@syke1/mcp-server

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    75: function getConfig(key, envVar) {
    76:     // 1. Environment variable
>>> 77:     if (envVar && process.env[envVar]) {
    78:         return process.env[envVar];
    79:     }

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    76:     // 1. Environment variable
    77:     if (envVar && process.env[envVar]) {
>>> 78:         return process.env[envVar];
    79:     }
    80:     // 2. Config file

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    570:       lineCount: n.data.lineCount || 0, importsCount: n.data.importsCount || 0,
    571:       depth: n.data.depth || 0, group: n.data.group,
>>> 572:       layer, action: n.data.action || "X", env: n.data.env || "PROD",
    573:       x: isNew ? SPAWN.x : targetPos.x,
    574:       y: isNew ? SPAWN.y : targetPos.y,

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    777:             // Auto-open browser (disable with SYKE_NO_BROWSER=1)
    778:             // Delay 1s to let server fully stabilize before dashboard connects
>>> 779:             if (process.env.SYKE_NO_BROWSER !== "1") {
    780:                 setTimeout(() => {
    781:                     const cmd = process.platform === "win32" ? `start ${dashUrl}`

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    62: // Configuration — auto-detect if env vars not set
    63: let currentProjectRoot = process.env.SYKE_currentProjectRoot || (0, plugin_1.detectProjectRoot)();
>>> 64: let currentPackageName = process.env.SYKE_currentPackageName || (0, plugin_1.detectPackageName)(currentProjectRoot, (0, plugin_1.detectLanguages)(currentProjectRoot));
    65: const WEB_PORT = parseInt((0, config_1.getConfig)("port", "SYKE_WEB_PORT") || "3333", 10);
    66: function resolveFilePath(fileArg, projectRoot, sourceDir) {

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    61: const config_1 = require("./config");
    62: // Configuration — auto-detect if env vars not set
>>> 63: let currentProjectRoot = process.env.SYKE_currentProjectRoot || (0, plugin_1.detectProjectRoot)();
    64: let currentPackageName = process.env.SYKE_currentPackageName || (0, plugin_1.detectPackageName)(currentProjectRoot, (0, plugin_1.detectLanguages)(currentProjectRoot));
    65: const WEB_PORT = parseInt((0, config_1.getConfig)("port", "SYKE_WEB_PORT") || "3333", 10);

Decoded base64 content: ��Z�*&�+lv��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��Z�*&�+lv��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    44: const index_js_1 = require("@modelcontextprotocol/sdk/server/index.js");
    45: const stdio_js_1 = require("@modelcontextprotocol/sdk/server/stdio.js");
>>> 46: const child_process_1 = require("child_process");
    47: const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
    48: const path = __importStar(require("path"));

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ��N�s뢗�� ޱ���+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    4: exports.mineGitHistory = mineGitHistory;
    5: exports.getCoupledFiles = getCoupledFiles;
>>> 6: const child_process_1 = require("child_process");
    7: // ── Defaults ──
    8: const DEFAULT_MAX_COMMITS = 500;

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    28: function isGitRepo(projectRoot) {
    29:     try {
>>> 30:         (0, child_process_1.execSync)("git rev-parse --is-inside-work-tree", {
    31:             cwd: projectRoot,
    32:             encoding: "utf-8",

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    141:     let raw;
    142:     try {
>>> 143:         raw = (0, child_process_1.execSync)(`git log --name-only --format="COMMIT:%H" --max-count=${maxCommits}`, {
    144:             cwd: projectRoot,
    145:             encoding: "utf-8",

Decoded base64 content: ��Z�*&�+lv��7�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Node.js child process spawning

Detected by automated pattern matching (rule SC-005) with medium confidence. May be a false positive.

    782:                         : process.platform === "darwin" ? `open ${dashUrl}`
    783:                             : `xdg-open ${dashUrl}`;
>>> 784:                     (0, child_process_1.exec)(cmd, () => { });
    785:                 }, 1000);
    786:             }

Decoded base64 content: ��N�s뢗�� ޱ���+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����!C?,�4�D

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: 颞/Υ��#�j�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code execution via exec()

Detected by automated pattern matching (rule SC-003) with medium confidence. May be a false positive.

