| #608 |
File reads without size limit
File reads in CLI tools and artifact storage. Size limits exist for artifacts. Low priority - review...
|
closed |
low |
2025-12-17 22:27 |
- |
|
| #607 |
Blocking time.sleep in async context
FALSE POSITIVE: time.sleep only in sync workers/CLI, not in async API handlers. Architecture correct...
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #606 |
Bare except Exception: clauses in engine module
167 bare except clauses. Most intentional: config fallback (return defaults), cleanup/shutdown code....
|
closed |
medium |
2025-12-17 22:27 |
- |
|
| #605 |
Unnecessary list() conversions
Multiple files use list(dict.keys()) where iteration would suffice. Check: workflow_logging_injector...
|
closed |
medium |
2025-12-17 22:27 |
- |
|
| #604 |
Inefficient len() checks: multiple files
Use 'not x' instead of 'len(x)==0', use 'x' instead of 'len(x)>0'. Files: inline_executor.py, operat...
|
closed |
medium |
2025-12-17 22:27 |
- |
|
| #603 |
Unbounded cache: api/blueprints/v1/logs.py
FALSE POSITIVE: Cache only stores 2 entries (workflow_logs, task_logs) - bounded by design. Also has...
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #602 |
Unbounded cache: engine/services/activity_worker.py
FALSE POSITIVE: Already has TTL (30 min) and cleanup function
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #601 |
Unbounded cache: engine/security/encryption.py
FALSE POSITIVE: Cache is keyed by version string (v1, v2) - bounded by design
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #600 |
Unbounded cache: engine/tools/llm.py
FALSE POSITIVE: Already has TTL (30 min) and cleanup function
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #599 |
Unbounded cache: engine/tools/docker/client.py
FALSE POSITIVE: Already has TTL (30 min) and cleanup function
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #598 |
Unbounded cache: engine/tools/sandbox.py
FALSE POSITIVE: Cache is keyed by known sandbox types - bounded by design
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #597 |
Unbounded cache: engine/tools/email_tool.py
FALSE POSITIVE: Already has TTL (30 min) and cleanup function
|
closed |
critical |
2025-12-17 22:27 |
- |
|
| #596 |
f-string in logging: engine/security/auth_wrapper.py:69
Use lazy formatting instead of f-string
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #595 |
f-string in logging: engine/validation.py:264
Use lazy formatting instead of f-string
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #594 |
f-string in logging: engine/utils module
event_logger.py:81, chunking.py:112, tracing.py:61,71 - use lazy formatting
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #593 |
f-string in logging: engine/durable_context.py
Lines 2032, 2057, 2154 - use lazy formatting
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #592 |
f-string in logging: engine/code_versioning.py (15 occurrences)
Lines 102, 110, 115, 121, 144, 158, 227, 256, 289, 294, 401, 428, 528 - use lazy formatting
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #591 |
f-string in logging: engine/db.py
Lines 150, 191, 220, 391, 537 - use lazy formatting
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #590 |
f-string in logging: engine/sidecar_telemetry.py
Lines 340, 344, 499 - use lazy formatting
|
closed |
high |
2025-12-17 22:27 |
- |
|
| #589 |
f-string in logging: engine/policies/tenant_rate_limiter.py
Lines 179, 258, 282, 284, 306 - use lazy formatting
|
closed |
high |
2025-12-17 22:27 |
- |
|