@vibescope/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    19: // ============================================================================
    20: function getApiKey() {
>>> 21:     return process.env.VIBESCOPE_API_KEY;
    22: }
    23: function getApiUrl() {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    73: 	constructor(config: ApiClientConfig) {
    74: 		this.apiKey = config.apiKey;
>>> 75: 		this.baseUrl = config.baseUrl || process.env.VIBESCOPE_API_URL || DEFAULT_API_URL;
    76: 		this.retryConfig = {
    77: 			maxRetries: config.retry?.maxRetries ?? DEFAULT_MAX_RETRIES,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    2658: export function getApiClient(): VibescopeApiClient {
    2659: 	if (!apiClient) {
>>> 2660: 		const apiKey = process.env.VIBESCOPE_API_KEY;
    2661: 		if (!apiKey) {
    2662: 			throw new Error('VIBESCOPE_API_KEY environment variable is required');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    111: 	constructor(config: ApiClientConfig) {
    112: 		this.apiKey = config.apiKey;
>>> 113: 		this.baseUrl = config.baseUrl || process.env.VIBESCOPE_API_URL || DEFAULT_API_URL;
    114: 		this.retryConfig = {
    115: 			maxRetries: config.retry?.maxRetries ?? DEFAULT_MAX_RETRIES,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    392: function resolveApiKeyFromSources(): string {
    393: 	// 1. Environment variable
>>> 394: 	if (process.env.VIBESCOPE_API_KEY) {
    395: 		return process.env.VIBESCOPE_API_KEY;
    396: 	}

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    393: 	// 1. Environment variable
    394: 	if (process.env.VIBESCOPE_API_KEY) {
>>> 395: 		return process.env.VIBESCOPE_API_KEY;
    396: 	}
    397: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    132: export function resolveApiKey(): string | null {
    133: 	// 1. Environment variable (highest priority)
>>> 134: 	if (process.env.VIBESCOPE_API_KEY) {
    135: 		return process.env.VIBESCOPE_API_KEY;
    136: 	}

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    133: 	// 1. Environment variable (highest priority)
    134: 	if (process.env.VIBESCOPE_API_KEY) {
>>> 135: 		return process.env.VIBESCOPE_API_KEY;
    136: 	}
    137: 	// 2. Credentials file

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    393: 
    394: 	// Check env var first
>>> 395: 	if (process.env.VIBESCOPE_API_KEY) {
    396: 		apiKey = process.env.VIBESCOPE_API_KEY;
    397: 		console.log(`\n${icon.check} Using API key from ${c.cyan}VIBESCOPE_API_KEY${c.reset} env var`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    394: 	// Check env var first
    395: 	if (process.env.VIBESCOPE_API_KEY) {
>>> 396: 		apiKey = process.env.VIBESCOPE_API_KEY;
    397: 		console.log(`\n${icon.check} Using API key from ${c.cyan}VIBESCOPE_API_KEY${c.reset} env var`);
    398: 	}

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    111: 
    112: describe('verify function', () => {
>>> 113: 	const originalEnv = process.env;
    114: 
    115: 	beforeEach(() => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    116: 		vi.clearAllMocks();
    117: 		mockFetch.mockReset();
>>> 118: 		process.env = { ...originalEnv };
    119: 		process.env.VIBESCOPE_API_KEY = 'test-api-key';
    120: 	});

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    117: 		mockFetch.mockReset();
    118: 		process.env = { ...originalEnv };
>>> 119: 		process.env.VIBESCOPE_API_KEY = 'test-api-key';
    120: 	});
    121: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    121: 
    122: 	afterEach(() => {
>>> 123: 		process.env = originalEnv;
    124: 	});
    125: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    125: 
    126: 	it('should return error when API key is not set', async () => {
>>> 127: 		delete process.env.VIBESCOPE_API_KEY;
    128: 		// Need to re-import to get the new env value
    129: 		// Since the module caches the env var, we test the behavior directly

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    220: 
    221: 	it('should use custom API URL from env', async () => {
>>> 222: 		process.env.VIBESCOPE_API_URL = 'https://custom.api.com';
    223: 		mockFetch.mockResolvedValueOnce({
    224: 			json: () => Promise.resolve({ status: 'compliant', reason: 'OK' }),

