ankou/tsconfig.test.json","workers/annals-of-ankou/vitest.config.ts","workers/annals-of-ankou/wrangler.toml","workers/bifrost-dashboard/CLAUDE.md","workers/bifrost-dashboard/LEARNINGS.md","workers/bifrost-dashboard/package.json","workers/bifrost-dashboard/src/build-stamp.ts","workers/bifrost-dashboard/src/index.ts","workers/bifrost-dashboard/src/pwa-assets.ts","workers/bifrost-dashboard/src/pwa-html.ts","workers/bifrost-dashboard/tsconfig.json","workers/bifrost-dashboard/wrangler.toml","workers/cairn-browser/Dockerfile","workers/cairn-browser/package.json","workers/cairn-browser/src/__tests__/cartomancer-writer.test.ts","workers/cairn-browser/src/__tests__/cdp-routing.test.ts","workers/cairn-browser/src/__tests__/perplexity-parser.test.ts","workers/cairn-browser/src/__tests__/proxy-routing.test.ts","workers/cairn-browser/src/__tests__/teardown.test.ts","workers/cairn-browser/src/banshee-server.ts","workers/cairn-browser/src/build-stamp.ts","workers/cairn-browser/src/cairn-cookie-loader.ts","workers/cairn-browser/src/cairn-overseer.ts","workers/cairn-browser/src/cairn-render.ts","workers/cairn-browser/src/cartomancer-writer.ts","workers/cairn-browser/src/cdp-render.ts","workers/cairn-browser/src/grave-glyph.ts","workers/cairn-browser/src/index.ts","workers/cairn-browser/src/perplexity-parser.ts","workers/cairn-browser/src/phantom-meta.ts","workers/cairn-browser/src/site-selectors.ts","workers/cairn-browser/src/wraith-read.ts","workers/cairn-browser/tsconfig.json","workers/cairn-local/.gitignore","workers/cairn-local/CLAUDE.md","workers/cairn-local/launchd/com.bifrost.cairn-local.plist","workers/cairn-local/package.json","workers/cairn-local/src/auth.ts","workers/cairn-local/src/barrow-reap.ts","workers/cairn-local/src/daemon.ts","workers/cairn-local/src/envelope.ts","workers/cairn-local/src/index.ts","workers/cairn-local/src/scry/safari-spindle.ts","workers/cairn-local/tsconfig.json","workers/cairn-web/migrations/0001_init.sql","workers/cairn-web/migrations/0002_soft_merge.sql","workers/cairn-web/package.json","workers/cairn-web/src/__tests__/batch-adjudicator.test.ts","workers/cairn-web/src/adjudicator.ts","workers/cairn-web/src/auth.ts","workers/cairn-web/src/batch-adjudicator.ts","workers/cairn-web/src/build-stamp.ts","workers/cairn-web/src/index.ts","workers/cairn-web/src/schema.sql","workers/cairn-web/src/types.ts","workers/cairn-web/src/warden.ts","workers/cairn-web/tsconfig.json","workers/cairn-web/wrangler.toml","workers/cartomancer/CLAUDE.md","workers/cartomancer/README.md","workers/cartomancer/package.json","workers/cartomancer/src/__tests__/diff.test.ts","workers/cartomancer/src/__tests__/integration.test.ts","workers/cartomancer/src/__tests__/scanner.test.ts","workers/cartomancer/src/__tests__/schema-migration.test.ts","workers/cartomancer/src/build-stamp.ts","workers/cartomancer/src/diff/surface-diff.ts","workers/cartomancer/src/index.ts","workers/cartomancer/src/routes/__tests__/audit.test.ts","workers/cartomancer/src/routes/audit.ts","workers/cartomancer/src/scanner/manifest-scanner.ts","workers/cartomancer/src/scanner/npm-registry.ts","workers/cartomancer/src/sql-schema.ts","workers/cartomancer/src/types.ts","workers/cartomancer/src/webhooks/__tests__/dockerhub-webhook.test.ts","workers/cartomancer/src/webhooks/__tests__/github-webhook.test.ts","workers/cartomancer/src/webhooks/__tests__/webhook-dedup.test.ts","workers/cartomancer/src/webhooks/dockerhub-webhook.ts","workers/cartomancer/src/webhooks/github-webhook.ts","workers/cartomancer/src/webhooks/npm-cron-poller.ts","workers/cartomancer/src/webhooks/webhook-dedup.ts","workers/cartomancer/src/webhooks/webhook-enqueue.ts","workers/cartomancer/tsconfig.json","workers/cartomancer/vitest.config.ts","workers/cartomancer/wrangler.toml","workers/cf-zone-audit/.gitignore","workers/cf-zone-audit/CLAUDE.md","workers/cf-zone-audit/COMPLIANCE.md","workers/cf-zone-audit/README.md","workers/cf-zone-audit/SECURITY.md","workers/cf-zone-audit/baseline.json","workers/cf-zone-audit/package.json","workers/cf-zone-audit/src/audit.ts","workers/cf-zone-audit/src/auth.ts","workers/cf-zone-audit/src/build-stamp.ts","workers/cf-zone-audit/src/cf-api.ts","workers/cf-zone-audit/src/hash.ts","workers/cf-zone-audit/src/index.ts","workers/cf-zone-audit/src/insights.ts","workers/cf-zone-audit/src/remediate.ts","workers/cf-zone-audit/src/report.ts","workers/cf-zone-audit/src/types.ts","workers/cf-zone-audit/tsconfig.json","workers/cf-zone-audit/wrangler.toml","workers/cicd-intake/CLAUDE.md","workers/cicd-intake/package.json","workers/cicd-intake/src/__tests__/changed-workers.test.ts","workers/cicd-intake/src/__tests__/deploy-manifest.test.ts","workers/cicd-intake/src/__tests__/intake.test.ts","workers/cicd-intake/src/annals-client.ts","workers/cicd-intake/src/bootstrap-secrets.ts","workers/cicd-intake/src/build-stamp.ts","workers/cicd-intake/src/changed-workers.ts","workers/cicd-intake/src/env.ts","workers/cicd-intake/src/hmac-guard.ts","workers/cicd-intake/src/index.ts","workers/cicd-intake/src/manifest-loader.ts","workers/cicd-intake/src/payload-parser.ts","workers/cicd-intake/src/queue-forwarder.ts","workers/cicd-intake/src/repo-registry-client.ts","workers/cicd-intake/src/schemas/deploy-manifest.ts","workers/cicd-intake/tsconfig.json","workers/cicd-intake/vitest.unit.config.ts","workers/cicd-intake/wrangler.toml","workers/cicd-queue/CLAUDE.md","workers/cicd-queue/package.json","workers/cicd-queue/src/__tests__/deploy-targets-fly.test.ts","workers/cicd-queue/src/__tests__/deploy-targets-pages.test.ts","workers/cicd-queue/src/__tests__/deploy-targets-script.test.ts","workers/cicd-queue/src/__tests__/deploy-targets-sprite.test.ts","workers/cicd-queue/src/__tests__/deploy-targets.test.ts","workers/cicd-queue/src/__tests__/dlq-classifier.test.ts","workers/cicd-queue/src/__tests__/dlq-schema.test.ts","workers/cicd-queue/src/__tests__/sprite-lifecycle.test.ts","workers/cicd-queue/src/annals-client.ts","workers/cicd-queue/src/build-stamp.ts","workers/cicd-queue/src/deploy-script-builder.ts","workers/cicd-queue/src/deploy-targets.ts","workers/cicd-queue/src/dlq-classifier.ts","workers/cicd-queue/src/dlq-schema.ts","workers/cicd-queue/src/env.ts","workers/cicd-queue/src/index.ts","workers/cicd-queue/src/queue-do-client.ts","workers/cicd-queue/src/sprite-lifecycle.ts","workers/cicd-queue/src/worker-health-resolver.ts","workers/cicd-queue/tsconfig.json","workers/cicd-queue/vitest.unit.config.ts","workers/cicd-queue/wrangler.toml","workers/context-keepr/CLAUDE.md","workers/context-keepr/package.json","workers/context-keepr/src/__tests__/cloudflare-test-shim.ts","workers/context-keepr/src/__tests__/context-assemble-modes.test.ts","workers/context-keepr/src/__tests__/epic-context-pull.test.ts","workers/context-keepr/src/__tests__/health.test.ts","workers/context-keepr/src/__tests__/miniflare-env.ts","workers/context-keepr/src/__tests__/rule-enforcement.test.ts","workers/context-keepr/src/auto-sync.ts","workers/context-keepr/src/build-stamp.ts","workers/context-keepr/src/context-oracle.ts","workers/context-keepr/src/drift-detector.ts","workers/context-keepr/src/drift-hound.ts","workers/context-keepr/src/epic-context.ts","workers/context-keepr/src/health-scorer.ts","workers/context-keepr/src/index.ts","workers/context-keepr/src/rule-enforcement/aho-corasick.ts","workers/context-keepr/src/rule-enforcement/handlers.ts","workers/context-keepr/src/rule-enforcement/rule-cairn-do.ts","workers/context-keepr/src/rule-enforcement/schema-additions.ts","workers/context-keepr/src/rule-enforcement/types.ts","workers/context-keepr/src/rule-parser.ts","workers/context-keepr/src/schema.ts","workers/context-keepr/src/semantic-retrieval.ts","workers/context-keepr/src/types.ts","workers/context-keepr/tsconfig.json","workers/context-keepr/vitest.config.ts","workers/context-keepr/wrangler.toml","workers/crypt-core/.agent/skills/INDEX.md","workers/crypt-core/CLAUDE.md","workers/crypt-core/LEARNINGS.md","workers/crypt-core/README.md","workers/crypt-core/biome.json","workers/crypt-core/migrations/004-epic-ids.sql","workers/crypt-core/migrations/cost-attribution-v1.sql","workers/crypt-core/migrations/geasgrove-v1.sql","workers/crypt-core/migrations/geasgrove-v2-msi-seed.sql","workers/crypt-core/migrations/geasgrove-v3-breaker.sql","workers/crypt-core/package.json","workers/crypt-core/schema.sql","workers/crypt-core/shared/types/error-schema.ts","workers/crypt-core/src/__tests__/bandit-bane-depth-deterministic.test.ts","workers/crypt-core/src/__tests__/bandit-bane-depth.test.ts","workers/crypt-core/src/__tests__/bandit-bane-race-deterministic.test.ts","workers/crypt-core/src/__tests__/bandit-bane-race.test.ts","workers/crypt-core/src/__tests__/bandit-bane-shadow.test.ts","workers/crypt-core/src/__tests__/bandit-cold-start-fairness.test.ts","workers/crypt-core/src/__tests__/bandit-reward.test.ts","workers/crypt-core/src/__tests__/bayesian-shadow-promoter.test.ts","workers/crypt-core/src/__tests__/budget-bane-chaos.test.ts","workers/crypt-core/src/__tests__/budget-bane.test.ts","workers/crypt-core/src/__tests__/build-stamp-sentinel.test.ts","workers/crypt-core/src/__tests__/bulk-delete.test.ts","workers/crypt-core/src/__tests__/capability-dispatch.test.ts","workers/crypt-core/src/__tests__/capability-registry-drift.test.ts","workers/crypt-core/src/__tests__/capability-tagger.test.ts","workers/crypt-core/src/__tests__/crypto.test.ts","workers/crypt-core/src/__tests__/do-quota-sentinel.test.ts","workers/crypt-core/src/__tests__/docs-ingest-search.test.ts","workers/crypt-core/src/__tests__/doom-chunking-policy.test.ts","workers/crypt-core/src/__tests__/embedding-dedup-gate.test.ts","workers/crypt-core/src/__tests__/event-scribe-gate.test.ts","workers/crypt-core/src/__tests__/event-scribe.test.ts","workers/crypt-core/src/__tests__/events.test.ts","workers/crypt-core/src/__tests__/finetune-event.test.ts","workers/crypt-core/src/__tests__/five-dimension-reward.test.ts","workers/crypt-core/src/__tests__/fly-spawn-machine.test.ts","workers/crypt-core/src/__tests__/gate-feedback-bus-deterministic.test.ts","workers/crypt-core/src/__tests__/gate-feedback-bus.test.ts","workers/crypt-core/src/__tests__/gemini-billing-watchdog.test.ts","workers/crypt-core/src/__tests__/github-glyph.test.ts","workers/crypt-core/src/__tests__/health-endpoint-build-stamp.test.ts","workers/crypt-core/src/__tests__/index.test.ts","workers/crypt-core/src/__tests__/lifecycle.test.ts","workers/crypt-core/src/__tests__/linear-lore.test.ts","workers/crypt-core/src/__tests__/llm-router.test.ts","workers/crypt-core/src/__tests__/model-catalog-antigh-coder-3b.test.ts","workers/crypt-core/src/__tests__/model-catalog-msi-w7.test.ts","workers/crypt-core/src/__tests__/model-catalog-phase1b.test.ts","workers/crypt-core/src/__tests__/prompt-bandit-semantic.test.ts","workers/crypt-core/src/__tests__/purge-attention-guard.test.ts","workers/crypt-core/src/__tests__/route-warden.test.ts","workers/crypt-core/src/__tests__/secrets-read-warden.test.ts","workers/crypt-core/src/__tests__/stale-sentinel-deterministic.test.ts","workers/crypt-core/src/__tests__/stale-sentinel.test.ts","workers/crypt-core/src/__tests__/synthetic-task-ledger-guard.test.ts","workers/crypt-core/src/__tests__/tether-dispatch-admission-gate.test.ts","workers/crypt-core/src/__tests__/tether-dispatch-annals-emit.test.ts","workers/crypt-core/src/__tests__/tether-dispatch.test.ts","workers/crypt-core/src/__tests__/thompson-bane.test.ts","workers/crypt-core/src/__tests__/token-tender.test.ts","workers/crypt-core/src/__tests__/types.test.ts","workers/crypt-core/src/__tests__/webhook.test.ts","workers/crypt-core/src/__tests__/workers-cpu-watchdog.test.ts","workers/crypt-core/src/__tests__/wyrdweaver-idempotent-complete.test.ts","workers/crypt-core/src/_stubs/fly-sprites-stub.ts","workers/crypt-core/src/aegis.ts","workers/crypt-core/src/api/router.ts","workers/crypt-core/src/api/schemas.ts","workers/crypt-core/src/api/validation.ts","workers/crypt-core/src/bandit/route-fingerprint.ts","workers/crypt-core/src/budget-bane.ts","workers/crypt-core/src/build-stamp.ts","workers/crypt-core/src/cairn-codex.ts","workers/crypt-core/src/canary/__tests__/impossible-bench-warden.test.ts","workers/crypt-core/src/canary/impossible-bench-corpus.ts","workers/crypt-core/src/canary/impossible-bench-warden.ts","workers/crypt-core/src/cloudflare-test.d.ts","workers/crypt-core/src/components/ScryingGlassTerminal.svelte","workers/crypt-core/src/crypto/crypt-key-generator.ts","workers/crypt-core/src/durable-objects/__tests__/vault-keeper-v16.test.ts","workers/crypt-core/src/durable-objects/vault-keeper.ts","workers/crypt-core/src/durable-objects/wyrd-tether.ts","workers/crypt-core/src/durable-objects/wyrd-weaver.ts","workers/crypt-core/src/errors/git-object-error.ts","workers/crypt-core/src/errors/github-object-error.ts","workers/crypt-core/src/errors.ts","workers/crypt-core/src/events.ts","workers/crypt-core/src/fly.ts","workers/crypt-core/src/github.ts","workers/crypt-core/src/governance-do.ts","workers/crypt-core/src/handlers/annals-events-read.ts","workers/crypt-core/src/handlers/bifrost-warm-pool.ts","workers/crypt-core/src/handlers/canary-cairn.ts","workers/crypt-core/src/handlers/events-relay.ts","workers/crypt-core/src/handlers/finetune-event.ts","workers/crypt-core/src/handlers/manual-review-deep-link.ts","workers/crypt-core/src/handlers/manual-review-handler.ts","workers/crypt-core/src/handlers/repo-registry-handler.ts","workers/crypt-core/src/handlers/route-override-handler.ts","workers/crypt-core/src/index.ts","workers/crypt-core/src/label-lore.ts","workers/crypt-core/src/llm/anthropic.ts","workers/crypt-core/src/llm/deepseek.ts","workers/crypt-core/src/llm/error-schema.ts","workers/crypt-core/src/llm/factory.ts","workers/crypt-core/src/llm/fireworks.ts","workers/crypt-core/src/llm/gemini.ts","workers/crypt-core/src/llm/groq.ts","workers/crypt-core/src/llm/mistral.ts","workers/crypt-core/src/llm/ollama.ts","workers/crypt-core/src/llm/openai-native.ts","workers/crypt-core/src/llm/perplexity.ts","workers/crypt-core/src/llm/qwen.ts","workers/crypt-core/src/llm/router.ts","workers/crypt-core/src/llm/stream-buffer.ts","workers/crypt-core/src/llm/tether-dispatch.ts","workers/crypt-core/src/llm/together.ts","workers/crypt-core/src/llm/types.ts","workers/crypt-core/src/llm/wyrd-inference.ts","workers/crypt-core/src/llm/zhipu.ts","workers/crypt-core/src/manager/manager-do.ts","workers/crypt-core/src/manager/manager-types.ts","workers/crypt-core/src/middleware/trace-recorder.ts","workers/crypt-core/src/orchestrator/__tests__/alarm-cycle.test.ts","workers/crypt-core/src/orchestrator/__tests__/auto-orchestrator-utils.test.ts","workers/crypt-core/src/orchestrator/__tests__/conflict.test.ts","workers/crypt-core/src/orchestrator/alarm-cycle.ts","workers/crypt-core/src/orchestrator/auto-orchestrator-conflict.ts","workers/crypt-core/src/orchestrator/auto-orchestrator-types.ts","workers/crypt-core/src/orchestrator/auto-orchestrator-utils.ts","workers/crypt-core/src/orchestrator/auto-orchestrator.ts","workers/crypt-core/src/persistence/wyrdweaver.ts","workers/crypt-core/src/router/__tests__/__snapshots__/aws-cost-watchdog.test.ts.snap","workers/crypt-core/src/router/__tests__/admin-health.test.ts","workers/crypt-core/src/router/__tests__/admission-rejection-parser.test.ts","workers/crypt-core/src/router/__tests__/anthropic-disabled-routing-leak.test.ts","workers/crypt-core/src/router/__tests__/attention-archive-endpoint.test.ts","workers/crypt-core/src/router/__tests__/attention-freeze.test.ts","workers/crypt-core/src/router/__tests__/attention-index-sync.test.ts","workers/crypt-core/src/router/__tests__/attention-recycler-failure-analysis.test.ts","workers/crypt-core/src/router/__tests__/attention-recycler-jobid-dedup.test.ts","workers/crypt-core/src/router/__tests__/attention-recycler-jobid-inpass-dedup.test.ts","workers/crypt-core/src/router/__tests__/attention-recycler-orphan-guard.test.ts","workers/crypt-core/src/router/__tests__/attention-rehydrate.test.ts","workers/crypt-core/src/router/__tests__/aws-cost-watchdog.test.ts","workers/crypt-core/src/router/__tests__/aws-pyre-listener.test.ts","workers/crypt-core/src/router/__tests__/bandit-bulk-reset.test.ts","workers/crypt-core/src/router/__tests__/bandit-calibrator-priors.test.ts","workers/crypt-core/src/router/__tests__/bandit-committee-shape.test.ts","workers/crypt-core/src/router/__tests__/bandit-cost-reward.test.ts","workers/crypt-core/src/router/__tests__/bandit-dead-arm.test.ts","workers/crypt-core/src/router/__tests__/bandit-linucb-wiring.test.ts","workers/crypt-core/src/router/__tests__/bandit-manual-mode.test.ts","workers/crypt-core/src/router/__tests__/bandit-persistence.test.ts","workers/crypt-core/src/router/__tests__/bandit-preferences.test.ts","workers/crypt-core/src/router/__tests__/bandit-rng-replay.test.ts","workers/crypt-core/src/router/__tests__/bedrock-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/bedrock-summoner.test.ts","workers/crypt-core/src/router/__tests__/bedrock-wiring.test.ts","workers/crypt-core/src/router/__tests__/billing-reconciler.test.ts","workers/crypt-core/src/router/__tests__/cairn-counter.test.ts","workers/crypt-core/src/router/__tests__/cascade-depth-limiter.test.ts","workers/crypt-core/src/router/__tests__/checkout-steward-lane-filter.test.ts","workers/crypt-core/src/router/__tests__/circuit-shade-jitter-persist.test.ts","workers/crypt-core/src/router/__tests__/comfyui-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/compositor-outcome-aggregator.test.ts","workers/crypt-core/src/router/__tests__/config.test.ts","workers/crypt-core/src/router/__tests__/cost-cairn-alerter.test.ts","workers/crypt-core/src/router/__tests__/create-task-caps.test.ts","workers/crypt-core/src/router/__tests__/cron-heartbeat.test.ts","workers/crypt-core/src/router/__tests__/crypt-keeper.test.ts","workers/crypt-core/src/router/__tests__/d1-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/dependencies-wyrd-tether-wire.test.ts","workers/crypt-core/src/router/__tests__/deploy-queue-do.test.ts","workers/crypt-core/src/router/__tests__/diff-context-snapshotter.test.ts","workers/crypt-core/src/router/__tests__/dispatch-lane-filter.test.ts","workers/crypt-core/src/router/__tests__/dispatch-payload-guard.test.ts","workers/crypt-core/src/router/__tests__/do-write-watchdog.test.ts","workers/crypt-core/src/router/__tests__/doom-ledger-cache-convergence.test.ts","workers/crypt-core/src/router/__tests__/doom-ledger-reward.test.ts","workers/crypt-core/src/router/__tests__/doom-ledger.test.ts","workers/crypt-core/src/router/__tests__/elevenlabs-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/email-mailer.test.ts","workers/crypt-core/src/router/__tests__/enrichment-reward-wiring.test.ts","workers/crypt-core/src/router/__tests__/enrichment-reward.test.ts","workers/crypt-core/src/router/__tests__/epic-edict.test.ts","workers/crypt-core/src/router/__tests__/epic-ids-schema.test.ts","workers/crypt-core/src/router/__tests__/epic-routes.test.ts","workers/crypt-core/src/router/__tests__/escalation-freeze.test.ts","workers/crypt-core/src/router/__tests__/event-scribe-derive-domain.test.ts","workers/crypt-core/src/router/__tests__/event-scribe-drain.test.ts","workers/crypt-core/src/router/__tests__/fal-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/fenrir-failover.test.ts","workers/crypt-core/src/router/__tests__/gate-ghost-epic-shadow.test.ts","workers/crypt-core/src/router/__tests__/gate-lore-keeper.test.ts","workers/crypt-core/src/router/__tests__/geas-breaker.test.ts","workers/crypt-core/src/router/__tests__/github-actions-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/github-glyph-correlation.test.ts","workers/crypt-core/src/router/__tests__/grave-memory.test.ts","workers/crypt-core/src/router/__tests__/grim-gauge.test.ts","workers/crypt-core/src/router/__tests__/grim-graph.test.ts","workers/crypt-core/src/router/__tests__/handler-herald-proxy-annals.test.ts","workers/crypt-core/src/router/__tests__/karpathy-loop.test.ts","workers/crypt-core/src/router/__tests__/knot-guard.test.ts","workers/crypt-core/src/router/__tests__/kv-ops-watchdog.test.ts","workers/crypt-core/src/router/__tests__/lane-dual-write.test.ts","workers/crypt-core/src/router/__tests__/linear-ratelimit-throttle.test.ts","workers/crypt-core/src/router/__tests__/llm-chat-pin-perplexity.test.ts","workers/crypt-core/src/router/__tests__/llm-circuit-persistence.test.ts","workers/crypt-core/src/router/__tests__/manual-claim.test.ts","workers/crypt-core/src/router/__tests__/manual-review-handler.test.ts","workers/crypt-core/src/router/__tests__/migration-tender.test.ts","workers/crypt-core/src/router/__tests__/monthly-cap.test.ts","workers/crypt-core/src/router/__tests__/morrigan-midnight.test.ts","workers/crypt-core/src/router/__tests__/morrigan-shed.test.ts","workers/crypt-core/src/router/__tests__/multi-llm-aggregator.test.ts","workers/crypt-core/src/router/__tests__/norn-node.test.ts","workers/crypt-core/src/router/__tests__/norn-retry.test.ts","workers/crypt-core/src/router/__tests__/north-gate-annals-emission.test.ts","workers/crypt-core/src/router/__tests__/north-gate-failure-modes.test.ts","workers/crypt-core/src/router/__tests__/northgate-canary-seeder.test.ts","workers/crypt-core/src/router/__tests__/openai-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/p2-review-integration.test.ts","workers/crypt-core/src/router/__tests__/phantom-guards.test.ts","workers/crypt-core/src/router/__tests__/phantom-persist-alarm-failures.test.ts","workers/crypt-core/src/router/__tests__/phantom-persist-flush-panic.test.ts","workers/crypt-core/src/router/__tests__/phantom-state.test.ts","workers/crypt-core/src/router/__tests__/pr-e-attention-deprecation.test.ts","workers/crypt-core/src/router/__tests__/provider-validator.test.ts","workers/crypt-core/src/router/__tests__/push-dispatch-integration.test.ts","workers/crypt-core/src/router/__tests__/pyre-prism-check-runs.test.ts","workers/crypt-core/src/router/__tests__/pyre-pulse.test.ts","workers/crypt-core/src/router/__tests__/r2-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/request-schemas.test.ts","workers/crypt-core/src/router/__tests__/resend-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/rift-ingest-annals.test.ts","workers/crypt-core/src/router/__tests__/rift-ingest-pipeline-annals.test.ts","workers/crypt-core/src/router/__tests__/route-override-precedence.test.ts","workers/crypt-core/src/router/__tests__/scope-seeker-annals.test.ts","workers/crypt-core/src/router/__tests__/source-field-roundtrip.test.ts","workers/crypt-core/src/router/__tests__/sprite-dispatch.test.ts","workers/crypt-core/src/router/__tests__/sprite-push-router.test.ts","workers/crypt-core/src/router/__tests__/sprites-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/sql-schema-ddl-guard.test.ts","workers/crypt-core/src/router/__tests__/stale-sentinel-autoarchive-guard.test.ts","workers/crypt-core/src/router/__tests__/stale-sentinel-epic-archive.test.ts","workers/crypt-core/src/router/__tests__/stale-sentinel.test.ts","workers/crypt-core/src/router/__tests__/stale-task-reaper.test.ts","workers/crypt-core/src/router/__tests__/storage-warden.test.ts","workers/crypt-core/src/router/__tests__/suno-billing-watchdog.test.ts","workers/crypt-core/src/router/__tests__/synthetic-guardrails.test.ts","workers/crypt-core/src/router/__tests__/task-attributor.test.ts","workers/crypt-core/src/router/__tests__/task-create-dispatch-roundtrip.test.ts","workers/crypt-core/src/router/__tests__/task-metadata-index.test.ts","workers/crypt-core/src/router/__tests__/task-search.test.ts","workers/crypt-core/src/router/__tests__/tier-bandit.test.ts","workers/crypt-core/src/router/__tests__/tiered-memory-tier-load.test.ts","workers/crypt-core/src/router/__tests__/tithe-toll-breach-notifier.test.ts","workers/crypt-core/src/router/__tests__/tome-tender-bulk-create.test.ts","workers/crypt-core/src/router/__tests__/tome-tender-bulk-update.test.ts","workers/crypt-core/src/router/__tests__/url-warden.test.ts","workers/crypt-core/src/router/__tests__/v-cf-ai-default-max-tokens.test.ts","workers/crypt-core/src/router/__tests__/v-checkout-lifecycle.test.ts","workers/crypt-core/src/router/__tests__/v-dag-invariant.test.ts","workers/crypt-core/src/router/__tests__/v-ingest-warden.test.ts","workers/crypt-core/src/router/__tests__/v-workers-ai-shadow.test.ts","workers/crypt-core/src/router/__tests__/vault-manifest.test.ts","workers/crypt-core/src/router/__tests__/wai-cost-circuit.test.ts","workers/crypt-core/src/router/__tests__/workers-requests-watchdog.test.ts","workers/crypt-core/src/router/__tests__/wraith-dispatch-counterp.test.ts","workers/crypt-core/src/router/__tests__/wraith-dispatch.test.ts","workers/crypt-core/src/router/__tests__/wraith-grim.test.ts","workers/crypt-core/src/router/__tests__/wyrd-tether-await.test.ts","workers/crypt-core/src/router/__tests__/wyrd-tether-race.test.ts","workers/crypt-core/src/router/__tests__/wyrd-tether-snapshot.test.ts","workers/crypt-core/src/router/__tests__/wyrd-weaver-hibernate-persistence.test.ts","workers/crypt-core/src/router/__tests__/wyrd-wheel-alarm.test.ts","workers/crypt-core/src/router/__tests__/wyrd-wheel-bandit-calibration.test.ts","workers/crypt-core/src/router/__tests__/zombie-hygiene.test.ts","workers/crypt-core/src/router/abyss-arbiter.ts","workers/crypt-core/src/router/admin-health-herald.ts","workers/crypt-core/src/router/admission-rejection-parser.ts","workers/crypt-core/src/router/aegis-arbiter.ts","workers/crypt-core/src/router/aegis-herald-types.ts","workers/crypt-core/src/router/aegis-herald.ts","workers/crypt-core/src/router/annals-query.ts","workers/crypt-core/src/router/arcane-archive.ts","workers/crypt-core/src/router/arch-ingestor.ts","workers/crypt-core/src/router/arch-registry-do.ts","workers/crypt-core/src/router/artifacts.ts","workers/crypt-core/src/router/attention-freeze-warden.ts","workers/crypt-core/src/router/attention-migrator.ts","workers/crypt-core/src/router/attention-recycler.ts","workers/crypt-core/src/router/attention-rehydrate.ts","workers/crypt-core/src/router/attribution-embed.ts","workers/crypt-core/src/router/aws-cost-explorer.ts","workers/crypt-core/src/router/aws-cost-watchdog.ts","workers/crypt-core/src/router/aws-pyre-listener.ts","workers/crypt-core/src/router/aws-sigv4.ts","workers/crypt-core/src/router/bandit-bane.ts","workers/crypt-core/src/router/bandit-calibrator.ts","workers/crypt-core/src/router/bandit-committee-shape.ts","workers/crypt-core/src/router/bandit-dead-arm.ts","workers/crypt-core/src/router/bandit-preferences.ts","workers/crypt-core/src/router/bandit-reward.ts","workers/crypt-core/src/router/batch-bandit.ts","workers/crypt-core/src/router/batch-broker.ts","workers/crypt-core/src/router/batch-oracle.ts","workers/crypt-core/src/router/batch-window-bandit.ts","workers/crypt-core/src/router/bayesian-shadow-promoter.ts","workers/crypt-core/src/router/bedrock-billing-watchdog.ts","workers/crypt-core/src/router/bedrock-summoner.ts","workers/crypt-core/src/router/billing-read-herald.ts","workers/crypt-core/src/router/billing-reconciler.ts","workers/crypt-core/src/router/boon-broker.ts","workers/crypt-core/src/router/budget-sentinel.ts","workers/crypt-core/src/router/cache-sentinel.ts","workers/crypt-core/src/router/cairn-chronicle-types.ts","workers/crypt-core/src/router/cairn-chronicle.ts","workers/crypt-core/src/router/cairn-counter.ts","workers/crypt-core/src/router/canary-cairn.ts","workers/crypt-core/src/router/capability-tagger.ts","workers/crypt-core/src/router/cascade-router.ts","workers/crypt-core/src/router/checkout-steward.ts","workers/crypt-core/src/router/cipher-crypt.ts","workers/crypt-core/src/router/circuit-shade.ts","workers/crypt-core/src/router/comfyui-billing-watchdog.ts","workers/crypt-core/src/router/compositor-outcome-aggregator.ts","workers/crypt-core/src/router/config.ts","workers/crypt-core/src/router/constraint-conduit.ts","workers/crypt-core/src/router/contradiction-resolver.ts","workers/crypt-core/src/router/convergence-tracker.ts","workers/crypt-core/src/router/cost-cairn-alerter.ts","workers/crypt-core/src/router/cost-cairn.ts","workers/crypt-core/src/router/cost-guardian.ts","workers/crypt-core/src/router/cost-ledger.ts","workers/crypt-core/src/router/critical-crypt.ts","workers/crypt-core/src/router/cron-heartbeat.ts","workers/crypt-core/src/router/cron-write-profiler.ts","workers/crypt-core/src/router/crypt-keeper.ts","workers/crypt-core/src/router/d1-billing-watchdog.ts","workers/crypt-core/src/router/dag-guard.ts","workers/crypt-core/src/router/decomposition-safety-gate.ts","workers/crypt-core/src/router/dep-tender.ts","workers/crypt-core/src/router/dependencies.ts","workers/crypt-core/src/router/deploy-queue-do.ts","workers/crypt-core/src/router/deploy-queue-types.ts","workers/crypt-core/src/router/diff-context-snapshotter.ts","workers/crypt-core/src/router/direction-warden.ts","workers/crypt-core/src/router/dispatch-controller.ts","workers/crypt-core/src/router/dispatch-payload-guard.ts","workers/crypt-core/src/router/dispatch-warden.ts","workers/crypt-core/src/router/do-quota-sentinel.ts","workers/crypt-core/src/router/do-quota-warden.ts","workers/crypt-core/src/router/do-write-watchdog.ts","workers/crypt-core/src/router/docs-warden.ts","workers/crypt-core/src/router/docs.ts","workers/crypt-core/src/router/doom-ledger-types.ts","workers/crypt-core/src/router/doom-seer.ts","workers/crypt-core/src/router/eidolon-edict.ts","workers/crypt-core/src/router/eidolon-enricher.ts","workers/crypt-core/src/router/elevenlabs-billing-watchdog.ts","workers/crypt-core/src/router/email-mailer.ts","workers/crypt-core/src/router/embedding-dedup-gate.ts","workers/crypt-core/src/router/enrichment-reward.ts","workers/crypt-core/src/router/epic-edict.ts","workers/crypt-core/src/router/epic-routes.ts","workers/crypt-core/src/router/errata-echo.ts","workers/crypt-core/src/router/escalation-gate.ts","workers/crypt-core/src/router/event-scribe.ts","workers/crypt-core/src/router/failure-chain-dag.ts","workers/crypt-core/src/router/fal-billing-watchdog.ts","workers/crypt-core/src/router/family-selector.ts","workers/crypt-core/src/router/federation-herald.ts","workers/crypt-core/src/router/federation-registry.ts","workers/crypt-core/src/router/fenrir-failover.ts","workers/crypt-core/src/router/filelevel-forge.ts","workers/crypt-core/src/router/flock-fissure.ts","workers/crypt-core/src/router/freeze-state.ts","workers/crypt-core/src/router/frontier-fathom.ts","workers/crypt-core/src/router/gap-grimoire.ts","workers/crypt-core/src/router/gate-feedback-bus.ts","workers/crypt-core/src/router/gate-ghost-epic-shadow.ts","workers/crypt-core/src/router/gate-ghost.ts","workers/crypt-core/src/router/gate-lore-keeper.ts","workers/crypt-core/src/router/geas-breaker.ts","workers/crypt-core/src/router/geas-grove.ts","workers/crypt-core/src/router/gemini-billing-watchdog.ts","workers/crypt-core/src/router/github-actions-billing-watchdog.ts","workers/crypt-core/src/router/github-glyph.ts","workers/crypt-core/src/router/glitch-ghoul.ts","workers/crypt-core/src/router/glory-ledger.ts","workers/crypt-core/src/router/grammar-ghost.ts","workers/crypt-core/src/router/grave-memory.ts","workers/crypt-core/src/router/grim-gauge.ts","workers/crypt-core/src/router/grim-graph.ts","workers/crypt-core/src/router/grim-ledger.ts","workers/crypt-core/src/router/grim-sweep.ts","workers/crypt-core/src/router/grimalkin-gauge.ts","workers/crypt-core/src/router/grimoire-relay.ts","workers/crypt-core/src/router/handler-herald.ts","workers/crypt-core/src/router/health-check.ts","workers/crypt-core/src/router/hollow-heal.ts","workers/crypt-core/src/router/idempotency-ward.ts","workers/crypt-core/src/router/ingest-warden.ts","workers/crypt-core/src/router/karpathy-loop.ts","workers/crypt-core/src/router/ken-crypt.ts","workers/crypt-core/src/router/knot-guard.ts","workers/crypt-core/src/router/kv-ops-watchdog.ts","workers/crypt-core/src/router/learning-loop.ts","workers/crypt-core/src/router/linear-lore.ts","workers/crypt-core/src/router/linear-ratelimit-throttle.ts","workers/crypt-core/src/router/linucb-refiner.ts","workers/crypt-core/src/router/llm.ts","workers/crypt-core/src/router/lore-sentinel.ts","workers/crypt-core/src/router/manual-lane-steward.ts","workers/crypt-core/src/router/media-adapters/elevenlabs-adapter.ts","workers/crypt-core/src/router/media-adapters/fal-adapter.ts","workers/crypt-core/src/router/media-adapters/llm-adapter.ts","workers/crypt-core/src/router/media-adapters/poll-oracle.ts","workers/crypt-core/src/router/media-adapters/suno-adapter.ts","workers/crypt-core/src/router/meta-cognitor.ts","workers/crypt-core/src/router/migration-tender.ts","workers/crypt-core/src/router/mimir-oracle.ts","workers/crypt-core/src/router/mimir-scribe.ts","workers/crypt-core/src/router/model-catalog.ts","workers/crypt-core/src/router/monthly-cap.ts","workers/crypt-core/src/router/morrigan-meld.ts","workers/crypt-core/src/router/morrigan-midnight.ts","workers/crypt-core/src/router/morrigan-shed.ts","workers/crypt-core/src/router/multi-llm-aggregator.ts","workers/crypt-core/src/router/myth-maker.ts","workers/crypt-core/src/router/nemesis-escalator.ts","workers/crypt-core/src/router/nemesis-policy.ts","workers/crypt-core/src/router/node-nexus.ts","workers/crypt-core/src/router/norn-node.ts","workers/crypt-core/src/router/norn-retry.ts","workers/crypt-core/src/router/north-gate.ts","workers/crypt-core/src/router/northgate-canary-seeder.ts","workers/crypt-core/src/router/omen-oracle.ts","workers/crypt-core/src/router/omens-scribe.ts","workers/crypt-core/src/router/openai-billing-watchdog.ts","workers/crypt-core/src/router/orchestration-processor.ts","workers/crypt-core/src/router/parallel-dispatch.ts","workers/crypt-core/src/router/pattern-pilgrim.ts","workers/crypt-core/src/router/phantom-cleanup.ts","workers/crypt-core/src/router/phantom-fetch.ts","workers/crypt-core/src/router/phantom-guards.ts","workers/crypt-core/src/router/phantom-persist.ts","workers/crypt-core/src/router/phantom-state.ts","workers/crypt-core/src/router/phase1-ingest-warden.ts","workers/crypt-core/src/router/pipeline-contract-registry.ts","workers/crypt-core/src/router/pipeline-contract.ts","workers/crypt-core/src/router/planes-types.ts","workers/crypt-core/src/router/processor.ts","workers/crypt-core/src/router/project-herald.ts","workers/crypt-core/src/router/project-onboard.ts","workers/crypt-core/src/router/prompt-bandit.ts","workers/crypt-core/src/router/prompt-cluster.ts","workers/crypt-core/src/router/prompt-evolver.ts","workers/crypt-core/src/router/provenance-prism.ts","workers/crypt-core/src/router/provider-health-poller.ts","workers/crypt-core/src/router/provider-health.ts","workers/crypt-core/src/router/provider-validator.ts","workers/crypt-core/src/router/pyre-alert.ts","workers/crypt-core/src/router/pyre-mailer.ts","workers/crypt-core/src/router/pyre-prism.ts","workers/crypt-core/src/router/pyre-pulse.ts","workers/crypt-core/src/router/pyre-remedy.ts","workers/crypt-core/src/router/r2-billing-watchdog.ts","workers/crypt-core/src/router/reaper-timer.ts","workers/crypt-core/src/router/repo-registry.ts","workers/crypt-core/src/router/request-schemas.ts","workers/crypt-core/src/router/resend-billing-watchdog.ts","workers/crypt-core/src/router/retry-wraith.ts","workers/crypt-core/src/router/reward-dimensions.ts","workers/crypt-core/src/router/rift-adapters.ts","workers/crypt-core/src/router/rift-reader.ts","workers/crypt-core/src/router/rift-reaper.ts","workers/crypt-core/src/router/route-decision-cache.ts","workers/crypt-core/src/router/route-override-store.ts","workers/crypt-core/src/router/route-warden.ts","workers/crypt-core/src/router/router-prompt-temperatures.ts","workers/crypt-core/src/router/routing-ledger.ts","workers/crypt-core/src/router/rune-rite.ts","workers/crypt-core/src/router/rune-schema.ts","workers/crypt-core/src/router/runner-down-watchdog.ts","workers/crypt-core/src/router/runner-processor.ts","workers/crypt-core/src/router/runtime-watchdog.ts","workers/crypt-core/src/router/schema-scroll.ts","workers/crypt-core/src/router/scope-seeker.ts","workers/crypt-core/src/router/scribe-shepherd.ts","workers/crypt-core/src/router/secrets-read-warden.ts","workers/crypt-core/src/router/shade-shift.ts","workers/crypt-core/src/router/shadow-pair-observer.ts","workers/crypt-core/src/router/shadow-sentinel.ts","workers/crypt-core/src/router/siege-sigil.ts","workers/crypt-core/src/router/sigil-sentinel.ts","workers/crypt-core/src/router/sns-sig-warden.ts","workers/crypt-core/src/router/specter-steward.ts","workers/crypt-core/src/router/spectral-store.ts","workers/crypt-core/src/router/sprite-admin.ts","workers/crypt-core/src/router/sprite-dispatch.ts","workers/crypt-core/src/router/sprite-pipeline-types.ts","workers/crypt-core/src/router/sprite-promoter.ts","workers/crypt-core/src/router/sprite-push-router.ts","workers/crypt-core/src/router/sprites-billing-watchdog.ts","workers/crypt-core/src/router/sql-schema.ts","workers/crypt-core/src/router/stale-sentinel.ts","workers/crypt-core/src/router/stale-task-reaper.ts","workers/crypt-core/src/router/state-guard.ts","workers/crypt-core/src/router/state-utils.ts","workers/crypt-core/src/router/storage-warden.ts","workers/crypt-core/src/router/suno-billing-watchdog.ts","workers/crypt-core/src/router/sync-sidhe.ts","workers/crypt-core/src/router/synthetic-context.ts","workers/crypt-core/src/router/system-intent.ts","workers/crypt-core/src/router/task-attributor.ts","workers/crypt-core/src/router/task-scorer.ts","workers/crypt-core/src/router/task-search.ts","workers/crypt-core/src/router/task-similarity.ts","workers/crypt-core/src/router/task-thane.ts","workers/crypt-core/src/router/taxonomy.ts","workers/crypt-core/src/router/tco-reward.ts","workers/crypt-core/src/router/thompson-bane.ts","workers/crypt-core/src/router/tiding-thane.ts","workers/crypt-core/src/router/tier-bandit.ts","workers/crypt-core/src/router/tiered-memory.ts","workers/crypt-core/src/router/tithe-toll.ts","workers/crypt-core/src/router/token-tender.ts","workers/crypt-core/src/router/tomb-thane.ts","workers/crypt-core/src/router/tome-tender.ts","workers/crypt-core/src/router/trace-tome.ts","workers/crypt-core/src/router/training-export.ts","workers/crypt-core/src/router/triage-seer.ts","workers/crypt-core/src/router/url-warden.ts","workers/crypt-core/src/router/vault-backup.ts","workers/crypt-core/src/router/vault-herald.ts","workers/crypt-core/src/router/vault-manifest.ts","workers/crypt-core/src/router/void-venture.ts","workers/crypt-core/src/router/ward-gate.ts","workers/crypt-core/src/router/watchdog-processor.ts","workers/crypt-core/src/router/webhook-warden.ts","workers/crypt-core/src/router/webhooks.ts","workers/crypt-core/src/router/workers-cpu-watchdog.ts","workers/crypt-core/src/router/workers-requests-watchdog.ts","workers/crypt-core/src/router/wraith-dispatch.ts","workers/crypt-core/src/router/wraith-grim.ts","workers/crypt-core/src/router/wraith-hunter.ts","workers/crypt-core/src/router/wraith-poll.ts","workers/crypt-core/src/router/wraith-reaper.ts","workers/crypt-core/src/router/wraith-vitals.ts","workers/crypt-core/src/router/wraith-warden.ts","workers/crypt-core/src/router/writ-ward.ts","workers/crypt-core/src/router/wyrd-scorer.ts","workers/crypt-core/src/router/wyrd-vigil.ts","workers/crypt-core/src/router/wyrd-wheel.ts","workers/crypt-core/src/router/wyrd-work.ts","workers/crypt-core/src/router/xray-oracle.ts","workers/crypt-core/src/router-do.ts","workers/crypt-core/src/schemas.ts","workers/crypt-core/src/scope-ingestion/document-ingest.schema.ts","workers/crypt-core/src/services/sluagh-cot-reasoning.ts","workers/crypt-core/src/sprites/__tests__/sprite-checkpoints.test.ts","workers/crypt-core/src/sprites/__tests__/sprite-pool.test.ts","workers/crypt-core/src/sprites/sprite-checkpoint-wiring.ts","workers/crypt-core/src/sprites/sprite-checkpoints.ts","workers/crypt-core/src/sprites/sprite-pool-client.ts","workers/crypt-core/src/sprites/sprite-pool-do.ts","workers/crypt-core/src/sprites/sprite-pool-schema.ts","workers/crypt-core/src/sprites/sprite-pool-stub.ts","workers/crypt-core/src/sprites/sprites-client.ts","workers/crypt-core/src/telemetry/wyrdweaver.ts","workers/crypt-core/src/templates/bandit-export.ts.template","workers/crypt-core/src/templates/bifrost-adapter.py.template","workers/crypt-core/src/templates/bifrost-adapter.ts.template","workers/crypt-core/src/templates/grimoire-relay.py.template","workers/crypt-core/src/templates/grimoire-relay.ts.template","workers/crypt-core/src/types/dispatch.ts","workers/crypt-core/src/types/linear.ts","workers/crypt-core/src/types/queue-envelope.ts","workers/crypt-core/src/types.ts","workers/crypt-core/src/utils/crypto.ts","workers/crypt-core/src/utils/secret.ts","workers/crypt-core/src/websocket/protocol.ts","workers/crypt-core/static/index.html","workers/crypt-core/static/terminal.css","workers/crypt-core/tsconfig.eslint.json","workers/crypt-core/tsconfig.json","workers/crypt-core/vitest.config.ts","workers/crypt-core/vitest.unit.config.ts","workers/crypt-core/worker-configuration.d.ts","workers/crypt-core/wrangler.toml","workers/doom-dealer/package.json","workers/doom-dealer/src/__tests__/local-inference-route.test.ts","workers/doom-dealer/src/__tests__/promote-enqueue.test.ts","workers/doom-dealer/src/auth.ts","workers/doom-dealer/src/build-stamp.ts","workers/doom-dealer/src/chunking-policy.ts","workers/doom-dealer/src/enqueue.ts","workers/doom-dealer/src/index.ts","workers/doom-dealer/src/types.ts","workers/doom-dealer/src/warden.ts","workers/doom-dealer/tsconfig.json","workers/doom-dealer/wrangler.toml","workers/drift-warden/CLAUDE.md","workers/drift-warden/package.json","workers/drift-warden/src/__tests__/wraith-cron-liveness.test.ts","workers/drift-warden/src/alert-forwarder.ts","workers/drift-warden/src/bayesian-ewma.ts","workers/drift-warden/src/build-stamp.ts","workers/drift-warden/src/index.ts","workers/drift-warden/src/multivariate-cpd.ts","workers/drift-warden/src/schema.sql","workers/drift-warden/src/types.ts","workers/drift-warden/src/wl-cusum.ts","workers/drift-warden/src/wraith-cron-liveness.ts","workers/drift-warden/tsconfig.json","workers/drift-warden/vitest.config.ts","workers/drift-warden/wrangler.toml","workers/erebus/SMOKE.md","workers/erebus/package.json","workers/erebus/src/__tests__/epic-overview-tile.test.js","workers/erebus/src/__tests__/pwa.test.js","workers/erebus/src/build-stamp.js","workers/erebus/src/worker.js","workers/erebus/vitest.config.ts","workers/erebus/wrangler.toml","workers/fly-log-shipper/Dockerfile","workers/fly-log-shipper/vector.toml","workers/ft-model-scout/package.json","workers/ft-model-scout/src/build-stamp.ts","workers/ft-model-scout/src/event-emitter.ts","workers/ft-model-scout/src/hf-poller.ts","workers/ft-model-scout/src/index.ts","workers/ft-model-scout/src/kv-writer.ts","workers/ft-model-scout/src/ollama-poller.ts","workers/ft-model-scout/src/vram-estimator.ts","workers/ft-model-scout/tsconfig.json","workers/ft-model-scout/wrangler.toml","workers/grafana-alloy/Dockerfile","workers/grafana-alloy/config.alloy","workers/grimoire/CLAUDE.md","workers/grimoire/package.json","workers/grimoire/src/__tests__/grave-grimoire.test.ts","workers/grimoire/src/__tests__/memory-delta-compare.test.ts","workers/grimoire/src/__tests__/shadow-arms-metric.test.ts","workers/grimoire/src/bandit-arms.ts","workers/grimoire/src/build-stamp.ts","workers/grimoire/src/dashboard.ts","workers/grimoire/src/federation.ts","workers/grimoire/src/grave-grimoire.ts","workers/grimoire/src/index.ts","workers/grimoire/src/insights.ts","workers/grimoire/src/learned-constraints.ts","workers/grimoire/src/memory-delta-compare.ts","workers/grimoire/src/merger.ts","workers/grimoire/src/normalize.ts","workers/grimoire/src/route-decision-cache.ts","workers/grimoire/src/schema.sql","workers/grimoire/src/shadow-arms.ts","workers/grimoire/src/types.ts","workers/grimoire/tsconfig.json","workers/grimoire/vitest.config.ts","workers/grimoire/wrangler.toml","workers/hidden-hoard/CLAUDE.md","workers/hidden-hoard/README.md","workers/hidden-hoard/package.json","workers/hidden-hoard/src/__tests__/cache-roundtrip.test.ts","workers/hidden-hoard/src/index.ts","workers/hidden-hoard/tsconfig.json","workers/hidden-hoard/vitest.config.ts","workers/hidden-hoard/wrangler.toml","workers/iron-scale/package.json","workers/iron-scale/src/asymmetry-analyzer.ts","workers/iron-scale/src/construct-deconstructor.ts","workers/iron-scale/src/index.ts","workers/iron-scale/src/precedent-tracker.ts","workers/iron-scale/src/pressure-engine.ts","workers/iron-scale/src/rage-channeler.ts","workers/iron-scale/src/schema.sql","workers/iron-scale/src/types.ts","workers/iron-scale/tsconfig.json","workers/iron-scale/wrangler.toml","workers/lich-gate/CLAUDE.md","workers/lich-gate/README.md","workers/lich-gate/package.json","workers/lich-gate/src/__tests__/index.test.ts","workers/lich-gate/src/build-stamp.ts","workers/lich-gate/src/event-parser.ts","workers/lich-gate/src/github-status.ts","workers/lich-gate/src/hmac-verify.ts","workers/lich-gate/src/index.ts","workers/lich-gate/src/runner-enqueue.ts","workers/lich-gate/src/types.ts","workers/lich-gate/tsconfig.json","workers/lich-gate/vitest.config.ts","workers/lich-gate/wrangler.toml","workers/lore-watcher/CLAUDE.md","workers/lore-watcher/migrations/0001_feed_metrics.sql","workers/lore-watcher/migrations/0002_feed_errors.sql","workers/lore-watcher/package.json","workers/lore-watcher/src/__tests__/feed-harvester.test.ts","workers/lore-watcher/src/__tests__/provider-status.test.ts","workers/lore-watcher/src/build-stamp.ts","workers/lore-watcher/src/crypt-fetch.ts","workers/lore-watcher/src/differ.ts","workers/lore-watcher/src/feed-discovery.ts","workers/lore-watcher/src/feed-harvester.ts","workers/lore-watcher/src/feed-health.ts","workers/lore-watcher/src/impact-classifier.ts","workers/lore-watcher/src/index.ts","workers/lore-watcher/src/ingestor.ts","workers/lore-watcher/src/leaderboard-scraper.ts","workers/lore-watcher/src/migrate-v2.sql","workers/lore-watcher/src/model-differ.ts","workers/lore-watcher/src/model-scraper-providers.ts","workers/lore-watcher/src/model-scraper.ts","workers/lore-watcher/src/provider-status.ts","workers/lore-watcher/src/pypi-scraper.ts","workers/lore-watcher/src/research-feeds.ts","workers/lore-watcher/src/schema.sql","workers/lore-watcher/src/seed.sql","workers/lore-watcher/src/types.ts","workers/lore-watcher/src/webhook-push.ts","workers/lore-watcher/tsconfig.json","workers/lore-watcher/wrangler.toml","workers/phantom-forge/ats-resume-template.ts","workers/phantom-forge/package.json","workers/phantom-forge/src/__tests__/forge-lifecycle.test.ts","workers/phantom-forge/src/__tests__/miniflare-env.ts","workers/phantom-forge/src/actor-engine.ts","workers/phantom-forge/src/budget-engine.ts","workers/phantom-forge/src/cast-engine.ts","workers/phantom-forge/src/compositor-bridge.ts","workers/phantom-forge/src/director-engine.ts","workers/phantom-forge/src/grave-weave.ts","workers/phantom-forge/src/index.ts","workers/phantom-forge/src/interactive-engine.ts","workers/phantom-forge/src/narrative-nexus.ts","workers/phantom-forge/src/producer-engine.ts","workers/phantom-forge/src/schema.sql","workers/phantom-forge/src/script-engine.ts","workers/phantom-forge/src/sql.d.ts","workers/phantom-forge/src/types.ts","workers/phantom-forge/tsconfig.json","workers/phantom-forge/vitest.config.ts","workers/phantom-forge/wrangler.toml","workers/queue-sentinel/package.json","workers/queue-sentinel/src/backpressure.ts","workers/queue-sentinel/src/build-stamp.ts","workers/queue-sentinel/src/index.ts","workers/queue-sentinel/src/queue-consumer.ts","workers/queue-sentinel/src/sentinel-env.ts","workers/queue-sentinel/tsconfig.json","workers/queue-sentinel/wrangler.toml","workers/rune-relay/.agent/skills/INDEX.md","workers/rune-relay/CLAUDE.md","workers/rune-relay/DEPLOY.md","workers/rune-relay/README.md","workers/rune-relay/package.json","workers/rune-relay/shared/types/job.ts","workers/rune-relay/src/build-stamp.ts","workers/rune-relay/src/errata-echo.ts","workers/rune-relay/src/index.ts","workers/rune-relay/src/linear-batch-client.ts","workers/rune-relay/tsconfig.json","workers/rune-relay/vitest.config.ts","workers/rune-relay/worker-configuration.d.ts","workers/rune-relay/wrangler.toml","workers/sage-counsel/CLAUDE.md","workers/sage-counsel/package.json","workers/sage-counsel/src/__tests__/balance-barrow.test.ts","workers/sage-counsel/src/balance-barrow.ts","workers/sage-counsel/src/coach.ts","workers/sage-counsel/src/dire-graph-seed.ts","workers/sage-counsel/src/dire-graph-types.ts","workers/sage-counsel/src/dire-graph.ts","workers/sage-counsel/src/grim-grammar-seed.ts","workers/sage-counsel/src/grim-grammar-types.ts","workers/sage-counsel/src/grim-grammar.ts","workers/sage-counsel/src/index.ts","workers/sage-counsel/src/methodology-bandit.ts","workers/sage-counsel/src/schema.sql","workers/sage-counsel/src/subgraph-bandit.ts","workers/sage-counsel/src/training-pipeline.ts","workers/sage-counsel/src/training-types.ts","workers/sage-counsel/src/types.ts","workers/sage-counsel/tsconfig.json","workers/sage-counsel/wrangler.toml","workers/seed-storm/CLAUDE.md","workers/seed-storm/package.json","workers/seed-storm/src/architect.ts","workers/seed-storm/src/compositor-bridge.ts","workers/seed-storm/src/concept-amplifier.ts","workers/seed-storm/src/concept-graph.ts","workers/seed-storm/src/domain-researcher.ts","workers/seed-storm/src/idea-incubator.ts","workers/seed-storm/src/index.ts","workers/seed-storm/src/repo-scanner.ts","workers/seed-storm/src/scope-estimator.ts","workers/seed-storm/src/seed-parser.ts","workers/seed-storm/src/task-decomposer.ts","workers/seed-storm/src/types.ts","workers/seed-storm/tsconfig.json","workers/seed-storm/wrangler.toml","workers/shared/__tests__/cf-token-resolver.test.ts","workers/shared/__tests__/kv-envelope.test.ts","workers/shared/__tests__/prompt-validation.test.ts","workers/shared/auth.ts","workers/shared/cf-token-resolver.ts","workers/shared/kv-envelope.ts","workers/shared/observability/invariant-counter.ts","workers/shared/prompt-validation.ts","workers/shared/pyre-mailer.ts","workers/shared/safe-json.ts","workers/shared/specter-client.ts","workers/shared/sprite-wait-for-job.ts","workers/shared/trace-weave.ts","workers/sidhe-spark/CLAUDE.md","workers/sidhe-spark/package.json","workers/sidhe-spark/src/__tests__/sidhe-handlers.test.ts","workers/sidhe-spark/src/autoscaler-metrics.ts","workers/sidhe-spark/src/build-stamp.ts","workers/sidhe-spark/src/index.ts","workers/sidhe-spark/src/reaper-timer.ts","workers/sidhe-spark/src/sidhe-attention.ts","workers/sidhe-spark/src/sidhe-config.ts","workers/sidhe-spark/src/sidhe-dispatch.ts","workers/sidhe-spark/src/sidhe-handlers.ts","workers/sidhe-spark/tsconfig.json","workers/sidhe-spark/vitest.config.ts","workers/sidhe-spark/wrangler.toml","workers/sluagh-sprite-runtime/Dockerfile","workers/sluagh-sprite-runtime/README.md","workers/sluagh-sprite-runtime/fly.toml","workers/sluagh-sprite-runtime/package.json","workers/sluagh-sprite-runtime/src/__tests__/research-handler.test.ts","workers/sluagh-sprite-runtime/src/__tests__/result-delivery.test.ts","workers/sluagh-sprite-runtime/src/__tests__/verify-handler.test.ts","workers/sluagh-sprite-runtime/src/build-stamp.ts","workers/sluagh-sprite-runtime/src/config.ts","workers/sluagh-sprite-runtime/src/handler-registry.ts","workers/sluagh-sprite-runtime/src/handlers/echo-handler.ts","workers/sluagh-sprite-runtime/src/handlers/fetch-url-handler.ts","workers/sluagh-sprite-runtime/src/handlers/research-handler.ts","workers/sluagh-sprite-runtime/src/handlers/verify-handler.ts","workers/sluagh-sprite-runtime/src/index.ts","workers/sluagh-sprite-runtime/src/job-types.ts","workers/sluagh-sprite-runtime/src/result-delivery.ts","workers/sluagh-sprite-runtime/src/server.ts","workers/sluagh-sprite-runtime/tsconfig.json","workers/sluagh-sprite-runtime/vitest.config.ts","workers/sluagh-swarm/.agent/skills/INDEX.md","workers/sluagh-swarm/.dockerignore","workers/sluagh-swarm/.gitignore","workers/sluagh-swarm/.trivyignore","workers/sluagh-swarm/CLAUDE.md","workers/sluagh-swarm/Dockerfile","workers/sluagh-swarm/LEARNINGS.md","workers/sluagh-swarm/README.md","workers/sluagh-swarm/biome.json","workers/sluagh-swarm/knip.config.ts","workers/sluagh-swarm/knip.json","workers/sluagh-swarm/package.json","workers/sluagh-swarm/pnpm-lock.yaml","workers/sluagh-swarm/runtime/warm-pool-server.js","workers/sluagh-swarm/spike/provision-sluagh-test-1.ts","workers/sluagh-swarm/src/ScryingGlass.svelte","workers/sluagh-swarm/src/__tests__/annals-reporter-correlation.test.ts","workers/sluagh-swarm/src/__tests__/bandit-race-conditions.test.ts","workers/sluagh-swarm/src/__tests__/bandit-state-store.test.ts","workers/sluagh-swarm/src/__tests__/biome-report-parser.test.ts","workers/sluagh-swarm/src/__tests__/cache-hit-reward.test.ts","workers/sluagh-swarm/src/__tests__/claim-cairn.test.ts","workers/sluagh-swarm/src/__tests__/compositor-deadlock-detector.test.ts","workers/sluagh-swarm/src/__tests__/cost-micros-plumbing.test.ts","workers/sluagh-swarm/src/__tests__/dag-idempotencystress.test.ts","workers/sluagh-swarm/src/__tests__/dag-mutableeditrace.test.ts","workers/sluagh-swarm/src/__tests__/dag-nodefaultchaos.test.ts","workers/sluagh-swarm/src/__tests__/dag-partialreplay.test.ts","workers/sluagh-swarm/src/__tests__/dag-topochaos.test.ts","workers/sluagh-swarm/src/__tests__/dag-weaver-emit.test.ts","workers/sluagh-swarm/src/__tests__/doom-dispatch-branch-guard.test.ts","workers/sluagh-swarm/src/__tests__/elastic-dispatch-integration.test.ts","workers/sluagh-swarm/src/__tests__/fail-loud-smoke.test.ts","workers/sluagh-swarm/src/__tests__/forge-flame.test.ts","workers/sluagh-swarm/src/__tests__/handlers/safety-classify.test.ts","workers/sluagh-swarm/src/__tests__/mab-reward-loop.test.ts","workers/sluagh-swarm/src/__tests__/metrics-exporter-smoke.test.ts","workers/sluagh-swarm/src/__tests__/ogham.test.ts","workers/sluagh-swarm/src/__tests__/orchestrator-parity.test.ts","workers/sluagh-swarm/src/__tests__/reaper-timer.test.ts","workers/sluagh-swarm/src/__tests__/reckoner-consumer.test.ts","workers/sluagh-swarm/src/__tests__/ritual-reaper.test.ts","workers/sluagh-swarm/src/__tests__/self-converse-compositor.test.ts","workers/sluagh-swarm/src/__tests__/session-health-race.test.ts","workers/sluagh-swarm/src/__tests__/shadow-guard.test.ts","workers/sluagh-swarm/src/__tests__/size-classifier.test.ts","workers/sluagh-swarm/src/__tests__/sprite-warden-cutover.integration.test.ts","workers/sluagh-swarm/src/__tests__/swarm-tracer.test.ts","workers/sluagh-swarm/src/__tests__/synthetic-propagation.test.ts","workers/sluagh-swarm/src/__tests__/worktree-lifecycle-wire.test.ts","workers/sluagh-swarm/src/annals-reporter.ts","workers/sluagh-swarm/src/bandit-state-store.ts","workers/sluagh-swarm/src/bootstrap.ts","workers/sluagh-swarm/src/build-stamp.ts","workers/sluagh-swarm/src/config/cipher-crypt.ts","workers/sluagh-swarm/src/config/index.ts","workers/sluagh-swarm/src/config/kv-client.ts","workers/sluagh-swarm/src/direct-llm-client.ts","workers/sluagh-swarm/src/docs-client.ts","workers/sluagh-swarm/src/doom-dispatch.ts","workers/sluagh-swarm/src/drain-bootstrap.ts","workers/sluagh-swarm/src/errata-echo.ts","workers/sluagh-swarm/src/errors/__tests__/failure-classifier.test.ts","workers/sluagh-swarm/src/errors/failure-classifier.ts","workers/sluagh-swarm/src/events/event-store-client.ts","workers/sluagh-swarm/src/forge-flame.ts","workers/sluagh-swarm/src/handler-registry.ts","workers/sluagh-swarm/src/handlers/__tests__/cairn-coder.test.ts","workers/sluagh-swarm/src/handlers/__tests__/cairn-workspace.test.ts","workers/sluagh-swarm/src/handlers/__tests__/handlers.test.ts","workers/sluagh-swarm/src/handlers/__tests__/wyrd-watch.test.ts","workers/sluagh-swarm/src/handlers/arch-decomposer.ts","workers/sluagh-swarm/src/handlers/arch-reviewer.ts","workers/sluagh-swarm/src/handlers/banshee-blighter.ts","workers/sluagh-swarm/src/handlers/batch-continuation.ts","workers/sluagh-swarm/src/handlers/cairn-coder/__test-helpers__/clean-git-env.ts","workers/sluagh-swarm/src/handlers/cairn-coder/__tests__/__test-helpers__/clean-git-env.ts","workers/sluagh-swarm/src/handlers/cairn-coder/__tests__/orphan-detection.test.ts","workers/sluagh-swarm/src/handlers/cairn-coder/__tests__/reachability-gate.test.ts","workers/sluagh-swarm/src/handlers/cairn-coder/__tests__/test-delta-gate.test.ts","workers/sluagh-swarm/src/handlers/cairn-coder/diff-repair.ts","workers/sluagh-swarm/src/handlers/cairn-coder/fs-helpers.ts","workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/changed-tests-gate.test.ts","workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/patch-coverage-gate.test.ts","workers/sluagh-swarm/src/handlers/cairn-coder/gates/__tests__/reachability-gate.test.ts","workers/sluagh-swarm/src/handlers/cairn-coder/gates/changed-tests-gate.ts","workers/sluagh-swarm/src/handlers/cairn-coder/gates/patch-coverage-gate.ts","workers/sluagh-swarm/src/handlers/cairn-coder/gates/reachability-gate.ts","workers/sluagh-swarm/src/handlers/cairn-coder/host-diagnostics.ts","workers/sluagh-swarm/src/handlers/cairn-coder/index.ts","workers/sluagh-swarm/src/handlers/cairn-coder/npm-ci-watcher.ts","workers/sluagh-swarm/src/handlers/cairn-coder/orphan-detection.ts","workers/sluagh-swarm/src/handlers/cairn-coder/pr-body-builder.ts","workers/sluagh-swarm/src/handlers/cairn-coder/prompts.ts","workers/sluagh-swarm/src/handlers/cairn-coder/quality-gate-runner.ts","workers/sluagh-swarm/src/handlers/cairn-coder/reachability-gate.ts","workers/sluagh-swarm/src/handlers/cairn-coder/slop-detection.ts","workers/sluagh-swarm/src/handlers/cairn-coder/test-delta-gate.ts","workers/sluagh-swarm/src/handlers/cairn-coder.ts","workers/sluagh-swarm/src/handlers/cairn-context-cache.ts","workers/sluagh-swarm/src/handlers/cairn-context-trimmer.ts","workers/sluagh-swarm/src/handlers/cairn-file-discovery.ts","workers/sluagh-swarm/src/handlers/cairn-lats.ts","workers/sluagh-swarm/src/handlers/cairn-workspace.ts","workers/sluagh-swarm/src/handlers/dep-dredge.ts","workers/sluagh-swarm/src/handlers/echo-eidolon.ts","workers/sluagh-swarm/src/handlers/fetch-url-handler.ts","workers/sluagh-swarm/src/handlers/forge-phantasm.ts","workers/sluagh-swarm/src/handlers/grave-guardian.ts","workers/sluagh-swarm/src/handlers/iron-arbiter.ts","workers/sluagh-swarm/src/handlers/lore-library.ts","workers/sluagh-swarm/src/handlers/memory-delta-cost.ts","workers/sluagh-swarm/src/handlers/north-sentinel.ts","workers/sluagh-swarm/src/handlers/orchestrator-handler.ts","workers/sluagh-swarm/src/handlers/pattern-pilgrim.ts","workers/sluagh-swarm/src/handlers/r2-archivist.ts","workers/sluagh-swarm/src/handlers/r2-d1-provisioner.ts","workers/sluagh-swarm/src/handlers/review-handler.ts","workers/sluagh-swarm/src/handlers/rift-ingester.ts","workers/sluagh-swarm/src/handlers/ritual-reaper.ts","workers/sluagh-swarm/src/handlers/run-command-handler.ts","workers/sluagh-swarm/src/handlers/runner-revenant.ts","workers/sluagh-swarm/src/handlers/safety-classify.ts","workers/sluagh-swarm/src/handlers/scribe-storm.ts","workers/sluagh-swarm/src/handlers/self-converse-compositor/deadlock-detector.ts","workers/sluagh-swarm/src/handlers/self-converse-compositor.ts","workers/sluagh-swarm/src/handlers/shade-shifter.ts","workers/sluagh-swarm/src/handlers/specter-smith.ts","workers/sluagh-swarm/src/handlers/storm-sower.ts","workers/sluagh-swarm/src/handlers/veil-pdfcaster.ts","workers/sluagh-swarm/src/handlers/veil-screenshotter.ts","workers/sluagh-swarm/src/handlers/verify-handler.ts","workers/sluagh-swarm/src/handlers/vision-arbiter.ts","workers/sluagh-swarm/src/handlers/void-vanguard.ts","workers/sluagh-swarm/src/handlers/wyrd-watch.ts","workers/sluagh-swarm/src/handlers/xray-herald.ts","workers/sluagh-swarm/src/healing/failure-classifier.ts","workers/sluagh-swarm/src/healing/healing-events.ts","workers/sluagh-swarm/src/healing/recycle-context.ts","workers/sluagh-swarm/src/healing/remediation-map.ts","workers/sluagh-swarm/src/healing/self-healing-middleware.ts","workers/sluagh-swarm/src/healing/session-health.ts","workers/sluagh-swarm/src/heimdall-trace.ts","workers/sluagh-swarm/src/index.ts","workers/sluagh-swarm/src/ingestor.ts","workers/sluagh-swarm/src/llm-client.ts","workers/sluagh-swarm/src/metrics/queue-depth-exporter.ts","workers/sluagh-swarm/src/network.ts","workers/sluagh-swarm/src/ogham-executor.ts","workers/sluagh-swarm/src/ogham-types.ts","workers/sluagh-swarm/src/ogham.ts","workers/sluagh-swarm/src/otlp-exporter.ts","workers/sluagh-swarm/src/prompts/cairn-coder/compiler-integration.ts","workers/sluagh-swarm/src/prompts/cairn-coder.compiled.ts","workers/sluagh-swarm/src/prompts/llama-guard-categories.ts","workers/sluagh-swarm/src/prompts/size-classifier.ts","workers/sluagh-swarm/src/reaper-timer.ts","workers/sluagh-swarm/src/reckoner-consumer.ts","workers/sluagh-swarm/src/router-registration.ts","workers/sluagh-swarm/src/runtime/wraith-vigil.ts","workers/sluagh-swarm/src/schemas/job-payloads.ts","workers/sluagh-swarm/src/sprite-drain-idle.ts","workers/sluagh-swarm/src/stores/spectral-client.ts","workers/sluagh-swarm/src/stores/system-context-cache.ts","workers/sluagh-swarm/src/swarm-tracer.ts","workers/sluagh-swarm/src/terminal/pty-handler.ts","workers/sluagh-swarm/src/training/export-training.ts","workers/sluagh-swarm/src/training/good-patterns.ts","workers/sluagh-swarm/src/utils/__tests__/dag-weaver.test.ts","workers/sluagh-swarm/src/utils/__tests__/memory-probe.test.ts","workers/sluagh-swarm/src/utils/__tests__/post-mortem-detector.test.ts","workers/sluagh-swarm/src/utils/biome-report-parser.ts","workers/sluagh-swarm/src/utils/cairn-checkpoint.ts","workers/sluagh-swarm/src/utils/claim-cairn.ts","workers/sluagh-swarm/src/utils/context-delta-cache.ts","workers/sluagh-swarm/src/utils/dag-weaver.ts","workers/sluagh-swarm/src/utils/event-scribe.ts","workers/sluagh-swarm/src/utils/glyph-grafter.ts","workers/sluagh-swarm/src/utils/handler-context.ts","workers/sluagh-swarm/src/utils/memory-probe.ts","workers/sluagh-swarm/src/utils/post-mortem-detector.ts","workers/sluagh-swarm/src/utils/shadow-sentinel.ts","workers/sluagh-swarm/src/utils/sluagh-pyre-mailer.ts","workers/sluagh-swarm/src/utils/sprite-warden.ts","workers/sluagh-swarm/src/utils/tool-ledger.ts","workers/sluagh-swarm/src/utils/worktree-cache.ts","workers/sluagh-swarm/src/validation/dispatch-payload.ts","workers/sluagh-swarm/tsconfig.eslint.json","workers/sluagh-swarm/tsconfig.json","workers/spec-herald/CLAUDE.md","workers/spec-herald/package.json","workers/spec-herald/src/__tests__/markdown.test.ts","workers/spec-herald/src/approval.ts","workers/spec-herald/src/arch.ts","workers/spec-herald/src/build-stamp.ts","workers/spec-herald/src/github-sync.ts","workers/spec-herald/src/github.ts","workers/spec-herald/src/index.ts","workers/spec-herald/src/markdown.ts","workers/spec-herald/src/spec-graph.ts","workers/spec-herald/src/types.ts","workers/spec-herald/tsconfig.json","workers/spec-herald/vitest.config.ts","workers/spec-herald/wrangler.toml","workers/specter-spout/CLAUDE.md","workers/specter-spout/client/specter-client.ts","workers/specter-spout/package.json","workers/specter-spout/src/__tests__/glsa-token-block.test.ts","workers/specter-spout/src/__tests__/miniflare-env.ts","workers/specter-spout/src/__tests__/specter-ingest.test.ts","workers/specter-spout/src/build-stamp.ts","workers/specter-spout/src/index.ts","workers/specter-spout/src/log-drain.ts","workers/specter-spout/src/metric-buffer.ts","workers/specter-spout/src/otlp-transform.ts","workers/specter-spout/src/trace-collector.ts","workers/specter-spout/src/types.ts","workers/specter-spout/tsconfig.json","workers/specter-spout/vitest.config.ts","workers/specter-spout/wrangler.toml","workers/sprite-forge/CLAUDE.md","workers/sprite-forge/package.json","workers/sprite-forge/src/__tests__/cairn-browser-sprite-provisioner.test.ts","workers/sprite-forge/src/__tests__/cairn-routing-override.test.ts","workers/sprite-forge/src/__tests__/forge-tracer.test.ts","workers/sprite-forge/src/__tests__/job-complete-handler.test.ts","workers/sprite-forge/src/__tests__/v-sprite-run.test.ts","workers/sprite-forge/src/build-stamp.ts","workers/sprite-forge/src/cairn-browser-sprite-provisioner.ts","workers/sprite-forge/src/cairn-cookie-jar.ts","workers/sprite-forge/src/cairn-local-fallback.ts","workers/sprite-forge/src/cairn-orphan-reaper.ts","workers/sprite-forge/src/cairn-scrape.ts","workers/sprite-forge/src/fly-exec.ts","workers/sprite-forge/src/forge-http.ts","workers/sprite-forge/src/forge-tracer.ts","workers/sprite-forge/src/index.ts","workers/sprite-forge/src/job-orchestration.ts","workers/sprite-forge/src/migrations/0001_baseline_schema.sql","workers/sprite-forge/src/migrations/0002_baseline_indexes.sql","workers/sprite-forge/src/migrations/0003_add_wisp_warm_pool.sql","workers/sprite-forge/src/migrations/0004_baseline_checkpoint_indexes.sql","workers/sprite-forge/src/migrations/0005_baseline_gap_fill.sql","workers/sprite-forge/src/migrations/0006_add_wisp_jobs.sql","workers/sprite-forge/src/migrations/0007_add_checkpoint_claim.sql","workers/sprite-forge/src/migrations/0008_add_stage_checkpoints.sql","workers/sprite-forge/src/migrations/0009_sprite_sdk_rewrite.sql","workers/sprite-forge/src/migrations/0010_add_restored_from_checkpoint.sql","workers/sprite-forge/src/migrations/0011_repo_checkpoints_sprite_name.sql","workers/sprite-forge/src/schema.sql","workers/sprite-forge/src/sprite-async-orchestrator.ts","workers/sprite-forge/src/sprite-job-registry.ts","workers/sprite-forge/src/sprite-lifecycle.ts","workers/sprite-forge/src/sprite-pool-manager.ts","workers/sprite-forge/src/sprite-provision.ts","workers/sprite-forge/src/sprite-registry.ts","workers/sprite-forge/src/sprite-run-orchestrator.ts","workers/sprite-forge/src/sprite-zombie-reaper.ts","workers/sprite-forge/src/types.ts","workers/sprite-forge/tsconfig.json","workers/sprite-forge/vitest.config.ts","workers/sprite-forge/wrangler.toml","workers/stygian-scrolls/.github/workflows/sync-to-kv.yml","workers/stygian-scrolls/.gitignore","workers/stygian-scrolls/CLAUDE.md","workers/stygian-scrolls/README.md","workers/stygian-scrolls/migrations/0002_skill_loadtier.sql","workers/stygian-scrolls/migrations/0003_fix_fts_schema.sql","workers/stygian-scrolls/package.json","workers/stygian-scrolls/src/__tests__/agent-crud.test.ts","workers/stygian-scrolls/src/__tests__/auth.test.ts","workers/stygian-scrolls/src/__tests__/epic-context-mcp.test.ts","workers/stygian-scrolls/src/__tests__/github-webhook.test.ts","workers/stygian-scrolls/src/__tests__/github.test.ts","workers/stygian-scrolls/src/__tests__/kv.test.ts","workers/stygian-scrolls/src/__tests__/mcp-batch-ward.test.ts","workers/stygian-scrolls/src/__tests__/md-generator.test.ts","workers/stygian-scrolls/src/__tests__/perplexity-thread.test.ts","workers/stygian-scrolls/src/__tests__/session-ledger.test.ts","workers/stygian-scrolls/src/__tests__/skill-crud.test.ts","workers/stygian-scrolls/src/__tests__/skill-loadtier.test.ts","workers/stygian-scrolls/src/__tests__/skill-ops.test.ts","workers/stygian-scrolls/src/__tests__/sprite-session-d1-index.test.ts","workers/stygian-scrolls/src/__tests__/tome-index.test.ts","workers/stygian-scrolls/src/__tests__/tool-register.test.ts","workers/stygian-scrolls/src/auth.ts","workers/stygian-scrolls/src/build-stamp.ts","workers/stygian-scrolls/src/github.ts","workers/stygian-scrolls/src/index.ts","workers/stygian-scrolls/src/kv.ts","workers/stygian-scrolls/src/mcp-batch-ward.ts","workers/stygian-scrolls/src/md-generator.ts","workers/stygian-scrolls/src/session-ledger.ts","workers/stygian-scrolls/src/session-serpent.ts","workers/stygian-scrolls/src/tools/__tests__/perplexity-thread.test.ts","workers/stygian-scrolls/src/tools/agent-crud.ts","workers/stygian-scrolls/src/tools/agent-discovery.ts","workers/stygian-scrolls/src/tools/context-oracle.ts","workers/stygian-scrolls/src/tools/epic-context.ts","workers/stygian-scrolls/src/tools/ossuary-index.ts","workers/stygian-scrolls/src/tools/perplexity-thread.ts","workers/stygian-scrolls/src/tools/plan-warden-catalog.ts","workers/stygian-scrolls/src/tools/rift-ingest.ts","workers/stygian-scrolls/src/tools/session-recall.ts","workers/stygian-scrolls/src/tools/skill-crud.ts","workers/stygian-scrolls/src/tools/skill-loadtier.ts","workers/stygian-scrolls/src/tools/skill-ops.ts","workers/stygian-scrolls/src/tools/sprite-session.ts","workers/stygian-scrolls/src/tools/stealth-telemetry.ts","workers/stygian-scrolls/src/tools/token-wraith.ts","workers/stygian-scrolls/src/tools/tome-index.ts","workers/stygian-scrolls/src/tools/tome-search.ts","workers/stygian-scrolls/src/tools/tool-register.ts","workers/stygian-scrolls/src/tools/veil-vision.ts","workers/stygian-scrolls/src/tools/wyrd-queue.ts","workers/stygian-scrolls/src/types.ts","workers/stygian-scrolls/src/webhooks/github.ts","workers/stygian-scrolls/tsconfig.json","workers/stygian-scrolls/vitest.config.ts","workers/stygian-scrolls/wrangler.toml","workers/true-north/CLAUDE.md","workers/true-north/package.json","workers/true-north/src/__tests__/anti-pattern-scanner.test.ts","workers/true-north/src/__tests__/health.test.ts","workers/true-north/src/__tests__/raw-imports.d.ts","workers/true-north/src/align-probe.ts","workers/true-north/src/alignment-engine.ts","workers/true-north/src/anti-pattern-scanner.ts","workers/true-north/src/build-stamp.ts","workers/true-north/src/compositor-bridge.ts","workers/true-north/src/index.ts","workers/true-north/src/proposal-generator.ts","workers/true-north/src/types.ts","workers/true-north/src/value-scorer.ts","workers/true-north/tsconfig.json","workers/true-north/vitest.config.ts","workers/true-north/wrangler.toml","workers/veil-gate/CLAUDE.md","workers/veil-gate/package.json","workers/veil-gate/src/__tests__/auth.test.ts","workers/veil-gate/src/__tests__/google-oauth.test.ts","workers/veil-gate/src/__tests__/html-rewrite.test.ts","workers/veil-gate/src/__tests__/index.test.ts","workers/veil-gate/src/__tests__/proxy.test.ts","workers/veil-gate/src/__tests__/routes.test.ts","workers/veil-gate/src/auth.ts","workers/veil-gate/src/build-stamp.ts","workers/veil-gate/src/google-oauth.ts","workers/veil-gate/src/html-rewrite.ts","workers/veil-gate/src/index.ts","workers/veil-gate/src/portal.ts","workers/veil-gate/src/proxy.ts","workers/veil-gate/src/routes.ts","workers/veil-gate/src/security-headers.ts","workers/veil-gate/src/types.ts","workers/veil-gate/src/whitelist.ts","workers/veil-gate/tsconfig.json","workers/veil-gate/vitest.config.ts","workers/veil-gate/wrangler.toml","workers/veil-vision/CLAUDE.md","workers/veil-vision/package.json","workers/veil-vision/src/__tests__/barrow-scrape.test.ts","workers/veil-vision/src/auth.ts","workers/veil-vision/src/barrow-scrape.ts","workers/veil-vision/src/browser-vault.ts","workers/veil-vision/src/build-stamp.ts","workers/veil-vision/src/cairn-crawl.ts","workers/veil-vision/src/capture-engine.ts","workers/veil-vision/src/diff-engine.ts","workers/veil-vision/src/evidence-engine.ts","workers/veil-vision/src/ghoul-pool.ts","workers/veil-vision/src/index.ts","workers/veil-vision/src/sentinel-engine.ts","workers/veil-vision/src/spectral-shield.ts","workers/veil-vision/src/tomb-trawl.ts","workers/veil-vision/src/types.ts","workers/veil-vision/src/veil-edict.ts","workers/veil-vision/src/wraith-read.ts","workers/veil-vision/tsconfig.json","workers/veil-vision/vitest.config.ts","workers/veil-vision/wrangler.toml","workers/veil-vision-proxy/package.json","workers/veil-vision-proxy/src/build-stamp.ts","workers/veil-vision-proxy/src/index.ts","workers/veil-vision-proxy/tsconfig.json","workers/veil-vision-proxy/wrangler.toml","workers/void-vein/CLAUDE.md","workers/void-vein/package.json","workers/void-vein/src/audit/wraith-audit.ts","workers/void-vein/src/build-stamp.ts","workers/void-vein/src/config.ts","workers/void-vein/src/index.ts","workers/void-vein/src/proxy/api-proxy.ts","workers/void-vein/src/proxy/grim-conduit.ts","workers/void-vein/src/proxy/rate-limiter.ts","workers/void-vein/src/proxy/stream-bridge.ts","workers/void-vein/src/proxy/ui-proxy.ts","workers/void-vein/src/proxy/ws-proxy.ts","workers/void-vein/src/router/__tests__/api-proxy.test.ts","workers/void-vein/src/router/__tests__/cf-workers-shim.ts","workers/void-vein/src/router/__tests__/miniflare-env.ts","workers/void-vein/src/router/admin-warden.ts","workers/void-vein/src/router/route-table.ts","workers/void-vein/src/types.ts","workers/void-vein/tsconfig.json","workers/void-vein/vitest.config.ts","workers/void-vein/wrangler.toml","workers/wraith-watchdog/CLAUDE.md","workers/wraith-watchdog/package.json","workers/wraith-watchdog/src/__tests__/cron-liveness.test.ts","workers/wraith-watchdog/src/__tests__/drift-checker.test.ts","workers/wraith-watchdog/src/__tests__/regression-detector.test.ts","workers/wraith-watchdog/src/annals-emitter.ts","workers/wraith-watchdog/src/build-stamp.ts","workers/wraith-watchdog/src/drift-checker.ts","workers/wraith-watchdog/src/fail-loud.ts","workers/wraith-watchdog/src/index.ts","workers/wraith-watchdog/src/migrations/0001_deploy_ledger.sql","workers/wraith-watchdog/src/regression-detector.ts","workers/wraith-watchdog/src/types.ts","workers/wraith-watchdog/tsconfig.json","workers/wraith-watchdog/vitest.config.ts","workers/wraith-watchdog/wrangler.toml"]},"time":{"rules":[],"rules_parse_time":0.5629689693450928,"profiling_times":{"config_time":1.509951114654541,"core_time":86.72718238830566,"ignores_time":0.0012433528900146484,"total_time":88.24660491943359},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":164.5577597618103,"per_file_time":{"mean":0.03175564642258014,"std_dev":0.026695983610138828},"very_slow_stats":{"time_ratio":0.15951070179455454,"count_ratio":0.0017367811655731378},"very_slow_files":[{"fpath":"workers/crypt-core/src/router/phantom-persist.ts","ftime":1.5394079685211182},{"fpath":"workers/crypt-core/src/index.ts","ftime":1.5404198169708252},{"fpath":"workers/crypt-core/src/router/bandit-bane.ts","ftime":1.7769229412078857},{"fpath":"workers/crypt-core/src/router/handler-herald.ts","ftime":2.0862579345703125},{"fpath":"workers/crypt-core/src/router/specter-steward.ts","ftime":2.412691116333008},{"fpath":"workers/cicd-queue/src/deploy-targets.ts","ftime":2.6973841190338135},{"fpath":"workers/stygian-scrolls/src/index.ts","ftime":2.9029288291931152},{"fpath":"workers/sluagh-swarm/src/handlers/cairn-coder.ts","ftime":3.947726011276245},{"fpath":"workers/crypt-core/src/router/route-warden.ts","ftime":7.344985008239746}]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at workers/crypt-core/src/router/aws-cost-watchdog.ts:409:8 [rules: 2, first: javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring]","location":{"path":"workers/crypt-core/src/router/aws-cost-watchdog.ts","start":{"line":409,"col":9,"offset":14431},"end":{"line":409,"col":26,"offset":14448}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at workers/crypt-core/src/router/route-warden.ts:1238:8 [rules: 4, first: typescript.react.security.audit.react-unsanitized-method.react-unsanitized-method]","location":{"path":"workers/crypt-core/src/router/route-warden.ts","start":{"line":1238,"col":9,"offset":53685},"end":{"line":1238,"col":17,"offset":53693}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at workers/crypt-core/src/router/workers-cpu-watchdog.ts:505:8 [rules: 1, first: javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring]","location":{"path":"workers/crypt-core/src/router/workers-cpu-watchdog.ts","start":{"line":505,"col":9,"offset":19106},"end":{"line":505,"col":29,"offset":19126}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at workers/crypt-core/src/router/workers-requests-watchdog.ts:497:8 [rules: 1, first: javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring]","location":{"path":"workers/crypt-core/src/router/workers-requests-watchdog.ts","start":{"line":497,"col":9,"offset":18841},"end":{"line":497,"col":29,"offset":18861}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at workers/crypt-core/src/router/wraith-dispatch.ts:362:8 [rules: 1, first: javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring]","location":{"path":"workers/crypt-core/src/router/wraith-dispatch.ts","start":{"line":362,"col":9,"offset":14171},"end":{"line":362,"col":20,"offset":14182}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at workers/sluagh-swarm/src/handlers/cairn-coder.ts:239:8 [rules: 4, first: javascript.express.security.injection.raw-html-format.raw-html-format]","location":{"path":"workers/sluagh-swarm/src/handlers/cairn-coder.ts","start":{"line":239,"col":9,"offset":9034},"end":{"line":239,"col":16,"offset":9041}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at workers/sluagh-swarm/src/handlers/dep-dredge.ts:294:8 [rules: 1, first: javascript.express.security.injection.raw-html-format.raw-html-format]","location":{"path":"workers/sluagh-swarm/src/handlers/dep-dredge.ts","start":{"line":294,"col":9,"offset":11108},"end":{"line":294,"col":16,"offset":11115}}}],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":0.9837955779674166,"rules_selected_ratio":0.05162916989914663,"rules_matched_ratio":0.05162916989914663},"targets":[],"total_bytes":0,"max_memory_bytes":1647758656},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]}