    97:         regex.lastIndex = 0;
    98:         let match;
>>> 99:         while ((match = regex.exec(content)) !== null) {
    100:             const matchLine = content.substring(0, match.index).split("\n").length;
    101:             const fullLine = lines[matchLine - 1]?.trim() || match[0].trim();

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����!C?,�4�D

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: 颞/Υ��#�j�^

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    654: 
    655:     .nodeColor(node => getNodeColor(node))
>>> 656:     .nodeVal(node => {
    657:       if (!isNodeVisible(node)) return 0.001;
    658:       const base = Math.max(SETTINGS.nodes.sizeMin, Math.sqrt(node.lineCount) * SETTINGS.nodes.sizeMultiplier);

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    989:       if (heartbeatNodes.size > 0 && Graph) {
    990:         Graph.nodeColor(Graph.nodeColor());
>>> 991:         Graph.nodeVal(Graph.nodeVal());
    992:       }
    993:       window._heartbeatRAF = requestAnimationFrame(heartbeatLoop);

Dynamic code evaluation via eval()

Detected by automated pattern matching (rule SC-004) with medium confidence. May be a false positive.

    1286:   if (!Graph) return;
    1287:   Graph.nodeColor(Graph.nodeColor())
>>> 1288:     .nodeVal(Graph.nodeVal())
    1289:     .nodeVisibility(Graph.nodeVisibility())
    1290:     .linkColor(Graph.linkColor()).linkWidth(Graph.linkWidth())

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW���a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW��Z+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: zv����{^���z���*'

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: ����+b��ޥ��z{l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW���a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW���a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW��Z+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: �)�*�rب��Oj�brW��Z+

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Decoded base64 content: q��zP'�f���ŭ��

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3784: 
    3785:   try {
>>> 3786:     const res = await fetch("/api/switch-project", {
    3787:       method: "POST",
    3788:       headers: { "Content-Type": "application/json" },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3844:     // Fetch current key status
    3845:     try {
>>> 3846:       const res = await fetch("/api/project-info");
    3847:       const info = await res.json();
    3848:       if (info.licenseKey) {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3880: 
    3881:     try {
>>> 3882:       const res = await fetch("/api/set-license-key", {
    3883:         method: "POST",
    3884:         headers: { "Content-Type": "application/json" },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3909: 
    3910:     try {
>>> 3911:       const res = await fetch("/api/set-license-key", {
    3912:         method: "POST",
    3913:         headers: { "Content-Type": "application/json" },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3953:     // Start from current project's parent dir
    3954:     try {
>>> 3955:       const res = await fetch("/api/project-info");
    3956:       const info = await res.json();
    3957:       const startPath = info.projectRoot.replace(/[/\\][^/\\]+$/, "");

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4046:     // Fetch current state
    4047:     try {
>>> 4048:       const res = await fetch("/api/project-info");
    4049:       const info = await res.json();
    4050:       updateAll(info.aiKeys || {}, info.aiProvider || "disabled");

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4074: 
    4075:       try {
>>> 4076:         const res = await fetch("/api/set-ai-key", {
    4077:           method: "POST",
    4078:           headers: { "Content-Type": "application/json" },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4114: 
    4115:         try {
>>> 4116:           const res = await fetch("/api/set-ai-key", {
    4117:             method: "POST",
    4118:             headers: { "Content-Type": "application/json" },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4157:   async function refreshSelector() {
    4158:     try {
>>> 4159:       const res = await fetch("/api/project-info");
    4160:       const info = await res.json();
    4161:       updateSelectorState(info.aiKeys || {}, info.aiProviderForced || null);

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    4190: 
    4191:     try {
>>> 4192:       var res = await fetch("/api/set-ai-provider", {
    4193:         method: "POST",
    4194:         headers: { "Content-Type": "application/json" },

High-entropy string (5.2 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    94:     }
    95:     async analyze(systemPrompt, userPrompt) {
>>> 96:         const res = await fetch("https://api.anthropic.com/v1/messages", {
    97:             method: "POST",
    98:             headers: {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    63:     }
    64:     async analyzeJSON(systemPrompt, userPrompt) {
>>> 65:         const res = await fetch("https://api.openai.com/v1/chat/completions", {
    66:             method: "POST",
    67:             headers: {

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.1 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.7 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (5.0 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    480:   healthCheckTimer = setInterval(async () => {
    481:     try {
>>> 482:       const res = await fetch("/api/project-info", { signal: AbortSignal.timeout(10000) });
    483:       if (res.ok) {
    484:         healthFailCount = 0; // Reset on success