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    44: 
    45: function getApiKey(): string | undefined {
>>> 46: 	return process.env.VIBESCOPE_API_KEY;
    47: }
    48: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    48: 
    49: function getApiUrl(): string {
>>> 50: 	return process.env.VIBESCOPE_API_URL || 'https://vibescope.dev';
    51: }
    52: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    107: export function resolveApiKey() {
    108:     // 1. Environment variable (highest priority)
>>> 109:     if (process.env.VIBESCOPE_API_KEY) {
    110:         return process.env.VIBESCOPE_API_KEY;
    111:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    108:     // 1. Environment variable (highest priority)
    109:     if (process.env.VIBESCOPE_API_KEY) {
>>> 110:         return process.env.VIBESCOPE_API_KEY;
    111:     }
    112:     // 2. Credentials file

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    339:     let apiKey = null;
    340:     // Check env var first
>>> 341:     if (process.env.VIBESCOPE_API_KEY) {
    342:         apiKey = process.env.VIBESCOPE_API_KEY;
    343:         console.log(`\n${icon.check} Using API key from ${c.cyan}VIBESCOPE_API_KEY${c.reset} env var`);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    18: 
    19: // Store original env
>>> 20: const originalEnv = process.env.VIBESCOPE_API_KEY;
    21: 
    22: // Mock the MCP SDK

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    135: 	beforeAll(() => {
    136: 		// Set required env var
>>> 137: 		process.env.VIBESCOPE_API_KEY = 'test-api-key-12345';
    138: 	});
    139: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    141: 		// Restore original env
    142: 		if (originalEnv !== undefined) {
>>> 143: 			process.env.VIBESCOPE_API_KEY = originalEnv;
    144: 		} else {
    145: 			delete process.env.VIBESCOPE_API_KEY;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    143: 			process.env.VIBESCOPE_API_KEY = originalEnv;
    144: 		} else {
>>> 145: 			delete process.env.VIBESCOPE_API_KEY;
    146: 		}
    147: 	});

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    653: 
    654: describe('Environment Variable Handling', () => {
>>> 655: 	const originalEnvKey = process.env.VIBESCOPE_API_KEY;
    656: 
    657: 	beforeAll(() => {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    656: 
    657: 	beforeAll(() => {
>>> 658: 		process.env.VIBESCOPE_API_KEY = 'test-api-key-12345';
    659: 	});
    660: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    661: 	afterAll(() => {
    662: 		if (originalEnvKey !== undefined) {
>>> 663: 			process.env.VIBESCOPE_API_KEY = originalEnvKey;
    664: 		} else {
    665: 			delete process.env.VIBESCOPE_API_KEY;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    663: 			process.env.VIBESCOPE_API_KEY = originalEnvKey;
    664: 		} else {
>>> 665: 			delete process.env.VIBESCOPE_API_KEY;
    666: 		}
    667: 	});

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    668: 
    669: 	it('should use VIBESCOPE_API_KEY from environment', () => {
>>> 670: 		const apiKey = process.env.VIBESCOPE_API_KEY;
    671: 		expect(apiKey).toBeDefined();
    672: 		expect(apiKey).toBe('test-api-key-12345');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    340:     // Check env var first
    341:     if (process.env.VIBESCOPE_API_KEY) {
>>> 342:         apiKey = process.env.VIBESCOPE_API_KEY;
    343:         console.log(`\n${icon.check} Using API key from ${c.cyan}VIBESCOPE_API_KEY${c.reset} env var`);
    344:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    561: // ============================================================================
    562: 
>>> 563: const API_KEY = process.env.VIBESCOPE_API_KEY;
    564: 
    565: if (!API_KEY) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    333:             console.log('NOTE: If you manually edit the config later, do NOT use $VAR_NAME syntax');
    334:             console.log('for environment variables - Gemini CLI has a bug where this does not work.');
>>> 335:             console.log('Always hardcode API keys directly or use ~/.gemini/.env instead.');
    336:             break;
    337:         default:

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    22: }
    23: function getApiUrl() {
>>> 24:     return process.env.VIBESCOPE_API_URL || 'https://vibescope.dev';
    25: }
    26: // ============================================================================

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    95: 
    96: 		it('should use VIBESCOPE_API_URL env var when set', () => {
>>> 97: 			const originalEnv = process.env.VIBESCOPE_API_URL;
    98: 			process.env.VIBESCOPE_API_URL = 'https://env-api.com';
    99: 

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    96: 		it('should use VIBESCOPE_API_URL env var when set', () => {
    97: 			const originalEnv = process.env.VIBESCOPE_API_URL;
>>> 98: 			process.env.VIBESCOPE_API_URL = 'https://env-api.com';
    99: 
    100: 			const c = new VibescopeApiClient({ apiKey: 'test-key' });

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    110: 			// Restore
    111: 			if (originalEnv !== undefined) {
>>> 112: 				process.env.VIBESCOPE_API_URL = originalEnv;
    113: 			} else {
    114: 				delete process.env.VIBESCOPE_API_URL;

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    189: 			expect(vibescope.command).toBe('npx');
    190: 			expect(vibescope.args).toContain('@vibescope/mcp-server@latest');
>>> 191: 			expect((vibescope.env as Record<string, string>).VIBESCOPE_API_KEY).toBe('test-api-key');
    192: 			// Standard MCP config should NOT have timeout/trust
    193: 			expect(vibescope.timeout).toBeUndefined();

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    210: 			expect(vibescope.command).toBe('npx');
    211: 			expect(vibescope.args).toContain('@vibescope/mcp-server@latest');
>>> 212: 			expect((vibescope.env as Record<string, string>).VIBESCOPE_API_KEY).toBe('test-api-key');
    213: 			expect(vibescope.timeout).toBe(30000);
    214: 			expect(vibescope.trust).toBe(true);

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    112: 				process.env.VIBESCOPE_API_URL = originalEnv;
    113: 			} else {
>>> 114: 				delete process.env.VIBESCOPE_API_URL;
    115: 			}
    116: 		});

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    393: 			console.log('NOTE: If you manually edit the config later, do NOT use $VAR_NAME syntax');
    394: 			console.log('for environment variables - Gemini CLI has a bug where this does not work.');
>>> 395: 			console.log('Always hardcode API keys directly or use ~/.gemini/.env instead.');
    396: 			break;
    397: 		default:

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    132: // Configuration
    133: // ============================================================================
>>> 134: const API_KEY = process.env.VIBESCOPE_API_KEY;
    135: if (!API_KEY) {
    136:     console.error('Missing required environment variable: VIBESCOPE_API_KEY');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    63:     constructor(config) {
    64:         this.apiKey = config.apiKey;
>>> 65:         this.baseUrl = config.baseUrl || process.env.VIBESCOPE_API_URL || DEFAULT_API_URL;
    66:         this.retryConfig = {
    67:             maxRetries: config.retry?.maxRetries ?? DEFAULT_MAX_RETRIES,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1018: export function getApiClient() {
    1019:     if (!apiClient) {
>>> 1020:         const apiKey = process.env.VIBESCOPE_API_KEY;
    1021:         if (!apiKey) {
    1022:             throw new Error('VIBESCOPE_API_KEY environment variable is required');

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    301: function resolveApiKeyFromSources() {
    302:     // 1. Environment variable
>>> 303:     if (process.env.VIBESCOPE_API_KEY) {
    304:         return process.env.VIBESCOPE_API_KEY;
    305:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    40:     constructor(config) {
    41:         this.apiKey = config.apiKey;
>>> 42:         this.baseUrl = config.baseUrl || process.env.VIBESCOPE_API_URL || DEFAULT_API_URL;
    43:         this.retryConfig = {
    44:             maxRetries: config.retry?.maxRetries ?? DEFAULT_MAX_RETRIES,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    302:     // 1. Environment variable
    303:     if (process.env.VIBESCOPE_API_KEY) {
>>> 304:         return process.env.VIBESCOPE_API_KEY;
    305:     }
    306:     // 2. Credentials file

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    12:  *   2 = Error (allow exit with warning)
    13:  */
>>> 14: import { execSync } from 'child_process';
    15: import { runSetup } from './setup.js';
    16: import { normalizeGitUrl as normalizeGitUrlFn } from './utils.js';

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    11: import { homedir, platform } from 'node:os';
    12: import { join, dirname } from 'node:path';
>>> 13: import { exec, execSync } from 'node:child_process';
    14: import { createInterface } from 'node:readline';
    15: const VIBESCOPE_SETTINGS_URL = 'https://vibescope.dev/dashboard/settings';

Decoded base64 content: r���䞲Ȩ�ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�����7��ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���䞲Ȩ�ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�����7��ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��)�em�$
�b�+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��)�em�$
�b�+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����"��Z�*.�Ǭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����"��Z�*.�Ǭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    13: import { homedir, platform } from 'node:os';
    14: import { join, dirname } from 'node:path';
>>> 15: import { exec, execSync } from 'node:child_process';
    16: import { createInterface } from 'node:readline';
    17: 

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��)�em�$
�b�+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�O���r�Z��k�a��J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    350: 			plat === 'win32' ? `start "" "${url}"` :
    351: 				`xdg-open "${url}"`;
>>> 352: 		exec(cmd, () => resolve());
    353: 	});
    354: }

Decoded base64 content: �騽�ڲAk�`hw#�Z��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �騽�ڲ@ޥ��zw2

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�^���)ݲ���g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    1: import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
    2: 
>>> 3: // Mock child_process before importing cli module
    4: vi.mock('child_process', () => ({
    5: 	execSync: vi.fn(),

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    2: 
    3: // Mock child_process before importing cli module
>>> 4: vi.mock('child_process', () => ({
    5: 	execSync: vi.fn(),
    6: }));

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    10: global.fetch = mockFetch;
    11: 
>>> 12: import { execSync } from 'child_process';
    13: import {
    14: 	detectGitUrl,

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    22:  */
    23: 
>>> 24: import { execSync } from 'child_process';
    25: import { readFileSync, writeFileSync } from 'fs';
    26: import { resolve, dirname } from 'path';

Decoded base64 content: rW���R��^��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    9: import { homedir, platform } from 'node:os';
    10: import { join, dirname } from 'node:path';
>>> 11: import { exec } from 'node:child_process';
    12: const VIBESCOPE_SETTINGS_URL = 'https://vibescope.dev/dashboard/settings';
    13: const VIBESCOPE_API_URL = 'https://vibescope.dev';

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�tv�vW�E�"���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    14:  */
    15: 
>>> 16: import { execSync } from 'child_process';
    17: import { runSetup } from './setup.js';
    18: import { normalizeGitUrl as normalizeGitUrlFn } from './utils.js';

Decoded base64 content: ��bu�^�b��^tȧ�׬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�O���r�Z��k�a��J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��e���y��y�ޚ�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r��6�ڶ��s�bm����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�tv�vW�E�"���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�tv�vW�E�"���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��@rد�ܒr��W�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    306:             plat === 'win32' ? `start "" "${url}"` :
    307:                 `xdg-open "${url}"`;
>>> 308:         exec(cmd, () => resolve());
    309:     });
    310: }

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: rW���R��^��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: rW���R��^��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    3:  */
    4: 
>>> 5: import { execSync } from 'child_process';
    6: import type { HandlerRegistry } from './types.js';
    7: import { success, error } from './types.js';

Decoded base64 content: {ki�O���r�Z��k�a��J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��e���y��y�ޚ�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    10: import { homedir, platform } from 'node:os';
    11: import { join, dirname } from 'node:path';
>>> 12: import { exec } from 'node:child_process';
    13: 
    14: const VIBESCOPE_SETTINGS_URL = 'https://vibescope.dev/dashboard/settings';

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    152: 		}
    153: 
>>> 154: 		exec(cmd, (error) => {
    155: 			if (error) {
    156: 				console.log('\nCould not open browser automatically.');

Decoded base64 content: r��6�ڶ��s�bm����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    124:             cmd = 'xdg-open "' + url + '"';
    125:         }
>>> 126:         exec(cmd, (error) => {
    127:             if (error) {
    128:                 console.log('\nCould not open browser automatically.');

Decoded base64 content: rW���R��^��Ĝ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    2:  * Version management handlers
    3:  */
>>> 4: import { execSync } from 'child_process';
    5: import { success, error } from './types.js';
    6: import { checkVersion, getLocalVersion } from '../version.js';

Decoded base64 content: n�tv�vW�E�"���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: i�Cz�h�g����*ޙ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�tv�vW�E�"���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: {ki�O���r�Z��k�a��J�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��bu�^�b��^tȧ�׬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b�g)� +���z�쵩^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�^���)ݲ���g)

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���䞲Ȩ�ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�����7��ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r���䞲Ȩ�ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: r�����7��ǭ��l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��ڽ�^zp��W�Z+a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��)�em�$
�b�+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��)�em�$
�b�+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����"��Z�*.�Ǭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����^��⢸���-j۬

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��)�em�$
�b�+r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��@rد�ܒr��W�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �騽�ڲAk�`hw#�Z��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �騽�ڲ@ޥ��zw2

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: i�Cz�h�g����*ޙ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��b�g)� +���z�쵩^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��(����"��Z�*.�Ǭ

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: n�t�)I��z�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: u����zIr�j'�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    42: 		const timeout = setTimeout(() => controller.abort(), 5000);
    43: 
>>> 44: 		const response = await fetch(`${NPM_REGISTRY_URL}/latest`, {
    45: 			signal: controller.signal,
    46: 			headers: { 'Accept': 'application/json' },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    55:         for (let attempt = 0; attempt <= maxRetries; attempt++) {
    56:             try {
>>> 57:                 const response = await fetch(url, {
    58:                     method,
    59:                     headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    96:         for (let attempt = 0; attempt <= maxRetries; attempt++) {
    97:             try {
>>> 98:                 const response = await fetch(url, {
    99:                     method,
    100:                     headers: {

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    279: async function validateApiKey(apiKey) {
    280:     try {
>>> 281:         const response = await fetch(`${VIBESCOPE_API_URL}/api/mcp/auth/validate`, {
    282:             method: 'POST',
    283:             headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    59:     }
    60:     try {
>>> 61:         const response = await fetch(`${getApiUrl()}/api/mcp/verify`, {
    62:             method: 'POST',
    63:             headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    31:     const { project_id, stale_minutes, include_running, dry_run } = parseArgs(args, cleanupStaleAgentsSchema);
    32:     const apiClient = getApiClient();
>>> 33:     // Call the cleanup endpoint via fetch (since it's a new endpoint not in the client)
    34:     const response = await apiClient.proxy('cleanup_stale_cloud_agents', {
    35:         project_id,

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    135: export async function validateApiKey(apiKey) {
    136:     try {
>>> 137:         const response = await fetch(VIBESCOPE_API_URL + '/api/mcp/auth/validate', {
    138:             method: 'POST',
    139:             headers: {

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    35:                 limit: {
    36:                     type: 'number',
>>> 37:                     description: 'Number of recent messages to fetch (default: 20, max: 100)',
    38:                 },
    39:             },

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    214:     check(key) {
    215:         const now = Date.now();
>>> 216:         const record = this.requests.get(key);
    217:         // If no record or window expired, create new record
    218:         if (!record || now >= record.resetAt) {

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    239:     // Expose for testing
    240:     getRequestCount(key) {
>>> 241:         return this.requests.get(key)?.count;
    242:     }
    243: }

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    31:         const controller = new AbortController();
    32:         const timeout = setTimeout(() => controller.abort(), 5000);
>>> 33:         const response = await fetch(`${NPM_REGISTRY_URL}/latest`, {
    34:             signal: controller.signal,
    35:             headers: { 'Accept': 'application/json' },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2517: |-----------|------|----------|-------------|
    2518: | `project_id` | `string` | Yes | Project UUID |
>>> 2519: | `limit` | `number` | No | Number of recent messages to fetch (default: 20, max: 100) |
    2520: 
    2521: ---

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    90: 		for (let attempt = 0; attempt <= maxRetries; attempt++) {
    91: 			try {
>>> 92: 				const response = await fetch(url, {
    93: 					method,
    94: 					headers: {

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    148: 		for (let attempt = 0; attempt <= maxRetries; attempt++) {
    149: 			try {
>>> 150: 				const response = await fetch(url, {
    151: 					method,
    152: 					headers: {

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    322: async function validateApiKey(apiKey: string): Promise<{ valid: boolean; message: string }> {
    323: 	try {
>>> 324: 		const response = await fetch(`${VIBESCOPE_API_URL}/api/mcp/auth/validate`, {
    325: 			method: 'POST',
    326: 			headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    95: 
    96: 	try {
>>> 97: 		const response = await fetch(`${getApiUrl()}/api/mcp/verify`, {
    98: 			method: 'POST',
    99: 			headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    66: 	const apiClient = getApiClient();
    67: 
>>> 68: 	// Call the cleanup endpoint via fetch (since it's a new endpoint not in the client)
    69: 	const response = await apiClient.proxy<CleanupResponse>('cleanup_stale_cloud_agents', {
    70: 		project_id,

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    164: export async function validateApiKey(apiKey: string): Promise<{ valid: boolean; message: string }> {
    165: 	try {
>>> 166: 		const response = await fetch(VIBESCOPE_API_URL + '/api/mcp/auth/validate', {
    167: 			method: 'POST',
    168: 			headers: {

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    38: 				limit: {
    39: 					type: 'number',
>>> 40: 					description: 'Number of recent messages to fetch (default: 20, max: 100)',
    41: 				},
    42: 			},

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    244: 	check(key: string): RateLimitResult {
    245: 		const now = Date.now();
>>> 246: 		const record = this.requests.get(key);
    247: 
    248: 		// If no record or window expired, create new record

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    274: 	// Expose for testing
    275: 	getRequestCount(key: string): number | undefined {
>>> 276: 		return this.requests.get(key)?.count;
    277: 	}
    278: }

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.