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    518: // ═══════════════════════════════════════════
    519: async function loadGraph() {
>>> 520:   const res = await fetch("/api/graph");
    521:   const raw = await res.json();
    522:   console.log("[SYKE]", raw.nodes.length, "nodes", raw.edges.length, "edges");

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    40:     }
    41:     async analyze(systemPrompt, userPrompt) {
>>> 42:         const res = await fetch("https://api.openai.com/v1/chat/completions", {
    43:             method: "POST",
    44:             headers: {

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

High-entropy string (4.9 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1230: 
    1231:   try {
>>> 1232:     const res = await fetch("/api/impact/" + fileId.split("/").map(encodeURIComponent).join("/"));
    1233:     const ct = res.headers.get("content-type") || "";
    1234:     if (!ct.includes("application/json")) {

High-entropy string (4.8 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1304:   p.innerHTML = '<div class="loading"><div class="spinner"></div>GEMINI AI PROCESSING...</div>';
    1305:   try {
>>> 1306:     const r = await fetch("/api/ai-analyze", {
    1307:       method: "POST", headers: {"Content-Type":"application/json"},
    1308:       body: JSON.stringify({ file: selectedFile }),

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1328:   el.innerHTML = '<div class="loading"><div class="spinner"></div>LOADING...</div>';
    1329:   try {
>>> 1330:     const res = await fetch("/api/file-content/" + fileId.split("/").map(encodeURIComponent).join("/"));
    1331:     const ct = res.headers.get("content-type") || "";
    1332:     if (!ct.includes("application/json")) {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1358:   el.innerHTML = '<div class="loading"><div class="spinner"></div>SIMULATING...</div>';
    1359:   try {
>>> 1360:     const res = await fetch("/api/simulate-delete/" + fileId.split("/").map(encodeURIComponent).join("/"));
    1361:     const ct = res.headers.get("content-type") || "";
    1362:     if (!ct.includes("application/json")) {

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1456: async function findShortestPath(from, to) {
    1457:   try {
>>> 1458:     const res = await fetch(`/api/shortest-path?from=${encodeURIComponent(from)}&to=${encodeURIComponent(to)}`);
    1459:     const data = await res.json();
    1460: 

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1811: 
    1812:   try {
>>> 1813:     const res = await fetch("/api/cycles");
    1814:     if (!res.ok) {
    1815:       const err = await res.json().catch(() => ({}));

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    1974: async function loadHubFiles() {
    1975:   try {
>>> 1976:     const r = await fetch("/api/hub-files?top=15");
    1977:     if (!r.ok) {
    1978:       const err = await r.json().catch(() => ({}));

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2182: 
    2183:   try {
>>> 2184:     const res = await fetch("/api/connected-code", {
    2185:       method: "POST",
    2186:       headers: { "Content-Type": "application/json" },

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2749:   // Pre-check: if Free tier, SSE will 403 — don't attempt connection
    2750:   try {
>>> 2751:     const probe = await fetch("/api/events");
    2752:     if (probe.status === 403) {
    2753:       updateSSEStatus("PRO ONLY", "offline");

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    2970:     if (sseRetryCount >= 5) {
    2971:       try {
>>> 2972:         const probe = await fetch("/api/project-info", { signal: AbortSignal.timeout(8000) });
    2973:         if (!probe.ok) throw new Error("not ok");
    2974:         // Server alive but SSE failing — just keep retrying

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3643:       const retryEl = document.getElementById("offline-retry-status");
    3644:       try {
>>> 3645:         const res = await fetch("/api/project-info");
    3646:         if (res.ok) {
    3647:           // Server is back!

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3670: async function loadProjectInfo() {
    3671:   try {
>>> 3672:     const res = await fetch("/api/project-info");
    3673:     const info = await res.json();
    3674:     const el = document.getElementById("current-project");

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3695:   if (!el) return;
    3696:   try {
>>> 3697:     const r = await fetch("https://registry.npmjs.org/@syke1/mcp-server", { cache: "no-store" });
    3698:     const data = await r.json();
    3699:     const version = data["dist-tags"]?.latest || "?";

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    3718:   try {
    3719:     const url = dirPath ? `/api/browse-dirs?path=${encodeURIComponent(dirPath)}` : "/api/browse-dirs";
>>> 3720:     const res = await fetch(url);
    3721:     const data = await res.json();
    3722: