Close Open Privacy Scan

bolt Snapshot: commit 74d599a
science engine v2
schedule 2026-07-01T13:57:00.149803+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

App Privacy Score

22 /100
High privacy risk — application leak confirmed

High risk · 1406 finding(s)

Dependency score: 52 (Medium risk)

bar_chart Score Breakdown

pii_flow −60
egress −15
env_fs −3

list Scan Summary

19 high 4 medium 1383 low
First-party packages: 12
Dependency packages: 19
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: aa#бa@bapi.anthropic.comapi.example.comapi.mistral.aiapi.openai.comexample.comgithub.commodels.devopenrouter.aiwww.googleapis.comxтест

high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:160 repo/packages/agent/src/bench/token-verifier.ts:159
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:190 repo/packages/agent/src/bench/token-verifier.ts:188
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:348 repo/packages/ai/src/providers/google-gemini-cli.ts:405
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:348 repo/packages/ai/src/providers/google-gemini-cli.ts:754
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/openai-codex-responses.ts:137 repo/packages/ai/src/providers/openai-codex-responses.ts:203
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:54 repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371
high first-party (npm) User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:8 repo/packages/web-ui/scripts/count-prompt-tokens.ts:20
high first-party (npm): packages/ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:348 repo/packages/ai/src/providers/google-gemini-cli.ts:405
high first-party (npm): packages/ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:348 repo/packages/ai/src/providers/google-gemini-cli.ts:754
high first-party (npm): packages/ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/openai-codex-responses.ts:137 repo/packages/ai/src/providers/openai-codex-responses.ts:203
high first-party (npm): packages/ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237
high first-party (npm): packages/ai User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316
high first-party (npm): packages/agent User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:160 repo/packages/agent/src/bench/token-verifier.ts:159
high first-party (npm): packages/agent User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:190 repo/packages/agent/src/bench/token-verifier.ts:188
high first-party (npm): packages/web-ui User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:8 repo/packages/web-ui/scripts/count-prompt-tokens.ts:20
high first-party (npm): packages/coding-agent User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:54 repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371
medium first-party (npm) Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:358 repo/packages/ai/src/providers/google-gemini-cli.ts:405
medium first-party (npm) Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:358 repo/packages/ai/src/providers/google-gemini-cli.ts:754
medium first-party (npm): packages/ai Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:358 repo/packages/ai/src/providers/google-gemini-cli.ts:405
medium first-party (npm): packages/ai Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:358 repo/packages/ai/src/providers/google-gemini-cli.ts:754
hub Dependency data flows (1)
high @juliusbrussee/caveman-code tooling User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:54 pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:371

</> First-Party Code

first-party (npm)

npm first-party
high pii_flow production #0c87443821e71fe9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:159 · flow /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:160 → /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:159
		const resp = await fetch(url, {
			headers: { Authorization: `Bearer ${input.apiKey}` },
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #25ea328ce81e6ea5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:188 · flow /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:190 → /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:188
		const resp = await fetch(url, {
			headers: {
				"x-api-key": input.apiKey,
				"anthropic-version": "2023-06-01",
			},
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #8e5045a0d876f17d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:405 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:348 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:405
					response = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #511ef0d649b28ebf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:754 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:348 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:754
					currentResponse = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1d838cb8fa1eb2d3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/openai-codex-responses.ts:203 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/openai-codex-responses.ts:137 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/openai-codex-responses.ts:203
					response = await fetch(resolveCodexUrl(model.baseUrl), {
						method: "POST",
						headers: sseHeaders,
						body: bodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0003369d75a01e38 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237
	const loadResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:loadCodeAssist`, {
		method: "POST",
		headers,
		body: JSON.stringify({
			cloudaicompanionProject: envProjectId,
			metadata: {
				ideType: "IDE_UNSPECIFIED",
				platform: "PLATFORM_UNSPECIFIED",
				pluginType: "GEMINI",
				duetProject: envProjectId,
			},
		}),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #322f37e8c8baf69a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316
	const onboardResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:onboardUser`, {
		method: "POST",
		headers,
		body: JSON.stringify(onboardBody),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1bebd320f96a2140 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371 · flow /tmp/closeopen-3amdqrew/repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:54 → /tmp/closeopen-3amdqrew/repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371
			const response = await fetch(`${ANTIGRAVITY_ENDPOINT}/v1internal:streamGenerateContent?alt=sse`, {
				method: "POST",
				headers: {
					Authorization: `Bearer ${accessToken}`,
					"Content-Type": "application/json",
					Accept: "text/event-stream",
					...ANTIGRAVITY_HEADERS,
				},
				body: JSON.stringify(requestBody),
				signal,
			});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #6d850a60cafb4955 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:20 · flow /tmp/closeopen-3amdqrew/repo/packages/web-ui/scripts/count-prompt-tokens.ts:8 → /tmp/closeopen-3amdqrew/repo/packages/web-ui/scripts/count-prompt-tokens.ts:20
	const response = await fetch("https://api.anthropic.com/v1/messages/count_tokens", {
		method: "POST",
		headers: {
			"Content-Type": "application/json",
			"x-api-key": ANTHROPIC_API_KEY,
			"anthropic-version": "2023-06-01",
		},
		body: JSON.stringify({
			model: "claude-3-5-sonnet-20241022",
			messages: [
				{
					role: "user",
					content: text,
				},
			],
		}),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #44fef9af2864594b Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:405 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:358 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:405
					response = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #b4ef61b281df190f Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:754 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:358 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:754
					currentResponse = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 601 low-confidence finding(s)
low env_fs test-only #62de6c16216c5aaf Filesystem access.
repo/packages/agent/src/__tests__/bench-dataset.test.ts:42
		await writeFile(filePath, lines.join("\n"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eabe77e6668b5f13 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:56
		writeFileSync(
			path,
			JSON.stringify({
				mcpServers: {
					filesystem: { command: "npx", args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"] },
					github: { url: "https://api.example.com/mcp", auth: "oauth" },
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #befdc13804e20574 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:78
		writeFileSync(
			join(dir, "mcp.json"),
			JSON.stringify({ mcpServers: { user_only: { command: "echo", args: ["hi"] } } }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4486c12ef633618 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:88
		writeFileSync(join(home, ".cave", "mcp.json"), JSON.stringify({ mcpServers: { both: { command: "user-cmd" } } }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7532cca3659b6a3 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:89
		writeFileSync(join(tmp, ".mcp.json"), JSON.stringify({ mcpServers: { both: { command: "project-cmd" } } }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba4255a09ac6d980 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:96
		writeFileSync(join(tmp, ".mcp.json"), "{not valid json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8695a1ffa3ba08d5 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:104
		writeFileSync(
			join(home, ".cave", "mcp.json"),
			JSON.stringify({ mcpServers: {}, settings: { idleTimeout: 5, deferSchemas: true } }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15a4df7919570726 Filesystem access.
repo/packages/agent/src/__tests__/mcp-stdio.test.ts:45
	writeFileSync(scriptPath, SERVER_SOURCE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0af907702bbb9e12 Filesystem access.
repo/packages/agent/src/__tests__/memory-files.test.ts:81
		const lines = readFileSync(out, "utf-8").trim().split("\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caf7d833e6cd65cf Filesystem access.
repo/packages/agent/src/__tests__/model-download.test.ts:29
		await writeFile(tmp, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b73367988aaa0d99 Filesystem access.
repo/packages/agent/src/__tests__/model-download.test.ts:41
		await writeFile(tmp, "test");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a795b79c9413ba9d Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:36
	writeFileSync(join(repoRoot, "README.md"), "# test\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fae3a7af9c5859f Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:132
		writeFileSync(join(wt.worktreeDir, "scratch.txt"), "hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e3a48731c4b43fd Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:139
		writeFileSync(join(wt.worktreeDir, "new.txt"), "hi");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #598e53b25b11613d Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:183
		writeFileSync(join(wt.worktreeDir, "kept.txt"), "yes");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7aa4fecd415e5121 Filesystem access.
repo/packages/agent/src/bench/compare.ts:62
	const raw = JSON.parse(readFileSync(filePath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44f9a834caf7deab Filesystem access.
repo/packages/agent/src/bench/microbench-dataset.ts:58
		const meta: MicroBenchTaskMeta = JSON.parse(readFileSync(metaPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34384cbf81c89eb Filesystem access.
repo/packages/agent/src/bench/microbench-dataset.ts:59
		const prompt = readFileSync(promptPath, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89fd1397f4e148c4 Filesystem access.
repo/packages/agent/src/bench/terminal-bench.ts:48
	const lines = readFileSync(filePath, "utf-8").split("\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56578cc4811d094 Filesystem access.
repo/packages/agent/src/bench/terminal-bench.ts:158
		const json = JSON.parse(readFileSync(candidate, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f2c17ceb8218368c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/agent/src/bench/token-verifier.ts:154
		const url = new URL("https://api.openai.com/v1/organization/usage/completions");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #fbe79f14992d921f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/agent/src/bench/token-verifier.ts:183
		const url = new URL("https://api.anthropic.com/v1/organizations/usage_report/messages");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #56b74c212363d153 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:41
	writeFileSync(join(dir, "README.md"), "# test\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53e44311db2207d0 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:154
		writeFileSync(join(projectDir, "hello.ts"), "export const x = 1;\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c736d75774317069 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:175
		writeFileSync(filePath, "const v = 1;\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ed95361e9f203b6 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:181
		writeFileSync(filePath, "const v = 999; // changed\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4acd3e1a7a4fa378 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:182
		expect(readFileSync(filePath, "utf-8")).toContain("999");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2ab9fcc9329cdc9 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:190
		expect(readFileSync(filePath, "utf-8")).toContain("const v = 1;");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68d47df927724211 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:196
		writeFileSync(fileA, "// a original\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8549ac810290f7fe Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:197
		writeFileSync(fileB, "// b original\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00f5e7c374978b2d Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:202
		writeFileSync(fileA, "// a changed\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d5ca39ec4bd5fa4 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:203
		writeFileSync(fileB, "// b changed\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10260be628f5be35 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:207
		writeFileSync(fileA, "// a changed again\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec0555cec74fa874 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:214
		expect(readFileSync(fileA, "utf-8")).toContain("a original");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #722a8c85fe762372 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:216
		expect(readFileSync(fileB, "utf-8")).toContain("b changed");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #11e9816b2ddc128c Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:224
		writeFileSync(file, "// safe\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc45cf48ed7842fa Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:229
		writeFileSync(file, "// mutated\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96b23fbc6c81d3a7 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:268
		writeFileSync(file, "v1\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1e6f1a47861c3cd Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:271
		writeFileSync(file, "v2\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16e5700162794249 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:274
		writeFileSync(file, "v3\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2e051f93e8ce9d1 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:277
		writeFileSync(file, "v4-current\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #52c693110cb85350 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:282
		expect(readFileSync(file, "utf-8").trim()).toBe("v1");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ff0936ae0f82c17 Filesystem access.
repo/packages/agent/src/checkpoints/index-file.ts:64
			const raw = readFileSync(this.filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #031ad0dfa0f0ea44 Filesystem access.
repo/packages/agent/src/checkpoints/index-file.ts:126
		writeFileSync(tmp, JSON.stringify(this.data, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e53429c474da51dc Filesystem access.
repo/packages/agent/src/checkpoints/manager.ts:50
			writeFileSync(lockFile, `${process.pid}`, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fba09b31c7ffd0e9 Filesystem access.
repo/packages/agent/src/checkpoints/manager.ts:66
		const stalePid = Number(readFileSync(lockFile, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a23e21ef60ea0eea Filesystem access.
repo/packages/agent/src/compression/bert-tokenizer.ts:53
		const text = readFileSync(vocabPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93edc8214686f6a2 Filesystem access.
repo/packages/agent/src/mcp/discovery.ts:56
		const text = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #051744f629b0ee34 Filesystem access.
repo/packages/agent/src/mcp/keystore.ts:48
			const raw = readFileSync(this.path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6faa23790ba66fc0 Filesystem access.
repo/packages/agent/src/mcp/keystore.ts:62
		writeFileSync(this.path, JSON.stringify(data, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5665d9e2401f2c7d Filesystem access.
repo/packages/agent/src/memory/files.ts:117
						const body = readFileSync(join(dir, f), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99822e89374c7c1c Filesystem access.
repo/packages/agent/src/memory/files.ts:200
		writeFileSync(join(this.memoryDir, `${id}.md`), formatBody({ kind, ts, session_id, content, provenance }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #610d47a9f7447e9f Filesystem access.
repo/packages/agent/src/memory/files.ts:216
					writeFileSync(`${p}.deleted`, readFileSync(p, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28c4365aa3011d85 Filesystem access.
repo/packages/agent/src/memory/files.ts:239
			writeFileSync(toPath, text);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dad51d9b2c9f8ea Filesystem access.
repo/packages/agent/src/memory/files.ts:252
			const raw = readFileSync(p, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bfa92c7c200e712 Filesystem access.
repo/packages/agent/src/memory/files.ts:268
		writeFileSync(join(this.memoryDir, "index.json"), `${JSON.stringify(idx, null, 2)}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14ffd1a7e7b97937 Filesystem access.
repo/packages/agent/src/memory/files.ts:275
			const raw = readFileSync(p, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #04c04deaee7d00c3 Filesystem access.
repo/packages/ai/scripts/generate-models.ts:3
import { existsSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e34c2954f45e572e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/scripts/generate-models.ts:63
		const response = await fetch("https://openrouter.ai/api/v1/models");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e237292455b839a2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/scripts/generate-models.ts:121
		const response = await fetch(`${AI_GATEWAY_MODELS_URL}/models`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #978d6d5fb7777b32 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/scripts/generate-models.ts:179
		const response = await fetch("https://models.dev/api.json");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0202debc57493687 Filesystem access.
repo/packages/ai/scripts/generate-models.ts:1590
		? (readFileSync(outputPath, "utf-8").match(/satisfies Model</g) ?? []).length

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7fa8ab55163b2a0 Filesystem access.
repo/packages/ai/scripts/generate-models.ts:1607
	writeFileSync(outputPath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1838ced36ffa57fe Filesystem access.
repo/packages/ai/scripts/generate-test-image.ts:4
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #336381c717045926 Filesystem access.
repo/packages/ai/scripts/generate-test-image.ts:30
import { mkdirSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12a633c72b3e70d2 Filesystem access.
repo/packages/ai/scripts/generate-test-image.ts:34
writeFileSync(outputPath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef76c9583a9fa172 Filesystem access.
repo/packages/ai/src/cli.ts:4
import { existsSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e21713ed5c39b0 Filesystem access.
repo/packages/ai/src/cli.ts:18
		return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb44bedf71c642f7 Filesystem access.
repo/packages/ai/src/cli.ts:25
	writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8916a0a62c162693 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:45
		const gacPath = process.env.GOOGLE_APPLICATION_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1209358b84f4242a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:68
		return process.env.COPILOT_GITHUB_TOKEN || process.env.GH_TOKEN || process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55e539264afc217c Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:73
		return process.env.ANTHROPIC_OAUTH_TOKEN || process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7665f14f209c14ee Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:79
		if (process.env.GOOGLE_CLOUD_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc5ef231ceeed249 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:80
			return process.env.GOOGLE_CLOUD_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b39b3666a69a11b0 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:84
		const hasProject = !!(process.env.GOOGLE_CLOUD_PROJECT || process.env.GCLOUD_PROJECT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83fd846f8d478d63 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:85
		const hasLocation = !!process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8c7562472cc45cb Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:101
			process.env.AWS_PROFILE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35ab84fc5d8f3765 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:102
			(process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23745719d845a781 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:103
			process.env.AWS_BEARER_TOKEN_BEDROCK ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b0bd2d9dd89ca3a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:104
			process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6404bc396ba1e75a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:105
			process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #722b45a7ee07bc55 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:106
			process.env.AWS_WEB_IDENTITY_TOKEN_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0d4c12f02c98526 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:132
	return envVar ? process.env[envVar] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85337536b4f682f4 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:183
		const token = process.env.COPILOT_GITHUB_TOKEN || process.env.GH_TOKEN || process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d7ffd489e6d59a5 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:194
		if (process.env.ANTHROPIC_OAUTH_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a551ff3514d00878 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:197
		if (process.env.ANTHROPIC_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2646c46602912d7e Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:209
		if (process.env.GOOGLE_CLOUD_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a551354139c2d2a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:213
		const hasProject = !!(process.env.GOOGLE_CLOUD_PROJECT || process.env.GCLOUD_PROJECT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8562122931ba608a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:214
		const hasLocation = !!process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c1cbb65024d32bb Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:227
			process.env.AWS_PROFILE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73cc058af82f2446 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:228
			(process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41887fa2411c37b9 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:229
			process.env.AWS_BEARER_TOKEN_BEDROCK ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57a71252a7dd6177 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:230
			process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae4d4f1ffb81f053 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:231
			process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fb7b670c70cbec5 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:232
			process.env.AWS_WEB_IDENTITY_TOKEN_FILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f60cb9afff9480b Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:243
		if (!(process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7455e82e791eaed4 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:263
		const value = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3af44dad08b5035 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:105
			const explicitRegion = options.region || process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a5cd359aaaac28b Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:108
			} else if (!process.env.AWS_PROFILE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a93e0be5f16d312 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:113
			if (process.env.AWS_BEDROCK_SKIP_AUTH === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0efb15961dc207b7 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:121
				process.env.HTTP_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53691dba37330029 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:122
				process.env.HTTPS_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4356bd13d779214 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:123
				process.env.NO_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecf28d67b7e4437d Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:124
				process.env.http_proxy ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0552080ca10d57a4 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:125
				process.env.https_proxy ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a116115adfe49c21 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:126
				process.env.no_proxy

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0671f60c24fce5e9 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:140
			} else if (process.env.AWS_BEDROCK_FORCE_HTTP1 === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cbff8f0cd1569f7 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:461
	if (typeof process !== "undefined" && process.env.PI_CACHE_RETENTION === "long") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d71b75cb66fe90e Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:483
		if (typeof process !== "undefined" && process.env.AWS_BEDROCK_FORCE_CACHE === "1") return true;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf866adb8234965b Environment-variable access.
repo/packages/ai/src/providers/anthropic.ts:45
	if (typeof process !== "undefined" && process.env.PI_CACHE_RETENTION === "long") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c02a1d9197154e Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:38
	const mappedDeployment = parseDeploymentNameMap(process.env.AZURE_OPENAI_DEPLOYMENT_NAME_MAP).get(model.id);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba48b7321a8040e7 Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:154
	const apiVersion = options?.azureApiVersion || process.env.AZURE_OPENAI_API_VERSION || DEFAULT_AZURE_API_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6014116c56188ce Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:156
	const baseUrl = options?.azureBaseUrl?.trim() || process.env.AZURE_OPENAI_BASE_URL?.trim() || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc51226685895ff5 Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:157
	const resourceName = options?.azureResourceName || process.env.AZURE_OPENAI_RESOURCE_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de52b5a469f54fff Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:183
		if (!process.env.AZURE_OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e153d455ab8cb41e Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:188
		apiKey = process.env.AZURE_OPENAI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab9b33db6d2a3c1b Environment-variable access.
repo/packages/ai/src/providers/google-gemini-cli.ts:83
	const version = process.env.PI_AI_ANTIGRAVITY_VERSION || DEFAULT_ANTIGRAVITY_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a95ebb8adb823a55 Environment-variable access.
repo/packages/ai/src/providers/google-vertex.ts:372
	const apiKey = options?.apiKey?.trim() || process.env.GOOGLE_CLOUD_API_KEY?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170d55da7c46c31c Environment-variable access.
repo/packages/ai/src/providers/google-vertex.ts:384
	const project = options?.project || process.env.GOOGLE_CLOUD_PROJECT || process.env.GCLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec16dee4f040c424 Environment-variable access.
repo/packages/ai/src/providers/google-vertex.ts:394
	const location = options?.location || process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d43747d7d6c83ec2 Environment-variable access.
repo/packages/ai/src/providers/openai-completions.ts:334
		if (!process.env.OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d4a6a5f6dfd57c Environment-variable access.
repo/packages/ai/src/providers/openai-completions.ts:339
		apiKey = process.env.OPENAI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19e0aceb98aac87 Environment-variable access.
repo/packages/ai/src/providers/openai-responses.ts:31
	if (typeof process !== "undefined" && process.env.PI_CACHE_RETENTION === "long") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8a78ab4465fbc81 Environment-variable access.
repo/packages/ai/src/providers/openai-responses.ts:156
		if (!process.env.OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcdbfd41d8147773 Environment-variable access.
repo/packages/ai/src/providers/openai-responses.ts:161
		apiKey = process.env.OPENAI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cedac2a64b12ec6 Filesystem access.
repo/packages/ai/src/registry/fetcher.ts:74
		writeFileSync(tmpPath, JSON.stringify(result.registry, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9ed82ac4812955c Filesystem access.
repo/packages/ai/src/registry/loader.ts:92
			raw = JSON.parse(readFileSync(path, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #324750a928846f2a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-antigravity.ts:215
		const response = await fetch("https://www.googleapis.com/oauth2/v1/userinfo?alt=json", {
			headers: {
				Authorization: `Bearer ${accessToken}`,
			},
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9a89118b94d3ae66 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-antigravity.ts:235
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: CLIENT_ID,
			client_secret: CLIENT_SECRET,
			refresh_token: refreshToken,
			grant_type: "refresh_token",
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ad396314609f3845 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-antigravity.ts:378
		const tokenResponse = await fetch(TOKEN_URL, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
			},
			body: new URLSearchParams({
				client_id: CLIENT_ID,
				client_secret: CLIENT_SECRET,
				code,
				grant_type: "authorization_code",
				redirect_uri: REDIRECT_URI,
				code_verifier: verifier,
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1c561b816f5c6f5d Environment-variable access.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226
	const envProjectId = process.env.GOOGLE_CLOUD_PROJECT || process.env.GOOGLE_CLOUD_PROJECT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3f81f77492ebece9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237
	const loadResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:loadCodeAssist`, {
		method: "POST",
		headers,
		body: JSON.stringify({
			cloudaicompanionProject: envProjectId,
			metadata: {
				ideType: "IDE_UNSPECIFIED",
				platform: "PLATFORM_UNSPECIFIED",
				pluginType: "GEMINI",
				duetProject: envProjectId,
			},
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f6230895a801d89b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316
	const onboardResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:onboardUser`, {
		method: "POST",
		headers,
		body: JSON.stringify(onboardBody),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e00759042244c1bb Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:357
		const response = await fetch("https://www.googleapis.com/oauth2/v1/userinfo?alt=json", {
			headers: {
				Authorization: `Bearer ${accessToken}`,
			},
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #75422453f734b306 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:377
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: CLIENT_ID,
			client_secret: CLIENT_SECRET,
			refresh_token: refreshToken,
			grant_type: "refresh_token",
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #085c525d9d0ee3b6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:520
		const tokenResponse = await fetch(TOKEN_URL, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
			},
			body: new URLSearchParams({
				client_id: CLIENT_ID,
				client_secret: CLIENT_SECRET,
				code,
				grant_type: "authorization_code",
				redirect_uri: REDIRECT_URI,
				code_verifier: verifier,
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c4ec33edc157872f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/openai-codex.ts:96
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			grant_type: "authorization_code",
			client_id: CLIENT_ID,
			code,
			code_verifier: verifier,
			redirect_uri: redirectUri,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #115c964cd396ee46 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/openai-codex.ts:135
		const response = await fetch(TOKEN_URL, {
			method: "POST",
			headers: { "Content-Type": "application/x-www-form-urlencoded" },
			body: new URLSearchParams({
				grant_type: "refresh_token",
				refresh_token: refreshToken,
				client_id: CLIENT_ID,
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #866fcb91b80eabf9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/openai-codex.ts:180
	const url = new URL(AUTHORIZE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #8e23ebc8b550aeb6 Environment-variable access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:54
	"User-Agent": `antigravity/${process.env.PI_AI_ANTIGRAVITY_VERSION || DEFAULT_ANTIGRAVITY_VERSION} darwin/arm64`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fe60928ba767e10 Filesystem access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:177
		const content = readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #030803956887e8de Environment-variable access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:194
	const envMode = (process.env.PI_IMAGE_SAVE_MODE || "").toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16b0d6461f2e2a3b Environment-variable access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:212
		const dir = params.saveDir || process.env.PI_IMAGE_SAVE_DIR || config.saveDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0189a09f1b7e63c Filesystem access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:237
		await writeFile(filePath, Buffer.from(base64Data, "base64"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6b4a9bd50e229256 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371
			const response = await fetch(`${ANTIGRAVITY_ENDPOINT}/v1internal:streamGenerateContent?alt=sse`, {
				method: "POST",
				headers: {
					Authorization: `Bearer ${accessToken}`,
					"Content-Type": "application/json",
					Accept: "text/event-stream",
					...ANTIGRAVITY_HEADERS,
				},
				body: JSON.stringify(requestBody),
				signal,
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3648601f55acb967 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-anthropic/index.ts:97
	const tokenResponse = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "authorization_code",
			client_id: CLIENT_ID,
			code,
			state,
			redirect_uri: REDIRECT_URI,
			code_verifier: verifier,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #be7dc5ca7d4a69ca Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-anthropic/index.ts:128
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "refresh_token",
			client_id: CLIENT_ID,
			refresh_token: credentials.refresh,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7c7374dbd5159ee7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:149
	const response = await fetch(`${GITLAB_COM_URL}/api/v4/ai/third_party_agents/direct_access`, {
		method: "POST",
		headers: { Authorization: `Bearer ${gitlabAccessToken}`, "Content-Type": "application/json" },
		body: JSON.stringify({ feature_flags: { DuoAgentPlatformNext: true } }),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2b9af64eeb263f1d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:210
	const tokenResponse = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "authorization_code",
			code,
			code_verifier: verifier,
			redirect_uri: REDIRECT_URI,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b94af43c7fff623b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:238
	const response = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "refresh_token",
			refresh_token: credentials.refresh,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6c54715dd2c23330 Filesystem access.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/test.ts:12
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #857f0b0c7d77bb5b Filesystem access.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/test.ts:32
	const authData = JSON.parse(readFileSync(authPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3e778c86a5b48ea8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:106
	const response = await fetch(QWEN_DEVICE_CODE_ENDPOINT, {
		method: "POST",
		headers,
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2aedacfc9dcfeec8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:170
		const response = await fetch(QWEN_TOKEN_ENDPOINT, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
				Accept: "application/json",
			},
			body: body.toString(),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #567b527e580397d4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:251
	const response = await fetch(QWEN_TOKEN_ENDPOINT, {
		method: "POST",
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
			Accept: "application/json",
		},
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b04e74a67bd532f7 Filesystem access.
repo/packages/coding-agent/examples/extensions/doom-overlay/doom-engine.ts:58
		const wadData = readFileSync(this.wadPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4effa96820d7896 Filesystem access.
repo/packages/coding-agent/examples/extensions/doom-overlay/doom-engine.ts:62
		const doomJsCode = readFileSync(doomJsPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28d5d346c45e73dc Environment-variable access.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:14
		const resolved = resolve(customPath.replace(/^~/, process.env.HOME || ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdb5cb287bc4b90b Environment-variable access.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:26
		const resolved = resolve(p.replace(/^~/, process.env.HOME || ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #aadbc041f8e729a7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:41
		const response = await fetch(WAD_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bee07ed57d17a0bc Filesystem access.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:46
		writeFileSync(BUNDLED_WAD, Buffer.from(buffer));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e273b961cddda458 Filesystem access.
repo/packages/coding-agent/examples/extensions/file-trigger.ts:20
				const content = fs.readFileSync(triggerFile, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ea74e8d05d0ac27 Filesystem access.
repo/packages/coding-agent/examples/extensions/file-trigger.ts:30
					fs.writeFileSync(triggerFile, ""); // Clear after reading

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d6352fb64486a4e Environment-variable access.
repo/packages/coding-agent/examples/extensions/interactive-shell.ts:102
		process.env.INTERACTIVE_COMMANDS?.split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac24a3f6e2387a60 Environment-variable access.
repo/packages/coding-agent/examples/extensions/interactive-shell.ts:105
	const excluded = new Set(process.env.INTERACTIVE_EXCLUDE?.split(",").map((s) => s.trim().toLowerCase()) ?? []);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74fb4be8e9f57995 Environment-variable access.
repo/packages/coding-agent/examples/extensions/interactive-shell.ts:164
			const shell = process.env.SHELL || "/bin/sh";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bcd78af05150fb8 Environment-variable access.
repo/packages/coding-agent/examples/extensions/notify.ts:42
	if (process.env.WT_SESSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72a43884c720ab9f Environment-variable access.
repo/packages/coding-agent/examples/extensions/notify.ts:44
	} else if (process.env.KITTY_WINDOW_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ba65ef597006cf Filesystem access.
repo/packages/coding-agent/examples/extensions/preset.ts:79
			const content = readFileSync(globalPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda1f710f9187f8d Filesystem access.
repo/packages/coding-agent/examples/extensions/preset.ts:89
			const content = readFileSync(projectPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b78a913c5bacff4 Filesystem access.
repo/packages/coding-agent/examples/extensions/sandbox/index.ts:88
			globalConfig = JSON.parse(readFileSync(globalConfigPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #147e5156871336c6 Filesystem access.
repo/packages/coding-agent/examples/extensions/sandbox/index.ts:96
			projectConfig = JSON.parse(readFileSync(projectConfigPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4cbfc655b1a9c52 Filesystem access.
repo/packages/coding-agent/examples/extensions/subagent/agents.ts:47
			content = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18246410b2be0083 Filesystem access.
repo/packages/coding-agent/examples/extensions/subagent/index.ts:215
		await fs.promises.writeFile(filePath, prompt, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0546eea60a051778 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:26
import { constants, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #471e97fd518dc4b1 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:27
import { access, appendFile, readFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7af7c6430817a865 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:100
				const content = await readFile(absolutePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90783ab74593f409 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:136
				const log = readFileSync(LOG_FILE, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #747d84a44931215d Filesystem access.
repo/packages/coding-agent/examples/extensions/truncated-tool.ts:115
					await writeFile(tempFile, output, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82ed3dafca360cf6 Environment-variable access.
repo/packages/coding-agent/examples/sdk/12-full-control.ts:28
if (process.env.MY_ANTHROPIC_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5375b32480536ca6 Environment-variable access.
repo/packages/coding-agent/examples/sdk/12-full-control.ts:29
	authStorage.setRuntimeApiKey("anthropic", process.env.MY_ANTHROPIC_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7a4eb84ed84f22e Environment-variable access.
repo/packages/coding-agent/src/cli/attach.ts:28
		host: process.env.CAVE_DAEMON_HOST ?? DEFAULT_DAEMON_HOST,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8454c33aa8e22288 Environment-variable access.
repo/packages/coding-agent/src/cli/attach.ts:29
		port: process.env.CAVE_DAEMON_PORT ? Number.parseInt(process.env.CAVE_DAEMON_PORT, 10) : DEFAULT_DAEMON_PORT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f07abe7759ecb8e Environment-variable access.
repo/packages/coding-agent/src/cli/attach.ts:30
		token: process.env.CAVE_DAEMON_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0150b7bb485c9bed Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:53
	const term = process.env.TERM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd8c94472d90d43b Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:54
	const colorTerm = process.env.COLORTERM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e78fabf0522f61a1 Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:55
	const program = process.env.TERM_PROGRAM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49c1fdc160a085f5 Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:56
	const wt = process.env.WT_SESSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #197dd54663f43a7a Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:57
	const ssh = !!(process.env.SSH_TTY || process.env.SSH_CONNECTION);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1290756355beb30e Filesystem access.
repo/packages/coding-agent/src/cli/file-processor.ts:52
			const content = await readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95e2cd705ce95d41 Filesystem access.
repo/packages/coding-agent/src/cli/file-processor.ts:89
				const content = await readFile(absolutePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9511d770d958dc46 Filesystem access.
repo/packages/coding-agent/src/cli/goal-cli.ts:210
	const goalText = readFileSync(paths.goalMd, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c6190e6244b1b83 Filesystem access.
repo/packages/coding-agent/src/cli/goal-cli.ts:220
		const lines = readFileSync(paths.transcriptJsonl, "utf8").trim().split(/\r?\n/);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd187ea2aa5f263a Environment-variable access.
repo/packages/coding-agent/src/cli/list.ts:24
		host: process.env.CAVE_DAEMON_HOST ?? DEFAULT_DAEMON_HOST,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #703af2f1886c7759 Environment-variable access.
repo/packages/coding-agent/src/cli/list.ts:25
		port: process.env.CAVE_DAEMON_PORT ? Number.parseInt(process.env.CAVE_DAEMON_PORT, 10) : DEFAULT_DAEMON_PORT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #423dc346ceaf958d Environment-variable access.
repo/packages/coding-agent/src/cli/list.ts:26
		token: process.env.CAVE_DAEMON_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c438d97cb0baad25 Filesystem access.
repo/packages/coding-agent/src/cli/mcp-cli.ts:38
		return JSON.parse(readFileSync(path, "utf8")) as McpConfigFile;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7049f5282932fa5a Filesystem access.
repo/packages/coding-agent/src/cli/mcp-cli.ts:47
	writeFileSync(path, `${JSON.stringify(data, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c54af34f8ba50bd3 Environment-variable access.
repo/packages/coding-agent/src/cli/models.ts:26
	const envDir = process.env.CAVE_CODING_AGENT_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00fdff145812f037 Environment-variable access.
repo/packages/coding-agent/src/cli/run-recipe.ts:203
		process.env.CAVE_RECIPE_MODEL = recipe.model;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce11a9d83f5921f5 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:107
		const existing = Number.parseInt(readFileSync(parsed.pidFile, "utf8").trim(), 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22f958cdfc88ea61 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:136
	writeFileSync(parsed.pidFile, String(process.pid), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8af8a2d24a182150 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:156
					const pid = Number.parseInt(readFileSync(parsed.pidFile, "utf8").trim(), 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #888eb6f24f460e93 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:158
						writeFileSync(parsed.pidFile, "", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb4fbdbe7ad00005 Environment-variable access.
repo/packages/coding-agent/src/cli/update.ts:107
	if (process.env.CAVE_DISABLE_UPDATE_CHECK === "1") return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dd6aeb6688308df Environment-variable access.
repo/packages/coding-agent/src/cli/update.ts:142
	const home = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1424bb1901bd915f Filesystem access.
repo/packages/coding-agent/src/cli/worker.ts:47
		const raw = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f99c6a134ce3c29d Filesystem access.
repo/packages/coding-agent/src/cli/worker.ts:57
	writeFileSync(path, `${JSON.stringify(file, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca5943b3a837d9f7 Filesystem access.
repo/packages/coding-agent/src/config.ts:1
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #993a31f81fd9a479 Environment-variable access.
repo/packages/coding-agent/src/config.ts:82
	const envDir = process.env[DEFAULT_PACKAGE_DIR_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0cb00f7d5e56813 Filesystem access.
repo/packages/coding-agent/src/config.ts:185
const pkg = JSON.parse(readFileSync(getPackageJsonPath(), "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ca49e43cced395d Environment-variable access.
repo/packages/coding-agent/src/config.ts:201
	const baseUrl = process.env[ENV_SHARE_VIEWER_URL] || DEFAULT_SHARE_VIEWER_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7b7b993ded6531 Environment-variable access.
repo/packages/coding-agent/src/config.ts:211
	const envDir = process.env[ENV_AGENT_DIR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1157a4371eaa16ad Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cave-invocation.test.ts:16
			writeFileSync(script, "#!/usr/bin/env node\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac1847ea0d240701 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:50
		writeFileSync(totalsPath, "not-valid-json", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #924f3fa03cbc6658 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:60
		writeFileSync(totalsPath, JSON.stringify(data), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4bb21eeb205992a Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:78
		const raw = JSON.parse(readFileSync(totalsPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67832b4dcd0c9438 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:147
			readFileSync(totalsPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7acbd283dec9f309 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:199
		writeFileSync(totalsPath, JSON.stringify(oldData), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88dace9e866a30b3 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:38
		writeFileSync(join(memDir, "MEMORY.md"), "# Index\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e759072683e6672 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:51
		writeFileSync(join(memDir, "MEMORY.md"), lines);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #336c8588524d25bb Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:63
		writeFileSync(join(memDir, "MEMORY.md"), "# Index\n- [a](a.md)\n- [b](b.md)\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e2baa6b5a67a0b5 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:64
		writeFileSync(join(memDir, "a.md"), "Fact about A — preserve verbatim.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264580f01fe867f9 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:65
		writeFileSync(join(memDir, "b.md"), "Fact about B with code: `npm install`.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #33d7b075b93ced02 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:66
		writeFileSync(join(memDir, "duplicate-of-a.md"), "Fact about A — preserve verbatim.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6b41aa72c1e3675f Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:14
	writeFileSync(join(tmp, "src", "foo.ts"), `export function foo() {\n  return bar();\n}\nexport class Foo {}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3112c3784b3c0b4 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:15
	writeFileSync(
		join(tmp, "src", "bar.ts"),
		`export function bar() { return 1; }\nexport function bar2() { return foo(); }\n`,
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8b25df71a25d9ae Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:19
	writeFileSync(join(tmp, "src", "baz.py"), `def baz():\n    return 0\nclass Baz:\n    pass\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #074a5fd77924f56a Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:21
	writeFileSync(join(tmp, "README.md"), "# hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #380987ed2b2e2acd Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:24
	writeFileSync(join(tmp, "node_modules", "x", "x.ts"), "export const x = 1;");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be9f6b1e2cbf260a Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:99
		const prev = process.env.CAVE_SUBAGENT_DEPTH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b6b5bf76d9e4880 Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:100
		process.env.CAVE_SUBAGENT_DEPTH = "9";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3547996a83ad5aab Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:107
			if (prev === undefined) delete process.env.CAVE_SUBAGENT_DEPTH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46746bb53e0b675a Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:108
			else process.env.CAVE_SUBAGENT_DEPTH = prev;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c60fa219b6173cb2 Filesystem access.
repo/packages/coding-agent/src/core/agent-defs/loader.ts:21
import { existsSync, readdirSync, readFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02bf44bca3f0926d Filesystem access.
repo/packages/coding-agent/src/core/agent-defs/loader.ts:90
		content = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8993161fb915ca9d Environment-variable access.
repo/packages/coding-agent/src/core/agent-session.ts:252
const PROMPT_TIMING_ENABLED = process.env.CAVE_PROMPT_TIMING === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e277d99410a1c88f Environment-variable access.
repo/packages/coding-agent/src/core/agent-session.ts:391
		process.env.CAVE_CHAT_MODE === "plan" ? "plan" : process.env.CAVE_CHAT_MODE === "edit" ? "edit" : "auto";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc8a52813943d171 Filesystem access.
repo/packages/coding-agent/src/core/agent-session.ts:1057
				const raw = readFileSync(indexPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db03eef667617b69 Filesystem access.
repo/packages/coding-agent/src/core/agent-session.ts:1959
			const content = readFileSync(skill.filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f367e1e0ebe00e2 Environment-variable access.
repo/packages/coding-agent/src/core/agent-session.ts:3187
		if (process.env.CAVE_MEMORY_AUTO_RECORD === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e1407646c552ca5 Filesystem access.
repo/packages/coding-agent/src/core/agent-session.ts:4050
		writeFileSync(filePath, `${lines.join("\n")}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06ad9d28e8512ed0 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:16
import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76a3351251f10c89 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:57
			writeFileSync(this.authPath, "{}", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af200d01f5bcb49c Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:96
			const current = existsSync(this.authPath) ? readFileSync(this.authPath, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1631bfcced780913 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:99
				writeFileSync(this.authPath, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b052f98ede4bbebb Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:140
			const current = existsSync(this.authPath) ? readFileSync(this.authPath, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #793f4d670c971951 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:144
				writeFileSync(this.authPath, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcbe5c1299ef6a6e Filesystem access.
repo/packages/coding-agent/src/core/cost-persistence.ts:66
		const raw = fs.readFileSync(p, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac8404c68b7f25e6 Filesystem access.
repo/packages/coding-agent/src/core/cost-persistence.ts:120
		fs.writeFileSync(tmp, JSON.stringify(totals, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de18ac8ab50c180a Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:2
import { existsSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54b29c7c84de14b6 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:144
	const template = readFileSync(join(templateDir, "template.html"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27b07a10bc7baff2 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:145
	const templateCss = readFileSync(join(templateDir, "template.css"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35631c3417688c30 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:146
	const templateJs = readFileSync(join(templateDir, "template.js"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddec724a9f176a55 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:147
	const markedJs = readFileSync(join(templateDir, "vendor", "marked.min.js"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01070d1ada7275d9 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:148
	const hljsJs = readFileSync(join(templateDir, "vendor", "highlight.min.js"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #912f145ba679522a Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:279
	writeFileSync(outputPath, html, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5afab23d7d1130f9 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:312
	writeFileSync(outputPath, html, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1a8e55abaf69775 Filesystem access.
repo/packages/coding-agent/src/core/extensions/loader.ts:418
		const content = fs.readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0cc4a84082f5d31 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:2
import { existsSync, type FSWatcher, readFileSync, statSync, unwatchFile, watch, watchFile } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15fc51f6ce7fa57 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:23
					const content = readFileSync(gitPath, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d16caa99c28092ea Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:30
							? resolve(gitDir, readFileSync(commonDirPath, "utf8").trim())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c20b411b5191fb4 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:256
			const content = readFileSync(this.gitPaths.headPath, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3466d5ace55d660 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:270
			const content = readFileSync(this.gitPaths.headPath, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #405d4a5d5e9cd5fc Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-runner.ts:90
	writeFileSync(join(dir, "stdout.jsonl"), payload.stdout);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a8a5e876d2f307e Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-runner.ts:91
	writeFileSync(join(dir, "assistant.txt"), payload.assistant);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6107ef6612328918 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:100
	writeFileSync(tmp, JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4907beab3223467 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:107
		return JSON.parse(readFileSync(path, "utf8")) as T;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1df558d4bd09b1d8 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:154
			const { frontmatter } = parseFrontmatter<GoalFrontmatter>(readFileSync(goalMd, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2bc29837bdbac49 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:167
	writeFileSync(path, text);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c609420a2e34411a Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:171
	const raw = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe41562b380f6e0f Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:245
	return readFileSync(paths.summaryMd, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e858edfbaa9773a Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:251
	writeFileSync(paths.summaryMd, trimmed);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dca2ab755c08c89 Environment-variable access.
repo/packages/coding-agent/src/core/hooks/executor.ts:313
	return { shell: process.env.SHELL || "/bin/sh", shellArg: "-c" };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55706466993a7d9c Filesystem access.
repo/packages/coding-agent/src/core/keybindings.ts:9
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d6c809f8a2de8c9 Filesystem access.
repo/packages/coding-agent/src/core/keybindings.ts:279
		const parsed = JSON.parse(readFileSync(path, "utf-8")) as unknown;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3898fe0bc4a6f912 Filesystem access.
repo/packages/coding-agent/src/core/memory-bridge.ts:193
		const raw = readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2d79a7498a0a4fe Filesystem access.
repo/packages/coding-agent/src/core/model-registry.ts:25
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8aebb92109934d5 Filesystem access.
repo/packages/coding-agent/src/core/model-registry.ts:393
			const content = readFileSync(modelsJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b0980ee4152b15c Environment-variable access.
repo/packages/coding-agent/src/core/package-manager.ts:18
	const value = process.env.PI_OFFLINE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6b3d46acccfc967 Environment-variable access.
repo/packages/coding-agent/src/core/package-manager.ts:167
	return process.env.HOME || homedir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d90199e43d3ce72 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:201
			const content = readFileSync(ignorePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #055d4b82fdbd9e84 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:472
		const content = readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d61279cd37e61cb Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1311
			const content = readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd3836857c2854b6 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1686
			writeFileSync(packageJsonPath, JSON.stringify(pkgJson, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a91b822f9b43846 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1696
			writeFileSync(ignorePath, "*\n!.gitignore\n", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5556aa5574384c21 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1917
			const content = readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd3986d8a43c9cf Filesystem access.
repo/packages/coding-agent/src/core/plans.ts:43
	writeFileSync(path, plan, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7801f949f7c21350 Filesystem access.
repo/packages/coding-agent/src/core/plans.ts:52
		return readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #480cc2179354971e Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:31
	HOME_BACKUP = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af703e0721ea4afb Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:32
	process.env.HOME = fakeHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06f1f44525f56d4c Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:38
	if (HOME_BACKUP === undefined) delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec15958272465640 Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:39
	else process.env.HOME = HOME_BACKUP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bb77fd08bfa71f8 Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:45
	writeFileSync(path, JSON.stringify(data), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9602573e3a20ea2a Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:64
		writeFileSync(
			mp,
			JSON.stringify({
				plugins: [{ ref: "owner/my-plugin", name: "my-plugin", description: "Test plugin" }],
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b85c007ba4fc454b Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:81
		writeFileSync(
			mp,
			JSON.stringify({
				plugins: [
					{ ref: "alice/tool-a", name: "tool-a", description: "Tool A" },
					{ ref: "bob/tool-b", name: "tool-b", description: "Tool B" },
				],
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ae91246a12d67e9 Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:100
		writeFileSync(
			repoMp,
			JSON.stringify({ plugins: [{ ref: "r/plugin", name: "plugin", description: "Repo" }] }),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca788a888f9261a2 Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:108
		writeFileSync(
			personalMp,
			JSON.stringify({
				plugins: [{ ref: "p/plugin", name: "plugin", description: "Personal" }],
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23a64d0fcc3e2ada Filesystem access.
repo/packages/coding-agent/src/core/plugins/installer.ts:218
	writeFileSync(dst, readFileSync(src, "utf8"), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54374af2bbaebbd6 Filesystem access.
repo/packages/coding-agent/src/core/plugins/installer.ts:260
		const manifestJson = readFileSync(manifestPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #270213fe35084df7 Filesystem access.
repo/packages/coding-agent/src/core/plugins/loader.ts:112
			const json = readFileSync(manifestPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e7e5f9a43101467 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:119
		const raw = JSON.parse(readFileSync(path, "utf8")) as Partial<MarketplaceFile>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b64e13821e172f7 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:132
	writeFileSync(path, `${JSON.stringify(data, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcd369896580f1e9 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:152
		const entry = JSON.parse(readFileSync(cachePath, "utf8")) as CacheEntry;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75e9f30b5a04b2fc Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:164
	writeFileSync(cachePath, `${JSON.stringify(entry, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b56d820a098574b1 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:324
		const raw = JSON.parse(readFileSync(INSTALLED_REGISTRY_PATH, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5dd440950aae059 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:334
	writeFileSync(INSTALLED_REGISTRY_PATH, `${JSON.stringify(records, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #874ece1dad66ef0c Filesystem access.
repo/packages/coding-agent/src/core/prompt-templates.ts:1
import { existsSync, readdirSync, readFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6001a4febccd5483 Filesystem access.
repo/packages/coding-agent/src/core/prompt-templates.ts:105
		const rawContent = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84a301d0e07c7e2a Filesystem access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:45
	writeFileSync(filePath, content, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35038b1ee69000a6 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:308
			captured.push(process.env.MY_TEST_VAR ?? "(unset)");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e28b37bae315033 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:312
		const previousVal = process.env.MY_TEST_VAR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #458acb38717ce658 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:316
		expect(process.env.MY_TEST_VAR).toBe(previousVal); // restored

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0858e6458888f3b Filesystem access.
repo/packages/coding-agent/src/core/recipes/loader.ts:71
		raw = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09d0621090cb37ac Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:98
			envSnapshot[k] = process.env[k];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b95ada9e3657215 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:99
			process.env[k] = v;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d0766fb4bc35383 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:119
					delete process.env[k];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf5bc100d37855f8 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:121
					process.env[k] = prev;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9678f9930e9f02e Environment-variable access.
repo/packages/coding-agent/src/core/resolve-config-value.ts:21
	const envValue = process.env[config];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7eb627d6bc6ed3e Environment-variable access.
repo/packages/coding-agent/src/core/resolve-config-value.ts:95
	const envValue = process.env[config];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e11b2aeec83b3c86 Filesystem access.
repo/packages/coding-agent/src/core/resource-loader.ts:48
			return readFileSync(input, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50103588c8812ff4 Filesystem access.
repo/packages/coding-agent/src/core/resource-loader.ts:66
					content: readFileSync(filePath, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ae2cd9d15b215ec Environment-variable access.
repo/packages/coding-agent/src/core/resource-loader.ts:83
	if (process.env.CAVE_OMIT_CLAUDE_MD === "1") return [];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #668d5cd29657e1d1 Filesystem access.
repo/packages/coding-agent/src/core/resource-loader.ts:124
			contextFiles.push({ path: memoryIndex, content: readFileSync(memoryIndex, "utf-8") });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98a2dbc9039fe6a3 Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:4
import {
	appendFileSync,
	closeSync,
	existsSync,
	mkdirSync,
	openSync,
	readdirSync,
	readFileSync,
	readSync,
	statSync,
	writeFileSync,
} from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #222e3dd90129bb9b Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:16
import { readdir, readFile, stat } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cac94f173788f38 Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:436
	const content = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df62129a81b02e85 Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:546
		const content = await readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6688ddb98f3c16a Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:773
		writeFileSync(this.sessionFile, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b8dbcfe22f6ff5e Filesystem access.
repo/packages/coding-agent/src/core/settings-manager.ts:2
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05ce85702621baa1 Filesystem access.
repo/packages/coding-agent/src/core/settings-manager.ts:288
			const current = fileExists ? readFileSync(path, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aebe90d3ea13c84f Filesystem access.
repo/packages/coding-agent/src/core/settings-manager.ts:298
				writeFileSync(path, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #431d5f0fb5c8675c Environment-variable access.
repo/packages/coding-agent/src/core/settings-manager.ts:1002
		return process.env.PI_CLEAR_ON_SHRINK === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #164369c72b88604a Environment-variable access.
repo/packages/coding-agent/src/core/settings-manager.ts:1073
		return this.settings.showHardwareCursor ?? process.env.PI_HARDWARE_CURSOR === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d392c214099cbac7 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:9
import { existsSync, type FSWatcher, readdirSync, readFileSync, realpathSync, statSync, watch } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fe5c7592b26d8a6 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:76
			const content = readFileSync(ignorePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40df01d8f1603556 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:356
		const rawContent = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #982891326d5f3295 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:643
	const raw = readFileSync(skill.filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #784e67165f750563 Environment-variable access.
repo/packages/coding-agent/src/core/skills.ts:787
		const fromEnv = process.env[varName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1ba25f403dbfc96 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands.ts:34
import { type Dirent, existsSync, type FSWatcher, readdirSync, readFileSync, statSync, watch } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dceafe667f7502e Filesystem access.
repo/packages/coding-agent/src/core/slash-commands.ts:221
		raw = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dabcadef275304f Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/goal.test.ts:47
		const goalMd = readFileSync(paths.goalMd, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a1b700d2599325e Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:40
		HOME_BACKUP = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45b2f67e0f64889a Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:41
		process.env.HOME = fakeHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bc4c98b3551630e Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:47
		if (HOME_BACKUP === undefined) delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53dca95812bbc6e0 Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:48
		else process.env.HOME = HOME_BACKUP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e4aadd5bd4bdfd8 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:58
		writeFileSync(
			join(cwd, ".mcp.json"),
			JSON.stringify({
				mcpServers: { fs: { command: "echo", args: ["hi"] } },
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29a38e0a97b0d2c5 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/goal.ts:174
		const raw = readFileSync(paths.transcriptJsonl, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #092565096334bd3f Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/hooks.ts:190
	const content = readFileSync(sourcePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39867546fb888a15 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/hooks.ts:191
	writeFileSync(dest, content, { mode: 0o755 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e8bc0916d08eff4 Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/models.ts:20
	const envDir = process.env.CAVE_CODING_AGENT_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00a540cb10a232ea Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/repomap.ts:108
					const source = readFileSync(full, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bb67013fd2cfa2b Environment-variable access.
repo/packages/coding-agent/src/core/status-line-runner.ts:56
		const shell = process.env.SHELL || (process.platform === "win32" ? process.env.COMSPEC || "cmd.exe" : "/bin/sh");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dff37643bee9eb3 Environment-variable access.
repo/packages/coding-agent/src/core/system-prompt.ts:131
		`- Shell: ${process.env.SHELL ?? "unknown"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fba9c20c97890c5 Environment-variable access.
repo/packages/coding-agent/src/core/system-prompt.ts:365
		if (process.env.CAVE_SUBAGENT_DEPTH && Number.parseInt(process.env.CAVE_SUBAGENT_DEPTH, 10) > 0) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #619ce926db3f8cd2 Environment-variable access.
repo/packages/coding-agent/src/core/timings.ts:6
const ENABLED = process.env.PI_TIMING === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fa68f88aae35fe3 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit-diff.ts:7
import { constants } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d664924012032c0c Filesystem access.
repo/packages/coding-agent/src/core/tools/edit-diff.ts:8
import { access, readFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cac40a8f2398e71 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit-diff.ts:420
		const rawContent = await readFile(absolutePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1961e15b84830e7f Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:4
import { constants } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #832fc605c1d83e58 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:5
import { access as fsAccess, readFile as fsReadFile, writeFile as fsWriteFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ead139263b6f2a21 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:75
	readFile: (path) => fsReadFile(path),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd89886c42467f67 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:76
	writeFile: (path, content) => fsWriteFile(path, content, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0199a7e3b82d0fd Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:235
								const buffer = await ops.readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2572a7e4ee3a7a31 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:259
								await ops.writeFile(absolutePath, finalContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c944823bb2df2879 Filesystem access.
repo/packages/coding-agent/src/core/tools/find.ts:5
import { existsSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42b19752e444e56a Filesystem access.
repo/packages/coding-agent/src/core/tools/grep.ts:6
import { readFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97026dd3d079f8ee Filesystem access.
repo/packages/coding-agent/src/core/tools/grep.ts:59
	readFile: (p) => readFileSync(p, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fffeb95ef878c8df Filesystem access.
repo/packages/coding-agent/src/core/tools/grep.ts:204
									const content = await ops.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19fb9dfc85007478 Filesystem access.
repo/packages/coding-agent/src/core/tools/ls.ts:4
import { existsSync, readdirSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #884bec6cdcf5123d Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:5
import { constants } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b7253be8319ff26 Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:6
import { access as fsAccess, readFile as fsReadFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #435ce6a8dbbb4a74 Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:43
	readFile: (path) => fsReadFile(path),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3091194c9b7a46ba Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:157
								const buffer = await ops.readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #096a4f7f2cd71433 Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:186
								const buffer = await ops.readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #979c59d341058b94 Environment-variable access.
repo/packages/coding-agent/src/core/tools/task.ts:59
	const raw = process.env[SUBAGENT_DEPTH_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ddf84c255724c4b Filesystem access.
repo/packages/coding-agent/src/core/tools/task.ts:227
		writeFileSync(promptPath, opts.agent.prompt, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2f1c87112353b9e Filesystem access.
repo/packages/coding-agent/src/core/tools/task.ts:388
		writeFileSync(promptPath, opts.agent.prompt, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38caa74e95a10718 Filesystem access.
repo/packages/coding-agent/src/core/tools/write.ts:4
import { mkdir as fsMkdir, writeFile as fsWriteFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa2cbec1bf2629ba Filesystem access.
repo/packages/coding-agent/src/core/tools/write.ts:37
	writeFile: (path, content) => fsWriteFile(path, content, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a32dcdf0c8459578 Filesystem access.
repo/packages/coding-agent/src/core/tools/write.ts:237
									await ops.writeFile(absolutePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a72874ea5e4349ec Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:159
		writeFileSync(tmpFile, "const x = 1;\n// cave! add hello world\nconst y = 2;\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #90e8b816b9caf45a Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:169
		const remaining = readFileSync(tmpFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d05321025151336 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:177
		writeFileSync(tmpFile, original);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d34042e21f9025e Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:187
		const remaining = readFileSync(tmpFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa69057352e3e248 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:208
		writeFileSync(file, "// cave use TypeScript generics\n// cave! add a generic function\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #582b8710a6abd16c Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:226
		writeFileSync(file, "// cave background info only\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7830770f6c30d46 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/trigger.ts:57
		content = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67abd0441c90cadc Filesystem access.
repo/packages/coding-agent/src/core/watch-files/trigger.ts:102
				currentContent = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c0adbeddf02734 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/trigger.ts:104
				writeFileSync(filePath, newContent, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e6cb6e1d51de347 Environment-variable access.
repo/packages/coding-agent/src/main.ts:472
	if (process.env.CAVE_DEBUG_TERM !== "1") return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #613bf7e6226adf59 Environment-variable access.
repo/packages/coding-agent/src/main.ts:505
	const offlineMode = args.includes("--offline") || isTruthyEnvFlag(process.env.PI_OFFLINE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6c49a4dd40a3e73 Environment-variable access.
repo/packages/coding-agent/src/main.ts:507
		process.env.PI_OFFLINE = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49ee864c13e849fd Environment-variable access.
repo/packages/coding-agent/src/main.ts:508
		process.env.PI_SKIP_VERSION_CHECK = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a9629aa72611f20 Environment-variable access.
repo/packages/coding-agent/src/main.ts:857
	const startupBenchmark = isTruthyEnvFlag(process.env.PI_STARTUP_BENCHMARK);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #313b90e9f3bc0f67 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:6
import { existsSync, mkdirSync, readdirSync, readFileSync, renameSync, rmSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3718f1c8f30c8517 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:36
			const oauth = JSON.parse(readFileSync(oauthPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f96c596b70d95cc Filesystem access.
repo/packages/coding-agent/src/migrations.ts:50
			const content = readFileSync(settingsPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5e2b97a5e42b2b7 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:60
				writeFileSync(settingsPath, JSON.stringify(settings, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08ad47d64a1a94fd Filesystem access.
repo/packages/coding-agent/src/migrations.ts:69
		writeFileSync(authPath, JSON.stringify(migrated, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #188b6f5622ca71ff Filesystem access.
repo/packages/coding-agent/src/migrations.ts:102
			const content = readFileSync(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57c8abcc932afd14 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:162
		const parsed = JSON.parse(readFileSync(configPath, "utf-8")) as unknown;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bb2bfb3e1af9acb Filesystem access.
repo/packages/coding-agent/src/migrations.ts:168
		writeFileSync(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #378dfac60bd94d76 Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:127
		writeFileSync(tmpPath, "not { valid json", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6aa2174be3ef88ee Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:139
		writeFileSync(tmpPath, JSON.stringify(schema), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4538d8af560075cd Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:255
		writeFileSync(tmp, text, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1fe04e283862070 Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:260
		expect(readFileSync(outputPath, "utf-8")).toBe(text);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c7cb8113ed83d84 Filesystem access.
repo/packages/coding-agent/src/modes/exec/exec-mode.ts:268
		writeFileSync(tmp, content, { encoding: "utf-8" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f06824867261cba Filesystem access.
repo/packages/coding-agent/src/modes/exec/output-schema.ts:32
		raw = readFileSync(schemaPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a3bf8bae28bb996 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/banner.ts:71
	const home = process.env.HOME || process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4c6acf1f9a71db7 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/banner.ts:86
	const term = process.env.TERM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9c77d8061f058eb Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/banner.ts:87
	const lang = process.env.LANG ?? process.env.LC_ALL ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fd1de4d11ca96a5 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:79
		const hasExternalEditor = !!(process.env.VISUAL || process.env.EDITOR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e4a4b1e9edc3b7 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:114
		const editorCmd = process.env.VISUAL || process.env.EDITOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6674c64ced28c801 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:123
			fs.writeFileSync(tmpFile, currentText, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1075ea2a33d28ba Filesystem access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:133
				const newContent = fs.readFileSync(tmpFile, "utf-8").replace(/\n$/, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fb8df0b946a0908 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/footer.ts:77
		const home = process.env.HOME || process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1ce81537f50eb19 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/secret-prompt.ts:117
	const home = process.env.HOME ?? process.env.USERPROFILE ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b89bbc0aea450afd Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/tree-selector.ts:844
			const home = process.env.HOME || process.env.USERPROFILE || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #673564ce0249170a Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:771
		if (process.env.PI_SKIP_VERSION_CHECK || process.env.PI_OFFLINE) return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3a1a7cb2e53699b Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:780
		if (process.env.PI_OFFLINE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a33d1a43db0da755 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:798
		if (!process.env.TMUX) return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db2b65478de03768 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:2209
			fs.writeFileSync(filePath, Buffer.from(image.bytes));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bce1c34e6bd7008b Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:3392
		const editorCmd = process.env.VISUAL || process.env.EDITOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #016eb544ad3dea79 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:3403
			fs.writeFileSync(tmpFile, currentText, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c777364e21bece7a Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:3419
				const newContent = fs.readFileSync(tmpFile, "utf-8").replace(/\n$/, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38b4dc3a4608547b Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:5153
		fs.writeFileSync(debugLogPath, debugData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1d45132b73dffe8 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:162
	const colorterm = process.env.COLORTERM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d06d54e4531640ae Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:167
	if (process.env.WT_SESSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f88e171aa1c2a36 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:170
	const term = process.env.TERM || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4009f08651162081 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:176
	if (process.env.TERM_PROGRAM === "Apple_Terminal") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34fb264699d407b2 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:464
			dark: JSON.parse(fs.readFileSync(darkPath, "utf-8")) as ThemeJson,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b57152ba8ccc1b90 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:465
			light: JSON.parse(fs.readFileSync(lightPath, "utf-8")) as ThemeJson,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fd5ddb0b504fa6f Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:574
		const content = fs.readFileSync(registeredTheme.sourcePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5e01bd1cffc6d76 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:585
	const content = fs.readFileSync(themePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9216eaeb25da068 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:624
	const content = fs.readFileSync(themePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c492efb482562eb7 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:667
	const override = (process.env.CAVE_TERM_BG || "").trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a091a3d3ca870ae3 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:673
	const colorfgbg = process.env.COLORFGBG || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6126b01a10bed79e Environment-variable access.
repo/packages/coding-agent/src/onboarding/wizard.ts:144
	if (process.env.CAVE_SKIP_ONBOARDING === "1") return false;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5e2db985aaf3a39 Filesystem access.
repo/packages/coding-agent/src/utils/changelog.ts:1
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dfdafc6f76bb5a6 Filesystem access.
repo/packages/coding-agent/src/utils/changelog.ts:20
		const content = readFileSync(changelogPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c60343a81ae35ba Filesystem access.
repo/packages/coding-agent/src/utils/clipboard-image.ts:3
import { readFileSync, unlinkSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aeda81aa232bd6e4 Filesystem access.
repo/packages/coding-agent/src/utils/clipboard-image.ts:149
		const release = readFileSync("/proc/version", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ac12e748a581f49 Filesystem access.
repo/packages/coding-agent/src/utils/clipboard-image.ts:196
		const bytes = readFileSync(tmpFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da9d0b935ec0e35a Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard-native.ts:12
const hasDisplay = process.platform !== "linux" || Boolean(process.env.DISPLAY || process.env.WAYLAND_DISPLAY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5865408c72ee9ff7 Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard-native.ts:14
if (!process.env.TERMUX_VERSION && hasDisplay) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fc9bae752426530 Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard.ts:45
			if (process.env.TERMUX_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b3caff40478a2a6 Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard.ts:54
			const hasWaylandDisplay = Boolean(process.env.WAYLAND_DISPLAY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #088163ebe0dba7fa Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard.ts:55
			const hasX11Display = Boolean(process.env.DISPLAY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e012a6870976e8f7 Filesystem access.
repo/packages/coding-agent/src/utils/photon.ts:16
import type { PathOrFileDescriptor } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0274db3f1767437 Filesystem access.
repo/packages/coding-agent/src/utils/photon.ts:22
const fs = require("fs") as typeof import("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f414a63d93dba3c Environment-variable access.
repo/packages/coding-agent/src/utils/shell.ts:73
		const programFiles = process.env.ProgramFiles;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c444537bbfa3b91 Environment-variable access.
repo/packages/coding-agent/src/utils/shell.ts:77
		const programFilesX86 = process.env["ProgramFiles(x86)"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fac22d134343e99 Environment-variable access.
repo/packages/coding-agent/src/utils/shell.ts:124
	const currentPath = process.env[pathKey] ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dbfe51231c00208 Filesystem access.
repo/packages/coding-agent/src/utils/tools-manager.ts:4
import { chmodSync, createWriteStream, existsSync, mkdirSync, readdirSync, renameSync, rmSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b49705510839cc8 Environment-variable access.
repo/packages/coding-agent/src/utils/tools-manager.ts:16
	const value = process.env.PI_OFFLINE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #443478fb932df5f2 Filesystem access.
repo/packages/markdown-preview/index.ts:37
const ANNOTATION_HELPERS_SOURCE = readFileSync(new URL("./client/annotation-helpers.js", import.meta.url), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c0d052133925db1 Environment-variable access.
repo/packages/markdown-preview/index.ts:1006
	const envPath = process.env.PUPPETEER_EXECUTABLE_PATH || process.env.CHROME_PATH || process.env.BROWSER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9908536125e67d0 Filesystem access.
repo/packages/markdown-preview/index.ts:1040
		const buffer = await readFile(pngPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68e1b0e3430264f9 Filesystem access.
repo/packages/markdown-preview/index.ts:1044
			const meta = JSON.parse(await readFile(metaPath, "utf-8")) as { truncatedHeight?: boolean; pageCount?: number };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #681bdd441fbd7054 Filesystem access.
repo/packages/markdown-preview/index.ts:1057
	await writeFile(pngPath, page.buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b0a3de5f2ad9abc Filesystem access.
repo/packages/markdown-preview/index.ts:1060
	await writeFile(metaPath, JSON.stringify(meta), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4662e84062871d20 Filesystem access.
repo/packages/markdown-preview/index.ts:1155
				await writeFile(tempHtmlPath, html, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6770185262764380 Environment-variable access.
repo/packages/markdown-preview/index.ts:1609
	const pandocCommand = process.env.PANDOC_PATH?.trim() || "pandoc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #157a2bb471c8c781 Filesystem access.
repo/packages/markdown-preview/index.ts:1705
	await writeFile(PDF_PREAMBLE_PATH, PDF_PREAMBLE, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0925a0f32a3e4a2d Environment-variable access.
repo/packages/markdown-preview/index.ts:1710
	const engine = process.env.PANDOC_PDF_ENGINE?.trim() || "xelatex";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34dc1382687ffea6 Filesystem access.
repo/packages/markdown-preview/index.ts:1715
	await writeFile(texPath, latexSource, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e98cf7ee51b901a Environment-variable access.
repo/packages/markdown-preview/index.ts:1787
	const pandocCommand = process.env.PANDOC_PATH?.trim() || "pandoc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1ef3241a9ea5ec2 Environment-variable access.
repo/packages/markdown-preview/index.ts:1789
	const pdfEngine = process.env.PANDOC_PDF_ENGINE?.trim() || "xelatex";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9db15210350fe5b Environment-variable access.
repo/packages/markdown-preview/index.ts:2029
	const pandocCommand = process.env.PANDOC_PATH?.trim() || "pandoc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #146fd744ea311acd Environment-variable access.
repo/packages/markdown-preview/index.ts:2105
	const requested = process.env.MERMAID_PDF_THEME?.trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #145832cb53d8a947 Environment-variable access.
repo/packages/markdown-preview/index.ts:2113
	const mermaidCommand = process.env.MERMAID_CLI_PATH?.trim() || "mmdc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44d728457cd0995c Filesystem access.
repo/packages/markdown-preview/index.ts:2121
		await writeFile(inputPath, source, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf8f0d61ddb09cd8 Filesystem access.
repo/packages/markdown-preview/index.ts:2962
	await writeFile(htmlPath, html, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63f5262a11925836 Filesystem access.
repo/packages/markdown-preview/index.ts:3105
				const fileContent = await readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e555e034fbb6bbc1 Filesystem access.
repo/packages/markdown-preview/index.ts:3209
			const fileContent = await readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7c2c1740bda09cfc Filesystem access.
repo/packages/mom/scripts/migrate-timestamps.ts:9
import { existsSync, readdirSync, readFileSync, statSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7341004edac96341 Filesystem access.
repo/packages/mom/scripts/migrate-timestamps.ts:39
	const content = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52de765b626c0604 Filesystem access.
repo/packages/mom/scripts/migrate-timestamps.ts:63
		writeFileSync(filePath, newLines.join("\n") + "\n", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c851a05dd9f5b640 Filesystem access.
repo/packages/mom/src/agent.ts:15
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aceb9b50a55d3657 Filesystem access.
repo/packages/mom/src/agent.ts:16
import { mkdir, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #489ba4b533b64f3d Filesystem access.
repo/packages/mom/src/agent.ts:76
			const content = readFileSync(workspaceMemoryPath, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aeb48a6042a4a444 Filesystem access.
repo/packages/mom/src/agent.ts:89
			const content = readFileSync(channelMemoryPath, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8eac7a184600102 Filesystem access.
repo/packages/mom/src/agent.ts:757
							data: readFileSync(fullPath).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2814f15517db989c Filesystem access.
repo/packages/mom/src/agent.ts:778
			await writeFile(join(channelDir, "last_prompt.jsonl"), JSON.stringify(debugContext, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b040c55597f3d2b1 Filesystem access.
repo/packages/mom/src/context.ts:15
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1232522de8cff985 Filesystem access.
repo/packages/mom/src/context.ts:93
	const logContent = readFileSync(logFile, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91de3f7046652ba2 Filesystem access.
repo/packages/mom/src/context.ts:164
		const current = existsSync(this.settingsPath) ? readFileSync(this.settingsPath, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #457909f288c8ad82 Filesystem access.
repo/packages/mom/src/context.ts:174
		writeFileSync(this.settingsPath, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f63478f84b7dbca Filesystem access.
repo/packages/mom/src/events.ts:2
import { existsSync, type FSWatcher, mkdirSync, readdirSync, statSync, unlinkSync, watch } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f90caa4b26e1187a Filesystem access.
repo/packages/mom/src/events.ts:3
import { readFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87e6e78990c583fa Filesystem access.
repo/packages/mom/src/events.ts:188
				const content = await readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a374b3cc6eec9b48 Environment-variable access.
repo/packages/mom/src/main.ts:16
const MOM_SLACK_APP_TOKEN = process.env.MOM_SLACK_APP_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf830788ba78879f Environment-variable access.
repo/packages/mom/src/main.ts:17
const MOM_SLACK_BOT_TOKEN = process.env.MOM_SLACK_BOT_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adfe694f1f798c71 Filesystem access.
repo/packages/mom/src/slack.ts:3
import { appendFileSync, existsSync, mkdirSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5d09b8a16e99a37 Filesystem access.
repo/packages/mom/src/slack.ts:207
		const fileContent = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6eac3f0e889f8f04 Filesystem access.
repo/packages/mom/src/slack.ts:442
		const content = readFileSync(logPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f78527155223ed89 Filesystem access.
repo/packages/mom/src/store.ts:1
import { existsSync, mkdirSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d0b305bbee545c0 Filesystem access.
repo/packages/mom/src/store.ts:2
import { appendFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90a6d4cf0d026fc1 Filesystem access.
repo/packages/mom/src/store.ts:172
			const content = readFileSync(logPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62a81031803f3bb0 Filesystem access.
repo/packages/mom/src/store.ts:232
		await writeFile(filePath, Buffer.from(buffer));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0bf7e43a149756a4 Filesystem access.
repo/packages/pods/src/cli.ts:4
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70e719db7b44a2a5 Filesystem access.
repo/packages/pods/src/cli.ts:16
const packageJson = JSON.parse(readFileSync(join(__dirname, "../package.json"), "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5543c2f241e3d57 Environment-variable access.
repo/packages/pods/src/cli.ts:336
				const apiKey = process.env.PI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f28e7123ae9678fb Filesystem access.
repo/packages/pods/src/commands/models.ts:3
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93b6732f42c97333 Filesystem access.
repo/packages/pods/src/commands/models.ts:200
	let scriptContent = readFileSync(scriptPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cca03c0846cf51a1 Environment-variable access.
repo/packages/pods/src/commands/models.ts:220
		`HF_TOKEN='${process.env.HF_TOKEN}'`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c92e07b394dd7eb8 Environment-variable access.
repo/packages/pods/src/commands/models.ts:221
		`PI_API_KEY='${process.env.PI_API_KEY}'`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf8e63e92d95c60f Environment-variable access.
repo/packages/pods/src/commands/models.ts:372
		console.log(chalk.white("API Key:     ") + chalk.yellow(process.env.PI_API_KEY || "(not set)"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #606de9fd37c002f1 Environment-variable access.
repo/packages/pods/src/commands/models.ts:377
		console.log(chalk.gray(`export OPENAI_API_KEY="${process.env.PI_API_KEY || "your-api-key"}"`));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc2818e38ffd392d Filesystem access.
repo/packages/pods/src/commands/models.ts:598
	const modelsJson = JSON.parse(readFileSync(modelsJsonPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #328740ef601c32cd Environment-variable access.
repo/packages/pods/src/commands/pods.ts:50
	const hfToken = process.env.HF_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e38514fb0bda618 Environment-variable access.
repo/packages/pods/src/commands/pods.ts:51
	const vllmApiKey = process.env.PI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccd46059987aff58 Environment-variable access.
repo/packages/pods/src/commands/prompt.ts:66
		opts.apiKey || process.env.PI_API_KEY || "dummy",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4ec47496ffb6fb1 Filesystem access.
repo/packages/pods/src/config.ts:1
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2000538cf6af0b76 Environment-variable access.
repo/packages/pods/src/config.ts:8
	const configDir = process.env.PI_CONFIG_DIR || join(homedir(), ".pi");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5e38523fdd1c06e Filesystem access.
repo/packages/pods/src/config.ts:26
		const data = readFileSync(configPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8129f7e904f7c5d5 Filesystem access.
repo/packages/pods/src/config.ts:37
		writeFileSync(configPath, JSON.stringify(config, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcb7d4aa26748864 Filesystem access.
repo/packages/pods/src/model-configs.ts:1
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed189f06019f6087 Filesystem access.
repo/packages/pods/src/model-configs.ts:29
const modelsData: ModelsData = JSON.parse(readFileSync(modelsJsonPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d2c235b6097eef74 Filesystem access.
repo/packages/tui/src/autocomplete.ts:2
import { readdirSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64babee3b613254f Environment-variable access.
repo/packages/tui/src/keys.ts:705
		Boolean(process.env.WT_SESSION) && !process.env.SSH_CONNECTION && !process.env.SSH_CLIENT && !process.env.SSH_TTY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de1cdf5cb56ec005 Environment-variable access.
repo/packages/tui/src/sync-output.ts:59
		if (process.env.CAVE_SYNC_OUTPUT_MULTIPLEXER === "1" && identity.hostProgram) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #108f5cea92f88a62 Environment-variable access.
repo/packages/tui/src/terminal-detect.ts:57
	const v = process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23115b460dc3af1e Environment-variable access.
repo/packages/tui/src/terminal-image.ts:41
	const termProgram = process.env.TERM_PROGRAM?.toLowerCase() || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #123cc06fc1ac8e38 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:42
	const term = process.env.TERM?.toLowerCase() || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56a121486b13d8c4 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:43
	const colorTerm = process.env.COLORTERM?.toLowerCase() || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a5565ed71becd9 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:45
	if (process.env.KITTY_WINDOW_ID || termProgram === "kitty") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68229a66cc9ad77a Environment-variable access.
repo/packages/tui/src/terminal-image.ts:49
	if (termProgram === "ghostty" || term.includes("ghostty") || process.env.GHOSTTY_RESOURCES_DIR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1061735cc9191776 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:53
	if (process.env.WEZTERM_PANE || termProgram === "wezterm") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b517a0522f9da990 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:57
	if (process.env.ITERM_SESSION_ID || termProgram === "iterm.app") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db98cade4156e7f6 Environment-variable access.
repo/packages/tui/src/terminal.ts:88
		const env = process.env.PI_TUI_WRITE_LOG || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fcd4f7a252647c9 Environment-variable access.
repo/packages/tui/src/tui.ts:130
	return Boolean(process.env.TERMUX_VERSION);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56a1fe3f612f7087 Environment-variable access.
repo/packages/tui/src/tui.ts:248
	private showHardwareCursor = process.env.PI_HARDWARE_CURSOR === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ccea9b90bc9867 Environment-variable access.
repo/packages/tui/src/tui.ts:249
	private clearOnShrink = process.env.PI_CLEAR_ON_SHRINK === "1"; // Clear empty rows when content shrinks (default: off)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0275ea22ff4a8a1 Environment-variable access.
repo/packages/tui/src/tui.ts:1130
		const debugRedraw = process.env.PI_DEBUG_REDRAW === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5db7ea091db29f20 Filesystem access.
repo/packages/tui/src/tui.ts:1304
				fs.writeFileSync(crashLogPath, crashData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02b167c42c204f14 Environment-variable access.
repo/packages/tui/src/tui.ts:1343
		if (process.env.PI_TUI_DEBUG === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #694bedc5cab166af Filesystem access.
repo/packages/tui/src/tui.ts:1369
			fs.writeFileSync(debugPath, debugData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7d68efa646f6219 Environment-variable access.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:8
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b5d92bb42a7f4ba5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:20
	const response = await fetch("https://api.anthropic.com/v1/messages/count_tokens", {
		method: "POST",
		headers: {
			"Content-Type": "application/json",
			"x-api-key": ANTHROPIC_API_KEY,
			"anthropic-version": "2023-06-01",
		},
		body: JSON.stringify({
			model: "claude-3-5-sonnet-20241022",
			messages: [
				{
					role: "user",
					content: text,
				},
			],
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #723e46bc64cf086f Hardcoded external endpoint. Review what data is sent to this destination.
repo/research/evals/microbench/tasks/medium-ts-02-replace-api/setup/analytics.ts:4
  return fetch(`${ANALYTICS_URL}/events`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ event, payload, timestamp: Date.now() }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #09e5311a476d6b93 Hardcoded external endpoint. Review what data is sent to this destination.
repo/research/evals/microbench/tasks/medium-ts-02-replace-api/setup/api-client.ts:4
  return fetch(`${API_BASE}/users`)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c8fe620d3d145481 Hardcoded external endpoint. Review what data is sent to this destination.
repo/research/evals/microbench/tasks/medium-ts-02-replace-api/setup/api-client.ts:15
  return fetch(`${API_BASE}/users`, {
    method: "POST",
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ name, email }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #275d1b0fa62ade7d Hardcoded external endpoint. Review what data is sent to this destination.
repo/research/evals/microbench/tasks/medium-ts-02-replace-api/setup/dashboard.ts:4
  return fetch(`${DASHBOARD_API}/stats`)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #041bf4ff9cdef951 Hardcoded external endpoint. Review what data is sent to this destination.
repo/research/evals/microbench/tasks/medium-ts-02-replace-api/setup/dashboard.ts:14
  return fetch(`${DASHBOARD_API}/activity?limit=10`)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d2a5eb5c7f89ffe3 Filesystem access.
repo/research/evals/run-compare.ts:114
	const caveResults = JSON.parse(readFileSync(caveResultsPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d25afb41bcb779cd Filesystem access.
repo/research/evals/run-compare.ts:150
			writeFileSync(config.outputPath, json);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b2a3210f2c1d185 Filesystem access.
repo/research/evals/run-compare.ts:160
			writeFileSync(config.outputPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a91c24e68e734e4b Environment-variable access.
repo/research/evals/run-honest-bench.ts:107
	const defaultBin = process.env.CAVEMAN_BIN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0388fc4756a0a15 Environment-variable access.
repo/research/evals/run-honest-bench.ts:108
		? process.env.CAVEMAN_BIN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f2b250f9e02dc9d Filesystem access.
repo/research/evals/run-honest-bench.ts:190
	console.log(readFileSync(__filename, "utf-8").split("\n").slice(2, 28).join("\n"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #942ff11039ca8fba Filesystem access.
repo/research/evals/run-honest-bench.ts:207
		const meta = JSON.parse(readFileSync(metaPath, "utf-8")) as {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c1b591cd532631b Filesystem access.
repo/research/evals/run-honest-bench.ts:216
			prompt: readFileSync(promptPath, "utf-8").trim(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #204bc3a8e6ccc331 Environment-variable access.
repo/research/evals/run-honest-bench.ts:498
		const home = process.env.HOME ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0453bbeb417ce9e Filesystem access.
repo/research/evals/run-honest-bench.ts:501
		const s = JSON.parse(readFileSync(settingsPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c3894e9df269741 Filesystem access.
repo/research/evals/run-honest-bench.ts:602
	writeFileSync(csvPath, `${CSV_HEADER}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6b74423f0d379cc9 Filesystem access.
repo/research/evals/run-honest-bench.ts:630
			writeFileSync(logPath, `=== STDOUT ===\n${run.stdout}\n\n=== STDERR ===\n${run.stderr}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdbb3e7e2a381b90 Filesystem access.
repo/research/evals/run-honest-bench.ts:656
			writeFileSync(csvPath, `${csvRow(result)}\n`, { flag: "a" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c40e96ca5ee0fed5 Filesystem access.
repo/research/evals/run-honest-bench.ts:681
	writeFileSync(jsonPath, JSON.stringify(summary, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c87baee6c59f657 Environment-variable access.
repo/research/evals/run-microbench.ts:62
		capDollars: Number(process.env.CAVE_BENCH_INSTANCE_CAP_DOLLARS) || 0.5,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1681087920c30a7 Filesystem access.
repo/research/evals/run-microbench.ts:264
	writeFileSync(predictionsPath, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21c67064d1b32b32 Filesystem access.
repo/research/evals/run-microbench.ts:301
				writeFileSync(traceFile, JSON.stringify({
					instance_id: microInstance.id,
					difficulty: microInstance.meta.difficulty,
					language: microInstance.meta.language,
					duration_ms: result.durationMs,
					cost: result.cost,
					tool_calls: result.toolCalls,
					tokens: result.tokens,
					error: result.error ?? null,
					resolved,
				}, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d269d445dfc0cc25 Environment-variable access.
repo/research/evals/run-microbench.ts:323
				if (!process.env.CAVE_BENCH_KEEP_WORKDIRS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #15d4ef2a69c8a614 Filesystem access.
repo/research/evals/run-microbench.ts:342
				const trace = JSON.parse(readFileSync(r.traces[0], "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c166cf46f817e64 Filesystem access.
repo/research/evals/run-microbench.ts:365
	writeFileSync(resultsPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9caef8378be8a99d Environment-variable access.
repo/research/evals/run-swebench.ts:65
		capDollars: Number(process.env.CAVE_BENCH_INSTANCE_CAP_DOLLARS) || 5,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #234c11d0e87d13c3 Filesystem access.
repo/research/evals/run-swebench.ts:320
	writeFileSync(predictionsPath, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9822ce77c120f5a2 Filesystem access.
repo/research/evals/run-swebench.ts:357
				writeFileSync(traceFile, JSON.stringify({
					instance_id: instance.id,
					duration_ms: result.durationMs,
					cost: result.cost,
					tool_calls: result.toolCalls,
					tokens: result.tokens,
					patch_lines: result.patch.split("\n").length,
					error: result.error,
				}, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5465eb1ac61f849a Environment-variable access.
repo/research/evals/run-swebench.ts:378
				if (!process.env.CAVE_BENCH_KEEP_WORKDIRS) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a8d050ec10c5a8a Filesystem access.
repo/research/evals/run-swebench.ts:403
	writeFileSync(resultsPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ff7f6ac40a8b605a Filesystem access.
repo/research/evals/run-swebench.ts:408
	writeFileSync(nightlyPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f18df6281e586df5 Environment-variable access.
repo/research/evals/run-terminal-bench.ts:211
						process.env.CAVE_BENCH_INSTANCE_CAP_DOLLARS ?? config.maxTotalDollars,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23928b2a17b104e8 Filesystem access.
repo/research/evals/run-terminal-bench.ts:249
		writeFileSync(baselinePath, JSON.stringify(baseline, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8b25b9df09ed4dd8 Filesystem access.
repo/research/evals/run-terminal-bench.ts:279
	writeFileSync(reportPath, JSON.stringify(report, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4f14bc910baebe16 Filesystem access.
repo/scripts/check-browser-smoke.mjs:38
	writeFileSync(errorLogPath, [detailedErrors, baseError].filter(Boolean).join("\n\n"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2efe80c9f3f4026 Filesystem access.
repo/scripts/cost.ts:3
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80ab4fec300e4a00 Environment-variable access.
repo/scripts/cost.ts:38
const sessionsBase = path.join(process.env.HOME!, ".pi/agent/sessions");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a52ed6d3fc48d828 Filesystem access.
repo/scripts/cost.ts:83
	const content = fs.readFileSync(filepath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df5290f95b73261d Environment-variable access.
repo/scripts/oss-weekend.mjs:43
	const envValue = process.env[envName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d366b6ffb7799a5e Filesystem access.
repo/scripts/oss-weekend.mjs:152
		return await readFile(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e135932bf3807a05 Filesystem access.
repo/scripts/oss-weekend.mjs:286
		const currentReadme = await readFile(readmePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c52ca527288e61e2 Filesystem access.
repo/scripts/oss-weekend.mjs:292
			await writeFile(readmePath, nextReadme, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2cb8829584d57336 Filesystem access.
repo/scripts/oss-weekend.mjs:304
			await writeFile(statePath, `${nextState}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d4e83caa26596d8 Environment-variable access.
repo/scripts/profile-coding-agent-node.mjs:171
	const userAgent = process.env.npm_config_user_agent ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09fb33bd49a2c7d3 Filesystem access.
repo/scripts/release.mjs:18
import { existsSync, readdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0d8aaeb6cfe1771 Filesystem access.
repo/scripts/release.mjs:42
	const pkg = JSON.parse(readFileSync("packages/ai/package.json", "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #730218d1bf48870d Filesystem access.
repo/scripts/release.mjs:57
		const content = readFileSync(changelog, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34c280a5e6c50749 Filesystem access.
repo/scripts/release.mjs:65
		writeFileSync(changelog, updated);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ca63b6594755518 Filesystem access.
repo/scripts/release.mjs:75
		const content = readFileSync(changelog, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d0de277618cb286 Filesystem access.
repo/scripts/release.mjs:79
		writeFileSync(changelog, updated);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a8d9bc155a93101 Filesystem access.
repo/scripts/session-transcripts.ts:16
import { existsSync, mkdirSync, readdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b17c77250ddc8de1 Filesystem access.
repo/scripts/session-transcripts.ts:39
	const content = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8098bc75bec62e39 Filesystem access.
repo/scripts/session-transcripts.ts:206
			writeFileSync(join(outputDir, filename), currentContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f42f1e2ac180b6f3 Filesystem access.
repo/scripts/session-transcripts.ts:218
				writeFileSync(join(outputDir, filename), currentContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c38fd6537ed55fa Filesystem access.
repo/scripts/session-transcripts.ts:226
			writeFileSync(join(outputDir, filename), transcript);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c57a9e5340b0713 Filesystem access.
repo/scripts/session-transcripts.ts:239
		writeFileSync(join(outputDir, filename), currentContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90376c11457e335c Filesystem access.
repo/scripts/session-transcripts.ts:307
		const fileContent = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80e36563361352a4 Filesystem access.
repo/scripts/sync-versions.js:8
import { readdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c196b1bb52269417 Filesystem access.
repo/scripts/sync-versions.js:23
		const pkg = JSON.parse(readFileSync(pkgPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #159ea44333fb33b1 Filesystem access.
repo/scripts/sync-versions.js:88
		writeFileSync(pkg.path, JSON.stringify(pkg.data, null, "\t") + "\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/ai

npm first-party
high pii_flow production #8e5045a0d876f17d User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:405 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:348 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:405
					response = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #511ef0d649b28ebf User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:754 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:348 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:754
					currentResponse = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #1d838cb8fa1eb2d3 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/providers/openai-codex-responses.ts:203 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/openai-codex-responses.ts:137 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/openai-codex-responses.ts:203
					response = await fetch(resolveCodexUrl(model.baseUrl), {
						method: "POST",
						headers: sseHeaders,
						body: bodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #0003369d75a01e38 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237
	const loadResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:loadCodeAssist`, {
		method: "POST",
		headers,
		body: JSON.stringify({
			cloudaicompanionProject: envProjectId,
			metadata: {
				ideType: "IDE_UNSPECIFIED",
				platform: "PLATFORM_UNSPECIFIED",
				pluginType: "GEMINI",
				duetProject: envProjectId,
			},
		}),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #322f37e8c8baf69a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316
	const onboardResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:onboardUser`, {
		method: "POST",
		headers,
		body: JSON.stringify(onboardBody),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #44fef9af2864594b Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:405 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:358 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:405
					response = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #b4ef61b281df190f Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/ai/src/providers/google-gemini-cli.ts:754 · flow /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:358 → /tmp/closeopen-3amdqrew/repo/packages/ai/src/providers/google-gemini-cli.ts:754
					currentResponse = await fetch(requestUrl, {
						method: "POST",
						headers: requestHeaders,
						body: requestBodyJson,
						signal: options?.signal,
					});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 82 low-confidence finding(s)
low env_fs production #04c04deaee7d00c3 Filesystem access.
repo/packages/ai/scripts/generate-models.ts:3
import { existsSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e34c2954f45e572e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/scripts/generate-models.ts:63
		const response = await fetch("https://openrouter.ai/api/v1/models");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e237292455b839a2 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/scripts/generate-models.ts:121
		const response = await fetch(`${AI_GATEWAY_MODELS_URL}/models`);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #978d6d5fb7777b32 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/scripts/generate-models.ts:179
		const response = await fetch("https://models.dev/api.json");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0202debc57493687 Filesystem access.
repo/packages/ai/scripts/generate-models.ts:1590
		? (readFileSync(outputPath, "utf-8").match(/satisfies Model</g) ?? []).length

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a7fa8ab55163b2a0 Filesystem access.
repo/packages/ai/scripts/generate-models.ts:1607
	writeFileSync(outputPath, output);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1838ced36ffa57fe Filesystem access.
repo/packages/ai/scripts/generate-test-image.ts:4
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #336381c717045926 Filesystem access.
repo/packages/ai/scripts/generate-test-image.ts:30
import { mkdirSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12a633c72b3e70d2 Filesystem access.
repo/packages/ai/scripts/generate-test-image.ts:34
writeFileSync(outputPath, buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ef76c9583a9fa172 Filesystem access.
repo/packages/ai/src/cli.ts:4
import { existsSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #69e21713ed5c39b0 Filesystem access.
repo/packages/ai/src/cli.ts:18
		return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb44bedf71c642f7 Filesystem access.
repo/packages/ai/src/cli.ts:25
	writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8916a0a62c162693 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:45
		const gacPath = process.env.GOOGLE_APPLICATION_CREDENTIALS;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1209358b84f4242a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:68
		return process.env.COPILOT_GITHUB_TOKEN || process.env.GH_TOKEN || process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55e539264afc217c Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:73
		return process.env.ANTHROPIC_OAUTH_TOKEN || process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7665f14f209c14ee Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:79
		if (process.env.GOOGLE_CLOUD_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc5ef231ceeed249 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:80
			return process.env.GOOGLE_CLOUD_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b39b3666a69a11b0 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:84
		const hasProject = !!(process.env.GOOGLE_CLOUD_PROJECT || process.env.GCLOUD_PROJECT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83fd846f8d478d63 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:85
		const hasLocation = !!process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8c7562472cc45cb Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:101
			process.env.AWS_PROFILE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35ab84fc5d8f3765 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:102
			(process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23745719d845a781 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:103
			process.env.AWS_BEARER_TOKEN_BEDROCK ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b0bd2d9dd89ca3a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:104
			process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6404bc396ba1e75a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:105
			process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #722b45a7ee07bc55 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:106
			process.env.AWS_WEB_IDENTITY_TOKEN_FILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0d4c12f02c98526 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:132
	return envVar ? process.env[envVar] : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85337536b4f682f4 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:183
		const token = process.env.COPILOT_GITHUB_TOKEN || process.env.GH_TOKEN || process.env.GITHUB_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d7ffd489e6d59a5 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:194
		if (process.env.ANTHROPIC_OAUTH_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a551ff3514d00878 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:197
		if (process.env.ANTHROPIC_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2646c46602912d7e Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:209
		if (process.env.GOOGLE_CLOUD_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a551354139c2d2a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:213
		const hasProject = !!(process.env.GOOGLE_CLOUD_PROJECT || process.env.GCLOUD_PROJECT);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8562122931ba608a Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:214
		const hasLocation = !!process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c1cbb65024d32bb Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:227
			process.env.AWS_PROFILE ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #73cc058af82f2446 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:228
			(process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41887fa2411c37b9 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:229
			process.env.AWS_BEARER_TOKEN_BEDROCK ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57a71252a7dd6177 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:230
			process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ae4d4f1ffb81f053 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:231
			process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fb7b670c70cbec5 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:232
			process.env.AWS_WEB_IDENTITY_TOKEN_FILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f60cb9afff9480b Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:243
		if (!(process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7455e82e791eaed4 Environment-variable access.
repo/packages/ai/src/env-api-keys.ts:263
		const value = process.env[envVar];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3af44dad08b5035 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:105
			const explicitRegion = options.region || process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9a5cd359aaaac28b Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:108
			} else if (!process.env.AWS_PROFILE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a93e0be5f16d312 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:113
			if (process.env.AWS_BEDROCK_SKIP_AUTH === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0efb15961dc207b7 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:121
				process.env.HTTP_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53691dba37330029 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:122
				process.env.HTTPS_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4356bd13d779214 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:123
				process.env.NO_PROXY ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecf28d67b7e4437d Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:124
				process.env.http_proxy ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0552080ca10d57a4 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:125
				process.env.https_proxy ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a116115adfe49c21 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:126
				process.env.no_proxy

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0671f60c24fce5e9 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:140
			} else if (process.env.AWS_BEDROCK_FORCE_HTTP1 === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cbff8f0cd1569f7 Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:461
	if (typeof process !== "undefined" && process.env.PI_CACHE_RETENTION === "long") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3d71b75cb66fe90e Environment-variable access.
repo/packages/ai/src/providers/amazon-bedrock.ts:483
		if (typeof process !== "undefined" && process.env.AWS_BEDROCK_FORCE_CACHE === "1") return true;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf866adb8234965b Environment-variable access.
repo/packages/ai/src/providers/anthropic.ts:45
	if (typeof process !== "undefined" && process.env.PI_CACHE_RETENTION === "long") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0c02a1d9197154e Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:38
	const mappedDeployment = parseDeploymentNameMap(process.env.AZURE_OPENAI_DEPLOYMENT_NAME_MAP).get(model.id);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba48b7321a8040e7 Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:154
	const apiVersion = options?.azureApiVersion || process.env.AZURE_OPENAI_API_VERSION || DEFAULT_AZURE_API_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6014116c56188ce Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:156
	const baseUrl = options?.azureBaseUrl?.trim() || process.env.AZURE_OPENAI_BASE_URL?.trim() || undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dc51226685895ff5 Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:157
	const resourceName = options?.azureResourceName || process.env.AZURE_OPENAI_RESOURCE_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de52b5a469f54fff Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:183
		if (!process.env.AZURE_OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e153d455ab8cb41e Environment-variable access.
repo/packages/ai/src/providers/azure-openai-responses.ts:188
		apiKey = process.env.AZURE_OPENAI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab9b33db6d2a3c1b Environment-variable access.
repo/packages/ai/src/providers/google-gemini-cli.ts:83
	const version = process.env.PI_AI_ANTIGRAVITY_VERSION || DEFAULT_ANTIGRAVITY_VERSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a95ebb8adb823a55 Environment-variable access.
repo/packages/ai/src/providers/google-vertex.ts:372
	const apiKey = options?.apiKey?.trim() || process.env.GOOGLE_CLOUD_API_KEY?.trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #170d55da7c46c31c Environment-variable access.
repo/packages/ai/src/providers/google-vertex.ts:384
	const project = options?.project || process.env.GOOGLE_CLOUD_PROJECT || process.env.GCLOUD_PROJECT;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ec16dee4f040c424 Environment-variable access.
repo/packages/ai/src/providers/google-vertex.ts:394
	const location = options?.location || process.env.GOOGLE_CLOUD_LOCATION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d43747d7d6c83ec2 Environment-variable access.
repo/packages/ai/src/providers/openai-completions.ts:334
		if (!process.env.OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1d4a6a5f6dfd57c Environment-variable access.
repo/packages/ai/src/providers/openai-completions.ts:339
		apiKey = process.env.OPENAI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b19e0aceb98aac87 Environment-variable access.
repo/packages/ai/src/providers/openai-responses.ts:31
	if (typeof process !== "undefined" && process.env.PI_CACHE_RETENTION === "long") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8a78ab4465fbc81 Environment-variable access.
repo/packages/ai/src/providers/openai-responses.ts:156
		if (!process.env.OPENAI_API_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcdbfd41d8147773 Environment-variable access.
repo/packages/ai/src/providers/openai-responses.ts:161
		apiKey = process.env.OPENAI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1cedac2a64b12ec6 Filesystem access.
repo/packages/ai/src/registry/fetcher.ts:74
		writeFileSync(tmpPath, JSON.stringify(result.registry, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9ed82ac4812955c Filesystem access.
repo/packages/ai/src/registry/loader.ts:92
			raw = JSON.parse(readFileSync(path, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #324750a928846f2a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-antigravity.ts:215
		const response = await fetch("https://www.googleapis.com/oauth2/v1/userinfo?alt=json", {
			headers: {
				Authorization: `Bearer ${accessToken}`,
			},
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9a89118b94d3ae66 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-antigravity.ts:235
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: CLIENT_ID,
			client_secret: CLIENT_SECRET,
			refresh_token: refreshToken,
			grant_type: "refresh_token",
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ad396314609f3845 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-antigravity.ts:378
		const tokenResponse = await fetch(TOKEN_URL, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
			},
			body: new URLSearchParams({
				client_id: CLIENT_ID,
				client_secret: CLIENT_SECRET,
				code,
				grant_type: "authorization_code",
				redirect_uri: REDIRECT_URI,
				code_verifier: verifier,
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1c561b816f5c6f5d Environment-variable access.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:226
	const envProjectId = process.env.GOOGLE_CLOUD_PROJECT || process.env.GOOGLE_CLOUD_PROJECT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3f81f77492ebece9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:237
	const loadResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:loadCodeAssist`, {
		method: "POST",
		headers,
		body: JSON.stringify({
			cloudaicompanionProject: envProjectId,
			metadata: {
				ideType: "IDE_UNSPECIFIED",
				platform: "PLATFORM_UNSPECIFIED",
				pluginType: "GEMINI",
				duetProject: envProjectId,
			},
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f6230895a801d89b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:316
	const onboardResponse = await fetch(`${CODE_ASSIST_ENDPOINT}/v1internal:onboardUser`, {
		method: "POST",
		headers,
		body: JSON.stringify(onboardBody),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e00759042244c1bb Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:357
		const response = await fetch("https://www.googleapis.com/oauth2/v1/userinfo?alt=json", {
			headers: {
				Authorization: `Bearer ${accessToken}`,
			},
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #75422453f734b306 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:377
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: CLIENT_ID,
			client_secret: CLIENT_SECRET,
			refresh_token: refreshToken,
			grant_type: "refresh_token",
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #085c525d9d0ee3b6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/google-gemini-cli.ts:520
		const tokenResponse = await fetch(TOKEN_URL, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
			},
			body: new URLSearchParams({
				client_id: CLIENT_ID,
				client_secret: CLIENT_SECRET,
				code,
				grant_type: "authorization_code",
				redirect_uri: REDIRECT_URI,
				code_verifier: verifier,
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c4ec33edc157872f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/openai-codex.ts:96
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			grant_type: "authorization_code",
			client_id: CLIENT_ID,
			code,
			code_verifier: verifier,
			redirect_uri: redirectUri,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #115c964cd396ee46 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/openai-codex.ts:135
		const response = await fetch(TOKEN_URL, {
			method: "POST",
			headers: { "Content-Type": "application/x-www-form-urlencoded" },
			body: new URLSearchParams({
				grant_type: "refresh_token",
				refresh_token: refreshToken,
				client_id: CLIENT_ID,
			}),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #866fcb91b80eabf9 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/ai/src/utils/oauth/openai-codex.ts:180
	const url = new URL(AUTHORIZE_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/agent

npm first-party
high pii_flow production #0c87443821e71fe9 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:159 · flow /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:160 → /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:159
		const resp = await fetch(url, {
			headers: { Authorization: `Bearer ${input.apiKey}` },
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #25ea328ce81e6ea5 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/agent/src/bench/token-verifier.ts:188 · flow /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:190 → /tmp/closeopen-3amdqrew/repo/packages/agent/src/bench/token-verifier.ts:188
		const resp = await fetch(url, {
			headers: {
				"x-api-key": input.apiKey,
				"anthropic-version": "2023-06-01",
			},
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 57 low-confidence finding(s)
low env_fs test-only #62de6c16216c5aaf Filesystem access.
repo/packages/agent/src/__tests__/bench-dataset.test.ts:42
		await writeFile(filePath, lines.join("\n"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #eabe77e6668b5f13 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:56
		writeFileSync(
			path,
			JSON.stringify({
				mcpServers: {
					filesystem: { command: "npx", args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"] },
					github: { url: "https://api.example.com/mcp", auth: "oauth" },
				},
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #befdc13804e20574 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:78
		writeFileSync(
			join(dir, "mcp.json"),
			JSON.stringify({ mcpServers: { user_only: { command: "echo", args: ["hi"] } } }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a4486c12ef633618 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:88
		writeFileSync(join(home, ".cave", "mcp.json"), JSON.stringify({ mcpServers: { both: { command: "user-cmd" } } }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d7532cca3659b6a3 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:89
		writeFileSync(join(tmp, ".mcp.json"), JSON.stringify({ mcpServers: { both: { command: "project-cmd" } } }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ba4255a09ac6d980 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:96
		writeFileSync(join(tmp, ".mcp.json"), "{not valid json");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8695a1ffa3ba08d5 Filesystem access.
repo/packages/agent/src/__tests__/mcp-loader.test.ts:104
		writeFileSync(
			join(home, ".cave", "mcp.json"),
			JSON.stringify({ mcpServers: {}, settings: { idleTimeout: 5, deferSchemas: true } }),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #15a4df7919570726 Filesystem access.
repo/packages/agent/src/__tests__/mcp-stdio.test.ts:45
	writeFileSync(scriptPath, SERVER_SOURCE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0af907702bbb9e12 Filesystem access.
repo/packages/agent/src/__tests__/memory-files.test.ts:81
		const lines = readFileSync(out, "utf-8").trim().split("\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #caf7d833e6cd65cf Filesystem access.
repo/packages/agent/src/__tests__/model-download.test.ts:29
		await writeFile(tmp, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b73367988aaa0d99 Filesystem access.
repo/packages/agent/src/__tests__/model-download.test.ts:41
		await writeFile(tmp, "test");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a795b79c9413ba9d Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:36
	writeFileSync(join(repoRoot, "README.md"), "# test\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0fae3a7af9c5859f Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:132
		writeFileSync(join(wt.worktreeDir, "scratch.txt"), "hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0e3a48731c4b43fd Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:139
		writeFileSync(join(wt.worktreeDir, "new.txt"), "hi");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #598e53b25b11613d Filesystem access.
repo/packages/agent/src/__tests__/worktree.test.ts:183
		writeFileSync(join(wt.worktreeDir, "kept.txt"), "yes");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7aa4fecd415e5121 Filesystem access.
repo/packages/agent/src/bench/compare.ts:62
	const raw = JSON.parse(readFileSync(filePath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44f9a834caf7deab Filesystem access.
repo/packages/agent/src/bench/microbench-dataset.ts:58
		const meta: MicroBenchTaskMeta = JSON.parse(readFileSync(metaPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a34384cbf81c89eb Filesystem access.
repo/packages/agent/src/bench/microbench-dataset.ts:59
		const prompt = readFileSync(promptPath, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #89fd1397f4e148c4 Filesystem access.
repo/packages/agent/src/bench/terminal-bench.ts:48
	const lines = readFileSync(filePath, "utf-8").split("\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56578cc4811d094 Filesystem access.
repo/packages/agent/src/bench/terminal-bench.ts:158
		const json = JSON.parse(readFileSync(candidate, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f2c17ceb8218368c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/agent/src/bench/token-verifier.ts:154
		const url = new URL("https://api.openai.com/v1/organization/usage/completions");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #fbe79f14992d921f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/agent/src/bench/token-verifier.ts:183
		const url = new URL("https://api.anthropic.com/v1/organizations/usage_report/messages");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs test-only #56b74c212363d153 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:41
	writeFileSync(join(dir, "README.md"), "# test\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53e44311db2207d0 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:154
		writeFileSync(join(projectDir, "hello.ts"), "export const x = 1;\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c736d75774317069 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:175
		writeFileSync(filePath, "const v = 1;\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6ed95361e9f203b6 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:181
		writeFileSync(filePath, "const v = 999; // changed\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4acd3e1a7a4fa378 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:182
		expect(readFileSync(filePath, "utf-8")).toContain("999");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2ab9fcc9329cdc9 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:190
		expect(readFileSync(filePath, "utf-8")).toContain("const v = 1;");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #68d47df927724211 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:196
		writeFileSync(fileA, "// a original\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8549ac810290f7fe Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:197
		writeFileSync(fileB, "// b original\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #00f5e7c374978b2d Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:202
		writeFileSync(fileA, "// a changed\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5d5ca39ec4bd5fa4 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:203
		writeFileSync(fileB, "// b changed\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #10260be628f5be35 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:207
		writeFileSync(fileA, "// a changed again\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec0555cec74fa874 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:214
		expect(readFileSync(fileA, "utf-8")).toContain("a original");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #722a8c85fe762372 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:216
		expect(readFileSync(fileB, "utf-8")).toContain("b changed");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #11e9816b2ddc128c Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:224
		writeFileSync(file, "// safe\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bc45cf48ed7842fa Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:229
		writeFileSync(file, "// mutated\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #96b23fbc6c81d3a7 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:268
		writeFileSync(file, "v1\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f1e6f1a47861c3cd Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:271
		writeFileSync(file, "v2\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #16e5700162794249 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:274
		writeFileSync(file, "v3\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d2e051f93e8ce9d1 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:277
		writeFileSync(file, "v4-current\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #52c693110cb85350 Filesystem access.
repo/packages/agent/src/checkpoints/__tests__/ws17.test.ts:282
		expect(readFileSync(file, "utf-8").trim()).toBe("v1");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ff0936ae0f82c17 Filesystem access.
repo/packages/agent/src/checkpoints/index-file.ts:64
			const raw = readFileSync(this.filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #031ad0dfa0f0ea44 Filesystem access.
repo/packages/agent/src/checkpoints/index-file.ts:126
		writeFileSync(tmp, JSON.stringify(this.data, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e53429c474da51dc Filesystem access.
repo/packages/agent/src/checkpoints/manager.ts:50
			writeFileSync(lockFile, `${process.pid}`, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fba09b31c7ffd0e9 Filesystem access.
repo/packages/agent/src/checkpoints/manager.ts:66
		const stalePid = Number(readFileSync(lockFile, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a23e21ef60ea0eea Filesystem access.
repo/packages/agent/src/compression/bert-tokenizer.ts:53
		const text = readFileSync(vocabPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93edc8214686f6a2 Filesystem access.
repo/packages/agent/src/mcp/discovery.ts:56
		const text = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #051744f629b0ee34 Filesystem access.
repo/packages/agent/src/mcp/keystore.ts:48
			const raw = readFileSync(this.path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6faa23790ba66fc0 Filesystem access.
repo/packages/agent/src/mcp/keystore.ts:62
		writeFileSync(this.path, JSON.stringify(data, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5665d9e2401f2c7d Filesystem access.
repo/packages/agent/src/memory/files.ts:117
						const body = readFileSync(join(dir, f), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99822e89374c7c1c Filesystem access.
repo/packages/agent/src/memory/files.ts:200
		writeFileSync(join(this.memoryDir, `${id}.md`), formatBody({ kind, ts, session_id, content, provenance }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #610d47a9f7447e9f Filesystem access.
repo/packages/agent/src/memory/files.ts:216
					writeFileSync(`${p}.deleted`, readFileSync(p, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28c4365aa3011d85 Filesystem access.
repo/packages/agent/src/memory/files.ts:239
			writeFileSync(toPath, text);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dad51d9b2c9f8ea Filesystem access.
repo/packages/agent/src/memory/files.ts:252
			const raw = readFileSync(p, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5bfa92c7c200e712 Filesystem access.
repo/packages/agent/src/memory/files.ts:268
		writeFileSync(join(this.memoryDir, "index.json"), `${JSON.stringify(idx, null, 2)}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #14ffd1a7e7b97937 Filesystem access.
repo/packages/agent/src/memory/files.ts:275
			const raw = readFileSync(p, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/coding-agent

npm first-party
high pii_flow production #1bebd320f96a2140 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371 · flow /tmp/closeopen-3amdqrew/repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:54 → /tmp/closeopen-3amdqrew/repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371
			const response = await fetch(`${ANTIGRAVITY_ENDPOINT}/v1internal:streamGenerateContent?alt=sse`, {
				method: "POST",
				headers: {
					Authorization: `Bearer ${accessToken}`,
					"Content-Type": "application/json",
					Accept: "text/event-stream",
					...ANTIGRAVITY_HEADERS,
				},
				body: JSON.stringify(requestBody),
				signal,
			});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 317 low-confidence finding(s)
low env_fs production #8e23ebc8b550aeb6 Environment-variable access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:54
	"User-Agent": `antigravity/${process.env.PI_AI_ANTIGRAVITY_VERSION || DEFAULT_ANTIGRAVITY_VERSION} darwin/arm64`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fe60928ba767e10 Filesystem access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:177
		const content = readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #030803956887e8de Environment-variable access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:194
	const envMode = (process.env.PI_IMAGE_SAVE_MODE || "").toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #16b0d6461f2e2a3b Environment-variable access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:212
		const dir = params.saveDir || process.env.PI_IMAGE_SAVE_DIR || config.saveDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e0189a09f1b7e63c Filesystem access.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:237
		await writeFile(filePath, Buffer.from(base64Data, "base64"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #6b4a9bd50e229256 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/antigravity-image-gen.ts:371
			const response = await fetch(`${ANTIGRAVITY_ENDPOINT}/v1internal:streamGenerateContent?alt=sse`, {
				method: "POST",
				headers: {
					Authorization: `Bearer ${accessToken}`,
					"Content-Type": "application/json",
					Accept: "text/event-stream",
					...ANTIGRAVITY_HEADERS,
				},
				body: JSON.stringify(requestBody),
				signal,
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3648601f55acb967 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-anthropic/index.ts:97
	const tokenResponse = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "authorization_code",
			client_id: CLIENT_ID,
			code,
			state,
			redirect_uri: REDIRECT_URI,
			code_verifier: verifier,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #be7dc5ca7d4a69ca Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-anthropic/index.ts:128
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "refresh_token",
			client_id: CLIENT_ID,
			refresh_token: credentials.refresh,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7c7374dbd5159ee7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:149
	const response = await fetch(`${GITLAB_COM_URL}/api/v4/ai/third_party_agents/direct_access`, {
		method: "POST",
		headers: { Authorization: `Bearer ${gitlabAccessToken}`, "Content-Type": "application/json" },
		body: JSON.stringify({ feature_flags: { DuoAgentPlatformNext: true } }),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2b9af64eeb263f1d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:210
	const tokenResponse = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "authorization_code",
			code,
			code_verifier: verifier,
			redirect_uri: REDIRECT_URI,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b94af43c7fff623b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:238
	const response = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "refresh_token",
			refresh_token: credentials.refresh,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6c54715dd2c23330 Filesystem access.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/test.ts:12
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #857f0b0c7d77bb5b Filesystem access.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/test.ts:32
	const authData = JSON.parse(readFileSync(authPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #3e778c86a5b48ea8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:106
	const response = await fetch(QWEN_DEVICE_CODE_ENDPOINT, {
		method: "POST",
		headers,
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2aedacfc9dcfeec8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:170
		const response = await fetch(QWEN_TOKEN_ENDPOINT, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
				Accept: "application/json",
			},
			body: body.toString(),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #567b527e580397d4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:251
	const response = await fetch(QWEN_TOKEN_ENDPOINT, {
		method: "POST",
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
			Accept: "application/json",
		},
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b04e74a67bd532f7 Filesystem access.
repo/packages/coding-agent/examples/extensions/doom-overlay/doom-engine.ts:58
		const wadData = readFileSync(this.wadPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4effa96820d7896 Filesystem access.
repo/packages/coding-agent/examples/extensions/doom-overlay/doom-engine.ts:62
		const doomJsCode = readFileSync(doomJsPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #28d5d346c45e73dc Environment-variable access.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:14
		const resolved = resolve(customPath.replace(/^~/, process.env.HOME || ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdb5cb287bc4b90b Environment-variable access.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:26
		const resolved = resolve(p.replace(/^~/, process.env.HOME || ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #aadbc041f8e729a7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:41
		const response = await fetch(WAD_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bee07ed57d17a0bc Filesystem access.
repo/packages/coding-agent/examples/extensions/doom-overlay/wad-finder.ts:46
		writeFileSync(BUNDLED_WAD, Buffer.from(buffer));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e273b961cddda458 Filesystem access.
repo/packages/coding-agent/examples/extensions/file-trigger.ts:20
				const content = fs.readFileSync(triggerFile, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ea74e8d05d0ac27 Filesystem access.
repo/packages/coding-agent/examples/extensions/file-trigger.ts:30
					fs.writeFileSync(triggerFile, ""); // Clear after reading

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d6352fb64486a4e Environment-variable access.
repo/packages/coding-agent/examples/extensions/interactive-shell.ts:102
		process.env.INTERACTIVE_COMMANDS?.split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac24a3f6e2387a60 Environment-variable access.
repo/packages/coding-agent/examples/extensions/interactive-shell.ts:105
	const excluded = new Set(process.env.INTERACTIVE_EXCLUDE?.split(",").map((s) => s.trim().toLowerCase()) ?? []);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74fb4be8e9f57995 Environment-variable access.
repo/packages/coding-agent/examples/extensions/interactive-shell.ts:164
			const shell = process.env.SHELL || "/bin/sh";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7bcd78af05150fb8 Environment-variable access.
repo/packages/coding-agent/examples/extensions/notify.ts:42
	if (process.env.WT_SESSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #72a43884c720ab9f Environment-variable access.
repo/packages/coding-agent/examples/extensions/notify.ts:44
	} else if (process.env.KITTY_WINDOW_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76ba65ef597006cf Filesystem access.
repo/packages/coding-agent/examples/extensions/preset.ts:79
			const content = readFileSync(globalPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fda1f710f9187f8d Filesystem access.
repo/packages/coding-agent/examples/extensions/preset.ts:89
			const content = readFileSync(projectPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b78a913c5bacff4 Filesystem access.
repo/packages/coding-agent/examples/extensions/sandbox/index.ts:88
			globalConfig = JSON.parse(readFileSync(globalConfigPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #147e5156871336c6 Filesystem access.
repo/packages/coding-agent/examples/extensions/sandbox/index.ts:96
			projectConfig = JSON.parse(readFileSync(projectConfigPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4cbfc655b1a9c52 Filesystem access.
repo/packages/coding-agent/examples/extensions/subagent/agents.ts:47
			content = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #18246410b2be0083 Filesystem access.
repo/packages/coding-agent/examples/extensions/subagent/index.ts:215
		await fs.promises.writeFile(filePath, prompt, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0546eea60a051778 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:26
import { constants, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #471e97fd518dc4b1 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:27
import { access, appendFile, readFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7af7c6430817a865 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:100
				const content = await readFile(absolutePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90783ab74593f409 Filesystem access.
repo/packages/coding-agent/examples/extensions/tool-override.ts:136
				const log = readFileSync(LOG_FILE, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #747d84a44931215d Filesystem access.
repo/packages/coding-agent/examples/extensions/truncated-tool.ts:115
					await writeFile(tempFile, output, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82ed3dafca360cf6 Environment-variable access.
repo/packages/coding-agent/examples/sdk/12-full-control.ts:28
if (process.env.MY_ANTHROPIC_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5375b32480536ca6 Environment-variable access.
repo/packages/coding-agent/examples/sdk/12-full-control.ts:29
	authStorage.setRuntimeApiKey("anthropic", process.env.MY_ANTHROPIC_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f7a4eb84ed84f22e Environment-variable access.
repo/packages/coding-agent/src/cli/attach.ts:28
		host: process.env.CAVE_DAEMON_HOST ?? DEFAULT_DAEMON_HOST,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8454c33aa8e22288 Environment-variable access.
repo/packages/coding-agent/src/cli/attach.ts:29
		port: process.env.CAVE_DAEMON_PORT ? Number.parseInt(process.env.CAVE_DAEMON_PORT, 10) : DEFAULT_DAEMON_PORT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f07abe7759ecb8e Environment-variable access.
repo/packages/coding-agent/src/cli/attach.ts:30
		token: process.env.CAVE_DAEMON_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0150b7bb485c9bed Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:53
	const term = process.env.TERM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd8c94472d90d43b Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:54
	const colorTerm = process.env.COLORTERM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e78fabf0522f61a1 Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:55
	const program = process.env.TERM_PROGRAM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49c1fdc160a085f5 Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:56
	const wt = process.env.WT_SESSION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #197dd54663f43a7a Environment-variable access.
repo/packages/coding-agent/src/cli/doctor.ts:57
	const ssh = !!(process.env.SSH_TTY || process.env.SSH_CONNECTION);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1290756355beb30e Filesystem access.
repo/packages/coding-agent/src/cli/file-processor.ts:52
			const content = await readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #95e2cd705ce95d41 Filesystem access.
repo/packages/coding-agent/src/cli/file-processor.ts:89
				const content = await readFile(absolutePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9511d770d958dc46 Filesystem access.
repo/packages/coding-agent/src/cli/goal-cli.ts:210
	const goalText = readFileSync(paths.goalMd, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c6190e6244b1b83 Filesystem access.
repo/packages/coding-agent/src/cli/goal-cli.ts:220
		const lines = readFileSync(paths.transcriptJsonl, "utf8").trim().split(/\r?\n/);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd187ea2aa5f263a Environment-variable access.
repo/packages/coding-agent/src/cli/list.ts:24
		host: process.env.CAVE_DAEMON_HOST ?? DEFAULT_DAEMON_HOST,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #703af2f1886c7759 Environment-variable access.
repo/packages/coding-agent/src/cli/list.ts:25
		port: process.env.CAVE_DAEMON_PORT ? Number.parseInt(process.env.CAVE_DAEMON_PORT, 10) : DEFAULT_DAEMON_PORT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #423dc346ceaf958d Environment-variable access.
repo/packages/coding-agent/src/cli/list.ts:26
		token: process.env.CAVE_DAEMON_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c438d97cb0baad25 Filesystem access.
repo/packages/coding-agent/src/cli/mcp-cli.ts:38
		return JSON.parse(readFileSync(path, "utf8")) as McpConfigFile;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7049f5282932fa5a Filesystem access.
repo/packages/coding-agent/src/cli/mcp-cli.ts:47
	writeFileSync(path, `${JSON.stringify(data, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c54af34f8ba50bd3 Environment-variable access.
repo/packages/coding-agent/src/cli/models.ts:26
	const envDir = process.env.CAVE_CODING_AGENT_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00fdff145812f037 Environment-variable access.
repo/packages/coding-agent/src/cli/run-recipe.ts:203
		process.env.CAVE_RECIPE_MODEL = recipe.model;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ce11a9d83f5921f5 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:107
		const existing = Number.parseInt(readFileSync(parsed.pidFile, "utf8").trim(), 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #22f958cdfc88ea61 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:136
	writeFileSync(parsed.pidFile, String(process.pid), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8af8a2d24a182150 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:156
					const pid = Number.parseInt(readFileSync(parsed.pidFile, "utf8").trim(), 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #888eb6f24f460e93 Filesystem access.
repo/packages/coding-agent/src/cli/serve.ts:158
						writeFileSync(parsed.pidFile, "", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bb4fbdbe7ad00005 Environment-variable access.
repo/packages/coding-agent/src/cli/update.ts:107
	if (process.env.CAVE_DISABLE_UPDATE_CHECK === "1") return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dd6aeb6688308df Environment-variable access.
repo/packages/coding-agent/src/cli/update.ts:142
	const home = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1424bb1901bd915f Filesystem access.
repo/packages/coding-agent/src/cli/worker.ts:47
		const raw = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f99c6a134ce3c29d Filesystem access.
repo/packages/coding-agent/src/cli/worker.ts:57
	writeFileSync(path, `${JSON.stringify(file, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ca5943b3a837d9f7 Filesystem access.
repo/packages/coding-agent/src/config.ts:1
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #993a31f81fd9a479 Environment-variable access.
repo/packages/coding-agent/src/config.ts:82
	const envDir = process.env[DEFAULT_PACKAGE_DIR_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0cb00f7d5e56813 Filesystem access.
repo/packages/coding-agent/src/config.ts:185
const pkg = JSON.parse(readFileSync(getPackageJsonPath(), "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ca49e43cced395d Environment-variable access.
repo/packages/coding-agent/src/config.ts:201
	const baseUrl = process.env[ENV_SHARE_VIEWER_URL] || DEFAULT_SHARE_VIEWER_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b7b7b993ded6531 Environment-variable access.
repo/packages/coding-agent/src/config.ts:211
	const envDir = process.env[ENV_AGENT_DIR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #1157a4371eaa16ad Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cave-invocation.test.ts:16
			writeFileSync(script, "#!/usr/bin/env node\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ac1847ea0d240701 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:50
		writeFileSync(totalsPath, "not-valid-json", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #924f3fa03cbc6658 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:60
		writeFileSync(totalsPath, JSON.stringify(data), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f4bb21eeb205992a Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:78
		const raw = JSON.parse(readFileSync(totalsPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #67832b4dcd0c9438 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:147
			readFileSync(totalsPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7acbd283dec9f309 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/cost-persistence.test.ts:199
		writeFileSync(totalsPath, JSON.stringify(oldData), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #88dace9e866a30b3 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:38
		writeFileSync(join(memDir, "MEMORY.md"), "# Index\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7e759072683e6672 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:51
		writeFileSync(join(memDir, "MEMORY.md"), lines);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #336c8588524d25bb Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:63
		writeFileSync(join(memDir, "MEMORY.md"), "# Index\n- [a](a.md)\n- [b](b.md)\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6e2baa6b5a67a0b5 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:64
		writeFileSync(join(memDir, "a.md"), "Fact about A — preserve verbatim.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #264580f01fe867f9 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:65
		writeFileSync(join(memDir, "b.md"), "Fact about B with code: `npm install`.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #33d7b075b93ced02 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/memory-bridge.test.ts:66
		writeFileSync(join(memDir, "duplicate-of-a.md"), "Fact about A — preserve verbatim.");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6b41aa72c1e3675f Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:14
	writeFileSync(join(tmp, "src", "foo.ts"), `export function foo() {\n  return bar();\n}\nexport class Foo {}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a3112c3784b3c0b4 Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:15
	writeFileSync(
		join(tmp, "src", "bar.ts"),
		`export function bar() { return 1; }\nexport function bar2() { return foo(); }\n`,
	);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b8b25df71a25d9ae Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:19
	writeFileSync(join(tmp, "src", "baz.py"), `def baz():\n    return 0\nclass Baz:\n    pass\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #074a5fd77924f56a Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:21
	writeFileSync(join(tmp, "README.md"), "# hello");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #380987ed2b2e2acd Filesystem access.
repo/packages/coding-agent/src/core/__tests__/repomap-slash.test.ts:24
	writeFileSync(join(tmp, "node_modules", "x", "x.ts"), "export const x = 1;");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #be9f6b1e2cbf260a Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:99
		const prev = process.env.CAVE_SUBAGENT_DEPTH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7b6b5bf76d9e4880 Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:100
		process.env.CAVE_SUBAGENT_DEPTH = "9";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3547996a83ad5aab Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:107
			if (prev === undefined) delete process.env.CAVE_SUBAGENT_DEPTH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #46746bb53e0b675a Environment-variable access.
repo/packages/coding-agent/src/core/__tests__/subagent-wiring.test.ts:108
			else process.env.CAVE_SUBAGENT_DEPTH = prev;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c60fa219b6173cb2 Filesystem access.
repo/packages/coding-agent/src/core/agent-defs/loader.ts:21
import { existsSync, readdirSync, readFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02bf44bca3f0926d Filesystem access.
repo/packages/coding-agent/src/core/agent-defs/loader.ts:90
		content = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8993161fb915ca9d Environment-variable access.
repo/packages/coding-agent/src/core/agent-session.ts:252
const PROMPT_TIMING_ENABLED = process.env.CAVE_PROMPT_TIMING === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e277d99410a1c88f Environment-variable access.
repo/packages/coding-agent/src/core/agent-session.ts:391
		process.env.CAVE_CHAT_MODE === "plan" ? "plan" : process.env.CAVE_CHAT_MODE === "edit" ? "edit" : "auto";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc8a52813943d171 Filesystem access.
repo/packages/coding-agent/src/core/agent-session.ts:1057
				const raw = readFileSync(indexPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db03eef667617b69 Filesystem access.
repo/packages/coding-agent/src/core/agent-session.ts:1959
			const content = readFileSync(skill.filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f367e1e0ebe00e2 Environment-variable access.
repo/packages/coding-agent/src/core/agent-session.ts:3187
		if (process.env.CAVE_MEMORY_AUTO_RECORD === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e1407646c552ca5 Filesystem access.
repo/packages/coding-agent/src/core/agent-session.ts:4050
		writeFileSync(filePath, `${lines.join("\n")}\n`);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06ad9d28e8512ed0 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:16
import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76a3351251f10c89 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:57
			writeFileSync(this.authPath, "{}", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #af200d01f5bcb49c Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:96
			const current = existsSync(this.authPath) ? readFileSync(this.authPath, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1631bfcced780913 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:99
				writeFileSync(this.authPath, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b052f98ede4bbebb Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:140
			const current = existsSync(this.authPath) ? readFileSync(this.authPath, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #793f4d670c971951 Filesystem access.
repo/packages/coding-agent/src/core/auth-storage.ts:144
				writeFileSync(this.authPath, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcbe5c1299ef6a6e Filesystem access.
repo/packages/coding-agent/src/core/cost-persistence.ts:66
		const raw = fs.readFileSync(p, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac8404c68b7f25e6 Filesystem access.
repo/packages/coding-agent/src/core/cost-persistence.ts:120
		fs.writeFileSync(tmp, JSON.stringify(totals, null, 2), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de18ac8ab50c180a Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:2
import { existsSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54b29c7c84de14b6 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:144
	const template = readFileSync(join(templateDir, "template.html"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27b07a10bc7baff2 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:145
	const templateCss = readFileSync(join(templateDir, "template.css"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #35631c3417688c30 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:146
	const templateJs = readFileSync(join(templateDir, "template.js"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ddec724a9f176a55 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:147
	const markedJs = readFileSync(join(templateDir, "vendor", "marked.min.js"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01070d1ada7275d9 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:148
	const hljsJs = readFileSync(join(templateDir, "vendor", "highlight.min.js"), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #912f145ba679522a Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:279
	writeFileSync(outputPath, html, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5afab23d7d1130f9 Filesystem access.
repo/packages/coding-agent/src/core/export-html/index.ts:312
	writeFileSync(outputPath, html, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1a8e55abaf69775 Filesystem access.
repo/packages/coding-agent/src/core/extensions/loader.ts:418
		const content = fs.readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f0cc4a84082f5d31 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:2
import { existsSync, type FSWatcher, readFileSync, statSync, unwatchFile, watch, watchFile } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a15fc51f6ce7fa57 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:23
					const content = readFileSync(gitPath, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d16caa99c28092ea Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:30
							? resolve(gitDir, readFileSync(commonDirPath, "utf8").trim())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c20b411b5191fb4 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:256
			const content = readFileSync(this.gitPaths.headPath, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3466d5ace55d660 Filesystem access.
repo/packages/coding-agent/src/core/footer-data-provider.ts:270
			const content = readFileSync(this.gitPaths.headPath, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #405d4a5d5e9cd5fc Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-runner.ts:90
	writeFileSync(join(dir, "stdout.jsonl"), payload.stdout);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a8a5e876d2f307e Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-runner.ts:91
	writeFileSync(join(dir, "assistant.txt"), payload.assistant);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6107ef6612328918 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:100
	writeFileSync(tmp, JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4907beab3223467 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:107
		return JSON.parse(readFileSync(path, "utf8")) as T;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1df558d4bd09b1d8 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:154
			const { frontmatter } = parseFrontmatter<GoalFrontmatter>(readFileSync(goalMd, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2bc29837bdbac49 Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:167
	writeFileSync(path, text);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c609420a2e34411a Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:171
	const raw = readFileSync(path, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fe41562b380f6e0f Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:245
	return readFileSync(paths.summaryMd, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e858edfbaa9773a Filesystem access.
repo/packages/coding-agent/src/core/goal-loop/goal-state.ts:251
	writeFileSync(paths.summaryMd, trimmed);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2dca2ab755c08c89 Environment-variable access.
repo/packages/coding-agent/src/core/hooks/executor.ts:313
	return { shell: process.env.SHELL || "/bin/sh", shellArg: "-c" };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55706466993a7d9c Filesystem access.
repo/packages/coding-agent/src/core/keybindings.ts:9
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d6c809f8a2de8c9 Filesystem access.
repo/packages/coding-agent/src/core/keybindings.ts:279
		const parsed = JSON.parse(readFileSync(path, "utf-8")) as unknown;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3898fe0bc4a6f912 Filesystem access.
repo/packages/coding-agent/src/core/memory-bridge.ts:193
		const raw = readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2d79a7498a0a4fe Filesystem access.
repo/packages/coding-agent/src/core/model-registry.ts:25
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d8aebb92109934d5 Filesystem access.
repo/packages/coding-agent/src/core/model-registry.ts:393
			const content = readFileSync(modelsJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4b0980ee4152b15c Environment-variable access.
repo/packages/coding-agent/src/core/package-manager.ts:18
	const value = process.env.PI_OFFLINE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6b3d46acccfc967 Environment-variable access.
repo/packages/coding-agent/src/core/package-manager.ts:167
	return process.env.HOME || homedir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d90199e43d3ce72 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:201
			const content = readFileSync(ignorePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #055d4b82fdbd9e84 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:472
		const content = readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d61279cd37e61cb Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1311
			const content = readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd3836857c2854b6 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1686
			writeFileSync(packageJsonPath, JSON.stringify(pkgJson, null, 2), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7a91b822f9b43846 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1696
			writeFileSync(ignorePath, "*\n!.gitignore\n", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5556aa5574384c21 Filesystem access.
repo/packages/coding-agent/src/core/package-manager.ts:1917
			const content = readFileSync(packageJsonPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd3986d8a43c9cf Filesystem access.
repo/packages/coding-agent/src/core/plans.ts:43
	writeFileSync(path, plan, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7801f949f7c21350 Filesystem access.
repo/packages/coding-agent/src/core/plans.ts:52
		return readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #480cc2179354971e Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:31
	HOME_BACKUP = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #af703e0721ea4afb Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:32
	process.env.HOME = fakeHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #06f1f44525f56d4c Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:38
	if (HOME_BACKUP === undefined) delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec15958272465640 Environment-variable access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:39
	else process.env.HOME = HOME_BACKUP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bb77fd08bfa71f8 Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:45
	writeFileSync(path, JSON.stringify(data), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9602573e3a20ea2a Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:64
		writeFileSync(
			mp,
			JSON.stringify({
				plugins: [{ ref: "owner/my-plugin", name: "my-plugin", description: "Test plugin" }],
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #b85c007ba4fc454b Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:81
		writeFileSync(
			mp,
			JSON.stringify({
				plugins: [
					{ ref: "alice/tool-a", name: "tool-a", description: "Tool A" },
					{ ref: "bob/tool-b", name: "tool-b", description: "Tool B" },
				],
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0ae91246a12d67e9 Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:100
		writeFileSync(
			repoMp,
			JSON.stringify({ plugins: [{ ref: "r/plugin", name: "plugin", description: "Repo" }] }),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ca788a888f9261a2 Filesystem access.
repo/packages/coding-agent/src/core/plugins/__tests__/marketplace.test.ts:108
		writeFileSync(
			personalMp,
			JSON.stringify({
				plugins: [{ ref: "p/plugin", name: "plugin", description: "Personal" }],
			}),
			"utf8",
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23a64d0fcc3e2ada Filesystem access.
repo/packages/coding-agent/src/core/plugins/installer.ts:218
	writeFileSync(dst, readFileSync(src, "utf8"), "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54374af2bbaebbd6 Filesystem access.
repo/packages/coding-agent/src/core/plugins/installer.ts:260
		const manifestJson = readFileSync(manifestPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #270213fe35084df7 Filesystem access.
repo/packages/coding-agent/src/core/plugins/loader.ts:112
			const json = readFileSync(manifestPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e7e5f9a43101467 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:119
		const raw = JSON.parse(readFileSync(path, "utf8")) as Partial<MarketplaceFile>;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b64e13821e172f7 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:132
	writeFileSync(path, `${JSON.stringify(data, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fcd369896580f1e9 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:152
		const entry = JSON.parse(readFileSync(cachePath, "utf8")) as CacheEntry;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75e9f30b5a04b2fc Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:164
	writeFileSync(cachePath, `${JSON.stringify(entry, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b56d820a098574b1 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:324
		const raw = JSON.parse(readFileSync(INSTALLED_REGISTRY_PATH, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5dd440950aae059 Filesystem access.
repo/packages/coding-agent/src/core/plugins/marketplace.ts:334
	writeFileSync(INSTALLED_REGISTRY_PATH, `${JSON.stringify(records, null, 2)}\n`, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #874ece1dad66ef0c Filesystem access.
repo/packages/coding-agent/src/core/prompt-templates.ts:1
import { existsSync, readdirSync, readFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6001a4febccd5483 Filesystem access.
repo/packages/coding-agent/src/core/prompt-templates.ts:105
		const rawContent = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #84a301d0e07c7e2a Filesystem access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:45
	writeFileSync(filePath, content, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #35038b1ee69000a6 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:308
			captured.push(process.env.MY_TEST_VAR ?? "(unset)");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5e28b37bae315033 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:312
		const previousVal = process.env.MY_TEST_VAR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #458acb38717ce658 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/__tests__/recipes.test.ts:316
		expect(process.env.MY_TEST_VAR).toBe(previousVal); // restored

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0858e6458888f3b Filesystem access.
repo/packages/coding-agent/src/core/recipes/loader.ts:71
		raw = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09d0621090cb37ac Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:98
			envSnapshot[k] = process.env[k];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b95ada9e3657215 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:99
			process.env[k] = v;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d0766fb4bc35383 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:119
					delete process.env[k];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf5bc100d37855f8 Environment-variable access.
repo/packages/coding-agent/src/core/recipes/runner.ts:121
					process.env[k] = prev;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9678f9930e9f02e Environment-variable access.
repo/packages/coding-agent/src/core/resolve-config-value.ts:21
	const envValue = process.env[config];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7eb627d6bc6ed3e Environment-variable access.
repo/packages/coding-agent/src/core/resolve-config-value.ts:95
	const envValue = process.env[config];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e11b2aeec83b3c86 Filesystem access.
repo/packages/coding-agent/src/core/resource-loader.ts:48
			return readFileSync(input, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #50103588c8812ff4 Filesystem access.
repo/packages/coding-agent/src/core/resource-loader.ts:66
					content: readFileSync(filePath, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7ae2cd9d15b215ec Environment-variable access.
repo/packages/coding-agent/src/core/resource-loader.ts:83
	if (process.env.CAVE_OMIT_CLAUDE_MD === "1") return [];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #668d5cd29657e1d1 Filesystem access.
repo/packages/coding-agent/src/core/resource-loader.ts:124
			contextFiles.push({ path: memoryIndex, content: readFileSync(memoryIndex, "utf-8") });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98a2dbc9039fe6a3 Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:4
import {
	appendFileSync,
	closeSync,
	existsSync,
	mkdirSync,
	openSync,
	readdirSync,
	readFileSync,
	readSync,
	statSync,
	writeFileSync,
} from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #222e3dd90129bb9b Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:16
import { readdir, readFile, stat } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cac94f173788f38 Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:436
	const content = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df62129a81b02e85 Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:546
		const content = await readFile(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6688ddb98f3c16a Filesystem access.
repo/packages/coding-agent/src/core/session-manager.ts:773
		writeFileSync(this.sessionFile, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5b8dbcfe22f6ff5e Filesystem access.
repo/packages/coding-agent/src/core/settings-manager.ts:2
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #05ce85702621baa1 Filesystem access.
repo/packages/coding-agent/src/core/settings-manager.ts:288
			const current = fileExists ? readFileSync(path, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aebe90d3ea13c84f Filesystem access.
repo/packages/coding-agent/src/core/settings-manager.ts:298
				writeFileSync(path, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #431d5f0fb5c8675c Environment-variable access.
repo/packages/coding-agent/src/core/settings-manager.ts:1002
		return process.env.PI_CLEAR_ON_SHRINK === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #164369c72b88604a Environment-variable access.
repo/packages/coding-agent/src/core/settings-manager.ts:1073
		return this.settings.showHardwareCursor ?? process.env.PI_HARDWARE_CURSOR === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d392c214099cbac7 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:9
import { existsSync, type FSWatcher, readdirSync, readFileSync, realpathSync, statSync, watch } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fe5c7592b26d8a6 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:76
			const content = readFileSync(ignorePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #40df01d8f1603556 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:356
		const rawContent = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #982891326d5f3295 Filesystem access.
repo/packages/coding-agent/src/core/skills.ts:643
	const raw = readFileSync(skill.filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #784e67165f750563 Environment-variable access.
repo/packages/coding-agent/src/core/skills.ts:787
		const fromEnv = process.env[varName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1ba25f403dbfc96 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands.ts:34
import { type Dirent, existsSync, type FSWatcher, readdirSync, readFileSync, statSync, watch } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dceafe667f7502e Filesystem access.
repo/packages/coding-agent/src/core/slash-commands.ts:221
		raw = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6dabcadef275304f Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/goal.test.ts:47
		const goalMd = readFileSync(paths.goalMd, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3a1b700d2599325e Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:40
		HOME_BACKUP = process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #45b2f67e0f64889a Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:41
		process.env.HOME = fakeHome;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2bc4c98b3551630e Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:47
		if (HOME_BACKUP === undefined) delete process.env.HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #53dca95812bbc6e0 Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:48
		else process.env.HOME = HOME_BACKUP;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e4aadd5bd4bdfd8 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/__tests__/mcp.test.ts:58
		writeFileSync(
			join(cwd, ".mcp.json"),
			JSON.stringify({
				mcpServers: { fs: { command: "echo", args: ["hi"] } },
			}),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #29a38e0a97b0d2c5 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/goal.ts:174
		const raw = readFileSync(paths.transcriptJsonl, "utf8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #092565096334bd3f Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/hooks.ts:190
	const content = readFileSync(sourcePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39867546fb888a15 Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/hooks.ts:191
	writeFileSync(dest, content, { mode: 0o755 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e8bc0916d08eff4 Environment-variable access.
repo/packages/coding-agent/src/core/slash-commands/models.ts:20
	const envDir = process.env.CAVE_CODING_AGENT_DIR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #00a540cb10a232ea Filesystem access.
repo/packages/coding-agent/src/core/slash-commands/repomap.ts:108
					const source = readFileSync(full, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9bb67013fd2cfa2b Environment-variable access.
repo/packages/coding-agent/src/core/status-line-runner.ts:56
		const shell = process.env.SHELL || (process.platform === "win32" ? process.env.COMSPEC || "cmd.exe" : "/bin/sh");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6dff37643bee9eb3 Environment-variable access.
repo/packages/coding-agent/src/core/system-prompt.ts:131
		`- Shell: ${process.env.SHELL ?? "unknown"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5fba9c20c97890c5 Environment-variable access.
repo/packages/coding-agent/src/core/system-prompt.ts:365
		if (process.env.CAVE_SUBAGENT_DEPTH && Number.parseInt(process.env.CAVE_SUBAGENT_DEPTH, 10) > 0) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #619ce926db3f8cd2 Environment-variable access.
repo/packages/coding-agent/src/core/timings.ts:6
const ENABLED = process.env.PI_TIMING === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fa68f88aae35fe3 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit-diff.ts:7
import { constants } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d664924012032c0c Filesystem access.
repo/packages/coding-agent/src/core/tools/edit-diff.ts:8
import { access, readFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8cac40a8f2398e71 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit-diff.ts:420
		const rawContent = await readFile(absolutePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1961e15b84830e7f Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:4
import { constants } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #832fc605c1d83e58 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:5
import { access as fsAccess, readFile as fsReadFile, writeFile as fsWriteFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ead139263b6f2a21 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:75
	readFile: (path) => fsReadFile(path),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd89886c42467f67 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:76
	writeFile: (path, content) => fsWriteFile(path, content, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0199a7e3b82d0fd Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:235
								const buffer = await ops.readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2572a7e4ee3a7a31 Filesystem access.
repo/packages/coding-agent/src/core/tools/edit.ts:259
								await ops.writeFile(absolutePath, finalContent);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c944823bb2df2879 Filesystem access.
repo/packages/coding-agent/src/core/tools/find.ts:5
import { existsSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42b19752e444e56a Filesystem access.
repo/packages/coding-agent/src/core/tools/grep.ts:6
import { readFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97026dd3d079f8ee Filesystem access.
repo/packages/coding-agent/src/core/tools/grep.ts:59
	readFile: (p) => readFileSync(p, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fffeb95ef878c8df Filesystem access.
repo/packages/coding-agent/src/core/tools/grep.ts:204
									const content = await ops.readFile(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #19fb9dfc85007478 Filesystem access.
repo/packages/coding-agent/src/core/tools/ls.ts:4
import { existsSync, readdirSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #884bec6cdcf5123d Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:5
import { constants } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b7253be8319ff26 Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:6
import { access as fsAccess, readFile as fsReadFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #435ce6a8dbbb4a74 Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:43
	readFile: (path) => fsReadFile(path),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3091194c9b7a46ba Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:157
								const buffer = await ops.readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #096a4f7f2cd71433 Filesystem access.
repo/packages/coding-agent/src/core/tools/read.ts:186
								const buffer = await ops.readFile(absolutePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #979c59d341058b94 Environment-variable access.
repo/packages/coding-agent/src/core/tools/task.ts:59
	const raw = process.env[SUBAGENT_DEPTH_ENV];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ddf84c255724c4b Filesystem access.
repo/packages/coding-agent/src/core/tools/task.ts:227
		writeFileSync(promptPath, opts.agent.prompt, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e2f1c87112353b9e Filesystem access.
repo/packages/coding-agent/src/core/tools/task.ts:388
		writeFileSync(promptPath, opts.agent.prompt, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38caa74e95a10718 Filesystem access.
repo/packages/coding-agent/src/core/tools/write.ts:4
import { mkdir as fsMkdir, writeFile as fsWriteFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fa2cbec1bf2629ba Filesystem access.
repo/packages/coding-agent/src/core/tools/write.ts:37
	writeFile: (path, content) => fsWriteFile(path, content, "utf-8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a32dcdf0c8459578 Filesystem access.
repo/packages/coding-agent/src/core/tools/write.ts:237
									await ops.writeFile(absolutePath, content);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a72874ea5e4349ec Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:159
		writeFileSync(tmpFile, "const x = 1;\n// cave! add hello world\nconst y = 2;\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #90e8b816b9caf45a Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:169
		const remaining = readFileSync(tmpFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d05321025151336 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:177
		writeFileSync(tmpFile, original);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4d34042e21f9025e Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:187
		const remaining = readFileSync(tmpFile, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #fa69057352e3e248 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:208
		writeFileSync(file, "// cave use TypeScript generics\n// cave! add a generic function\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #582b8710a6abd16c Filesystem access.
repo/packages/coding-agent/src/core/watch-files/__tests__/watch-files.test.ts:226
		writeFileSync(file, "// cave background info only\n");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e7830770f6c30d46 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/trigger.ts:57
		content = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #67abd0441c90cadc Filesystem access.
repo/packages/coding-agent/src/core/watch-files/trigger.ts:102
				currentContent = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6c0adbeddf02734 Filesystem access.
repo/packages/coding-agent/src/core/watch-files/trigger.ts:104
				writeFileSync(filePath, newContent, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8e6cb6e1d51de347 Environment-variable access.
repo/packages/coding-agent/src/main.ts:472
	if (process.env.CAVE_DEBUG_TERM !== "1") return;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #613bf7e6226adf59 Environment-variable access.
repo/packages/coding-agent/src/main.ts:505
	const offlineMode = args.includes("--offline") || isTruthyEnvFlag(process.env.PI_OFFLINE);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6c49a4dd40a3e73 Environment-variable access.
repo/packages/coding-agent/src/main.ts:507
		process.env.PI_OFFLINE = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #49ee864c13e849fd Environment-variable access.
repo/packages/coding-agent/src/main.ts:508
		process.env.PI_SKIP_VERSION_CHECK = "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a9629aa72611f20 Environment-variable access.
repo/packages/coding-agent/src/main.ts:857
	const startupBenchmark = isTruthyEnvFlag(process.env.PI_STARTUP_BENCHMARK);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #313b90e9f3bc0f67 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:6
import { existsSync, mkdirSync, readdirSync, readFileSync, renameSync, rmSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3718f1c8f30c8517 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:36
			const oauth = JSON.parse(readFileSync(oauthPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6f96c596b70d95cc Filesystem access.
repo/packages/coding-agent/src/migrations.ts:50
			const content = readFileSync(settingsPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5e2b97a5e42b2b7 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:60
				writeFileSync(settingsPath, JSON.stringify(settings, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08ad47d64a1a94fd Filesystem access.
repo/packages/coding-agent/src/migrations.ts:69
		writeFileSync(authPath, JSON.stringify(migrated, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #188b6f5622ca71ff Filesystem access.
repo/packages/coding-agent/src/migrations.ts:102
			const content = readFileSync(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #57c8abcc932afd14 Filesystem access.
repo/packages/coding-agent/src/migrations.ts:162
		const parsed = JSON.parse(readFileSync(configPath, "utf-8")) as unknown;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2bb2bfb3e1af9acb Filesystem access.
repo/packages/coding-agent/src/migrations.ts:168
		writeFileSync(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #378dfac60bd94d76 Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:127
		writeFileSync(tmpPath, "not { valid json", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6aa2174be3ef88ee Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:139
		writeFileSync(tmpPath, JSON.stringify(schema), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4538d8af560075cd Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:255
		writeFileSync(tmp, text, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e1fe04e283862070 Filesystem access.
repo/packages/coding-agent/src/modes/exec/__tests__/exec-mode.test.ts:260
		expect(readFileSync(outputPath, "utf-8")).toBe(text);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9c7cb8113ed83d84 Filesystem access.
repo/packages/coding-agent/src/modes/exec/exec-mode.ts:268
		writeFileSync(tmp, content, { encoding: "utf-8" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f06824867261cba Filesystem access.
repo/packages/coding-agent/src/modes/exec/output-schema.ts:32
		raw = readFileSync(schemaPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a3bf8bae28bb996 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/banner.ts:71
	const home = process.env.HOME || process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d4c6acf1f9a71db7 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/banner.ts:86
	const term = process.env.TERM ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e9c77d8061f058eb Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/banner.ts:87
	const lang = process.env.LANG ?? process.env.LC_ALL ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fd1de4d11ca96a5 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:79
		const hasExternalEditor = !!(process.env.VISUAL || process.env.EDITOR);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34e4a4b1e9edc3b7 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:114
		const editorCmd = process.env.VISUAL || process.env.EDITOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6674c64ced28c801 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:123
			fs.writeFileSync(tmpFile, currentText, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1075ea2a33d28ba Filesystem access.
repo/packages/coding-agent/src/modes/interactive/components/extension-editor.ts:133
				const newContent = fs.readFileSync(tmpFile, "utf-8").replace(/\n$/, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1fb8df0b946a0908 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/footer.ts:77
		const home = process.env.HOME || process.env.USERPROFILE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c1ce81537f50eb19 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/secret-prompt.ts:117
	const home = process.env.HOME ?? process.env.USERPROFILE ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b89bbc0aea450afd Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/components/tree-selector.ts:844
			const home = process.env.HOME || process.env.USERPROFILE || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #673564ce0249170a Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:771
		if (process.env.PI_SKIP_VERSION_CHECK || process.env.PI_OFFLINE) return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f3a1a7cb2e53699b Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:780
		if (process.env.PI_OFFLINE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a33d1a43db0da755 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:798
		if (!process.env.TMUX) return undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db2b65478de03768 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:2209
			fs.writeFileSync(filePath, Buffer.from(image.bytes));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bce1c34e6bd7008b Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:3392
		const editorCmd = process.env.VISUAL || process.env.EDITOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #016eb544ad3dea79 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:3403
			fs.writeFileSync(tmpFile, currentText, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c777364e21bece7a Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:3419
				const newContent = fs.readFileSync(tmpFile, "utf-8").replace(/\n$/, "");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38b4dc3a4608547b Filesystem access.
repo/packages/coding-agent/src/modes/interactive/interactive-mode.ts:5153
		fs.writeFileSync(debugLogPath, debugData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1d45132b73dffe8 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:162
	const colorterm = process.env.COLORTERM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d06d54e4531640ae Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:167
	if (process.env.WT_SESSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3f88e171aa1c2a36 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:170
	const term = process.env.TERM || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4009f08651162081 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:176
	if (process.env.TERM_PROGRAM === "Apple_Terminal") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34fb264699d407b2 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:464
			dark: JSON.parse(fs.readFileSync(darkPath, "utf-8")) as ThemeJson,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b57152ba8ccc1b90 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:465
			light: JSON.parse(fs.readFileSync(lightPath, "utf-8")) as ThemeJson,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4fd5ddb0b504fa6f Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:574
		const content = fs.readFileSync(registeredTheme.sourcePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d5e01bd1cffc6d76 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:585
	const content = fs.readFileSync(themePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b9216eaeb25da068 Filesystem access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:624
	const content = fs.readFileSync(themePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c492efb482562eb7 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:667
	const override = (process.env.CAVE_TERM_BG || "").trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a091a3d3ca870ae3 Environment-variable access.
repo/packages/coding-agent/src/modes/interactive/theme/theme.ts:673
	const colorfgbg = process.env.COLORFGBG || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6126b01a10bed79e Environment-variable access.
repo/packages/coding-agent/src/onboarding/wizard.ts:144
	if (process.env.CAVE_SKIP_ONBOARDING === "1") return false;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e5e2db985aaf3a39 Filesystem access.
repo/packages/coding-agent/src/utils/changelog.ts:1
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9dfdafc6f76bb5a6 Filesystem access.
repo/packages/coding-agent/src/utils/changelog.ts:20
		const content = readFileSync(changelogPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c60343a81ae35ba Filesystem access.
repo/packages/coding-agent/src/utils/clipboard-image.ts:3
import { readFileSync, unlinkSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aeda81aa232bd6e4 Filesystem access.
repo/packages/coding-agent/src/utils/clipboard-image.ts:149
		const release = readFileSync("/proc/version", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ac12e748a581f49 Filesystem access.
repo/packages/coding-agent/src/utils/clipboard-image.ts:196
		const bytes = readFileSync(tmpFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da9d0b935ec0e35a Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard-native.ts:12
const hasDisplay = process.platform !== "linux" || Boolean(process.env.DISPLAY || process.env.WAYLAND_DISPLAY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5865408c72ee9ff7 Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard-native.ts:14
if (!process.env.TERMUX_VERSION && hasDisplay) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fc9bae752426530 Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard.ts:45
			if (process.env.TERMUX_VERSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b3caff40478a2a6 Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard.ts:54
			const hasWaylandDisplay = Boolean(process.env.WAYLAND_DISPLAY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #088163ebe0dba7fa Environment-variable access.
repo/packages/coding-agent/src/utils/clipboard.ts:55
			const hasX11Display = Boolean(process.env.DISPLAY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e012a6870976e8f7 Filesystem access.
repo/packages/coding-agent/src/utils/photon.ts:16
import type { PathOrFileDescriptor } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0274db3f1767437 Filesystem access.
repo/packages/coding-agent/src/utils/photon.ts:22
const fs = require("fs") as typeof import("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f414a63d93dba3c Environment-variable access.
repo/packages/coding-agent/src/utils/shell.ts:73
		const programFiles = process.env.ProgramFiles;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6c444537bbfa3b91 Environment-variable access.
repo/packages/coding-agent/src/utils/shell.ts:77
		const programFilesX86 = process.env["ProgramFiles(x86)"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fac22d134343e99 Environment-variable access.
repo/packages/coding-agent/src/utils/shell.ts:124
	const currentPath = process.env[pathKey] ?? "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3dbfe51231c00208 Filesystem access.
repo/packages/coding-agent/src/utils/tools-manager.ts:4
import { chmodSync, createWriteStream, existsSync, mkdirSync, readdirSync, renameSync, rmSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b49705510839cc8 Environment-variable access.
repo/packages/coding-agent/src/utils/tools-manager.ts:16
	const value = process.env.PI_OFFLINE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/web-ui

npm first-party
high pii_flow production #6d850a60cafb4955 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:20 · flow /tmp/closeopen-3amdqrew/repo/packages/web-ui/scripts/count-prompt-tokens.ts:8 → /tmp/closeopen-3amdqrew/repo/packages/web-ui/scripts/count-prompt-tokens.ts:20
	const response = await fetch("https://api.anthropic.com/v1/messages/count_tokens", {
		method: "POST",
		headers: {
			"Content-Type": "application/json",
			"x-api-key": ANTHROPIC_API_KEY,
			"anthropic-version": "2023-06-01",
		},
		body: JSON.stringify({
			model: "claude-3-5-sonnet-20241022",
			messages: [
				{
					role: "user",
					content: text,
				},
			],
		}),
	});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 2 low-confidence finding(s)
low env_fs production #f7d68efa646f6219 Environment-variable access.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:8
const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b5d92bb42a7f4ba5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/web-ui/scripts/count-prompt-tokens.ts:20
	const response = await fetch("https://api.anthropic.com/v1/messages/count_tokens", {
		method: "POST",
		headers: {
			"Content-Type": "application/json",
			"x-api-key": ANTHROPIC_API_KEY,
			"anthropic-version": "2023-06-01",
		},
		body: JSON.stringify({
			model: "claude-3-5-sonnet-20241022",
			messages: [
				{
					role: "user",
					content: text,
				},
			],
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/coding-agent/examples/extensions/custom-provider-anthropic

npm first-party
expand_more 2 low-confidence finding(s)
low egress production #3648601f55acb967 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-anthropic/index.ts:97
	const tokenResponse = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "authorization_code",
			client_id: CLIENT_ID,
			code,
			state,
			redirect_uri: REDIRECT_URI,
			code_verifier: verifier,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #be7dc5ca7d4a69ca Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-anthropic/index.ts:128
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "refresh_token",
			client_id: CLIENT_ID,
			refresh_token: credentials.refresh,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/coding-agent/examples/extensions/custom-provider-gitlab-duo

npm first-party
expand_more 5 low-confidence finding(s)
low egress production #7c7374dbd5159ee7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:149
	const response = await fetch(`${GITLAB_COM_URL}/api/v4/ai/third_party_agents/direct_access`, {
		method: "POST",
		headers: { Authorization: `Bearer ${gitlabAccessToken}`, "Content-Type": "application/json" },
		body: JSON.stringify({ feature_flags: { DuoAgentPlatformNext: true } }),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2b9af64eeb263f1d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:210
	const tokenResponse = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "authorization_code",
			code,
			code_verifier: verifier,
			redirect_uri: REDIRECT_URI,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b94af43c7fff623b Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/index.ts:238
	const response = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "refresh_token",
			refresh_token: credentials.refresh,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6c54715dd2c23330 Filesystem access.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/test.ts:12
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #857f0b0c7d77bb5b Filesystem access.
repo/packages/coding-agent/examples/extensions/custom-provider-gitlab-duo/test.ts:32
	const authData = JSON.parse(readFileSync(authPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/coding-agent/examples/extensions/custom-provider-qwen-cli

npm first-party
expand_more 3 low-confidence finding(s)
low egress production #3e778c86a5b48ea8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:106
	const response = await fetch(QWEN_DEVICE_CODE_ENDPOINT, {
		method: "POST",
		headers,
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2aedacfc9dcfeec8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:170
		const response = await fetch(QWEN_TOKEN_ENDPOINT, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
				Accept: "application/json",
			},
			body: body.toString(),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #567b527e580397d4 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/coding-agent/examples/extensions/custom-provider-qwen-cli/index.ts:251
	const response = await fetch(QWEN_TOKEN_ENDPOINT, {
		method: "POST",
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
			Accept: "application/json",
		},
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/markdown-preview

npm first-party
expand_more 20 low-confidence finding(s)
low env_fs production #443478fb932df5f2 Filesystem access.
repo/packages/markdown-preview/index.ts:37
const ANNOTATION_HELPERS_SOURCE = readFileSync(new URL("./client/annotation-helpers.js", import.meta.url), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8c0d052133925db1 Environment-variable access.
repo/packages/markdown-preview/index.ts:1006
	const envPath = process.env.PUPPETEER_EXECUTABLE_PATH || process.env.CHROME_PATH || process.env.BROWSER;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9908536125e67d0 Filesystem access.
repo/packages/markdown-preview/index.ts:1040
		const buffer = await readFile(pngPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68e1b0e3430264f9 Filesystem access.
repo/packages/markdown-preview/index.ts:1044
			const meta = JSON.parse(await readFile(metaPath, "utf-8")) as { truncatedHeight?: boolean; pageCount?: number };

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #681bdd441fbd7054 Filesystem access.
repo/packages/markdown-preview/index.ts:1057
	await writeFile(pngPath, page.buffer);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b0a3de5f2ad9abc Filesystem access.
repo/packages/markdown-preview/index.ts:1060
	await writeFile(metaPath, JSON.stringify(meta), "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4662e84062871d20 Filesystem access.
repo/packages/markdown-preview/index.ts:1155
				await writeFile(tempHtmlPath, html, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6770185262764380 Environment-variable access.
repo/packages/markdown-preview/index.ts:1609
	const pandocCommand = process.env.PANDOC_PATH?.trim() || "pandoc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #157a2bb471c8c781 Filesystem access.
repo/packages/markdown-preview/index.ts:1705
	await writeFile(PDF_PREAMBLE_PATH, PDF_PREAMBLE, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0925a0f32a3e4a2d Environment-variable access.
repo/packages/markdown-preview/index.ts:1710
	const engine = process.env.PANDOC_PDF_ENGINE?.trim() || "xelatex";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #34dc1382687ffea6 Filesystem access.
repo/packages/markdown-preview/index.ts:1715
	await writeFile(texPath, latexSource, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e98cf7ee51b901a Environment-variable access.
repo/packages/markdown-preview/index.ts:1787
	const pandocCommand = process.env.PANDOC_PATH?.trim() || "pandoc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f1ef3241a9ea5ec2 Environment-variable access.
repo/packages/markdown-preview/index.ts:1789
	const pdfEngine = process.env.PANDOC_PDF_ENGINE?.trim() || "xelatex";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9db15210350fe5b Environment-variable access.
repo/packages/markdown-preview/index.ts:2029
	const pandocCommand = process.env.PANDOC_PATH?.trim() || "pandoc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #146fd744ea311acd Environment-variable access.
repo/packages/markdown-preview/index.ts:2105
	const requested = process.env.MERMAID_PDF_THEME?.trim().toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #145832cb53d8a947 Environment-variable access.
repo/packages/markdown-preview/index.ts:2113
	const mermaidCommand = process.env.MERMAID_CLI_PATH?.trim() || "mmdc";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #44d728457cd0995c Filesystem access.
repo/packages/markdown-preview/index.ts:2121
		await writeFile(inputPath, source, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf8f0d61ddb09cd8 Filesystem access.
repo/packages/markdown-preview/index.ts:2962
	await writeFile(htmlPath, html, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63f5262a11925836 Filesystem access.
repo/packages/markdown-preview/index.ts:3105
				const fileContent = await readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e555e034fbb6bbc1 Filesystem access.
repo/packages/markdown-preview/index.ts:3209
			const fileContent = await readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/mom

npm first-party
expand_more 25 low-confidence finding(s)
low env_fs production #7c2c1740bda09cfc Filesystem access.
repo/packages/mom/scripts/migrate-timestamps.ts:9
import { existsSync, readdirSync, readFileSync, statSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7341004edac96341 Filesystem access.
repo/packages/mom/scripts/migrate-timestamps.ts:39
	const content = readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #52de765b626c0604 Filesystem access.
repo/packages/mom/scripts/migrate-timestamps.ts:63
		writeFileSync(filePath, newLines.join("\n") + "\n", "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c851a05dd9f5b640 Filesystem access.
repo/packages/mom/src/agent.ts:15
import { existsSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aceb9b50a55d3657 Filesystem access.
repo/packages/mom/src/agent.ts:16
import { mkdir, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #489ba4b533b64f3d Filesystem access.
repo/packages/mom/src/agent.ts:76
			const content = readFileSync(workspaceMemoryPath, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aeb48a6042a4a444 Filesystem access.
repo/packages/mom/src/agent.ts:89
			const content = readFileSync(channelMemoryPath, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c8eac7a184600102 Filesystem access.
repo/packages/mom/src/agent.ts:757
							data: readFileSync(fullPath).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2814f15517db989c Filesystem access.
repo/packages/mom/src/agent.ts:778
			await writeFile(join(channelDir, "last_prompt.jsonl"), JSON.stringify(debugContext, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b040c55597f3d2b1 Filesystem access.
repo/packages/mom/src/context.ts:15
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1232522de8cff985 Filesystem access.
repo/packages/mom/src/context.ts:93
	const logContent = readFileSync(logFile, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #91de3f7046652ba2 Filesystem access.
repo/packages/mom/src/context.ts:164
		const current = existsSync(this.settingsPath) ? readFileSync(this.settingsPath, "utf-8") : undefined;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #457909f288c8ad82 Filesystem access.
repo/packages/mom/src/context.ts:174
		writeFileSync(this.settingsPath, next, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2f63478f84b7dbca Filesystem access.
repo/packages/mom/src/events.ts:2
import { existsSync, type FSWatcher, mkdirSync, readdirSync, statSync, unlinkSync, watch } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f90caa4b26e1187a Filesystem access.
repo/packages/mom/src/events.ts:3
import { readFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87e6e78990c583fa Filesystem access.
repo/packages/mom/src/events.ts:188
				const content = await readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a374b3cc6eec9b48 Environment-variable access.
repo/packages/mom/src/main.ts:16
const MOM_SLACK_APP_TOKEN = process.env.MOM_SLACK_APP_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf830788ba78879f Environment-variable access.
repo/packages/mom/src/main.ts:17
const MOM_SLACK_BOT_TOKEN = process.env.MOM_SLACK_BOT_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #adfe694f1f798c71 Filesystem access.
repo/packages/mom/src/slack.ts:3
import { appendFileSync, existsSync, mkdirSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f5d09b8a16e99a37 Filesystem access.
repo/packages/mom/src/slack.ts:207
		const fileContent = readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6eac3f0e889f8f04 Filesystem access.
repo/packages/mom/src/slack.ts:442
		const content = readFileSync(logPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f78527155223ed89 Filesystem access.
repo/packages/mom/src/store.ts:1
import { existsSync, mkdirSync, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d0b305bbee545c0 Filesystem access.
repo/packages/mom/src/store.ts:2
import { appendFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90a6d4cf0d026fc1 Filesystem access.
repo/packages/mom/src/store.ts:172
			const content = readFileSync(logPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62a81031803f3bb0 Filesystem access.
repo/packages/mom/src/store.ts:232
		await writeFile(filePath, Buffer.from(buffer));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/pods

npm first-party
expand_more 19 low-confidence finding(s)
low env_fs production #0bf7e43a149756a4 Filesystem access.
repo/packages/pods/src/cli.ts:4
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70e719db7b44a2a5 Filesystem access.
repo/packages/pods/src/cli.ts:16
const packageJson = JSON.parse(readFileSync(join(__dirname, "../package.json"), "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5543c2f241e3d57 Environment-variable access.
repo/packages/pods/src/cli.ts:336
				const apiKey = process.env.PI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f28e7123ae9678fb Filesystem access.
repo/packages/pods/src/commands/models.ts:3
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #93b6732f42c97333 Filesystem access.
repo/packages/pods/src/commands/models.ts:200
	let scriptContent = readFileSync(scriptPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cca03c0846cf51a1 Environment-variable access.
repo/packages/pods/src/commands/models.ts:220
		`HF_TOKEN='${process.env.HF_TOKEN}'`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c92e07b394dd7eb8 Environment-variable access.
repo/packages/pods/src/commands/models.ts:221
		`PI_API_KEY='${process.env.PI_API_KEY}'`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cf8e63e92d95c60f Environment-variable access.
repo/packages/pods/src/commands/models.ts:372
		console.log(chalk.white("API Key:     ") + chalk.yellow(process.env.PI_API_KEY || "(not set)"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #606de9fd37c002f1 Environment-variable access.
repo/packages/pods/src/commands/models.ts:377
		console.log(chalk.gray(`export OPENAI_API_KEY="${process.env.PI_API_KEY || "your-api-key"}"`));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc2818e38ffd392d Filesystem access.
repo/packages/pods/src/commands/models.ts:598
	const modelsJson = JSON.parse(readFileSync(modelsJsonPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #328740ef601c32cd Environment-variable access.
repo/packages/pods/src/commands/pods.ts:50
	const hfToken = process.env.HF_TOKEN;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e38514fb0bda618 Environment-variable access.
repo/packages/pods/src/commands/pods.ts:51
	const vllmApiKey = process.env.PI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ccd46059987aff58 Environment-variable access.
repo/packages/pods/src/commands/prompt.ts:66
		opts.apiKey || process.env.PI_API_KEY || "dummy",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b4ec47496ffb6fb1 Filesystem access.
repo/packages/pods/src/config.ts:1
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2000538cf6af0b76 Environment-variable access.
repo/packages/pods/src/config.ts:8
	const configDir = process.env.PI_CONFIG_DIR || join(homedir(), ".pi");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a5e38523fdd1c06e Filesystem access.
repo/packages/pods/src/config.ts:26
		const data = readFileSync(configPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8129f7e904f7c5d5 Filesystem access.
repo/packages/pods/src/config.ts:37
		writeFileSync(configPath, JSON.stringify(config, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcb7d4aa26748864 Filesystem access.
repo/packages/pods/src/model-configs.ts:1
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed189f06019f6087 Filesystem access.
repo/packages/pods/src/model-configs.ts:29
const modelsData: ModelsData = JSON.parse(readFileSync(modelsJsonPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/tui

npm first-party
expand_more 19 low-confidence finding(s)
low env_fs production #d2c235b6097eef74 Filesystem access.
repo/packages/tui/src/autocomplete.ts:2
import { readdirSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #64babee3b613254f Environment-variable access.
repo/packages/tui/src/keys.ts:705
		Boolean(process.env.WT_SESSION) && !process.env.SSH_CONNECTION && !process.env.SSH_CLIENT && !process.env.SSH_TTY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de1cdf5cb56ec005 Environment-variable access.
repo/packages/tui/src/sync-output.ts:59
		if (process.env.CAVE_SYNC_OUTPUT_MULTIPLEXER === "1" && identity.hostProgram) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #108f5cea92f88a62 Environment-variable access.
repo/packages/tui/src/terminal-detect.ts:57
	const v = process.env[name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23115b460dc3af1e Environment-variable access.
repo/packages/tui/src/terminal-image.ts:41
	const termProgram = process.env.TERM_PROGRAM?.toLowerCase() || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #123cc06fc1ac8e38 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:42
	const term = process.env.TERM?.toLowerCase() || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56a121486b13d8c4 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:43
	const colorTerm = process.env.COLORTERM?.toLowerCase() || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #27a5565ed71becd9 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:45
	if (process.env.KITTY_WINDOW_ID || termProgram === "kitty") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #68229a66cc9ad77a Environment-variable access.
repo/packages/tui/src/terminal-image.ts:49
	if (termProgram === "ghostty" || term.includes("ghostty") || process.env.GHOSTTY_RESOURCES_DIR) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1061735cc9191776 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:53
	if (process.env.WEZTERM_PANE || termProgram === "wezterm") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b517a0522f9da990 Environment-variable access.
repo/packages/tui/src/terminal-image.ts:57
	if (process.env.ITERM_SESSION_ID || termProgram === "iterm.app") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #db98cade4156e7f6 Environment-variable access.
repo/packages/tui/src/terminal.ts:88
		const env = process.env.PI_TUI_WRITE_LOG || "";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6fcd4f7a252647c9 Environment-variable access.
repo/packages/tui/src/tui.ts:130
	return Boolean(process.env.TERMUX_VERSION);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56a1fe3f612f7087 Environment-variable access.
repo/packages/tui/src/tui.ts:248
	private showHardwareCursor = process.env.PI_HARDWARE_CURSOR === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56ccea9b90bc9867 Environment-variable access.
repo/packages/tui/src/tui.ts:249
	private clearOnShrink = process.env.PI_CLEAR_ON_SHRINK === "1"; // Clear empty rows when content shrinks (default: off)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0275ea22ff4a8a1 Environment-variable access.
repo/packages/tui/src/tui.ts:1130
		const debugRedraw = process.env.PI_DEBUG_REDRAW === "1";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5db7ea091db29f20 Filesystem access.
repo/packages/tui/src/tui.ts:1304
				fs.writeFileSync(crashLogPath, crashData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #02b167c42c204f14 Environment-variable access.
repo/packages/tui/src/tui.ts:1343
		if (process.env.PI_TUI_DEBUG === "1") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #694bedc5cab166af Filesystem access.
repo/packages/tui/src/tui.ts:1369
			fs.writeFileSync(debugPath, debugData);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

@juliusbrussee/caveman-code

npm dependency
high pii_flow tooling Excluded from app score unknown #6bd697b90f035eea User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:371 · flow /tmp/closeopen-3amdqrew/pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:54 → /tmp/closeopen-3amdqrew/pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:371
			const response = await fetch(`${ANTIGRAVITY_ENDPOINT}/v1internal:streamGenerateContent?alt=sse`, {
				method: "POST",
				headers: {
					Authorization: `Bearer ${accessToken}`,
					"Content-Type": "application/json",
					Accept: "text/event-stream",
					...ANTIGRAVITY_HEADERS,
				},
				body: JSON.stringify(requestBody),
				signal,
			});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 42 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #5e63a8c35062e1b6 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:54
	"User-Agent": `antigravity/${process.env.PI_AI_ANTIGRAVITY_VERSION || DEFAULT_ANTIGRAVITY_VERSION} darwin/arm64`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ca03e6c33d9858e1 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:177
		const content = readFileSync(path, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #14b0ba5a8a9e41e9 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:194
	const envMode = (process.env.PI_IMAGE_SAVE_MODE || "").toLowerCase();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a081b55c07b23faa Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:212
		const dir = params.saveDir || process.env.PI_IMAGE_SAVE_DIR || config.saveDir;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #45cd8e670cd92473 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:237
		await writeFile(filePath, Buffer.from(base64Data, "base64"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #8f522eb99a2f57e4 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/antigravity-image-gen.ts:371
			const response = await fetch(`${ANTIGRAVITY_ENDPOINT}/v1internal:streamGenerateContent?alt=sse`, {
				method: "POST",
				headers: {
					Authorization: `Bearer ${accessToken}`,
					"Content-Type": "application/json",
					Accept: "text/event-stream",
					...ANTIGRAVITY_HEADERS,
				},
				body: JSON.stringify(requestBody),
				signal,
			});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #d2c82be2481ff0d6 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-anthropic/index.ts:97
	const tokenResponse = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "authorization_code",
			client_id: CLIENT_ID,
			code,
			state,
			redirect_uri: REDIRECT_URI,
			code_verifier: verifier,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #c6a72d41862a34c7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-anthropic/index.ts:128
	const response = await fetch(TOKEN_URL, {
		method: "POST",
		headers: { "Content-Type": "application/json" },
		body: JSON.stringify({
			grant_type: "refresh_token",
			client_id: CLIENT_ID,
			refresh_token: credentials.refresh,
		}),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #6a03e6b8703e5c7d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-gitlab-duo/index.ts:149
	const response = await fetch(`${GITLAB_COM_URL}/api/v4/ai/third_party_agents/direct_access`, {
		method: "POST",
		headers: { Authorization: `Bearer ${gitlabAccessToken}`, "Content-Type": "application/json" },
		body: JSON.stringify({ feature_flags: { DuoAgentPlatformNext: true } }),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #3266af02549aa5db Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-gitlab-duo/index.ts:210
	const tokenResponse = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "authorization_code",
			code,
			code_verifier: verifier,
			redirect_uri: REDIRECT_URI,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #7b2f36be88670e44 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-gitlab-duo/index.ts:238
	const response = await fetch(`${GITLAB_COM_URL}/oauth/token`, {
		method: "POST",
		headers: { "Content-Type": "application/x-www-form-urlencoded" },
		body: new URLSearchParams({
			client_id: BUNDLED_CLIENT_ID,
			grant_type: "refresh_token",
			refresh_token: credentials.refresh,
		}).toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #650d3bb509a7b43a Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-gitlab-duo/test.ts:12
import { readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1dae5cdd3eea12f6 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-gitlab-duo/test.ts:32
	const authData = JSON.parse(readFileSync(authPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #0e84804b8a109bab Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-qwen-cli/index.ts:106
	const response = await fetch(QWEN_DEVICE_CODE_ENDPOINT, {
		method: "POST",
		headers,
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #ec497c012bf84536 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-qwen-cli/index.ts:170
		const response = await fetch(QWEN_TOKEN_ENDPOINT, {
			method: "POST",
			headers: {
				"Content-Type": "application/x-www-form-urlencoded",
				Accept: "application/json",
			},
			body: body.toString(),
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #e81083a988376ec7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/custom-provider-qwen-cli/index.ts:251
	const response = await fetch(QWEN_TOKEN_ENDPOINT, {
		method: "POST",
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
			Accept: "application/json",
		},
		body: body.toString(),
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #0e65deb17cfea915 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/doom-overlay/doom-engine.ts:58
		const wadData = readFileSync(this.wadPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #464d46f65cc90338 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/doom-overlay/doom-engine.ts:62
		const doomJsCode = readFileSync(doomJsPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d338e5ac6382afb9 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/doom-overlay/wad-finder.ts:14
		const resolved = resolve(customPath.replace(/^~/, process.env.HOME || ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c418233005bafb09 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/doom-overlay/wad-finder.ts:26
		const resolved = resolve(p.replace(/^~/, process.env.HOME || ""));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #e50d671c63c19a19 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/examples/extensions/doom-overlay/wad-finder.ts:41
		const response = await fetch(WAD_URL);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #4ee49c33d42ea93b Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/doom-overlay/wad-finder.ts:46
		writeFileSync(BUNDLED_WAD, Buffer.from(buffer));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e8f5b9a20a9e1c20 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/file-trigger.ts:20
				const content = fs.readFileSync(triggerFile, "utf-8").trim();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f51224327a43ed6c Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/file-trigger.ts:30
					fs.writeFileSync(triggerFile, ""); // Clear after reading

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ab47d59eabf3d603 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/interactive-shell.ts:102
		process.env.INTERACTIVE_COMMANDS?.split(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e3a7148653780cc9 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/interactive-shell.ts:105
	const excluded = new Set(process.env.INTERACTIVE_EXCLUDE?.split(",").map((s) => s.trim().toLowerCase()) ?? []);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #12df24456e9e6f50 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/interactive-shell.ts:164
			const shell = process.env.SHELL || "/bin/sh";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8acd0c59cf6f18f7 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/notify.ts:42
	if (process.env.WT_SESSION) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #edcf22ac59775119 Environment-variable access.
pkgs/npm/@[email protected]/examples/extensions/notify.ts:44
	} else if (process.env.KITTY_WINDOW_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0c757589f9d39bd9 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/preset.ts:79
			const content = readFileSync(globalPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #048f45aac5c8d8a4 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/preset.ts:89
			const content = readFileSync(projectPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a4d6d46df6a9fc32 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/sandbox/index.ts:88
			globalConfig = JSON.parse(readFileSync(globalConfigPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #890ceccfaa07094a Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/sandbox/index.ts:96
			projectConfig = JSON.parse(readFileSync(projectConfigPath, "utf-8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dd513aa2b1b79b52 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/subagent/agents.ts:47
			content = fs.readFileSync(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b5baedb61df156e8 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/subagent/index.ts:215
		await fs.promises.writeFile(filePath, prompt, { encoding: "utf-8", mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6667122ada1debfa Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/tool-override.ts:26
import { constants, readFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3095d283fbaeb031 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/tool-override.ts:27
import { access, appendFile, readFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0fc14396667f5894 Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/tool-override.ts:100
				const content = await readFile(absolutePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c541685df6f5051e Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/tool-override.ts:136
				const log = readFileSync(LOG_FILE, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f4ee3557ff98732b Filesystem access.
pkgs/npm/@[email protected]/examples/extensions/truncated-tool.ts:115
					await writeFile(tempFile, output, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #13ec83813bab415c Environment-variable access.
pkgs/npm/@[email protected]/examples/sdk/12-full-control.ts:28
if (process.env.MY_ANTHROPIC_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #03cfcaa085dc77f3 Environment-variable access.
pkgs/npm/@[email protected]/examples/sdk/12-full-control.ts:29
	authStorage.setRuntimeApiKey("anthropic", process.env.MY_ANTHROPIC_KEY);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@anthropic-ai/sdk

npm dependency
expand_more 44 low-confidence finding(s)
low env_fs dependency Excluded from app score #10f5ee9801f3d09f Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:110
        configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6f16bef19aec2ff Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:210
        raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6bbc09efe68ee3b0 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.js:308
        return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b9797d8869608723 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:73
        configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc9a80d02e87cf3a Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:172
        raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d42c36464b21079 Filesystem access.
pkgs/npm/@[email protected]/core/credentials.mjs:268
        return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4cce3d24e9b85ca7 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/credential-chain.js:203
            const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4db91673fba977b7 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/credential-chain.mjs:166
            const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6ce152044babbe22 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/identity-token.js:51
            content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddf0bf5e2ffb68d8 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/identity-token.mjs:14
            content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2898a1c280266ae8 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/types.js:195
            await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9073f99e5b237387 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/types.mjs:154
            await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #156397a4665cc49b Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/user-oauth.js:56
            raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9f2cc746570befa4 Filesystem access.
pkgs/npm/@[email protected]/lib/credentials/user-oauth.mjs:20
            raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4e2ca8fd687a638a Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:154
    configRaw = await fs.promises.readFile(configPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec82779f08e60a4f Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:258
    raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b34e8ca5d9739cf1 Filesystem access.
pkgs/npm/@[email protected]/src/core/credentials.ts:372
    return (await fs.promises.readFile(filePath, 'utf-8')).trim() || 'default';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #378416ed0a1ebb4b Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/credential-chain.ts:250
      const raw = await fs.promises.readFile(credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #edb6d35fd172d76f Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/identity-token.ts:17
      content = await fs.promises.readFile(path, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b19c35a82a73f1b9 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/types.ts:222
      await fh.writeFile(JSON.stringify(data, null, 2));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #23321a63f5d83a41 Filesystem access.
pkgs/npm/@[email protected]/src/lib/credentials/user-oauth.ts:45
      raw = await fs.promises.readFile(config.credentialsPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6216c68779774eeb Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/fs-util.ts:112
    await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3b87ddb1251a3e04 Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:457
        data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7afd703f8104711f Filesystem access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:533
        data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a6993a016f0431b5 Environment-variable access.
pkgs/npm/@[email protected]/src/tools/agent-toolset/node.ts:806
  const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2b5b00af42f94c2a Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:4
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #330823c28e760e8c Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:52
    await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a1cfac2bc0bf1c74 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:101
    return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8bdec0baf4de93f1 Filesystem access.
pkgs/npm/@[email protected]/src/tools/memory/node.ts:256
      await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #55e57d8f1b22b5d0 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/fs-util.js:115
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #be17451fcc25221a Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/fs-util.mjs:107
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e49c37908fa05c72 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:390
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6dff7a0ce4c22ef0 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:469
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #540c0dc849e7564f Environment-variable access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.js:755
    const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9a798ff51ade3534 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:375
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d6a762c007d6c887 Filesystem access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:454
                data = await fs.readFile(abs, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #36fcbf92de86a830 Environment-variable access.
pkgs/npm/@[email protected]/tools/agent-toolset/node.mjs:740
    const dirs = (process.env['PATH'] ?? '').split(path.delimiter);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ed8e0e3b9004b77c Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:43
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #25a11a36dd1009e9 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:91
        return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #adf32365883b326d Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.js:213
            await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #79c5229df7760723 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:2
import * as fs from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b6c2a0e22a61efcb Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:38
        await handle.writeFile(content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6f19b79db46071cb Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:86
        return await fs.readFile(fullPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b24a0fdffd864284 Filesystem access.
pkgs/npm/@[email protected]/tools/memory/node.mjs:208
            await handle.writeFile(command.file_text, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@mariozechner/jiti

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #d8c94cbea379b00a Environment-variable access.
pkgs/npm/@[email protected]/lib/jiti-cli.mjs:15
if (nodeModule.enableCompileCache && !process.env.NODE_DISABLE_COMPILE_CACHE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c547cae41a26f6b8 Filesystem access.
pkgs/npm/@[email protected]/lib/jiti-hooks.mjs:45
  const rawSource = await readFile(filename, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #efdea3da7883db16 Filesystem access.
pkgs/npm/@[email protected]/lib/jiti-hooks.mjs:121
    return JSON.parse(await readFile(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@mistralai/mistralai

npm dependency
expand_more 35 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #1fa5edad077aa496 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_audio_transcription_diarize.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #957321408c369523 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_audio_transcription_stream.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b1c901b60c24b29d Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_batch_jobs.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0a283afac30ac826 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_no_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f83e4e59c26aa248 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_prediction.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #73a1d416262d23d7 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2b2bd9ee39ef7591 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_chat_with_image_no_streaming.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b1e12e86b061a2d Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_conversation_agent.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #111a616e6679d218 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_embeddings.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #480c4879b990ad6a Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_files.ts:1
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9fb2ec1efb90ba4a Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_files.ts:6
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #bfc13ca3184f560f Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_files.ts:19
const blob = new Blob([fs.readFileSync(filePath)], {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3e54fda0075e7e15 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_function_calling.ts:4
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7e26aa4e73d16fec Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_function_calling_streaming.ts:4
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b2add16696d61ff Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_jobs.ts:1
import * as fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0b2a3a7081a1e969 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_jobs.ts:6
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e7e6d8fd27733d8f Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_jobs.ts:19
const blob = new Blob([fs.readFileSync(filePath)], {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #71003bcabba12ee8 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_json_format.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2cd8751129106b71 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_list_models.ts:3
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d8c3fcb2973bc754 Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_file.ts:2
import fs from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3a3c1029c17f2941 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_file.ts:6
const apiKey = process.env.MISTRAL_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3ade4fbf73af274d Filesystem access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_file.ts:16
const uploaded_file = fs.readFileSync(filePath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #fad274d7298fae13 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_ocr_process_from_url.ts:3
const apiKey = process.env.MISTRAL_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #55450d92339788da Environment-variable access.
pkgs/npm/@[email protected]/examples/src/async_structured_outputs.ts:4
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #05b8b8e05b9f9bec Environment-variable access.
pkgs/npm/@[email protected]/examples/src/azure/async_chat_no_streaming.ts:3
const azureAPIKey = process.env["AZURE_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #728f281f73d441cf Environment-variable access.
pkgs/npm/@[email protected]/examples/src/azure/async_chat_no_streaming.ts:8
const azureEndpoint = process.env["AZURE_ENDPOINT"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #537ae908c4b7eb2b Environment-variable access.
pkgs/npm/@[email protected]/examples/src/error_handling.ts:4
const apiKey = process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1867261d6a20d0d9 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/gcp/async_chat_no_streaming.ts:3
const projectId = process.env["GOOGLE_PROJECT_ID"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a2cd09cfc9df27db Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_microphone.ts:38
      default: process.env["MISTRAL_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dc7bee994270b719 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_microphone.ts:43
      default: process.env["MISTRAL_BASE_URL"] ?? "wss://api.mistral.ai",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b42b5dc79cb6e8f2 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_microphone.ts:107
  const apiKey = args.apiKey ?? process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c486d685fc241155 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_transcription.ts:46
      default: process.env["MISTRAL_API_KEY"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b1ee819a31374574 Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_transcription.ts:51
      default: process.env["MISTRAL_BASE_URL"] ?? "https://api.mistral.ai",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #335064059654ef3c Environment-variable access.
pkgs/npm/@[email protected]/examples/src/realtime_transcription.ts:162
  const apiKey = args.apiKey ?? process.env["MISTRAL_API_KEY"];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a571a06cde1a5a9d Environment-variable access.
pkgs/npm/@[email protected]/packages/mistralai-azure/examples/chatComplete.example.ts:17
  apiKey: process.env["MISTRAL_API_KEY"] ?? "",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@silvia-odwyer/photon-node

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #3821f4dda2de7091 Filesystem access.
pkgs/npm/@[email protected]/photon_rs.js:4513
const bytes = require('fs').readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

better-sqlite3

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #ad846cb633ebb265 Filesystem access.
pkgs/npm/[email protected]/deps/copy.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4736afaf1c9bdf84 Filesystem access.
pkgs/npm/[email protected]/lib/database.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1526ab66d762f650 Filesystem access.
pkgs/npm/[email protected]/lib/methods/backup.js:2
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

canvas

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #0aac80966e28f03f Filesystem access.
pkgs/npm/[email protected]/index.js:7
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9fab076d653e6fe8 Filesystem access.
pkgs/npm/[email protected]/util/has_lib.js:2
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #126432e0f1bdc46a Environment-variable access.
pkgs/npm/[email protected]/util/has_lib.js:62
    process.env.PATH = '...'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ffe063355277d2b Filesystem access.
pkgs/npm/[email protected]/util/win_jpeg_lookup.js:1
const fs = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

extract-zip

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #4112a8709dee7b96 Filesystem access.
pkgs/npm/[email protected]/index.js:3
const { createWriteStream, promises: fs } = require('fs')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

husky

npm dependency
expand_more 9 low-confidence finding(s)
low env_fs dependency Excluded from app score #8b874c74d9e15a7a Filesystem access.
pkgs/npm/[email protected]/bin.js:2
import f, { writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0fbc28b2300985d8 Filesystem access.
pkgs/npm/[email protected]/bin.js:12
	s = f.readFileSync(n)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #952601b4ac2f03e8 Filesystem access.
pkgs/npm/[email protected]/bin.js:15
	w(n, JSON.stringify(o, 0, /\t/.test(s) ? '\t' : 2) + '\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2c009d599f734ff Filesystem access.
pkgs/npm/[email protected]/bin.js:18
	w('.husky/pre-commit', (p.env.npm_config_user_agent?.split('/')[0] ?? 'npm') + ' test\n')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0799379c9f52d94d Filesystem access.
pkgs/npm/[email protected]/index.js:2
import f, { readdir, writeFileSync as w } from 'fs'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #cea91b3007fb937d Environment-variable access.
pkgs/npm/[email protected]/index.js:9
	if (process.env.HUSKY === '0') return 'HUSKY=0 skip install'

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ad0b8e699864f8c Filesystem access.
pkgs/npm/[email protected]/index.js:20
	w(_('.gitignore'), '*')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6b248ddb15f64d0c Filesystem access.
pkgs/npm/[email protected]/index.js:22
	l.forEach(h => w(_(h), `#!/usr/bin/env sh\n. "\$(dirname "\$0")/h"`, { mode: 0o755 }))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3be7a177f461d250 Filesystem access.
pkgs/npm/[email protected]/index.js:23
	w(_('husky.sh'), msg)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ollama

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #2168dc3293c62ac7 Filesystem access.
pkgs/npm/[email protected]/src/index.ts:18
        const fileBuffer = await promises.readFile(resolve(image))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

openai

npm dependency
expand_more 3 low-confidence finding(s)
low env_fs dependency Excluded from app score #a5d5d3e3763ed3a3 Environment-variable access.
pkgs/npm/[email protected]/azure.js:44
                endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #dc41f23b1d203e50 Environment-variable access.
pkgs/npm/[email protected]/azure.mjs:40
                endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cf1a51e2fd5fd84 Environment-variable access.
pkgs/npm/[email protected]/src/azure.ts:97
        endpoint = process.env['AZURE_OPENAI_ENDPOINT'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

pdfjs-dist

npm dependency
expand_more 7 low-confidence finding(s)
low egress dependency Excluded from app score #fc9d73e1ac21cfb8 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/legacy/image_decoders/pdf.image_decoders.min.mjs:25
 */var e={34:(e,t,r)=>{var n=r(4901);e.exports=function(e){return"object"==typeof e?null!==e:n(e)}},81:(e,t,r)=>{var n=r(9565),i=r(9306),o=r(8551),s=r(6823),a=r(851),c=TypeError;e.exports=function(e,t){var r=arguments.length<2?a(e):t;if(i(r))return o(n(r,e));throw new c(s(e)+" is not iterable")}},283:(e,t,r)=>{var n=r(9504),i=r(9039),o=r(4901),s=r(9297),a=r(3724),c=r(350).CONFIGURABLE,f=r(3706),u=r(1181),l=u.enforce,h=u.get,d=String,p=Object.defineProperty,m=n("".slice),g=n("".replace),y=n([].join),b=a&&!i(function(){return 8!==p(function(){},"length",{value:8}).length}),w=String(String).split("String"),v=e.exports=function(e,t,r){"Symbol("===m(d(t),0,7)&&(t="["+g(d(t),/^Symbol\(([^)]*)\).*$/,"$1")+"]");r&&r.getter&&(t="get "+t);r&&r.setter&&(t="set "+t);(!s(e,"name")||c&&e.name!==t)&&(a?p(e,"name",{value:t,configurable:!0}):e.name=t);b&&r&&s(r,"arity")&&e.length!==r.arity&&p(e,"length",{value:r.arity});try{r&&s(r,"constructor")&&r.constructor?a&&p(e,"prototype",{writable:!1}):e.prototype&&(e.prototype=void 0)}catch(e){}var n=l(e);s(n,"source")||(n.source=y(w,"string"==typeof t?t:""));return e};Function.prototype.toString=v(function toString(){return o(this)&&h(this).source||f(this)},"toString")},350:(e,t,r)=>{var n=r(3724),i=r(9297),o=Function.prototype,s=n&&Object.getOwnPropertyDescriptor,a=i(o,"name"),c=a&&"something"===function something(){}.name,f=a&&(!n||n&&s(o,"name").configurable);e.exports={EXISTS:a,PROPER:c,CONFIGURABLE:f}},397:(e,t,r)=>{var n=r(7751);e.exports=n("document","documentElement")},421:e=>{e.exports={}},456:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(9504),s=r(4154),a=r(5169),c=o(1.1.toString),f=i.Uint8Array,u=!f||!f.prototype.toHex||!function(){try{return"ffffffffffffffff"===new f([255,255,255,255,255,255,255,255]).toHex()}catch(e){return!1}}();f&&n({target:"Uint8Array",proto:!0,forced:u},{toHex:function toHex(){s(this);a(this.buffer);for(var e="",t=0,r=this.length;t<r;t++){var n=c(this[t],16);e+=1===n.length?"0"+n:n}return e}})},507:(e,t,r)=>{var n=r(9565);e.exports=function(e,t,r){for(var i,o,s=r?e:e.iterator,a=e.next;!(i=n(a,s)).done;)if(void 0!==(o=t(i.value)))return o}},616:(e,t,r)=>{var n=r(9039);e.exports=!n(function(){var e=function(){}.bind();return"function"!=typeof e||e.hasOwnProperty("prototype")})},655:(e,t,r)=>{var n=r(6955),i=String;e.exports=function(e){if("Symbol"===n(e))throw new TypeError("Cannot convert a Symbol value to a string");return i(e)}},679:(e,t,r)=>{var n=r(1625),i=TypeError;e.exports=function(e,t){if(n(t,e))return e;throw new i("Incorrect invocation")}},684:e=>{e.exports=function(e,t){var r="function"==typeof Iterator&&Iterator.prototype[e];if(r)try{r.call({next:null},t).next()}catch(e){return!0}}},741:e=>{var t=Math.ceil,r=Math.floor;e.exports=Math.trunc||function trunc(e){var n=+e;return(n>0?r:t)(n)}},757:(e,t,r)=>{var n=r(7751),i=r(4901),o=r(1625),s=r(7040),a=Object;e.exports=s?function(e){return"symbol"==typeof e}:function(e){var t=n("Symbol");return i(t)&&o(t.prototype,a(e))}},851:(e,t,r)=>{var n=r(6955),i=r(5966),o=r(4117),s=r(6269),a=r(8227)("iterator");e.exports=function(e){if(!o(e))return i(e,a)||i(e,"@@iterator")||s[n(e)]}},944:e=>{var t=TypeError;e.exports=function(e){var r=e&&e.alphabet;if(void 0===r||"base64"===r||"base64url"===r)return r||"base64";throw new t("Incorrect `alphabet` option")}},1072:(e,t,r)=>{var n=r(1828),i=r(8727);e.exports=Object.keys||function keys(e){return n(e,i)}},1103:e=>{e.exports=function(e){try{return{error:!1,value:e()}}catch(e){return{error:!0,value:e}}}},1108:(e,t,r)=>{var n=r(6955);e.exports=function(e){var t=n(e);return"BigInt64Array"===t||"BigUint64Array"===t}},1148:(e,t,r)=>{var n=r(6518),i=r(9565),o=r(2652),s=r(9306),a=r(8551),c=r(1767),f=r(9539),u=r(4549)("every",TypeError);n({target:"Iterator",proto:!0,real:!0,forced:u},{every:function every(e){a(this);try{s(e)}catch(e){f(this,"throw",e)}if(u)return i(u,this,e);var t=c(this),r=0;return!o(t,function(t,n){if(!e(t,r++))return n()},{IS_RECORD:!0,INTERRUPTED:!0}).stopped}})},1181:(e,t,r)=>{var n,i,o,s=r(8622),a=r(4576),c=r(34),f=r(6699),u=r(9297),l=r(7629),h=r(6119),d=r(421),p="Object already initialized",m=a.TypeError,g=a.WeakMap;if(s||l.state){var y=l.state||(l.state=new g);y.get=y.get;y.has=y.has;y.set=y.set;n=function(e,t){if(y.has(e))throw new m(p);t.facade=e;y.set(e,t);return t};i=function(e){return y.get(e)||{}};o=function(e){return y.has(e)}}else{var b=h("state");d[b]=!0;n=function(e,t){if(u(e,b))throw new m(p);t.facade=e;f(e,b,t);return t};i=function(e){return u(e,b)?e[b]:{}};o=function(e){return u(e,b)}}e.exports={set:n,get:i,has:o,enforce:function(e){return o(e)?i(e):n(e,{})},getterFor:function(e){return function(t){var r;if(!c(t)||(r=i(t)).type!==e)throw new m("Incompatible receiver, "+e+" required");return r}}}},1291:(e,t,r)=>{var n=r(741);e.exports=function(e){var t=+e;return t!=t||0===t?0:n(t)}},1385:(e,t,r)=>{var n=r(9539);e.exports=function(e,t,r){for(var i=e.length-1;i>=0;i--)if(void 0!==e[i])try{r=n(e[i].iterator,t,r)}catch(e){t="throw";r=e}if("throw"===t)throw r;return r}},1548:(e,t,r)=>{var n=r(4576),i=r(9039),o=r(9519),s=r(4215),a=n.structuredClone;e.exports=!!a&&!i(function(){if("DENO"===s&&o>92||"NODE"===s&&o>94||"BROWSER"===s&&o>97)return!1;var e=new ArrayBuffer(8),t=a(e,{transfer:[e]});return 0!==e.byteLength||8!==t.byteLength})},1549:(e,t,r)=>{r(6632)},1625:(e,t,r)=>{var n=r(9504);e.exports=n({}.isPrototypeOf)},1689:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(8745),s=r(7680),a=r(6043),c=r(9306),f=r(1103),u=i.Promise,l=!1;n({target:"Promise",stat:!0,forced:!u||!u.try||f(function(){u.try(function(e){l=8===e},8)}).error||!l},{try:function(e){var t=arguments.length>1?s(arguments,1):[],r=a.f(this),n=f(function(){return o(c(e),void 0,t)});(n.error?r.reject:r.resolve)(n.value);return r.promise}})},1698:(e,t,r)=>{var n=r(6518),i=r(4204),o=r(9835);n({target:"Set",proto:!0,real:!0,forced:!r(4916)("union")||!o("union")},{union:i})},1701:(e,t,r)=>{var n=r(6518),i=r(9565),o=r(9306),s=r(8551),a=r(1767),c=r(9462),f=r(6319),u=r(9539),l=r(684),h=r(4549),d=r(6395),p=!d&&!l("map",function(){}),m=!d&&!p&&h("map",TypeError),g=d||p||m,y=c(function(){var e=this.iterator,t=s(i(this.next,e));if(!(this.done=!!t.done))return f(e,this.mapper,[t.value,this.counter++],!0)});n({target:"Iterator",proto:!0,real:!0,forced:g},{map:function map(e){s(this);try{o(e)}catch(e){u(this,"throw",e)}return m?i(m,this,e):new y(a(this),{mapper:e})}})},1767:e=>{e.exports=function(e){return{iterator:e,next:e.next,done:!1}}},1828:(e,t,r)=>{var n=r(9504),i=r(9297),o=r(5397),s=r(9617).indexOf,a=r(421),c=n([].push);e.exports=function(e,t){var r,n=o(e),f=0,u=[];for(r in n)!i(a,r)&&i(n,r)&&c(u,r);for(;t.length>f;)i(n,r=t[f++])&&(~s(u,r)||c(u,r));return u}},2106:(e,t,r)=>{var n=r(283),i=r(4913);e.exports=function(e,t,r){r.get&&n(r.get,t,{getter:!0});r.set&&n(r.set,t,{setter:!0});return i.f(e,t,r)}},2140:(e,t,r)=>{var n={};n[r(8227)("toStringTag")]="z";e.exports="[object z]"===String(n)},2195:(e,t,r)=>{var n=r(9504),i=n({}.toString),o=n("".slice);e.exports=function(e){return o(i(e),8,-1)}},2211:(e,t,r)=>{var n=r(9039);e.exports=!n(function(){function F(){}F.prototype.constructor=null;return Object.getPrototypeOf(new F)!==F.prototype})},2303:(e,t,r)=>{var n=r(4576),i=r(9504),o=n.Uint8Array,s=n.SyntaxError,a=n.parseInt,c=Math.min,f=/[^\da-f]/i,u=i(f.exec),l=i("".slice);e.exports=function(e,t){var r=e.length;if(r%2!=0)throw new s("String should be an even number of characters");for(var n=t?c(t.length,r/2):r/2,i=t||new o(n),h=0,d=0;d<n;){var p=l(e,h,h+=2);if(u(f,p))throw new s("String should only contain hex characters");i[d++]=a(p,16)}return{bytes:i,read:h}}},2360:(e,t,r)=>{var n,i=r(8551),o=r(6801),s=r(8727),a=r(421),c=r(397),f=r(4055),u=r(6119),l="prototype",h="script",d=u("IE_PROTO"),EmptyConstructor=function(){},scriptTag=function(e){return"<"+h+">"+e+"</"+h+">"},NullProtoObjectViaActiveX=function(e){e.write(scriptTag(""));e.close();var t=e.parentWindow.Object;e=null;return t},NullProtoObject=function(){try{n=new ActiveXObject("htmlfile")}catch(e){}NullProtoObject="undefined"!=typeof document?document.domain&&n?NullProtoObjectViaActiveX(n):function(){var e,t=f("iframe"),r="java"+h+":";t.style.display="none";c.appendChild(t);t.src=String(r);(e=t.contentWindow.document).open();e.write(scriptTag("document.F=Object"));e.close();return e.F}():NullProtoObjectViaActiveX(n);for(var e=s.length;e--;)delete NullProtoObject[l][s[e]];return NullProtoObject()};a[d]=!0;e.exports=Object.create||function create(e,t){var r;if(null!==e){EmptyConstructor[l]=i(e);r=new EmptyConstructor;EmptyConstructor[l]=null;r[d]=e}else r=NullProtoObject();return void 0===t?r:o.f(r,t)}},2475:(e,t,r)=>{var n=r(6518),i=r(8527);n({target:"Set",proto:!0,real:!0,forced:!r(4916)("isSupersetOf",function(e){return!e})},{isSupersetOf:i})},2529:e=>{e.exports=function(e,t){return{value:e,done:t}}},2603:(e,t,r)=>{var n=r(655);e.exports=function(e,t){return void 0===e?arguments.length<2?"":t:n(e)}},2652:(e,t,r)=>{var n=r(6080),i=r(9565),o=r(8551),s=r(6823),a=r(4209),c=r(6198),f=r(1625),u=r(81),l=r(851),h=r(9539),d=TypeError,Result=function(e,t){this.stopped=e;this.result=t},p=Result.prototype;e.exports=function(e,t,r){var m,g,y,b,w,v,_,x=r&&r.that,C=!(!r||!r.AS_ENTRIES),S=!(!r||!r.IS_RECORD),R=!(!r||!r.IS_ITERATOR),A=!(!r||!r.INTERRUPTED),B=n(t,x),stop=function(e){m&&h(m,"normal");return new Result(!0,e)},callFn=function(e){if(C){o(e);return A?B(e[0],e[1],stop):B(e[0],e[1])}return A?B(e,stop):B(e)};if(S)m=e.iterator;else if(R)m=e;else{if(!(g=l(e)))throw new d(s(e)+" is not iterable");if(a(g)){for(y=0,b=c(e);b>y;y++)if((w=callFn(e[y]))&&f(p,w))return w;return new Result(!1)}m=u(e,g)}v=S?e.next:m.next;for(;!(_=i(v,m)).done;){try{w=callFn(_.value)}catch(e){h(m,"throw",e)}if("object"==typeof w&&w&&f(p,w))return w}return new Result(!1)}},2777:(e,t,r)=>{var n=r(9565),i=r(34),o=r(757),s=r(5966),a=r(4270),c=r(8227),f=TypeError,u=c("toPrimitive");e.exports=function(e,t){if(!i(e)||o(e))return e;var r,c=s(e,u);if(c){void 0===t&&(t="default");r=n(c,e,t);if(!i(r)||o(r))return r;throw new f("Can't convert object to primitive value")}void 0===t&&(t="number");return a(e,t)}},2787:(e,t,r)=>{var n=r(9297),i=r(4901),o=r(8981),s=r(6119),a=r(2211),c=s("IE_PROTO"),f=Object,u=f.prototype;e.exports=a?f.getPrototypeOf:function(e){var t=o(e);if(n(t,c))return t[c];var r=t.constructor;return i(r)&&t instanceof r?r.prototype:t instanceof f?u:null}},2796:(e,t,r)=>{var n=r(9039),i=r(4901),o=/#|\.prototype\./,isForced=function(e,t){var r=a[s(e)];return r===f||r!==c&&(i(t)?n(t):!!t)},s=isForced.normalize=function(e){return String(e).replace(o,".").toLowerCase()},a=isForced.data={},c=isForced.NATIVE="N",f=isForced.POLYFILL="P";e.exports=isForced},2804:e=>{var t="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",r=t+"+/",n=t+"-_",inverse=function(e){for(var t={},r=0;r<64;r++)t[e.charAt(r)]=r;return t};e.exports={i2c:r,c2i:inverse(r),i2cUrl:n,c2iUrl:inverse(n)}},2812:e=>{var t=TypeError;e.exports=function(e,r){if(e<r)throw new t("Not enough arguments");return e}},2839:(e,t,r)=>{var n=r(4576).navigator,i=n&&n.userAgent;e.exports=i?String(i):""},2967:(e,t,r)=>{var n=r(6706),i=r(34),o=r(7750),s=r(3506);e.exports=Object.setPrototypeOf||("__proto__"in{}?function(){var e,t=!1,r={};try{(e=n(Object.prototype,"__proto__","set"))(r,[]);t=r instanceof Array}catch(e){}return function setPrototypeOf(r,n){o(r);s(n);if(!i(r))return r;t?e(r,n):r.__proto__=n;return r}}():void 0)},3068:(e,t,r)=>{var n=r(6518),i=r(9504),o=r(2652),s=RangeError,a=TypeError,c=1/0,f=Math.abs,u=Math.pow,l=i([].push),h=u(2,1023),d=u(2,53)-1,p=Number.MAX_VALUE,m=u(2,971),g={},y={},b={},w={},v={},twosum=function(e,t){var r=e+t;return{hi:r,lo:t-(r-e)}};n({target:"Math",stat:!0},{sumPrecise:function sumPrecise(e){var t=[],r=0,n=w;o(e,function(e){if(++r>=d)throw new s("Maximum allowed index exceeded");if("number"!=typeof e)throw new a("Value is not a number");if(n!==g)if(e!=e)n=g;else if(e===c)n=n===y?g:b;else if(e===-1/0)n=n===b?g:y;else if(!(0===e&&1/e!==c||n!==w&&n!==v)){n=v;l(t,e)}});switch(n){case g:return NaN;case y:return-1/0;case b:return c;case w:return-0}for(var i,u,_,x,C,S,R=[],A=0,B=0;B<t.length;B++){i=t[B];for(var I=0,E=0;E<R.length;E++){u=R[E];if(f(i)<f(u)){S=i;i=u;u=S}x=(_=twosum(i,u)).hi;C=_.lo;if(f(x)===c){var k=x===c?1:-1;A+=k;if(f(i=i-k*h-k*h)<f(u)){S=i;i=u;u=S}x=(_=twosum(i,u)).hi;C=_.lo}0!==C&&(R[I++]=C);i=x}R.length=I;0!==i&&l(R,i)}var T=R.length-1;x=0;C=0;if(0!==A){var D=T>=0?R[T]:0;T--;if(f(A)>1||A>0&&D>0||A<0&&D<0)return A>0?c:-1/0;x=(_=twosum(A*h,D/2)).hi;C=_.lo;C*=2;if(f(2*x)===c)return x>0?x===h&&C===-m/2&&T>=0&&R[T]<0?p:c:x===-h&&C===m/2&&T>=0&&R[T]>0?-p:-1/0;if(0!==C){R[++T]=C;C=0}x*=2}for(;T>=0;){x=(_=twosum(x,R[T--])).hi;if(0!==(C=_.lo))break}T>=0&&(C<0&&R[T]<0||C>0&&R[T]>0)&&(u=2*C)===(i=x+u)-x&&(x=i);return x}})},3167:(e,t,r)=>{var n=r(4901),i=r(34),o=r(2967);e.exports=function(e,t,r){var s,a;o&&n(s=t.constructor)&&s!==r&&i(a=s.prototype)&&a!==r.prototype&&o(e,a);return e}},3238:(e,t,r)=>{var n=r(4576),i=r(7811),o=r(7394),s=n.DataView;e.exports=function(e){if(!i||0!==o(e))return!1;try{new s(e);return!1}catch(e){return!0}}},3392:(e,t,r)=>{var n=r(9504),i=0,o=Math.random(),s=n(1.1.toString);e.exports=function(e){return"Symbol("+(void 0===e?"":e)+")_"+s(++i+o,36)}},3440:(e,t,r)=>{var n=r(7080),i=r(4402),o=r(9286),s=r(5170),a=r(3789),c=r(8469),f=r(507),u=i.has,l=i.remove;e.exports=function difference(e){var t=n(this),r=a(e),i=o(t);s(t)<=r.size?c(t,function(e){r.includes(e)&&l(i,e)}):f(r.getIterator(),function(e){u(i,e)&&l(i,e)});return i}},3463:e=>{var t=TypeError;e.exports=function(e){if("string"==typeof e)return e;throw new t("Argument is not a string")}},3506:(e,t,r)=>{var n=r(3925),i=String,o=TypeError;e.exports=function(e){if(n(e))return e;throw new o("Can't set "+i(e)+" as a prototype")}},3650:(e,t,r)=>{var n=r(7080),i=r(4402),o=r(9286),s=r(3789),a=r(507),c=i.add,f=i.has,u=i.remove;e.exports=function symmetricDifference(e){var t=n(this),r=s(e).getIterator(),i=o(t);a(r,function(e){f(t,e)?u(i,e):c(i,e)});return i}},3706:(e,t,r)=>{var n=r(9504),i=r(4901),o=r(7629),s=n(Function.toString);i(o.inspectSource)||(o.inspectSource=function(e){return s(e)});e.exports=o.inspectSource},3717:(e,t)=>{t.f=Object.getOwnPropertySymbols},3724:(e,t,r)=>{var n=r(9039);e.exports=!n(function(){return 7!==Object.defineProperty({},1,{get:function(){return 7}})[1]})},3789:(e,t,r)=>{var n=r(9306),i=r(8551),o=r(9565),s=r(1291),a=r(1767),c="Invalid size",f=RangeError,u=TypeError,l=Math.max,SetRecord=function(e,t){this.set=e;this.size=l(t,0);this.has=n(e.has);this.keys=n(e.keys)};SetRecord.prototype={getIterator:function(){return a(i(o(this.keys,this.set)))},includes:function(e){return o(this.has,this.set,e)}};e.exports=function(e){i(e);var t=+e.size;if(t!=t)throw new u(c);var r=s(t);if(r<0)throw new f(c);return new SetRecord(e,r)}},3838:(e,t,r)=>{var n=r(7080),i=r(5170),o=r(8469),s=r(3789);e.exports=function isSubsetOf(e){var t=n(this),r=s(e);return!(i(t)>r.size)&&!1!==o(t,function(e){if(!r.includes(e))return!1},!0)}},3853:(e,t,r)=>{var n=r(6518),i=r(4449);n({target:"Set",proto:!0,real:!0,forced:!r(4916)("isDisjointFrom",function(e){return!e})},{isDisjointFrom:i})},3925:(e,t,r)=>{var n=r(34);e.exports=function(e){return n(e)||null===e}},3972:(e,t,r)=>{var n=r(34),i=String,o=TypeError;e.exports=function(e){if(void 0===e||n(e))return e;throw new o(i(e)+" is not an object or undefined")}},4055:(e,t,r)=>{var n=r(4576),i=r(34),o=n.document,s=i(o)&&i(o.createElement);e.exports=function(e){return s?o.createElement(e):{}}},4114:(e,t,r)=>{var n=r(6518),i=r(8981),o=r(6198),s=r(4527),a=r(6837);n({target:"Array",proto:!0,arity:1,forced:r(9039)(function(){return 4294967297!==[].push.call({length:4294967296},1)})||!function(){try{Object.defineProperty([],"length",{writable:!1}).push()}catch(e){return e instanceof TypeError}}()},{push:function push(e){var t=i(this),r=o(t),n=arguments.length;a(r+n);for(var c=0;c<n;c++){t[r]=arguments[c];r++}s(t,r);return r}})},4117:e=>{e.exports=function(e){return null==e}},4154:(e,t,r)=>{var n=r(6955),i=TypeError;e.exports=function(e){if("Uint8Array"===n(e))return e;throw new i("Argument is not an Uint8Array")}},4204:(e,t,r)=>{var n=r(7080),i=r(4402).add,o=r(9286),s=r(3789),a=r(507);e.exports=function union(e){var t=n(this),r=s(e).getIterator(),c=o(t);a(r,function(e){i(c,e)});return c}},4209:(e,t,r)=>{var n=r(8227),i=r(6269),o=n("iterator"),s=Array.prototype;e.exports=function(e){return void 0!==e&&(i.Array===e||s[o]===e)}},4215:(e,t,r)=>{var n=r(4576),i=r(2839),o=r(2195),userAgentStartsWith=function(e){return i.slice(0,e.length)===e};e.exports=userAgentStartsWith("Bun/")?"BUN":userAgentStartsWith("Cloudflare-Workers")?"CLOUDFLARE":userAgentStartsWith("Deno/")?"DENO":userAgentStartsWith("Node.js/")?"NODE":n.Bun&&"string"==typeof Bun.version?"BUN":n.Deno&&"object"==typeof Deno.version?"DENO":"process"===o(n.process)?"NODE":n.window&&n.document?"BROWSER":"REST"},4226:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(3463),s=r(4154),a=r(5169),c=r(2303);i.Uint8Array&&n({target:"Uint8Array",proto:!0},{setFromHex:function setFromHex(e){s(this);o(e);a(this.buffer);var t=c(e,this).read;return{read:t,written:t/2}}})},4235:(e,t,r)=>{r(3068)},4270:(e,t,r)=>{var n=r(9565),i=r(4901),o=r(34),s=TypeError;e.exports=function(e,t){var r,a;if("string"===t&&i(r=e.toString)&&!o(a=n(r,e)))return a;if(i(r=e.valueOf)&&!o(a=n(r,e)))return a;if("string"!==t&&i(r=e.toString)&&!o(a=n(r,e)))return a;throw new s("Can't convert object to primitive value")}},4376:(e,t,r)=>{var n=r(2195);e.exports=Array.isArray||function isArray(e){return"Array"===n(e)}},4402:(e,t,r)=>{var n=r(9504),i=Set.prototype;e.exports={Set,add:n(i.add),has:n(i.has),remove:n(i.delete),proto:i}},4449:(e,t,r)=>{var n=r(7080),i=r(4402).has,o=r(5170),s=r(3789),a=r(8469),c=r(507),f=r(9539);e.exports=function isDisjointFrom(e){var t=n(this),r=s(e);if(o(t)<=r.size)return!1!==a(t,function(e){if(r.includes(e))return!1},!0);var u=r.getIterator();return!1!==c(u,function(e){if(i(t,e))return f(u,"normal",!1)})}},4483:(e,t,r)=>{var n,i,o,s,a=r(4576),c=r(9429),f=r(1548),u=a.structuredClone,l=a.ArrayBuffer,h=a.MessageChannel,d=!1;if(f)d=function(e){u(e,{transfer:[e]})};else if(l)try{h||(n=c("worker_threads"))&&(h=n.MessageChannel);if(h){i=new h;o=new l(2);s=function(e){i.port1.postMessage(null,[e])};if(2===o.byteLength){s(o);0===o.byteLength&&(d=s)}}}catch(e){}e.exports=d},4495:(e,t,r)=>{var n=r(9519),i=r(9039),o=r(4576).String;e.exports=!!Object.getOwnPropertySymbols&&!i(function(){var e=Symbol("symbol detection");return!o(e)||!(Object(e)instanceof Symbol)||!Symbol.sham&&n&&n<41})},4527:(e,t,r)=>{var n=r(3724),i=r(4376),o=TypeError,s=Object.getOwnPropertyDescriptor,a=n&&!function(){if(void 0!==this)return!0;try{Object.defineProperty([],"length",{writable:!1}).length=1}catch(e){return e instanceof TypeError}}();e.exports=a?function(e,t){if(i(e)&&!s(e,"length").writable)throw new o("Cannot set read only .length");return e.length=t}:function(e,t){return e.length=t}},4549:(e,t,r)=>{var n=r(4576);e.exports=function(e,t){var r=n.Iterator,i=r&&r.prototype,o=i&&i[e],s=!1;if(o)try{o.call({next:function(){return{done:!0}},return:function(){s=!0}},-1)}catch(e){e instanceof t||(s=!1)}if(!s)return o}},4576:function(e){var check=function(e){return e&&e.Math===Math&&e};e.exports=check("object"==typeof globalThis&&globalThis)||check("object"==typeof window&&window)||check("object"==typeof self&&self)||check("object"==typeof global&&global)||check("object"==typeof this&&this)||function(){return this}()||Function("return this")()},4603:(e,t,r)=>{var n=r(6840),i=r(9504),o=r(655),s=r(2812),a=URLSearchParams,c=a.prototype,f=i(c.append),u=i(c.delete),l=i(c.forEach),h=i([].push),d=new a("a=1&a=2&b=3");d.delete("a",1);d.delete("b",void 0);d+""!="a=2"&&n(c,"delete",function(e){var t=arguments.length,r=t<2?void 0:arguments[1];if(t&&void 0===r)return u(this,e);var n=[];l(this,function(e,t){h(n,{key:t,value:e})});s(t,1);for(var i,a=o(e),c=o(r),d=0,p=0,m=!1,g=n.length;d<g;){i=n[d++];if(m||i.key===a){m=!0;u(this,i.key)}else p++}for(;p<g;)(i=n[p++]).key===a&&i.value===c||f(this,i.key,i.value)},{enumerable:!0,unsafe:!0})},4628:(e,t,r)=>{var n=r(6518),i=r(6043);n({target:"Promise",stat:!0},{withResolvers:function withResolvers(){var e=i.f(this);return{promise:e.promise,resolve:e.resolve,reject:e.reject}}})},4644:(e,t,r)=>{var n,i,o,s=r(7811),a=r(3724),c=r(4576),f=r(4901),u=r(34),l=r(9297),h=r(6955),d=r(6823),p=r(6699),m=r(6840),g=r(2106),y=r(1625),b=r(2787),w=r(2967),v=r(8227),_=r(3392),x=r(1181),C=x.enforce,S=x.get,R=c.Int8Array,A=R&&R.prototype,B=c.Uint8ClampedArray,I=B&&B.prototype,E=R&&b(R),k=A&&b(A),T=Object.prototype,D=c.TypeError,P=v("toStringTag"),M=_("TYPED_ARRAY_TAG"),O="TypedArrayConstructor",U=s&&!!w&&"Opera"!==h(c.opera),L=!1,N={Int8Array:1,Uint8Array:1,Uint8ClampedArray:1,Int16Array:2,Uint16Array:2,Int32Array:4,Uint32Array:4,Float32Array:4,Float64Array:8},G={BigInt64Array:8,BigUint64Array:8},getTypedArrayConstructor=function(e){var t=b(e);if(u(t)){var r=S(t);return r&&l(r,O)?r[O]:getTypedArrayConstructor(t)}},isTypedArray=function(e){if(!u(e))return!1;var t=h(e);return l(N,t)||l(G,t)};for(n in N)(o=(i=c[n])&&i.prototype)?C(o)[O]=i:U=!1;for(n in G)(o=(i=c[n])&&i.prototype)&&(C(o)[O]=i);if(!U||!f(E)||E===Function.prototype){E=function TypedArray(){throw new D("Incorrect invocation")};if(U)for(n in N)c[n]&&w(c[n],E)}if(!U||!k||k===T){k=E.prototype;if(U)for(n in N)c[n]&&w(c[n].prototype,k)}U&&b(I)!==k&&w(I,k);if(a&&!l(k,P)){L=!0;g(k,P,{configurable:!0,get:function(){return u(this)?this[M]:void 0}});for(n in N)c[n]&&p(c[n],M,n)}e.exports={NATIVE_ARRAY_BUFFER_VIEWS:U,TYPED_ARRAY_TAG:L&&M,aTypedArray:function(e){if(isTypedArray(e))return e;throw new D("Target is not a typed array")},aTypedArrayConstructor:function(e){if(f(e)&&(!w||y(E,e)))return e;throw new D(d(e)+" is not a typed array constructor")},exportTypedArrayMethod:function(e,t,r,n){if(a){if(r)for(var i in N){var o=c[i];if(o&&l(o.prototype,e))try{delete o.prototype[e]}catch(r){try{o.prototype[e]=t}catch(e){}}}k[e]&&!r||m(k,e,r?t:U&&A[e]||t,n)}},exportTypedArrayStaticMethod:function(e,t,r){var n,i;if(a){if(w){if(r)for(n in N)if((i=c[n])&&l(i,e))try{delete i[e]}catch(e){}if(E[e]&&!r)return;try{return m(E,e,r?t:U&&E[e]||t)}catch(e){}}for(n in N)!(i=c[n])||i[e]&&!r||m(i,e,t)}},getTypedArrayConstructor,isView:function isView(e){if(!u(e))return!1;var t=h(e);return"DataView"===t||l(N,t)||l(G,t)},isTypedArray,TypedArray:E,TypedArrayPrototype:k}},4659:(e,t,r)=>{var n=r(3724),i=r(4913),o=r(6980);e.exports=function(e,t,r){n?i.f(e,t,o(0,r)):e[t]=r}},4901:e=>{var t="object"==typeof document&&document.all;e.exports=void 0===t&&void 0!==t?function(e){return"function"==typeof e||e===t}:function(e){return"function"==typeof e}},4913:(e,t,r)=>{var n=r(3724),i=r(5917),o=r(8686),s=r(8551),a=r(6969),c=TypeError,f=Object.defineProperty,u=Object.getOwnPropertyDescriptor,l="enumerable",h="configurable",d="writable";t.f=n?o?function defineProperty(e,t,r){s(e);t=a(t);s(r);if("function"==typeof e&&"prototype"===t&&"value"in r&&d in r&&!r[d]){var n=u(e,t);if(n&&n[d]){e[t]=r.value;r={configurable:h in r?r[h]:n[h],enumerable:l in r?r[l]:n[l],writable:!1}}}return f(e,t,r)}:f:function defineProperty(e,t,r){s(e);t=a(t);s(r);if(i)try{return f(e,t,r)}catch(e){}if("get"in r||"set"in r)throw new c("Accessors not supported");"value"in r&&(e[t]=r.value);return e}},4916:(e,t,r)=>{var n=r(7751),createSetLike=function(e){return{size:e,has:function(){return!1},keys:function(){return{next:function(){return{done:!0}}}}}},createSetLikeWithInfinitySize=function(e){return{size:e,has:function(){return!0},keys:function(){throw new Error("e")}}};e.exports=function(e,t){var r=n("Set");try{(new r)[e](createSetLike(0));try{(new r)[e](createSetLike(-1));return!1}catch(n){if(!t)return!0;try{(new r)[e](createSetLikeWithInfinitySize(-1/0));return!1}catch(n){var i=new r;i.add(1);i.add(2);return t(i[e](createSetLikeWithInfinitySize(1/0)))}}}catch(e){return!1}}},4979:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(7751),s=r(6980),a=r(4913).f,c=r(9297),f=r(679),u=r(3167),l=r(2603),h=r(5002),d=r(8574),p=r(3724),m=r(6395),g="DOMException",y=o("Error"),b=o(g),w=function DOMException(){f(this,v);var e=arguments.length,t=l(e<1?void 0:arguments[0]),r=l(e<2?void 0:arguments[1],"Error"),n=new b(t,r),i=new y(t);i.name=g;a(n,"stack",s(1,d(i.stack,1)));u(n,this,w);return n},v=w.prototype=b.prototype,_="stack"in new y(g),x="stack"in new b(1,2),C=b&&p&&Object.getOwnPropertyDescriptor(i,g),S=!(!C||C.writable&&C.configurable),R=_&&!S&&!x;n({global:!0,constructor:!0,forced:m||R},{DOMException:R?w:b});var A=o(g),B=A.prototype;if(B.constructor!==A){m||a(B,"constructor",s(1,A));for(var I in h)if(c(h,I)){var E=h[I],k=E.s;c(A,k)||a(A,k,s(6,E.c))}}},5002:e=>{e.exports={IndexSizeError:{s:"INDEX_SIZE_ERR",c:1,m:1},DOMStringSizeError:{s:"DOMSTRING_SIZE_ERR",c:2,m:0},HierarchyRequestError:{s:"HIERARCHY_REQUEST_ERR",c:3,m:1},WrongDocumentError:{s:"WRONG_DOCUMENT_ERR",c:4,m:1},InvalidCharacterError:{s:"INVALID_CHARACTER_ERR",c:5,m:1},NoDataAllowedError:{s:"NO_DATA_ALLOWED_ERR",c:6,m:0},NoModificationAllowedError:{s:"NO_MODIFICATION_ALLOWED_ERR",c:7,m:1},NotFoundError:{s:"NOT_FOUND_ERR",c:8,m:1},NotSupportedError:{s:"NOT_SUPPORTED_ERR",c:9,m:1},InUseAttributeError:{s:"INUSE_ATTRIBUTE_ERR",c:10,m:1},InvalidStateError:{s:"INVALID_STATE_ERR",c:11,m:1},SyntaxError:{s:"SYNTAX_ERR",c:12,m:1},InvalidModificationError:{s:"INVALID_MODIFICATION_ERR",c:13,m:1},NamespaceError:{s:"NAMESPACE_ERR",c:14,m:1},InvalidAccessError:{s:"INVALID_ACCESS_ERR",c:15,m:1},ValidationError:{s:"VALIDATION_ERR",c:16,m:0},TypeMismatchError:{s:"TYPE_MISMATCH_ERR",c:17,m:1},SecurityError:{s:"SECURITY_ERR",c:18,m:1},NetworkError:{s:"NETWORK_ERR",c:19,m:1},AbortError:{s:"ABORT_ERR",c:20,m:1},URLMismatchError:{s:"URL_MISMATCH_ERR",c:21,m:1},QuotaExceededError:{s:"QUOTA_EXCEEDED_ERR",c:22,m:1},TimeoutError:{s:"TIMEOUT_ERR",c:23,m:1},InvalidNodeTypeError:{s:"INVALID_NODE_TYPE_ERR",c:24,m:1},DataCloneError:{s:"DATA_CLONE_ERR",c:25,m:1}}},5024:(e,t,r)=>{var n=r(6518),i=r(3650),o=r(9835);n({target:"Set",proto:!0,real:!0,forced:!r(4916)("symmetricDifference")||!o("symmetricDifference")},{symmetricDifference:i})},5031:(e,t,r)=>{var n=r(7751),i=r(9504),o=r(8480),s=r(3717),a=r(8551),c=i([].concat);e.exports=n("Reflect","ownKeys")||function ownKeys(e){var t=o.f(a(e)),r=s.f;return r?c(t,r(e)):t}},5169:(e,t,r)=>{var n=r(3238),i=TypeError;e.exports=function(e){if(n(e))throw new i("ArrayBuffer is detached");return e}},5170:(e,t,r)=>{var n=r(6706),i=r(4402);e.exports=n(i.proto,"size","get")||function(e){return e.size}},5213:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(5370),s=r(9143),a=i.Uint8Array,c=!a||!a.fromBase64||!function(){try{a.fromBase64("a");return}catch(e){}try{a.fromBase64("",null)}catch(e){return!0}}();a&&n({target:"Uint8Array",stat:!0,forced:c},{fromBase64:function fromBase64(e){var t=s(e,arguments.length>1?arguments[1]:void 0,null,9007199254740991);return o(a,t.bytes)}})},5370:(e,t,r)=>{var n=r(6198);e.exports=function(e,t,r){for(var i=0,o=arguments.length>2?r:n(t),s=new e(o);o>i;)s[i]=t[i++];return s}},5397:(e,t,r)=>{var n=r(7055),i=r(7750);e.exports=function(e){return n(i(e))}},5610:(e,t,r)=>{var n=r(1291),i=Math.max,o=Math.min;e.exports=function(e,t){var r=n(e);return r<0?i(r+t,0):o(r,t)}},5623:(e,t,r)=>{r(456)},5636:(e,t,r)=>{var n=r(4576),i=r(9504),o=r(6706),s=r(7696),a=r(5169),c=r(7394),f=r(4483),u=r(1548),l=n.structuredClone,h=n.ArrayBuffer,d=n.DataView,p=Math.min,m=h.prototype,g=d.prototype,y=i(m.slice),b=o(m,"resizable","get"),w=o(m,"maxByteLength","get"),v=i(g.getInt8),_=i(g.setInt8);e.exports=(u||f)&&function(e,t,r){var n,i=c(e),o=void 0===t?i:s(t),m=!b||!b(e);a(e);if(u){e=l(e,{transfer:[e]});if(i===o&&(r||m))return e}if(i>=o&&(!r||m))n=y(e,0,o);else{var g=r&&!m&&w?{maxByteLength:w(e)}:void 0;n=new h(o,g);for(var x=new d(e),C=new d(n),S=p(o,i),R=0;R<S;R++)_(C,R,v(x,R))}u||f(e);return n}},5745:(e,t,r)=>{var n=r(7629);e.exports=function(e,t){return n[e]||(n[e]=t||{})}},5781:(e,t,r)=>{var n=r(6518),i=r(7751),o=r(2812),s=r(655),a=r(7416),c=i("URL");n({target:"URL",stat:!0,forced:!a},{parse:function parse(e){var t=o(arguments.length,1),r=s(e),n=t<2||void 0===arguments[1]?void 0:s(arguments[1]);try{return new c(r,n)}catch(e){return null}}})},5854:(e,t,r)=>{var n=r(2777),i=TypeError;e.exports=function(e){var t=n(e,"number");if("number"==typeof t)throw new i("Can't convert number to bigint");return BigInt(t)}},5876:(e,t,r)=>{var n=r(6518),i=r(3838);n({target:"Set",proto:!0,real:!0,forced:!r(4916)("isSubsetOf",function(e){return e})},{isSubsetOf:i})},5917:(e,t,r)=>{var n=r(3724),i=r(9039),o=r(4055);e.exports=!n&&!i(function(){return 7!==Object.defineProperty(o("div"),"a",{get:function(){return 7}}).a})},5966:(e,t,r)=>{var n=r(9306),i=r(4117);e.exports=function(e,t){var r=e[t];return i(r)?void 0:n(r)}},6043:(e,t,r)=>{var n=r(9306),i=TypeError,PromiseCapability=function(e){var t,r;this.promise=new e(function(e,n){if(void 0!==t||void 0!==r)throw new i("Bad Promise constructor");t=e;r=n});this.resolve=n(t);this.reject=n(r)};e.exports.f=function(e){return new PromiseCapability(e)}},6080:(e,t,r)=>{var n=r(7476),i=r(9306),o=r(616),s=n(n.bind);e.exports=function(e,t){i(e);return void 0===t?e:o?s(e,t):function(){return e.apply(t,arguments)}}},6119:(e,t,r)=>{var n=r(5745),i=r(3392),o=n("keys");e.exports=function(e){return o[e]||(o[e]=i(e))}},6193:(e,t,r)=>{var n=r(4215);e.exports="NODE"===n},6198:(e,t,r)=>{var n=r(8014);e.exports=function(e){return n(e.length)}},6269:e=>{e.exports={}},6279:(e,t,r)=>{var n=r(6840);e.exports=function(e,t,r){for(var i in t)n(e,i,t[i],r);return e}},6319:(e,t,r)=>{var n=r(8551),i=r(9539);e.exports=function(e,t,r,o){try{return o?t(n(r)[0],r[1]):t(r)}catch(t){i(e,"throw",t)}}},6395:e=>{e.exports=!1},6518:(e,t,r)=>{var n=r(4576),i=r(7347).f,o=r(6699),s=r(6840),a=r(9433),c=r(7740),f=r(2796);e.exports=function(e,t){var r,u,l,h,d,p=e.target,m=e.global,g=e.stat;if(r=m?n:g?n[p]||a(p,{}):n[p]&&n[p].prototype)for(u in t){h=t[u];l=e.dontCallGetSet?(d=i(r,u))&&d.value:r[u];if(!f(m?u:p+(g?".":"#")+u,e.forced)&&void 0!==l){if(typeof h==typeof l)continue;c(h,l)}(e.sham||l&&l.sham)&&o(h,"sham",!0);s(r,u,h,e)}}},6573:(e,t,r)=>{var n=r(3724),i=r(2106),o=r(3238),s=ArrayBuffer.prototype;n&&!("detached"in s)&&i(s,"detached",{configurable:!0,get:function detached(){return o(this)}})},6632:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(9143),s=r(4154),a=i.Uint8Array,c=!a||!a.prototype.setFromBase64||!function(){var e=new a([255,255,255,255,255]);try{e.setFromBase64("",null);return}catch(e){}try{e.setFromBase64("a");return}catch(e){}try{e.setFromBase64("MjYyZg===")}catch(t){return 50===e[0]&&54===e[1]&&50===e[2]&&255===e[3]&&255===e[4]}}();a&&n({target:"Uint8Array",proto:!0,forced:c},{setFromBase64:function setFromBase64(e){s(this);var t=o(e,arguments.length>1?arguments[1]:void 0,this,this.length);return{read:t.read,written:t.written}}})},6699:(e,t,r)=>{var n=r(3724),i=r(4913),o=r(6980);e.exports=n?function(e,t,r){return i.f(e,t,o(1,r))}:function(e,t,r){e[t]=r;return e}},6706:(e,t,r)=>{var n=r(9504),i=r(9306);e.exports=function(e,t,r){try{return n(i(Object.getOwnPropertyDescriptor(e,t)[r]))}catch(e){}}},6801:(e,t,r)=>{var n=r(3724),i=r(8686),o=r(4913),s=r(8551),a=r(5397),c=r(1072);t.f=n&&!i?Object.defineProperties:function defineProperties(e,t){s(e);for(var r,n=a(t),i=c(t),f=i.length,u=0;f>u;)o.f(e,r=i[u++],n[r]);return e}},6823:e=>{var t=String;e.exports=function(e){try{return t(e)}catch(e){return"Object"}}},6837:e=>{var t=TypeError;e.exports=function(e){if(e>9007199254740991)throw t("Maximum allowed index exceeded");return e}},6840:(e,t,r)=>{var n=r(4901),i=r(4913),o=r(283),s=r(9433);e.exports=function(e,t,r,a){a||(a={});var c=a.enumerable,f=void 0!==a.name?a.name:t;n(r)&&o(r,f,a);if(a.global)c?e[t]=r:s(t,r);else{try{a.unsafe?e[t]&&(c=!0):delete e[t]}catch(e){}c?e[t]=r:i.f(e,t,{value:r,enumerable:!1,configurable:!a.nonConfigurable,writable:!a.nonWritable})}return e}},6955:(e,t,r)=>{var n=r(2140),i=r(4901),o=r(2195),s=r(8227)("toStringTag"),a=Object,c="Arguments"===o(function(){return arguments}());e.exports=n?o:function(e){var t,r,n;return void 0===e?"Undefined":null===e?"Null":"string"==typeof(r=function(e,t){try{return e[t]}catch(e){}}(t=a(e),s))?r:c?o(t):"Object"===(n=o(t))&&i(t.callee)?"Arguments":n}},6969:(e,t,r)=>{var n=r(2777),i=r(757);e.exports=function(e){var t=n(e,"string");return i(t)?t:t+""}},6980:e=>{e.exports=function(e,t){return{enumerable:!(1&e),configurable:!(2&e),writable:!(4&e),value:t}}},7040:(e,t,r)=>{var n=r(4495);e.exports=n&&!Symbol.sham&&"symbol"==typeof Symbol.iterator},7055:(e,t,r)=>{var n=r(9504),i=r(9039),o=r(2195),s=Object,a=n("".split);e.exports=i(function(){return!s("z").propertyIsEnumerable(0)})?function(e){return"String"===o(e)?a(e,""):s(e)}:s},7080:(e,t,r)=>{var n=r(4402).has;e.exports=function(e){n(e);return e}},7347:(e,t,r)=>{var n=r(3724),i=r(9565),o=r(8773),s=r(6980),a=r(5397),c=r(6969),f=r(9297),u=r(5917),l=Object.getOwnPropertyDescriptor;t.f=n?l:function getOwnPropertyDescriptor(e,t){e=a(e);t=c(t);if(u)try{return l(e,t)}catch(e){}if(f(e,t))return s(!i(o.f,e,t),e[t])}},7394:(e,t,r)=>{var n=r(4576),i=r(6706),o=r(2195),s=n.ArrayBuffer,a=n.TypeError;e.exports=s&&i(s.prototype,"byteLength","get")||function(e){if("ArrayBuffer"!==o(e))throw new a("ArrayBuffer expected");return e.byteLength}},7416:(e,t,r)=>{var n=r(9039),i=r(8227),o=r(3724),s=r(6395),a=i("iterator");e.exports=!n(function(){var e=new URL("b?a=1&b=2&c=3","https://a"),t=e.searchParams,r=new URLSearchParams("a=1&a=2&b=3"),n="";e.pathname="c%20d";t.forEach(function(e,r){t.delete("b");n+=r+e});r.delete("a",2);r.delete("b",void 0);return s&&(!e.toJSON||!r.has("a",1)||r.has("a",2)||!r.has("a",void 0)||r.has("b"))||!t.size&&(s||!o)||!t.sort||"https://a/c%20d?a=1&c=3"!==e.href||"3"!==t.get("c")||"a=1"!==String(new URLSearchParams("?a=1"))||!t[a]||"a"!==new URL("https://a@b").username||"b"!==new URLSearchParams(new URLSearchParams("a=b")).get("a")||"xn--e1aybc"!==new URL("https://тест").host||"#%D0%B1"!==new URL("https://a#б").hash||"a1c3"!==n||"x"!==new URL("https://x",void 0).host})},7476:(e,t,r)=>{var n=r(2195),i=r(9504);e.exports=function(e){if("Function"===n(e))return i(e)}},7566:(e,t,r)=>{var n=r(6840),i=r(9504),o=r(655),s=r(2812),a=URLSearchParams,c=a.prototype,f=i(c.getAll),u=i(c.has),l=new a("a=1");!l.has("a",2)&&l.has("a",void 0)||n(c,"has",function has(e){var t=arguments.length,r=t<2?void 0:arguments[1];if(t&&void 0===r)return u(this,e);var n=f(this,e);s(t,1);for(var i=o(r),a=0;a<n.length;)if(n[a++]===i)return!0;return!1},{enumerable:!0,unsafe:!0})},7629:(e,t,r)=>{var n=r(6395),i=r(4576),o=r(9433),s="__core-js_shared__",a=e.exports=i[s]||o(s,{});(a.versions||(a.versions=[])).push({version:"3.46.0",mode:n?"pure":"global",copyright:"© 2014-2025 Denis Pushkarev (zloirock.ru), 2025 CoreJS Company (core-js.io)",license:"https://github.com/zloirock/core-js/blob/v3.46.0/LICENSE",source:"https://github.com/zloirock/core-js"})},7642:(e,t,r)=>{var n=r(6518),i=r(3440),o=r(9039);n({target:"Set",proto:!0,real:!0,forced:!r(4916)("difference",function(e){return 0===e.size})||o(function(){var e={size:1,has:function(){return!0},keys:function(){var e=0;return{next:function(){var r=e++>1;t.has(1)&&t.clear();return{done:r,value:2}}}}},t=new Set([1,2,3,4]);return 3!==t.difference(e).size})},{difference:i})},7657:(e,t,r)=>{var n,i,o,s=r(9039),a=r(4901),c=r(34),f=r(2360),u=r(2787),l=r(6840),h=r(8227),d=r(6395),p=h("iterator"),m=!1;[].keys&&("next"in(o=[].keys())?(i=u(u(o)))!==Object.prototype&&(n=i):m=!0);!c(n)||s(function(){var e={};return n[p].call(e)!==e})?n={}:d&&(n=f(n));a(n[p])||l(n,p,function(){return this});e.exports={IteratorPrototype:n,BUGGY_SAFARI_ITERATORS:m}},7680:(e,t,r)=>{var n=r(9504);e.exports=n([].slice)},7696:(e,t,r)=>{var n=r(1291),i=r(8014),o=RangeError;e.exports=function(e){if(void 0===e)return 0;var t=n(e),r=i(t);if(t!==r)throw new o("Wrong length or index");return r}},7740:(e,t,r)=>{var n=r(9297),i=r(5031),o=r(7347),s=r(4913);e.exports=function(e,t,r){for(var a=i(t),c=s.f,f=o.f,u=0;u<a.length;u++){var l=a[u];n(e,l)||r&&n(r,l)||c(e,l,f(t,l))}}},7750:(e,t,r)=>{var n=r(4117),i=TypeError;e.exports=function(e){if(n(e))throw new i("Can't call method on "+e);return e}},7751:(e,t,r)=>{var n=r(4576),i=r(4901);e.exports=function(e,t){return arguments.length<2?(r=n[e],i(r)?r:void 0):n[e]&&n[e][t];var r}},7811:e=>{e.exports="undefined"!=typeof ArrayBuffer&&"undefined"!=typeof DataView},7936:(e,t,r)=>{var n=r(6518),i=r(5636);i&&n({target:"ArrayBuffer",proto:!0},{transferToFixedLength:function transferToFixedLength(){return i(this,arguments.length?arguments[0]:void 0,!1)}})},8004:(e,t,r)=>{var n=r(6518),i=r(9039),o=r(8750);n({target:"Set",proto:!0,real:!0,forced:!r(4916)("intersection",function(e){return 2===e.size&&e.has(1)&&e.has(2)})||i(function(){return"3,2"!==String(Array.from(new Set([1,2,3]).intersection(new Set([3,2]))))})},{intersection:o})},8014:(e,t,r)=>{var n=r(1291),i=Math.min;e.exports=function(e){var t=n(e);return t>0?i(t,9007199254740991):0}},8100:(e,t,r)=>{var n=r(6518),i=r(5636);i&&n({target:"ArrayBuffer",proto:!0},{transfer:function transfer(){return i(this,arguments.length?arguments[0]:void 0,!0)}})},8111:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(679),s=r(8551),a=r(4901),c=r(2787),f=r(2106),u=r(4659),l=r(9039),h=r(9297),d=r(8227),p=r(7657).IteratorPrototype,m=r(3724),g=r(6395),y="constructor",b="Iterator",w=d("toStringTag"),v=TypeError,_=i[b],x=g||!a(_)||_.prototype!==p||!l(function(){_({})}),C=function Iterator(){o(this,p);if(c(this)===p)throw new v("Abstract class Iterator not directly constructable")},defineIteratorPrototypeAccessor=function(e,t){m?f(p,e,{configurable:!0,get:function(){return t},set:function(t){s(this);if(this===p)throw new v("You can't redefine this property");h(this,e)?this[e]=t:u(this,e,t)}}):p[e]=t};h(p,w)||defineIteratorPrototypeAccessor(w,b);!x&&h(p,y)&&p[y]!==Object||defineIteratorPrototypeAccessor(y,C);C.prototype=p;n({global:!0,constructor:!0,forced:x},{Iterator:C})},8227:(e,t,r)=>{var n=r(4576),i=r(5745),o=r(9297),s=r(3392),a=r(4495),c=r(7040),f=n.Symbol,u=i("wks"),l=c?f.for||f:f&&f.withoutSetter||s;e.exports=function(e){o(u,e)||(u[e]=a&&o(f,e)?f[e]:l("Symbol."+e));return u[e]}},8237:(e,t,r)=>{var n=r(6518),i=r(2652),o=r(9306),s=r(8551),a=r(1767),c=r(9539),f=r(4549),u=r(8745),l=r(9039),h=TypeError,d=l(function(){[].keys().reduce(function(){},void 0)}),p=!d&&f("reduce",h);n({target:"Iterator",proto:!0,real:!0,forced:d||p},{reduce:function reduce(e){s(this);try{o(e)}catch(e){c(this,"throw",e)}var t=arguments.length<2,r=t?void 0:arguments[1];if(p)return u(p,this,t?[e]:[e,r]);var n=a(this),f=0;i(n,function(n){if(t){t=!1;r=n}else r=e(r,n,f);f++},{IS_RECORD:!0});if(t)throw new h("Reduce of empty iterator with no initial value");return r}})},8469:(e,t,r)=>{var n=r(9504),i=r(507),o=r(4402),s=o.Set,a=o.proto,c=n(a.forEach),f=n(a.keys),u=f(new s).next;e.exports=function(e,t,r){return r?i({iterator:f(e),next:u},t):c(e,t)}},8480:(e,t,r)=>{var n=r(1828),i=r(8727).concat("length","prototype");t.f=Object.getOwnPropertyNames||function getOwnPropertyNames(e){return n(e,i)}},8527:(e,t,r)=>{var n=r(7080),i=r(4402).has,o=r(5170),s=r(3789),a=r(507),c=r(9539);e.exports=function isSupersetOf(e){var t=n(this),r=s(e);if(o(t)<r.size)return!1;var f=r.getIterator();return!1!==a(f,function(e){if(!i(t,e))return c(f,"normal",!1)})}},8551:(e,t,r)=>{var n=r(34),i=String,o=TypeError;e.exports=function(e){if(n(e))return e;throw new o(i(e)+" is not an object")}},8574:(e,t,r)=>{var n=r(9504),i=Error,o=n("".replace),s=String(new i("zxcasd").stack),a=/\n\s*at [^:]*:[^\n]*/,c=a.test(s);e.exports=function(e,t){if(c&&"string"==typeof e&&!i.prepareStackTrace)for(;t--;)e=o(e,a,"");return e}},8622:(e,t,r)=>{var n=r(4576),i=r(4901),o=n.WeakMap;e.exports=i(o)&&/native code/.test(String(o))},8686:(e,t,r)=>{var n=r(3724),i=r(9039);e.exports=n&&i(function(){return 42!==Object.defineProperty(function(){},"prototype",{value:42,writable:!1}).prototype})},8721:(e,t,r)=>{var n=r(3724),i=r(9504),o=r(2106),s=URLSearchParams.prototype,a=i(s.forEach);n&&!("size"in s)&&o(s,"size",{get:function size(){var e=0;a(this,function(){e++});return e},configurable:!0,enumerable:!0})},8727:e=>{e.exports=["constructor","hasOwnProperty","isPrototypeOf","propertyIsEnumerable","toLocaleString","toString","valueOf"]},8745:(e,t,r)=>{var n=r(616),i=Function.prototype,o=i.apply,s=i.call;e.exports="object"==typeof Reflect&&Reflect.apply||(n?s.bind(o):function(){return s.apply(o,arguments)})},8750:(e,t,r)=>{var n=r(7080),i=r(4402),o=r(5170),s=r(3789),a=r(8469),c=r(507),f=i.Set,u=i.add,l=i.has;e.exports=function intersection(e){var t=n(this),r=s(e),i=new f;o(t)>r.size?c(r.getIterator(),function(e){l(t,e)&&u(i,e)}):a(t,function(e){r.includes(e)&&u(i,e)});return i}},8773:(e,t)=>{var r={}.propertyIsEnumerable,n=Object.getOwnPropertyDescriptor,i=n&&!r.call({1:2},1);t.f=i?function propertyIsEnumerable(e){var t=n(this,e);return!!t&&t.enumerable}:r},8981:(e,t,r)=>{var n=r(7750),i=Object;e.exports=function(e){return i(n(e))}},9039:e=>{e.exports=function(e){try{return!!e()}catch(e){return!0}}},9143:(e,t,r)=>{var n=r(4576),i=r(9504),o=r(3972),s=r(3463),a=r(9297),c=r(2804),f=r(944),u=r(5169),l=c.c2i,h=c.c2iUrl,d=n.SyntaxError,p=n.TypeError,m=i("".charAt),skipAsciiWhitespace=function(e,t){for(var r=e.length;t<r;t++){var n=m(e,t);if(" "!==n&&"\t"!==n&&"\n"!==n&&"\f"!==n&&"\r"!==n)break}return t},decodeBase64Chunk=function(e,t,r){var n=e.length;n<4&&(e+=2===n?"AA":"A");var i=(t[m(e,0)]<<18)+(t[m(e,1)]<<12)+(t[m(e,2)]<<6)+t[m(e,3)],o=[i>>16&255,i>>8&255,255&i];if(2===n){if(r&&0!==o[1])throw new d("Extra bits");return[o[0]]}if(3===n){if(r&&0!==o[2])throw new d("Extra bits");return[o[0],o[1]]}return o},writeBytes=function(e,t,r){for(var n=t.length,i=0;i<n;i++)e[r+i]=t[i];return r+n};e.exports=function(e,t,r,n){s(e);o(t);var i="base64"===f(t)?l:h,c=t?t.lastChunkHandling:void 0;void 0===c&&(c="loose");if("loose"!==c&&"strict"!==c&&"stop-before-partial"!==c)throw new p("Incorrect `lastChunkHandling` option");r&&u(r.buffer);var g=e.length,y=r||[],b=0,w=0,v="",_=0;if(n)for(;;){if((_=skipAsciiWhitespace(e,_))===g){if(v.length>0){if("stop-before-partial"===c)break;if("loose"!==c)throw new d("Missing padding");if(1===v.length)throw new d("Malformed padding: exactly one additional character");b=writeBytes(y,decodeBase64Chunk(v,i,!1),b)}w=g;break}var x=m(e,_);++_;if("="===x){if(v.length<2)throw new d("Padding is too early");_=skipAsciiWhitespace(e,_);if(2===v.length){if(_===g){if("stop-before-partial"===c)break;throw new d("Malformed padding: only one =")}if("="===m(e,_)){++_;_=skipAsciiWhitespace(e,_)}}if(_<g)throw new d("Unexpected character after padding");b=writeBytes(y,decodeBase64Chunk(v,i,"strict"===c),b);w=g;break}if(!a(i,x))throw new d("Unexpected character");var C=n-b;if(1===C&&2===v.length||2===C&&3===v.length)break;if(4===(v+=x).length){b=writeBytes(y,decodeBase64Chunk(v,i,!1),b);v="";w=_;if(b===n)break}}return{bytes:y,read:w,written:b}}},9286:(e,t,r)=>{var n=r(4402),i=r(8469),o=n.Set,s=n.add;e.exports=function(e){var t=new o;i(e,function(e){s(t,e)});return t}},9297:(e,t,r)=>{var n=r(9504),i=r(8981),o=n({}.hasOwnProperty);e.exports=Object.hasOwn||function hasOwn(e,t){return o(i(e),t)}},9306:(e,t,r)=>{var n=r(4901),i=r(6823),o=TypeError;e.exports=function(e){if(n(e))return e;throw new o(i(e)+" is not a function")}},9429:(e,t,r)=>{var n=r(4576),i=r(6193);e.exports=function(e){if(i){try{return n.process.getBuiltinModule(e)}catch(e){}try{return Function('return require("'+e+'")')()}catch(e){}}}},9432:(e,t,r)=>{r(5213)},9433:(e,t,r)=>{var n=r(4576),i=Object.defineProperty;e.exports=function(e,t){try{i(n,e,{value:t,configurable:!0,writable:!0})}catch(r){n[e]=t}return t}},9462:(e,t,r)=>{var n=r(9565),i=r(2360),o=r(6699),s=r(6279),a=r(8227),c=r(1181),f=r(5966),u=r(7657).IteratorPrototype,l=r(2529),h=r(9539),d=r(1385),p=a("toStringTag"),m="IteratorHelper",g="WrapForValidIterator",y="normal",b="throw",w=c.set,createIteratorProxyPrototype=function(e){var t=c.getterFor(e?g:m);return s(i(u),{next:function next(){var r=t(this);if(e)return r.nextHandler();if(r.done)return l(void 0,!0);try{var n=r.nextHandler();return r.returnHandlerResult?n:l(n,r.done)}catch(e){r.done=!0;throw e}},return:function(){var r=t(this),i=r.iterator;r.done=!0;if(e){var o=f(i,"return");return o?n(o,i):l(void 0,!0)}if(r.inner)try{h(r.inner.iterator,y)}catch(e){return h(i,b,e)}if(r.openIters)try{d(r.openIters,y)}catch(e){return h(i,b,e)}i&&h(i,y);return l(void 0,!0)}})},v=createIteratorProxyPrototype(!0),_=createIteratorProxyPrototype(!1);o(_,p,"Iterator Helper");e.exports=function(e,t,r){var n=function Iterator(n,i){if(i){i.iterator=n.iterator;i.next=n.next}else i=n;i.type=t?g:m;i.returnHandlerResult=!!r;i.nextHandler=e;i.counter=0;i.done=!1;w(this,i)};n.prototype=t?v:_;return n}},9486:(e,t,r)=>{var n=r(6518),i=r(4576),o=r(9504),s=r(3972),a=r(4154),c=r(5169),f=r(2804),u=r(944),l=f.i2c,h=f.i2cUrl,d=o("".charAt),p=i.Uint8Array,m=!p||!p.prototype.toBase64||!function(){try{(new p).toBase64(null)}catch(e){return!0}}();p&&n({target:"Uint8Array",proto:!0,forced:m},{toBase64:function toBase64(){var e=a(this),t=arguments.length?s(arguments[0]):void 0,r="base64"===u(t)?l:h,n=!!t&&!!t.omitPadding;c(this.buffer);for(var i,o="",f=0,p=e.length,at=function(e){return d(r,i>>6*e&63)};f+2<p;f+=3){i=(e[f]<<16)+(e[f+1]<<8)+e[f+2];o+=at(3)+at(2)+at(1)+at(0)}if(f+2===p){i=(e[f]<<16)+(e[f+1]<<8);o+=at(3)+at(2)+at(1)+(n?"":"=")}else if(f+1===p){i=e[f]<<16;o+=at(3)+at(2)+(n?"":"==")}return o}})},9504:(e,t,r)=>{var n=r(616),i=Function.prototype,o=i.call,s=n&&i.bind.bind(o,o);e.exports=n?s:function(e){return function(){return o.apply(e,arguments)}}},9519:(e,t,r)=>{var n,i,o=r(4576),s=r(2839),a=o.process,c=o.Deno,f=a&&a.versions||c&&c.version,u=f&&f.v8;u&&(i=(n=u.split("."))[0]>0&&n[0]<4?1:+(n[0]+n[1]));!i&&s&&(!(n=s.match(/Edge\/(\d+)/))||n[1]>=74)&&(n=s.match(/Chrome\/(\d+)/))&&(i=+n[1]);e.exports=i},9539:(e,t,r)=>{var n=r(9565),i=r(8551),o=r(5966);e.exports=function(e,t,r){var s,a;i(e);try{if(!(s=o(e,"return"))){if("throw"===t)throw r;return r}s=n(s,e)}catch(e){a=!0;s=e}if("throw"===t)throw r;if(a)throw s;i(s);return r}},9565:(e,t,r)=>{var n=r(616),i=Function.prototype.call;e.exports=n?i.bind(i):function(){return i.apply(i,arguments)}},9577:(e,t,r)=>{var n=r(9928),i=r(4644),o=r(1108),s=r(1291),a=r(5854),c=i.aTypedArray,f=i.getTypedArrayConstructor,u=i.exportTypedArrayMethod,l=function(){try{new Int8Array(1).with(2,{valueOf:function(){throw 8}})}catch(e){return 8===e}}(),h=l&&function(){try{new Int8Array(1).with(-.5,1)}catch(e){return!0}}();u("with",{with:function(e,t){var r=c(this),i=s(e),u=o(r)?a(t):+t;return n(r,f(r),i,u)}}.with,!l||h)},9617:(e,t,r)=>{var n=r(5397),i=r(5610),o=r(6198),createMethod=function(e){return function(t,r,s){var a=n(t),c=o(a);if(0===c)return!e&&-1;var f,u=i(s,c);if(e&&r!=r){for(;c>u;)if((f=a[u++])!=f)return!0}else for(;c>u;u++)if((e||u in a)&&a[u]===r)return e||u||0;return!e&&-1}};e.exports={includes:createMethod(!0),indexOf:createMethod(!1)}},9631:(e,t,r)=>{r(9486)},9797:(e,t,r)=>{r(4226)},9835:e=>{e.exports=function(e){try{var t=new Set,r={size:0,has:function(){return!0},keys:function(){return Object.defineProperty({},"next",{get:function(){t.clear();t.add(4);return function(){return{done:!0}}}})}},n=t[e](r);return 1===n.size&&4===n.values().next().value}catch(e){return!1}}},9928:(e,t,r)=>{var n=r(6198),i=r(1291),o=RangeError;e.exports=function(e,t,r,s){var a=n(e),c=i(r),f=c<0?a+c:c;if(f>=a||f<0)throw new o("Incorrect index");for(var u=new t(a),l=0;l<a;l++)u[l]=l===f?s:e[l];return u}}},t={};function __webpack_require__(r){var n=t[r];if(void 0!==n)return n.exports;var i=t[r]={exports:{}};e[r].call(i.exports,i,i.exports,__webpack_require__);return i.exports}__webpack_require__.d=(e,t)=>{for(var r in t)__webpack_require__.o(t,r)&&!__webpack_require__.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})};__webpack_require__.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t);__webpack_require__(4114),__webpack_require__(6573),__webpack_require__(8100),__webpack_require__(7936),__webpack_require__(8111),__webpack_require__(8237),__webpack_require__(1689),__webpack_require__(9577),__webpack_require__(4235),__webpack_require__(9432),__webpack_require__(1549),__webpack_require__(9797),__webpack_require__(9631),__webpack_require__(5623),__webpack_require__(4979),__webpack_require__(5781);"object"!=typeof process||process+""!="[object process]"||process.versions.nw||process.versions.electron&&process.type&&process.type;const r={ERRORS:0,WARNINGS:1,INFOS:5};let n=r.WARNINGS;function setVerbosityLevel(e){Number.isInteger(e)&&(n=e)}function getVerbosityLevel(){return n}function info(e){n>=r.INFOS&&console.info(`Info: ${e}`)}function util_warn(e){n>=r.WARNINGS&&console.warn(`Warning: ${e}`)}function unreachable(e){throw new Error(e)}function shadow(e,t,r,n=!1){Object.defineProperty(e,t,{value:r,enumerable:!n,configurable:!0,writable:!1});return r}const i=function BaseExceptionClosure(){function BaseException(e,t){this.message=e;this.name=t}BaseException.prototype=new Error;BaseException.constructor=BaseException;return BaseException}();class FormatError extends i{constructor(e){super(e,"FormatError")}}function bytesToString(e){"object"==typeof e&&void 0!==e?.length||unreachable("Invalid argument for bytesToString");const t=e.length,r=8192;if(t<r)return String.fromCharCode.apply(null,e);const n=[];for(let i=0;i<t;i+=r){const o=Math.min(i+r,t),s=e.subarray(i,o);n.push(String.fromCharCode.apply(null,s))}return n.join("")}class util_FeatureTest{static get isLittleEndian(){return shadow(this,"isLittleEndian",function isLittleEndian(){const e=new Uint8Array(4);e[0]=1;return 1===new Uint32Array(e.buffer,0,1)[0]}())}static get isEvalSupported(){return shadow(this,"isEvalSupported",function isEvalSupported(){try{new Function("");return!0}catch{return!1}}())}static get isOffscreenCanvasSupported(){return shadow(this,"isOffscreenCanvasSupported","undefined"!=typeof OffscreenCanvas)}static get isImageDecoderSupported(){return shadow(this,"isImageDecoderSupported","undefined"!=typeof ImageDecoder)}static get isFloat16ArraySupported(){return shadow(this,"isFloat16ArraySupported","undefined"!=typeof Float16Array)}static get isSanitizerSupported(){return shadow(this,"isSanitizerSupported","undefined"!=typeof Sanitizer)}static get platform(){const{platform:e,userAgent:t}=navigator;return shadow(this,"platform",{isAndroid:t.includes("Android"),isLinux:e.includes("Linux"),isMac:e.includes("Mac"),isWindows:e.includes("Win"),isFirefox:t.includes("Firefox")})}static get isCSSRoundSupported(){return shadow(this,"isCSSRoundSupported",globalThis.CSS?.supports?.("width: round(1.5px, 1px)"))}}const o=Array.from(Array(256).keys(),e=>e.toString(16).padStart(2,"0"));class util_Util{static makeHexColor(e,t,r){return`#${o[e]}${o[t]}${o[r]}`}static domMatrixToTransform(e){return[e.a,e.b,e.c,e.d,e.e,e.f]}static scaleMinMax(e,t){let r;if(e[0]){if(e[0]<0){r=t[0];t[0]=t[2];t[2]=r}t[0]*=e[0];t[2]*=e[0];if(e[3]<0){r=t[1];t[1]=t[3];t[3]=r}t[1]*=e[3];t[3]*=e[3]}else{r=t[0];t[0]=t[1];t[1]=r;r=t[2];t[2]=t[3];t[3]=r;if(e[1]<0){r=t[1];t[1]=t[3];t[3]=r}t[1]*=e[1];t[3]*=e[1];if(e[2]<0){r=t[0];t[0]=t[2];t[2]=r}t[0]*=e[2];t[2]*=e[2]}t[0]+=e[4];t[1]+=e[5];t[2]+=e[4];t[3]+=e[5]}static transform(e,t){return[e[0]*t[0]+e[2]*t[1],e[1]*t[0]+e[3]*t[1],e[0]*t[2]+e[2]*t[3],e[1]*t[2]+e[3]*t[3],e[0]*t[4]+e[2]*t[5]+e[4],e[1]*t[4]+e[3]*t[5]+e[5]]}static multiplyByDOMMatrix(e,t){return[e[0]*t.a+e[2]*t.b,e[1]*t.a+e[3]*t.b,e[0]*t.c+e[2]*t.d,e[1]*t.c+e[3]*t.d,e[0]*t.e+e[2]*t.f+e[4],e[1]*t.e+e[3]*t.f+e[5]]}static applyTransform(e,t,r=0){const n=e[r],i=e[r+1];e[r]=n*t[0]+i*t[2]+t[4];e[r+1]=n*t[1]+i*t[3]+t[5]}static applyTransformToBezier(e,t,r=0){const n=t[0],i=t[1],o=t[2],s=t[3],a=t[4],c=t[5];for(let t=0;t<6;t+=2){const f=e[r+t],u=e[r+t+1];e[r+t]=f*n+u*o+a;e[r+t+1]=f*i+u*s+c}}static applyInverseTransform(e,t){const r=e[0],n=e[1],i=t[0]*t[3]-t[1]*t[2];e[0]=(r*t[3]-n*t[2]+t[2]*t[5]-t[4]*t[3])/i;e[1]=(-r*t[1]+n*t[0]+t[4]*t[1]-t[5]*t[0])/i}static axialAlignedBoundingBox(e,t,r){const n=t[0],i=t[1],o=t[2],s=t[3],a=t[4],c=t[5],f=e[0],u=e[1],l=e[2],h=e[3];let d=n*f+a,p=d,m=n*l+a,g=m,y=s*u+c,b=y,w=s*h+c,v=w;if(0!==i||0!==o){const e=i*f,t=i*l,r=o*u,n=o*h;d+=r;g+=r;m+=n;p+=n;y+=e;v+=e;w+=t;b+=t}r[0]=Math.min(r[0],d,m,p,g);r[1]=Math.min(r[1],y,w,b,v);r[2]=Math.max(r[2],d,m,p,g);r[3]=Math.max(r[3],y,w,b,v)}static inverseTransform(e){const t=e[0]*e[3]-e[1]*e[2];return[e[3]/t,-e[1]/t,-e[2]/t,e[0]/t,(e[2]*e[5]-e[4]*e[3])/t,(e[4]*e[1]-e[5]*e[0])/t]}static singularValueDecompose2dScale(e,t){const r=e[0],n=e[1],i=e[2],o=e[3],s=r**2+n**2,a=r*i+n*o,c=i**2+o**2,f=(s+c)/2,u=Math.sqrt(f**2-(s*c-a**2));t[0]=Math.sqrt(f+u||1);t[1]=Math.sqrt(f-u||1)}static normalizeRect(e){const t=e.slice(0);if(e[0]>e[2]){t[0]=e[2];t[2]=e[0]}if(e[1]>e[3]){t[1]=e[3];t[3]=e[1]}return t}static intersect(e,t){const r=Math.max(Math.min(e[0],e[2]),Math.min(t[0],t[2])),n=Math.min(Math.max(e[0],e[2]),Math.max(t[0],t[2]));if(r>n)return null;const i=Math.max(Math.min(e[1],e[3]),Math.min(t[1],t[3])),o=Math.min(Math.max(e[1],e[3]),Math.max(t[1],t[3]));return i>o?null:[r,i,n,o]}static pointBoundingBox(e,t,r){r[0]=Math.min(r[0],e);r[1]=Math.min(r[1],t);r[2]=Math.max(r[2],e);r[3]=Math.max(r[3],t)}static rectBoundingBox(e,t,r,n,i){i[0]=Math.min(i[0],e,r);i[1]=Math.min(i[1],t,n);i[2]=Math.max(i[2],e,r);i[3]=Math.max(i[3],t,n)}static#e(e,t,r,n,i,o,s,a,c,f){if(c<=0||c>=1)return;const u=1-c,l=c*c,h=l*c,d=u*(u*(u*e+3*c*t)+3*l*r)+h*n,p=u*(u*(u*i+3*c*o)+3*l*s)+h*a;f[0]=Math.min(f[0],d);f[1]=Math.min(f[1],p);f[2]=Math.max(f[2],d);f[3]=Math.max(f[3],p)}static#t(e,t,r,n,i,o,s,a,c,f,u,l){if(Math.abs(c)<1e-12){Math.abs(f)>=1e-12&&this.#e(e,t,r,n,i,o,s,a,-u/f,l);return}const h=f**2-4*u*c;if(h<0)return;const d=Math.sqrt(h),p=2*c;this.#e(e,t,r,n,i,o,s,a,(-f+d)/p,l);this.#e(e,t,r,n,i,o,s,a,(-f-d)/p,l)}static bezierBoundingBox(e,t,r,n,i,o,s,a,c){c[0]=Math.min(c[0],e,s);c[1]=Math.min(c[1],t,a);c[2]=Math.max(c[2],e,s);c[3]=Math.max(c[3],t,a);this.#t(e,r,i,s,t,n,o,a,3*(3*(r-i)-e+s),6*(e-2*r+i),3*(r-e),c);this.#t(e,r,i,s,t,n,o,a,3*(3*(n-o)-t+a),6*(t-2*n+o),3*(n-t),c)}}function MathClamp(e,t,r){return Math.min(Math.max(e,t),r)}"function"!=typeof Math.sumPrecise&&(Math.sumPrecise=function(e){return e.reduce((e,t)=>e+t,0)});"function"!=typeof AbortSignal.any&&(AbortSignal.any=function(e){const t=new AbortController,{signal:r}=t;for(const n of e)if(n.aborted){t.abort(n.reason);return r}for(const n of e)n.addEventListener("abort",()=>{t.abort(n.reason)},{signal:r});return r});__webpack_require__(1148),__webpack_require__(1701),__webpack_require__(7642),__webpack_require__(8004),__webpack_require__(3853),__webpack_require__(5876),__webpack_require__(2475),__webpack_require__(5024),__webpack_require__(1698);Symbol("CIRCULAR_REF"),Symbol("EOF");Object.create(null);let s=Object.create(null),a=Object.create(null);class Name{constructor(e){this.name=e}static get(e){return s[e]||=new Name(e)}}const c=function nonSerializableClosure(){return c};class primitives_Dict{constructor(e=null){this._map=new Map;this.xref=e;this.objId=null;this.suppressEncryption=!1;this.__nonSerializable__=c}assignXref(e){this.xref=e}get size(){return this._map.size}get(e,t,r){let n=this._map.get(e);if(void 0===n&&void 0!==t){n=this._map.get(t);void 0===n&&void 0!==r&&(n=this._map.get(r))}return n instanceof primitives_Ref&&this.xref?this.xref.fetch(n,this.suppressEncryption):n}async getAsync(e,t,r){let n=this._map.get(e);if(void 0===n&&void 0!==t){n=this._map.get(t);void 0===n&&void 0!==r&&(n=this._map.get(r))}return n instanceof primitives_Ref&&this.xref?this.xref.fetchAsync(n,this.suppressEncryption):n}getArray(e,t,r){let n=this._map.get(e);if(void 0===n&&void 0!==t){n=this._map.get(t);void 0===n&&void 0!==r&&(n=this._map.get(r))}n instanceof primitives_Ref&&this.xref&&(n=this.xref.fetch(n,this.suppressEncryption));if(Array.isArray(n)){n=n.slice();for(let e=0,t=n.length;e<t;e++)n[e]instanceof primitives_Ref&&this.xref&&(n[e]=this.xref.fetch(n[e],this.suppressEncryption))}return n}getRaw(e){return this._map.get(e)}getKeys(){return[...this._map.keys()]}getRawValues(){return[...this._map.values()]}set(e,t){this._map.set(e,t)}setIfNotExists(e,t){this.has(e)||this.set(e,t)}setIfNumber(e,t){"number"==typeof t&&this.set(e,t)}setIfArray(e,t){(Array.isArray(t)||ArrayBuffer.isView(t))&&this.set(e,t)}setIfDefined(e,t){null!=t&&this.set(e,t)}setIfName(e,t){"string"==typeof t?this.set(e,Name.get(t)):t instanceof Name&&this.set(e,t)}has(e){return this._map.has(e)}*[Symbol.iterator](){for(const[e,t]of this._map)yield[e,t instanceof primitives_Ref&&this.xref?this.xref.fetch(t,this.suppressEncryption):t]}static get empty(){const e=new primitives_Dict(null);e.set=(e,t)=>{unreachable("Should not call `set` on the empty dictionary.")};return shadow(this,"empty",e)}static merge({xref:e,dictArray:t,mergeSubDicts:r=!1}){const n=new primitives_Dict(e),i=new Map;for(const e of t)if(e instanceof primitives_Dict)for(const[t,n]of e._map){let e=i.get(t);if(void 0===e){e=[];i.set(t,e)}else if(!(r&&n instanceof primitives_Dict))continue;e.push(n)}for(const[t,r]of i){if(1===r.length||!(r[0]instanceof primitives_Dict)){n._map.set(t,r[0]);continue}const i=new primitives_Dict(e);for(const e of r)for(const[t,r]of e._map)i._map.has(t)||i._map.set(t,r);i.size>0&&n._map.set(t,i)}i.clear();return n.size>0?n:primitives_Dict.empty}clone(){const e=new primitives_Dict(this.xref);for(const t of this.getKeys())e.set(t,this.getRaw(t));return e}delete(e){this._map.delete(e)}}class primitives_Ref{constructor(e,t){this.num=e;this.gen=t}toString(){return 0===this.gen?`${this.num}R`:`${this.num}R${this.gen}`}static fromString(e){const t=a[e];if(t)return t;const r=/^(\d+)R(\d*)$/.exec(e);return r&&"0"!==r[1]?a[e]=new primitives_Ref(parseInt(r[1]),r[2]?parseInt(r[2]):0):null}static get(e,t){const r=0===t?`${e}R`:`${e}R${t}`;return a[r]||=new primitives_Ref(e,t)}}Symbol.iterator;Symbol.iterator;class base_stream_BaseStream{get length(){unreachable("Abstract getter `length` accessed")}get isEmpty(){unreachable("Abstract getter `isEmpty` accessed")}get isDataLoaded(){return shadow(this,"isDataLoaded",!0)}getByte(){unreachable("Abstract method `getByte` called")}getBytes(e){unreachable("Abstract method `getBytes` called")}async getImageData(e,t){return this.getBytes(e,t)}async asyncGetBytes(){unreachable("Abstract method `asyncGetBytes` called")}get isAsync(){return!1}get isAsyncDecoder(){return!1}get canAsyncDecodeImageFromBuffer(){return!1}async getTransferableImage(){return null}peekByte(){const e=this.getByte();-1!==e&&this.pos--;return e}peekBytes(e){const t=this.getBytes(e);this.pos-=t.length;return t}getUint16(){const e=this.getByte(),t=this.getByte();return-1===e||-1===t?-1:(e<<8)+t}getInt32(){return(this.getByte()<<24)+(this.getByte()<<16)+(this.getByte()<<8)+this.getByte()}getByteRange(e,t){unreachable("Abstract method `getByteRange` called")}getString(e){return bytesToString(this.getBytes(e))}skip(e){this.pos+=e||1}reset(){unreachable("Abstract method `reset` called")}moveStart(){unreachable("Abstract method `moveStart` called")}makeSubStream(e,t,r=null){unreachable("Abstract method `makeSubStream` called")}getBaseStreams(){return null}getOriginalStream(){return this.stream?.getOriginalStream()||this}}class MissingDataException extends i{constructor(e,t){super(`Missing data [${e}, ${t})`,"MissingDataException");this.begin=e;this.end=t}}function log2(e){return e>0?Math.ceil(Math.log2(e)):0}function readInt8(e,t){return e[t]<<24>>24}function readUint16(e,t){return e[t]<<8|e[t+1]}function readUint32(e,t){return(e[t]<<24|e[t+1]<<16|e[t+2]<<8|e[t+3])>>>0}const f=[{qe:22017,nmps:1,nlps:1,switchFlag:1},{qe:13313,nmps:2,nlps:6,switchFlag:0},{qe:6145,nmps:3,nlps:9,switchFlag:0},{qe:2753,nmps:4,nlps:12,switchFlag:0},{qe:1313,nmps:5,nlps:29,switchFlag:0},{qe:545,nmps:38,nlps:33,switchFlag:0},{qe:22017,nmps:7,nlps:6,switchFlag:1},{qe:21505,nmps:8,nlps:14,switchFlag:0},{qe:18433,nmps:9,nlps:14,switchFlag:0},{qe:14337,nmps:10,nlps:14,switchFlag:0},{qe:12289,nmps:11,nlps:17,switchFlag:0},{qe:9217,nmps:12,nlps:18,switchFlag:0},{qe:7169,nmps:13,nlps:20,switchFlag:0},{qe:5633,nmps:29,nlps:21,switchFlag:0},{qe:22017,nmps:15,nlps:14,switchFlag:1},{qe:21505,nmps:16,nlps:14,switchFlag:0},{qe:20737,nmps:17,nlps:15,switchFlag:0},{qe:18433,nmps:18,nlps:16,switchFlag:0},{qe:14337,nmps:19,nlps:17,switchFlag:0},{qe:13313,nmps:20,nlps:18,switchFlag:0},{qe:12289,nmps:21,nlps:19,switchFlag:0},{qe:10241,nmps:22,nlps:19,switchFlag:0},{qe:9217,nmps:23,nlps:20,switchFlag:0},{qe:8705,nmps:24,nlps:21,switchFlag:0},{qe:7169,nmps:25,nlps:22,switchFlag:0},{qe:6145,nmps:26,nlps:23,switchFlag:0},{qe:5633,nmps:27,nlps:24,switchFlag:0},{qe:5121,nmps:28,nlps:25,switchFlag:0},{qe:4609,nmps:29,nlps:26,switchFlag:0},{qe:4353,nmps:30,nlps:27,switchFlag:0},{qe:2753,nmps:31,nlps:28,switchFlag:0},{qe:2497,nmps:32,nlps:29,switchFlag:0},{qe:2209,nmps:33,nlps:30,switchFlag:0},{qe:1313,nmps:34,nlps:31,switchFlag:0},{qe:1089,nmps:35,nlps:32,switchFlag:0},{qe:673,nmps:36,nlps:33,switchFlag:0},{qe:545,nmps:37,nlps:34,switchFlag:0},{qe:321,nmps:38,nlps:35,switchFlag:0},{qe:273,nmps:39,nlps:36,switchFlag:0},{qe:133,nmps:40,nlps:37,switchFlag:0},{qe:73,nmps:41,nlps:38,switchFlag:0},{qe:37,nmps:42,nlps:39,switchFlag:0},{qe:21,nmps:43,nlps:40,switchFlag:0},{qe:9,nmps:44,nlps:41,switchFlag:0},{qe:5,nmps:45,nlps:42,switchFlag:0},{qe:1,nmps:45,nlps:43,switchFlag:0},{qe:22017,nmps:46,nlps:46,switchFlag:0}];class ArithmeticDecoder{constructor(e,t,r){this.data=e;this.bp=t;this.dataEnd=r;this.chigh=e[t];this.clow=0;this.byteIn();this.chigh=this.chigh<<7&65535|this.clow>>9&127;this.clow=this.clow<<7&65535;this.ct-=7;this.a=32768}byteIn(){const e=this.data;let t=this.bp;if(255===e[t])if(e[t+1]>143){this.clow+=65280;this.ct=8}else{t++;this.clow+=e[t]<<9;this.ct=7;this.bp=t}else{t++;this.clow+=t<this.dataEnd?e[t]<<8:65280;this.ct=8;this.bp=t}if(this.clow>65535){this.chigh+=this.clow>>16;this.clow&=65535}}readBit(e,t){let r=e[t]>>1,n=1&e[t];const i=f[r],o=i.qe;let s,a=this.a-o;if(this.chigh<o)if(a<o){a=o;s=n;r=i.nmps}else{a=o;s=1^n;1===i.switchFlag&&(n=s);r=i.nlps}else{this.chigh-=o;if(32768&a){this.a=a;return n}if(a<o){s=1^n;1===i.switchFlag&&(n=s);r=i.nlps}else{s=n;r=i.nmps}}do{0===this.ct&&this.byteIn();a<<=1;this.chigh=this.chigh<<1&65535|this.clow>>15&1;this.clow=this.clow<<1&65535;this.ct--}while(!(32768&a));this.a=a;e[t]=r<<1|n;return s}}const u=-1,l=[[-1,-1],[-1,-1],[7,8],[7,7],[6,6],[6,6],[6,5],[6,5],[4,0],[4,0],[4,0],[4,0],[4,0],[4,0],[4,0],[4,0],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[3,3],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2],[1,2]],h=[[-1,-1],[12,-2],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[11,1792],[11,1792],[12,1984],[12,2048],[12,2112],[12,2176],[12,2240],[12,2304],[11,1856],[11,1856],[11,1920],[11,1920],[12,2368],[12,2432],[12,2496],[12,2560]],d=[[-1,-1],[-1,-1],[-1,-1],[-1,-1],[8,29],[8,29],[8,30],[8,30],[8,45],[8,45],[8,46],[8,46],[7,22],[7,22],[7,22],[7,22],[7,23],[7,23],[7,23],[7,23],[8,47],[8,47],[8,48],[8,48],[6,13],[6,13],[6,13],[6,13],[6,13],[6,13],[6,13],[6,13],[7,20],[7,20],[7,20],[7,20],[8,33],[8,33],[8,34],[8,34],[8,35],[8,35],[8,36],[8,36],[8,37],[8,37],[8,38],[8,38],[7,19],[7,19],[7,19],[7,19],[8,31],[8,31],[8,32],[8,32],[6,1],[6,1],[6,1],[6,1],[6,1],[6,1],[6,1],[6,1],[6,12],[6,12],[6,12],[6,12],[6,12],[6,12],[6,12],[6,12],[8,53],[8,53],[8,54],[8,54],[7,26],[7,26],[7,26],[7,26],[8,39],[8,39],[8,40],[8,40],[8,41],[8,41],[8,42],[8,42],[8,43],[8,43],[8,44],[8,44],[7,21],[7,21],[7,21],[7,21],[7,28],[7,28],[7,28],[7,28],[8,61],[8,61],[8,62],[8,62],[8,63],[8,63],[8,0],[8,0],[8,320],[8,320],[8,384],[8,384],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,10],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[5,11],[7,27],[7,27],[7,27],[7,27],[8,59],[8,59],[8,60],[8,60],[9,1472],[9,1536],[9,1600],[9,1728],[7,18],[7,18],[7,18],[7,18],[7,24],[7,24],[7,24],[7,24],[8,49],[8,49],[8,50],[8,50],[8,51],[8,51],[8,52],[8,52],[7,25],[7,25],[7,25],[7,25],[8,55],[8,55],[8,56],[8,56],[8,57],[8,57],[8,58],[8,58],[6,192],[6,192],[6,192],[6,192],[6,192],[6,192],[6,192],[6,192],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[6,1664],[8,448],[8,448],[8,512],[8,512],[9,704],[9,768],[8,640],[8,640],[8,576],[8,576],[9,832],[9,896],[9,960],[9,1024],[9,1088],[9,1152],[9,1216],[9,1280],[9,1344],[9,1408],[7,256],[7,256],[7,256],[7,256],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,2],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[4,3],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,128],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,8],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[5,9],[6,16],[6,16],[6,16],[6,16],[6,16],[6,16],[6,16],[6,16],[6,17],[6,17],[6,17],[6,17],[6,17],[6,17],[6,17],[6,17],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,4],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[4,5],[6,14],[6,14],[6,14],[6,14],[6,14],[6,14],[6,14],[6,14],[6,15],[6,15],[6,15],[6,15],[6,15],[6,15],[6,15],[6,15],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[5,64],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,6],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7],[4,7]],p=[[-1,-1],[-1,-1],[12,-2],[12,-2],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[-1,-1],[11,1792],[11,1792],[11,1792],[11,1792],[12,1984],[12,1984],[12,2048],[12,2048],[12,2112],[12,2112],[12,2176],[12,2176],[12,2240],[12,2240],[12,2304],[12,2304],[11,1856],[11,1856],[11,1856],[11,1856],[11,1920],[11,1920],[11,1920],[11,1920],[12,2368],[12,2368],[12,2432],[12,2432],[12,2496],[12,2496],[12,2560],[12,2560],[10,18],[10,18],[10,18],[10,18],[10,18],[10,18],[10,18],[10,18],[12,52],[12,52],[13,640],[13,704],[13,768],[13,832],[12,55],[12,55],[12,56],[12,56],[13,1280],[13,1344],[13,1408],[13,1472],[12,59],[12,59],[12,60],[12,60],[13,1536],[13,1600],[11,24],[11,24],[11,24],[11,24],[11,25],[11,25],[11,25],[11,25],[13,1664],[13,1728],[12,320],[12,320],[12,384],[12,384],[12,448],[12,448],[13,512],[13,576],[12,53],[12,53],[12,54],[12,54],[13,896],[13,960],[13,1024],[13,1088],[13,1152],[13,1216],[10,64],[10,64],[10,64],[10,64],[10,64],[10,64],[10,64],[10,64]],m=[[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[8,13],[11,23],[11,23],[12,50],[12,51],[12,44],[12,45],[12,46],[12,47],[12,57],[12,58],[12,61],[12,256],[10,16],[10,16],[10,16],[10,16],[10,17],[10,17],[10,17],[10,17],[12,48],[12,49],[12,62],[12,63],[12,30],[12,31],[12,32],[12,33],[12,40],[12,41],[11,22],[11,22],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[8,14],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,10],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[7,11],[9,15],[9,15],[9,15],[9,15],[9,15],[9,15],[9,15],[9,15],[12,128],[12,192],[12,26],[12,27],[12,28],[12,29],[11,19],[11,19],[11,20],[11,20],[12,34],[12,35],[12,36],[12,37],[12,38],[12,39],[11,21],[11,21],[12,42],[12,43],[10,0],[10,0],[10,0],[10,0],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12],[7,12]],g=[[-1,-1],[-1,-1],[-1,-1],[-1,-1],[6,9],[6,8],[5,7],[5,7],[4,6],[4,6],[4,6],[4,6],[4,5],[4,5],[4,5],[4,5],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,1],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[3,4],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,3],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2],[2,2]];class CCITTFaxDecoder{constructor(e,t={}){if("function"!=typeof e?.next)throw new Error('CCITTFaxDecoder - invalid "source" parameter.');this.source=e;this.eof=!1;this.encoding=t.K||0;this.eoline=t.EndOfLine||!1;this.byteAlign=t.EncodedByteAlign||!1;this.columns=t.Columns||1728;this.rows=t.Rows||0;this.eoblock=t.EndOfBlock??!0;this.black=t.BlackIs1||!1;this.codingLine=new Uint32Array(this.columns+1);this.refLine=new Uint32Array(this.columns+2);this.codingLine[0]=this.columns;this.codingPos=0;this.row=0;this.nextLine2D=this.encoding<0;this.inputBits=0;this.inputBuf=0;this.outputBits=0;this.rowsDone=!1;let r;for(;0===(r=this._lookBits(12));)this._eatBits(1);1===r&&this._eatBits(12);if(this.encoding>0){this.nextLine2D=!this._lookBits(1);this._eatBits(1)}}readNextChar(){if(this.eof)return-1;const e=this.refLine,t=this.codingLine,r=this.columns;let n,i,o,s,a;if(0===this.outputBits){this.rowsDone&&(this.eof=!0);if(this.eof)return-1;this.err=!1;let o,a,c;if(this.nextLine2D){for(s=0;t[s]<r;++s)e[s]=t[s];e[s++]=r;e[s]=r;t[0]=0;this.codingPos=0;n=0;i=0;for(;t[this.codingPos]<r;){o=this._getTwoDimCode();switch(o){case 0:this._addPixels(e[n+1],i);e[n+1]<r&&(n+=2);break;case 1:o=a=0;if(i){do{o+=c=this._getBlackCode()}while(c>=64);do{a+=c=this._getWhiteCode()}while(c>=64)}else{do{o+=c=this._getWhiteCode()}while(c>=64);do{a+=c=this._getBlackCode()}while(c>=64)}this._addPixels(t[this.codingPos]+o,i);t[this.codingPos]<r&&this._addPixels(t[this.codingPos]+a,1^i);for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2;break;case 7:this._addPixels(e[n]+3,i);i^=1;if(t[this.codingPos]<r){++n;for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2}break;case 5:this._addPixels(e[n]+2,i);i^=1;if(t[this.codingPos]<r){++n;for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2}break;case 3:this._addPixels(e[n]+1,i);i^=1;if(t[this.codingPos]<r){++n;for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2}break;case 2:this._addPixels(e[n],i);i^=1;if(t[this.codingPos]<r){++n;for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2}break;case 8:this._addPixelsNeg(e[n]-3,i);i^=1;if(t[this.codingPos]<r){n>0?--n:++n;for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2}break;case 6:this._addPixelsNeg(e[n]-2,i);i^=1;if(t[this.codingPos]<r){n>0?--n:++n;for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2}break;case 4:this._addPixelsNeg(e[n]-1,i);i^=1;if(t[this.codingPos]<r){n>0?--n:++n;for(;e[n]<=t[this.codingPos]&&e[n]<r;)n+=2}break;case u:this._addPixels(r,0);this.eof=!0;break;default:info("bad 2d code");this._addPixels(r,0);this.err=!0}}}else{t[0]=0;this.codingPos=0;i=0;for(;t[this.codingPos]<r;){o=0;if(i)do{o+=c=this._getBlackCode()}while(c>=64);else do{o+=c=this._getWhiteCode()}while(c>=64);this._addPixels(t[this.codingPos]+o,i);i^=1}}let f=!1;this.byteAlign&&(this.inputBits&=-8);if(this.eoblock||this.row!==this.rows-1){o=this._lookBits(12);if(this.eoline)for(;o!==u&&1!==o;){this._eatBits(1);o=this._lookBits(12)}else for(;0===o;){this._eatBits(1);o=this._lookBits(12)}if(1===o){this._eatBits(12);f=!0}else o===u&&(this.eof=!0)}else this.rowsDone=!0;if(!this.eof&&this.encoding>0&&!this.rowsDone){this.nextLine2D=!this._lookBits(1);this._eatBits(1)}if(this.eoblock&&f&&this.byteAlign){o=this._lookBits(12);if(1===o){this._eatBits(12);if(this.encoding>0){this._lookBits(1);this._eatBits(1)}if(this.encoding>=0)for(s=0;s<4;++s){o=this._lookBits(12);1!==o&&info("bad rtc code: "+o);this._eatBits(12);if(this.encoding>0){this._lookBits(1);this._eatBits(1)}}this.eof=!0}}else if(this.err&&this.eoline){for(;;){o=this._lookBits(13);if(o===u){this.eof=!0;return-1}if(o>>1==1)break;this._eatBits(1)}this._eatBits(12);if(this.encoding>0){this._eatBits(1);this.nextLine2D=!(1&o)}}this.outputBits=t[0]>0?t[this.codingPos=0]:t[this.codingPos=1];this.row++}if(this.outputBits>=8){a=1&this.codingPos?0:255;this.outputBits-=8;if(0===this.outputBits&&t[this.codingPos]<r){this.codingPos++;this.outputBits=t[this.codingPos]-t[this.codingPos-1]}}else{o=8;a=0;do{if("number"!=typeof this.outputBits)throw new FormatError('Invalid /CCITTFaxDecode data, "outputBits" must be a number.');if(this.outputBits>o){a<<=o;1&this.codingPos||(a|=255>>8-o);this.outputBits-=o;o=0}else{a<<=this.outputBits;1&this.codingPos||(a|=255>>8-this.outputBits);o-=this.outputBits;this.outputBits=0;if(t[this.codingPos]<r){this.codingPos++;this.outputBits=t[this.codingPos]-t[this.codingPos-1]}else if(o>0){a<<=o;o=0}}}while(o)}this.black&&(a^=255);return a}_addPixels(e,t){const r=this.codingLine;let n=this.codingPos;if(e>r[n]){if(e>this.columns){info("row is wrong length");this.err=!0;e=this.columns}1&n^t&&++n;r[n]=e}this.codingPos=n}_addPixelsNeg(e,t){const r=this.codingLine;let n=this.codingPos;if(e>r[n]){if(e>this.columns){info("row is wrong length");this.err=!0;e=this.columns}1&n^t&&++n;r[n]=e}else if(e<r[n]){if(e<0){info("invalid code");this.err=!0;e=0}for(;n>0&&e<r[n-1];)--n;r[n]=e}this.codingPos=n}_findTableCode(e,t,r,n){const i=n||0;for(let n=e;n<=t;++n){let e=this._lookBits(n);if(e===u)return[!0,1,!1];n<t&&(e<<=t-n);if(!i||e>=i){const t=r[e-i];if(t[0]===n){this._eatBits(n);return[!0,t[1],!0]}}}return[!1,0,!1]}_getTwoDimCode(){let e,t=0;if(this.eoblock){t=this._lookBits(7);e=l[t];if(e?.[0]>0){this._eatBits(e[0]);return e[1]}}else{const e=this._findTableCode(1,7,l);if(e[0]&&e[2])return e[1]}info("Bad two dim code");return u}_getWhiteCode(){let e,t=0;if(this.eoblock){t=this._lookBits(12);if(t===u)return 1;e=t>>5?d[t>>3]:h[t];if(e[0]>0){this._eatBits(e[0]);return e[1]}}else{let e=this._findTableCode(1,9,d);if(e[0])return e[1];e=this._findTableCode(11,12,h);if(e[0])return e[1]}info("bad white code");this._eatBits(1);return 1}_getBlackCode(){let e,t;if(this.eoblock){e=this._lookBits(13);if(e===u)return 1;t=e>>7?!(e>>9)&&e>>7?m[(e>>1)-64]:g[e>>7]:p[e];if(t[0]>0){this._eatBits(t[0]);return t[1]}}else{let e=this._findTableCode(2,6,g);if(e[0])return e[1];e=this._findTableCode(7,12,m,64);if(e[0])return e[1];e=this._findTableCode(10,13,p);if(e[0])return e[1]}info("bad black code");this._eatBits(1);return 1}_lookBits(e){let t;for(;this.inputBits<e;){if(-1===(t=this.source.next()))return 0===this.inputBits?u:this.inputBuf<<e-this.inputBits&65535>>16-e;this.inputBuf=this.inputBuf<<8|t;this.inputBits+=8}return this.inputBuf>>this.inputBits-e&65535>>16-e}_eatBits(e){(this.inputBits-=e)<0&&(this.inputBits=0)}}class Jbig2Error extends i{constructor(e){super(e,"Jbig2Error")}}class ContextCache{getContexts(e){return e in this?this[e]:this[e]=new Int8Array(65536)}}class DecodingContext{constructor(e,t,r){this.data=e;this.start=t;this.end=r}get decoder(){return shadow(this,"decoder",new ArithmeticDecoder(this.data,this.start,this.end))}get contextCache(){return shadow(this,"contextCache",new ContextCache)}}function decodeInteger(e,t,r){const n=e.getContexts(t);let i=1;function readBits(e){let t=0;for(let o=0;o<e;o++){const e=r.readBit(n,i);i=i<256?i<<1|e:511&(i<<1|e)|256;t=t<<1|e}return t>>>0}const o=readBits(1),s=readBits(1)?readBits(1)?readBits(1)?readBits(1)?readBits(1)?readBits(32)+4436:readBits(12)+340:readBits(8)+84:readBits(6)+20:readBits(4)+4:readBits(2);let a;0===o?a=s:s>0&&(a=-s);return a>=-2147483648&&a<=2147483647?a:null}function decodeIAID(e,t,r){const n=e.getContexts("IAID");let i=1;for(let e=0;e<r;e++){i=i<<1|t.readBit(n,i)}return r<31?i&(1<<r)-1:2147483647&i}const y=["SymbolDictionary",null,null,null,"IntermediateTextRegion",null,"ImmediateTextRegion","ImmediateLosslessTextRegion",null,null,null,null,null,null,null,null,"PatternDictionary",null,null,null,"IntermediateHalftoneRegion",null,"ImmediateHalftoneRegion","ImmediateLosslessHalftoneRegion",null,null,null,null,null,null,null,null,null,null,null,null,"IntermediateGenericRegion",null,"ImmediateGenericRegion","ImmediateLosslessGenericRegion","IntermediateGenericRefinementRegion",null,"ImmediateGenericRefinementRegion","ImmediateLosslessGenericRefinementRegion",null,null,null,null,"PageInformation","EndOfPage","EndOfStripe","EndOfFile","Profiles","Tables",null,null,null,null,null,null,null,null,"Extension"],b=[[{x:-1,y:-2},{x:0,y:-2},{x:1,y:-2},{x:-2,y:-1},{x:-1,y:-1},{x:0,y:-1},{x:1,y:-1},{x:2,y:-1},{x:-4,y:0},{x:-3,y:0},{x:-2,y:0},{x:-1,y:0}],[{x:-1,y:-2},{x:0,y:-2},{x:1,y:-2},{x:2,y:-2},{x:-2,y:-1},{x:-1,y:-1},{x:0,y:-1},{x:1,y:-1},{x:2,y:-1},{x:-3,y:0},{x:-2,y:0},{x:-1,y:0}],[{x:-1,y:-2},{x:0,y:-2},{x:1,y:-2},{x:-2,y:-1},{x:-1,y:-1},{x:0,y:-1},{x:1,y:-1},{x:-2,y:0},{x:-1,y:0}],[{x:-3,y:-1},{x:-2,y:-1},{x:-1,y:-1},{x:0,y:-1},{x:1,y:-1},{x:-4,y:0},{x:-3,y:0},{x:-2,y:0},{x:-1,y:0}]],w=[{coding:[{x:0,y:-1},{x:1,y:-1},{x:-1,y:0}],reference:[{x:0,y:-1},{x:1,y:-1},{x:-1,y:0},{x:0,y:0},{x:1,y:0},{x:-1,y:1},{x:0,y:1},{x:1,y:1}]},{coding:[{x:-1,y:-1},{x:0,y:-1},{x:1,y:-1},{x:-1,y:0}],reference:[{x:0,y:-1},{x:-1,y:0},{x:0,y:0},{x:1,y:0},{x:0,y:1},{x:1,y:1}]}],v=[39717,1941,229,405],_=[32,8];function decodeBitmap(e,t,r,n,i,o,s,a){if(e){return decodeMMRBitmap(new Reader(a.data,a.start,a.end),t,r,!1)}if(0===n&&!o&&!i&&4===s.length&&3===s[0].x&&-1===s[0].y&&-3===s[1].x&&-1===s[1].y&&2===s[2].x&&-2===s[2].y&&-2===s[3].x&&-2===s[3].y)return function decodeBitmapTemplate0(e,t,r){const n=r.decoder,i=r.contextCache.getContexts("GB"),o=[];let s,a,c,f,u,l,h;for(a=0;a<t;a++){u=o[a]=new Uint8Array(e);l=a<1?u:o[a-1];h=a<2?u:o[a-2];s=h[0]<<13|h[1]<<12|h[2]<<11|l[0]<<7|l[1]<<6|l[2]<<5|l[3]<<4;for(c=0;c<e;c++){u[c]=f=n.readBit(i,s);s=(31735&s)<<1|(c+3<e?h[c+3]<<11:0)|(c+4<e?l[c+4]<<4:0)|f}}return o}(t,r,a);const c=!!o,f=b[n].concat(s);f.sort((e,t)=>e.y-t.y||e.x-t.x);const u=f.length,l=new Int8Array(u),h=new Int8Array(u),d=[];let p,m,g=0,y=0,w=0,_=0;for(m=0;m<u;m++){l[m]=f[m].x;h[m]=f[m].y;y=Math.min(y,f[m].x);w=Math.max(w,f[m].x);_=Math.min(_,f[m].y);m<u-1&&f[m].y===f[m+1].y&&f[m].x===f[m+1].x-1?g|=1<<u-1-m:d.push(m)}const x=d.length,C=new Int8Array(x),S=new Int8Array(x),R=new Uint16Array(x);for(p=0;p<x;p++){m=d[p];C[p]=f[m].x;S[p]=f[m].y;R[p]=1<<u-1-m}const A=-y,B=-_,I=t-w,E=v[n];let k=new Uint8Array(t);const T=[],D=a.decoder,P=a.contextCache.getContexts("GB");let M,O,U,L,N,G=0,q=0;for(let e=0;e<r;e++){if(i){G^=D.readBit(P,E);if(G){T.push(k);continue}}k=new Uint8Array(k);T.push(k);for(M=0;M<t;M++){if(c&&o[e][M]){k[M]=0;continue}if(M>=A&&M<I&&e>=B){q=q<<1&g;for(m=0;m<x;m++){O=e+S[m];U=M+C[m];L=T[O][U];if(L){L=R[m];q|=L}}}else{q=0;N=u-1;for(m=0;m<u;m++,N--){U=M+l[m];if(U>=0&&U<t){O=e+h[m];if(O>=0){L=T[O][U];L&&(q|=L<<N)}}}}const r=D.readBit(P,q);k[M]=r}}return T}function decodeRefinement(e,t,r,n,i,o,s,a,c){let f=w[r].coding;0===r&&(f=f.concat([a[0]]));const u=f.length,l=new Int32Array(u),h=new Int32Array(u);let d;for(d=0;d<u;d++){l[d]=f[d].x;h[d]=f[d].y}let p=w[r].reference;0===r&&(p=p.concat([a[1]]));const m=p.length,g=new Int32Array(m),y=new Int32Array(m);for(d=0;d<m;d++){g[d]=p[d].x;y[d]=p[d].y}const b=n[0].length,v=n.length,x=_[r],C=[],S=c.decoder,R=c.contextCache.getContexts("GR");let A=0;for(let r=0;r<t;r++){if(s){A^=S.readBit(R,x);if(A)throw new Jbig2Error("prediction is not supported")}const t=new Uint8Array(e);C.push(t);for(let s=0;s<e;s++){let a,c,f=0;for(d=0;d<u;d++){a=r+h[d];c=s+l[d];a<0||c<0||c>=e?f<<=1:f=f<<1|C[a][c]}for(d=0;d<m;d++){a=r+y[d]-o;c=s+g[d]-i;a<0||a>=v||c<0||c>=b?f<<=1:f=f<<1|n[a][c]}const p=S.readBit(R,f);t[s]=p}}return C}function decodeTextRegion(e,t,r,n,i,o,s,a,c,f,u,l,h,d,p,m,g,y,b){if(e&&t)throw new Jbig2Error("refinement with Huffman is not supported");const w=[];let v,_;for(v=0;v<n;v++){_=new Uint8Array(r);i&&_.fill(i);w.push(_)}const x=g.decoder,C=g.contextCache;let S=e?-d.tableDeltaT.decode(b):-decodeInteger(C,"IADT",x),R=0;v=0;for(;v<o;){S+=e?d.tableDeltaT.decode(b):decodeInteger(C,"IADT",x);R+=e?d.tableFirstS.decode(b):decodeInteger(C,"IAFS",x);let n=R;for(;;){let i=0;s>1&&(i=e?b.readBits(y):decodeInteger(C,"IAIT",x));const o=s*S+i,R=e?d.symbolIDTable.decode(b):decodeIAID(C,x,c),A=t&&(e?b.readBit():decodeInteger(C,"IARI",x));let B=a[R],I=B[0].length,E=B.length;if(A){const e=decodeInteger(C,"IARDW",x),t=decodeInteger(C,"IARDH",x);I+=e;E+=t;B=decodeRefinement(I,E,p,B,(e>>1)+decodeInteger(C,"IARDX",x),(t>>1)+decodeInteger(C,"IARDY",x),!1,m,g)}let k=0;f?1&l?k=E-1:n+=E-1:l>1?n+=I-1:k=I-1;const T=o-(1&l?0:E-1),D=n-(2&l?I-1:0);let P,M,O;if(f)for(P=0;P<E;P++){_=w[D+P];if(!_)continue;O=B[P];const e=Math.min(r-T,I);switch(h){case 0:for(M=0;M<e;M++)_[T+M]|=O[M];break;case 2:for(M=0;M<e;M++)_[T+M]^=O[M];break;default:throw new Jbig2Error(`operator ${h} is not supported`)}}else for(M=0;M<E;M++){_=w[T+M];if(_){O=B[M];switch(h){case 0:for(P=0;P<I;P++)_[D+P]|=O[P];break;case 2:for(P=0;P<I;P++)_[D+P]^=O[P];break;default:throw new Jbig2Error(`operator ${h} is not supported`)}}}v++;const U=e?d.tableDeltaS.decode(b):decodeInteger(C,"IADS",x);if(null===U)break;n+=k+U+u}}return w}function readSegmentHeader(e,t){const r={};r.number=readUint32(e,t);const n=e[t+4],i=63&n;if(!y[i])throw new Jbig2Error("invalid segment type: "+i);r.type=i;r.typeName=y[i];r.deferredNonRetain=!!(128&n);const o=!!(64&n),s=e[t+5];let a=s>>5&7;const c=[31&s];let f=t+6;if(7===s){a=536870911&readUint32(e,f-1);f+=3;let t=a+7>>3;c[0]=e[f++];for(;--t>0;)c.push(e[f++])}else if(5===s||6===s)throw new Jbig2Error("invalid referred-to flags");r.retainBits=c;let u=4;r.number<=256?u=1:r.number<=65536&&(u=2);const l=[];let h,d;for(h=0;h<a;h++){let t;t=1===u?e[f]:2===u?readUint16(e,f):readUint32(e,f);l.push(t);f+=u}r.referredTo=l;if(o){r.pageAssociation=readUint32(e,f);f+=4}else r.pageAssociation=e[f++];r.length=readUint32(e,f);f+=4;if(4294967295===r.length){if(38!==i)throw new Jbig2Error("invalid unknown segment length");{const t=readRegionSegmentInformation(e,f),n=!!(1&e[f+x]),i=6,o=new Uint8Array(i);if(!n){o[0]=255;o[1]=172}o[2]=t.height>>>24&255;o[3]=t.height>>16&255;o[4]=t.height>>8&255;o[5]=255&t.height;for(h=f,d=e.length;h<d;h++){let t=0;for(;t<i&&o[t]===e[h+t];)t++;if(t===i){r.length=h+i;break}}if(4294967295===r.length)throw new Jbig2Error("segment end was not found")}}r.headerEnd=f;return r}function readSegments(e,t,r,n){const i=[];let o=r;for(;o<n;){const r=readSegmentHeader(t,o);o=r.headerEnd;const n={header:r,data:t};if(!e.randomAccess){n.start=o;o+=r.length;n.end=o}i.push(n);if(51===r.type)break}if(e.randomAccess)for(let e=0,t=i.length;e<t;e++){i[e].start=o;o+=i[e].header.length;i[e].end=o}return i}function readRegionSegmentInformation(e,t){return{width:readUint32(e,t),height:readUint32(e,t+4),x:readUint32(e,t+8),y:readUint32(e,t+12),combinationOperator:7&e[t+16]}}const x=17;function processSegment(e,t){const r=e.header,n=e.data,i=e.end;let o,s,a,c,f=e.start;switch(r.type){case 0:const e={},t=readUint16(n,f);e.huffman=!!(1&t);e.refinement=!!(2&t);e.huffmanDHSelector=t>>2&3;e.huffmanDWSelector=t>>4&3;e.bitmapSizeSelector=t>>6&1;e.aggregationInstancesSelector=t>>7&1;e.bitmapCodingContextUsed=!!(256&t);e.bitmapCodingContextRetained=!!(512&t);e.template=t>>10&3;e.refinementTemplate=t>>12&1;f+=2;if(!e.huffman){c=0===e.template?4:1;s=[];for(a=0;a<c;a++){s.push({x:readInt8(n,f),y:readInt8(n,f+1)});f+=2}e.at=s}if(e.refinement&&!e.refinementTemplate){s=[];for(a=0;a<2;a++){s.push({x:readInt8(n,f),y:readInt8(n,f+1)});f+=2}e.refinementAt=s}e.numberOfExportedSymbols=readUint32(n,f);f+=4;e.numberOfNewSymbols=readUint32(n,f);f+=4;o=[e,r.number,r.referredTo,n,f,i];break;case 6:case 7:const u={};u.info=readRegionSegmentInformation(n,f);f+=x;const l=readUint16(n,f);f+=2;u.huffman=!!(1&l);u.refinement=!!(2&l);u.logStripSize=l>>2&3;u.stripSize=1<<u.logStripSize;u.referenceCorner=l>>4&3;u.transposed=!!(64&l);u.combinationOperator=l>>7&3;u.defaultPixelValue=l>>9&1;u.dsOffset=l<<17>>27;u.refinementTemplate=l>>15&1;if(u.huffman){const e=readUint16(n,f);f+=2;u.huffmanFS=3&e;u.huffmanDS=e>>2&3;u.huffmanDT=e>>4&3;u.huffmanRefinementDW=e>>6&3;u.huffmanRefinementDH=e>>8&3;u.huffmanRefinementDX=e>>10&3;u.huffmanRefinementDY=e>>12&3;u.huffmanRefinementSizeSelector=!!(16384&e)}if(u.refinement&&!u.refinementTemplate){s=[];for(a=0;a<2;a++){s.push({x:readInt8(n,f),y:readInt8(n,f+1)});f+=2}u.refinementAt=s}u.numberOfSymbolInstances=readUint32(n,f);f+=4;o=[u,r.referredTo,n,f,i];break;case 16:const h={},d=n[f++];h.mmr=!!(1&d);h.template=d>>1&3;h.patternWidth=n[f++];h.patternHeight=n[f++];h.maxPatternIndex=readUint32(n,f);f+=4;o=[h,r.number,n,f,i];break;case 22:case 23:const p={};p.info=readRegionSegmentInformation(n,f);f+=x;const m=n[f++];p.mmr=!!(1&m);p.template=m>>1&3;p.enableSkip=!!(8&m);p.combinationOperator=m>>4&7;p.defaultPixelValue=m>>7&1;p.gridWidth=readUint32(n,f);f+=4;p.gridHeight=readUint32(n,f);f+=4;p.gridOffsetX=4294967295&readUint32(n,f);f+=4;p.gridOffsetY=4294967295&readUint32(n,f);f+=4;p.gridVectorX=readUint16(n,f);f+=2;p.gridVectorY=readUint16(n,f);f+=2;o=[p,r.referredTo,n,f,i];break;case 38:case 39:const g={};g.info=readRegionSegmentInformation(n,f);f+=x;const y=n[f++];g.mmr=!!(1&y);g.template=y>>1&3;g.prediction=!!(8&y);if(!g.mmr){c=0===g.template?4:1;s=[];for(a=0;a<c;a++){s.push({x:readInt8(n,f),y:readInt8(n,f+1)});f+=2}g.at=s}o=[g,n,f,i];break;case 48:const b={width:readUint32(n,f),height:readUint32(n,f+4),resolutionX:readUint32(n,f+8),resolutionY:readUint32(n,f+12)};4294967295===b.height&&delete b.height;const w=n[f+16];readUint16(n,f+17);b.lossless=!!(1&w);b.refinement=!!(2&w);b.defaultPixelValue=w>>2&1;b.combinationOperator=w>>3&3;b.requiresBuffer=!!(32&w);b.combinationOperatorOverride=!!(64&w);o=[b];break;case 49:case 50:case 51:case 62:break;case 53:o=[r.number,n,f,i];break;default:throw new Jbig2Error(`segment type ${r.typeName}(${r.type}) is not implemented`)}const u="on"+r.typeName;u in t&&t[u].apply(t,o)}function processSegments(e,t){for(let r=0,n=e.length;r<n;r++)processSegment(e[r],t)}class SimpleSegmentVisitor{onPageInformation(e){this.currentPageInfo=e;const t=e.width+7>>3,r=new Uint8ClampedArray(t*e.height);e.defaultPixelValue&&r.fill(255);this.buffer=r}drawBitmap(e,t){const r=this.currentPageInfo,n=e.width,i=e.height,o=r.width+7>>3,s=r.combinationOperatorOverride?e.combinationOperator:r.combinationOperator,a=this.buffer,c=128>>(7&e.x);let f,u,l,h,d=e.y*o+(e.x>>3);switch(s){case 0:for(f=0;f<i;f++){l=c;h=d;for(u=0;u<n;u++){t[f][u]&&(a[h]|=l);l>>=1;if(!l){l=128;h++}}d+=o}break;case 2:for(f=0;f<i;f++){l=c;h=d;for(u=0;u<n;u++){t[f][u]&&(a[h]^=l);l>>=1;if(!l){l=128;h++}}d+=o}break;default:throw new Jbig2Error(`operator ${s} is not supported`)}}onImmediateGenericRegion(e,t,r,n){const i=e.info,o=new DecodingContext(t,r,n),s=decodeBitmap(e.mmr,i.width,i.height,e.template,e.prediction,null,e.at,o);this.drawBitmap(i,s)}onImmediateLosslessGenericRegion(){this.onImmediateGenericRegion(...arguments)}onSymbolDictionary(e,t,r,n,i,o){let s,a;if(e.huffman){s=function getSymbolDictionaryHuffmanTables(e,t,r){let n,i,o,s,a=0;switch(e.huffmanDHSelector){case 0:case 1:n=getStandardTable(e.huffmanDHSelector+4);break;case 3:n=getCustomHuffmanTable(a,t,r);a++;break;default:throw new Jbig2Error("invalid Huffman DH selector")}switch(e.huffmanDWSelector){case 0:case 1:i=getStandardTable(e.huffmanDWSelector+2);break;case 3:i=getCustomHuffmanTable(a,t,r);a++;break;default:throw new Jbig2Error("invalid Huffman DW selector")}if(e.bitmapSizeSelector){o=getCustomHuffmanTable(a,t,r);a++}else o=getStandardTable(1);s=e.aggregationInstancesSelector?getCustomHuffmanTable(a,t,r):getStandardTable(1);return{tableDeltaHeight:n,tableDeltaWidth:i,tableBitmapSize:o,tableAggregateInstances:s}}(e,r,this.customTables);a=new Reader(n,i,o)}let c=this.symbols;c||(this.symbols=c={});const f=[];for(const e of r){const t=c[e];t&&f.push(...t)}const u=new DecodingContext(n,i,o);c[t]=function decodeSymbolDictionary(e,t,r,n,i,o,s,a,c,f,u,l){if(e&&t)throw new Jbig2Error("symbol refinement with Huffman is not supported");const h=[];let d=0,p=log2(r.length+n);const m=u.decoder,g=u.contextCache;let y,b;if(e){y=getStandardTable(1);b=[];p=Math.max(p,1)}for(;h.length<n;){d+=e?o.tableDeltaHeight.decode(l):decodeInteger(g,"IADH",m);let n=0,i=0;const y=e?b.length:0;for(;;){const y=e?o.tableDeltaWidth.decode(l):decodeInteger(g,"IADW",m);if(null===y)break;n+=y;i+=n;let w;if(t){const i=decodeInteger(g,"IAAI",m);if(i>1)w=decodeTextRegion(e,t,n,d,0,i,1,r.concat(h),p,0,0,1,0,o,c,f,u,0,l);else{const e=decodeIAID(g,m,p),t=decodeInteger(g,"IARDX",m),i=decodeInteger(g,"IARDY",m);w=decodeRefinement(n,d,c,e<r.length?r[e]:h[e-r.length],t,i,!1,f,u)}h.push(w)}else if(e)b.push(n);else{w=decodeBitmap(!1,n,d,s,!1,null,a,u);h.push(w)}}if(e&&!t){const e=o.tableBitmapSize.decode(l);l.byteAlign();let t;if(0===e)t=readUncompressedBitmap(l,i,d);else{const r=l.end,n=l.position+e;l.end=n;t=decodeMMRBitmap(l,i,d,!1);l.end=r;l.position=n}const r=b.length;if(y===r-1)h.push(t);else{let e,n,i,o,s,a=0;for(e=y;e<r;e++){o=b[e];i=a+o;s=[];for(n=0;n<d;n++)s.push(t[n].subarray(a,i));h.push(s);a=i}}}}const w=[],v=[];let _,x,C=!1;const S=r.length+n;for(;v.length<S;){let t=e?y.decode(l):decodeInteger(g,"IAEX",m);for(;t--;)v.push(C);C=!C}for(_=0,x=r.length;_<x;_++)v[_]&&w.push(r[_]);for(let e=0;e<n;_++,e++)v[_]&&w.push(h[e]);return w}(e.huffman,e.refinement,f,e.numberOfNewSymbols,e.numberOfExportedSymbols,s,e.template,e.at,e.refinementTemplate,e.refinementAt,u,a)}onImmediateTextRegion(e,t,r,n,i){const o=e.info;let s,a;const c=this.symbols,f=[];for(const e of t){const t=c[e];t&&f.push(...t)}const u=log2(f.length);if(e.huffman){a=new Reader(r,n,i);s=function getTextRegionHuffmanTables(e,t,r,n,i){const o=[];for(let e=0;e<=34;e++){const t=i.readBits(4);o.push(new HuffmanLine([e,t,0,0]))}const s=new HuffmanTable(o,!1);o.length=0;for(let e=0;e<n;){const t=s.decode(i);if(t>=32){let r,n,s;switch(t){case 32:if(0===e)throw new Jbig2Error("no previous value in symbol ID table");n=i.readBits(2)+3;r=o[e-1].prefixLength;break;case 33:n=i.readBits(3)+3;r=0;break;case 34:n=i.readBits(7)+11;r=0;break;default:throw new Jbig2Error("invalid code length in symbol ID table")}for(s=0;s<n;s++){o.push(new HuffmanLine([e,r,0,0]));e++}}else{o.push(new HuffmanLine([e,t,0,0]));e++}}i.byteAlign();const a=new HuffmanTable(o,!1);let c,f,u,l=0;switch(e.huffmanFS){case 0:case 1:c=getStandardTable(e.huffmanFS+6);break;case 3:c=getCustomHuffmanTable(l,t,r);l++;break;default:throw new Jbig2Error("invalid Huffman FS selector")}switch(e.huffmanDS){case 0:case 1:case 2:f=getStandardTable(e.huffmanDS+8);break;case 3:f=getCustomHuffmanTable(l,t,r);l++;break;default:throw new Jbig2Error("invalid Huffman DS selector")}switch(e.huffmanDT){case 0:case 1:case 2:u=getStandardTable(e.huffmanDT+11);break;case 3:u=getCustomHuffmanTable(l,t,r);l++;break;default:throw new Jbig2Error("invalid Huffman DT selector")}if(e.refinement)throw new Jbig2Error("refinement with Huffman is not supported");return{symbolIDTable:a,tableFirstS:c,tableDeltaS:f,tableDeltaT:u}}(e,t,this.customTables,f.length,a)}const l=new DecodingContext(r,n,i),h=decodeTextRegion(e.huffman,e.refinement,o.width,o.height,e.defaultPixelValue,e.numberOfSymbolInstances,e.stripSize,f,u,e.transposed,e.dsOffset,e.referenceCorner,e.combinationOperator,s,e.refinementTemplate,e.refinementAt,l,e.logStripSize,a);this.drawBitmap(o,h)}onImmediateLosslessTextRegion(){this.onImmediateTextRegion(...arguments)}onPatternDictionary(e,t,r,n,i){let o=this.patterns;o||(this.patterns=o={});const s=new DecodingContext(r,n,i);o[t]=function decodePatternDictionary(e,t,r,n,i,o){const s=[];if(!e){s.push({x:-t,y:0});0===i&&s.push({x:-3,y:-1},{x:2,y:-2},{x:-2,y:-2})}const a=decodeBitmap(e,(n+1)*t,r,i,!1,null,s,o),c=[];for(let e=0;e<=n;e++){const n=[],i=t*e,o=i+t;for(let e=0;e<r;e++)n.push(a[e].subarray(i,o));c.push(n)}return c}(e.mmr,e.patternWidth,e.patternHeight,e.maxPatternIndex,e.template,s)}onImmediateHalftoneRegion(e,t,r,n,i){const o=this.patterns[t[0]],s=e.info,a=new DecodingContext(r,n,i),c=function decodeHalftoneRegion(e,t,r,n,i,o,s,a,c,f,u,l,h,d,p){if(s)throw new Jbig2Error("skip is not supported");if(0!==a)throw new Jbig2Error(`operator "${a}" is not supported in halftone region`);const m=[];let g,y,b;for(g=0;g<i;g++){b=new Uint8Array(n);o&&b.fill(o);m.push(b)}const w=t.length,v=t[0],_=v[0].length,x=v.length,C=log2(w),S=[];if(!e){S.push({x:r<=1?3:2,y:-1});0===r&&S.push({x:-3,y:-1},{x:2,y:-2},{x:-2,y:-2})}const R=[];let A,B,I,E,k,T,D,P,M,O,U;e&&(A=new Reader(p.data,p.start,p.end));for(g=C-1;g>=0;g--){B=e?decodeMMRBitmap(A,c,f,!0):decodeBitmap(!1,c,f,r,!1,null,S,p);R[g]=B}for(I=0;I<f;I++)for(E=0;E<c;E++){k=0;T=0;for(y=C-1;y>=0;y--){k^=R[y][I][E];T|=k<<y}D=t[T];P=u+I*d+E*h>>8;M=l+I*h-E*d>>8;if(P>=0&&P+_<=n&&M>=0&&M+x<=i)for(g=0;g<x;g++){U=m[M+g];O=D[g];for(y=0;y<_;y++)U[P+y]|=O[y]}else{let e,t;for(g=0;g<x;g++){t=M+g;if(!(t<0||t>=i)){U=m[t];O=D[g];for(y=0;y<_;y++){e=P+y;e>=0&&e<n&&(U[e]|=O[y])}}}}}return m}(e.mmr,o,e.template,s.width,s.height,e.defaultPixelValue,e.enableSkip,e.combinationOperator,e.gridWidth,e.gridHeight,e.gridOffsetX,e.gridOffsetY,e.gridVectorX,e.gridVectorY,a);this.drawBitmap(s,c)}onImmediateLosslessHalftoneRegion(){this.onImmediateHalftoneRegion(...arguments)}onTables(e,t,r,n){let i=this.customTables;i||(this.customTables=i={});i[e]=function decodeTablesSegment(e,t,r){const n=e[t],i=4294967295&readUint32(e,t+1),o=4294967295&readUint32(e,t+5),s=new Reader(e,t+9,r),a=1+(n>>1&7),c=1+(n>>4&7),f=[];let u,l,h=i;do{u=s.readBits(a);l=s.readBits(c);f.push(new HuffmanLine([h,u,l,0]));h+=1<<l}while(h<o);u=s.readBits(a);f.push(new HuffmanLine([i-1,u,32,0,"lower"]));u=s.readBits(a);f.push(new HuffmanLine([o,u,32,0]));if(1&n){u=s.readBits(a);f.push(new HuffmanLine([u,0]))}return new HuffmanTable(f,!1)}(t,r,n)}}class HuffmanLine{constructor(e){if(2===e.length){this.isOOB=!0;this.rangeLow=0;this.prefixLength=e[0];this.rangeLength=0;this.prefixCode=e[1];this.isLowerRange=!1}else{this.isOOB=!1;this.rangeLow=e[0];this.prefixLength=e[1];this.rangeLength=e[2];this.prefixCode=e[3];this.isLowerRange="lower"===e[4]}}}class HuffmanTreeNode{constructor(e){this.children=[];if(e){this.isLeaf=!0;this.rangeLength=e.rangeLength;this.rangeLow=e.rangeLow;this.isLowerRange=e.isLowerRange;this.isOOB=e.isOOB}else this.isLeaf=!1}buildTree(e,t){const r=e.prefixCode>>t&1;if(t<=0)this.children[r]=new HuffmanTreeNode(e);else{let n=this.children[r];n||(this.children[r]=n=new HuffmanTreeNode(null));n.buildTree(e,t-1)}}decodeNode(e){if(this.isLeaf){if(this.isOOB)return null;const t=e.readBits(this.rangeLength);return this.rangeLow+(this.isLowerRange?-t:t)}const t=this.children[e.readBit()];if(!t)throw new Jbig2Error("invalid Huffman data");return t.decodeNode(e)}}class HuffmanTable{constructor(e,t){t||this.assignPrefixCodes(e);this.rootNode=new HuffmanTreeNode(null);for(let t=0,r=e.length;t<r;t++){const r=e[t];r.prefixLength>0&&this.rootNode.buildTree(r,r.prefixLength-1)}}decode(e){return this.rootNode.decodeNode(e)}assignPrefixCodes(e){const t=e.length;let r=0;for(let n=0;n<t;n++)r=Math.max(r,e[n].prefixLength);const n=new Uint32Array(r+1);for(let r=0;r<t;r++)n[e[r].prefixLength]++;let i,o,s,a=1,c=0;n[0]=0;for(;a<=r;){c=c+n[a-1]<<1;i=c;o=0;for(;o<t;){s=e[o];if(s.prefixLength===a){s.prefixCode=i;i++}o++}a++}}}const C={};function getStandardTable(e){let t,r=C[e];if(r)return r;switch(e){case 1:t=[[0,1,4,0],[16,2,8,2],[272,3,16,6],[65808,3,32,7]];break;case 2:t=[[0,1,0,0],[1,2,0,2],[2,3,0,6],[3,4,3,14],[11,5,6,30],[75,6,32,62],[6,63]];break;case 3:t=[[-256,8,8,254],[0,1,0,0],[1,2,0,2],[2,3,0,6],[3,4,3,14],[11,5,6,30],[-257,8,32,255,"lower"],[75,7,32,126],[6,62]];break;case 4:t=[[1,1,0,0],[2,2,0,2],[3,3,0,6],[4,4,3,14],[12,5,6,30],[76,5,32,31]];break;case 5:t=[[-255,7,8,126],[1,1,0,0],[2,2,0,2],[3,3,0,6],[4,4,3,14],[12,5,6,30],[-256,7,32,127,"lower"],[76,6,32,62]];break;case 6:t=[[-2048,5,10,28],[-1024,4,9,8],[-512,4,8,9],[-256,4,7,10],[-128,5,6,29],[-64,5,5,30],[-32,4,5,11],[0,2,7,0],[128,3,7,2],[256,3,8,3],[512,4,9,12],[1024,4,10,13],[-2049,6,32,62,"lower"],[2048,6,32,63]];break;case 7:t=[[-1024,4,9,8],[-512,3,8,0],[-256,4,7,9],[-128,5,6,26],[-64,5,5,27],[-32,4,5,10],[0,4,5,11],[32,5,5,28],[64,5,6,29],[128,4,7,12],[256,3,8,1],[512,3,9,2],[1024,3,10,3],[-1025,5,32,30,"lower"],[2048,5,32,31]];break;case 8:t=[[-15,8,3,252],[-7,9,1,508],[-5,8,1,253],[-3,9,0,509],[-2,7,0,124],[-1,4,0,10],[0,2,1,0],[2,5,0,26],[3,6,0,58],[4,3,4,4],[20,6,1,59],[22,4,4,11],[38,4,5,12],[70,5,6,27],[134,5,7,28],[262,6,7,60],[390,7,8,125],[646,6,10,61],[-16,9,32,510,"lower"],[1670,9,32,511],[2,1]];break;case 9:t=[[-31,8,4,252],[-15,9,2,508],[-11,8,2,253],[-7,9,1,509],[-5,7,1,124],[-3,4,1,10],[-1,3,1,2],[1,3,1,3],[3,5,1,26],[5,6,1,58],[7,3,5,4],[39,6,2,59],[43,4,5,11],[75,4,6,12],[139,5,7,27],[267,5,8,28],[523,6,8,60],[779,7,9,125],[1291,6,11,61],[-32,9,32,510,"lower"],[3339,9,32,511],[2,0]];break;case 10:t=[[-21,7,4,122],[-5,8,0,252],[-4,7,0,123],[-3,5,0,24],[-2,2,2,0],[2,5,0,25],[3,6,0,54],[4,7,0,124],[5,8,0,253],[6,2,6,1],[70,5,5,26],[102,6,5,55],[134,6,6,56],[198,6,7,57],[326,6,8,58],[582,6,9,59],[1094,6,10,60],[2118,7,11,125],[-22,8,32,254,"lower"],[4166,8,32,255],[2,2]];break;case 11:t=[[1,1,0,0],[2,2,1,2],[4,4,0,12],[5,4,1,13],[7,5,1,28],[9,5,2,29],[13,6,2,60],[17,7,2,122],[21,7,3,123],[29,7,4,124],[45,7,5,125],[77,7,6,126],[141,7,32,127]];break;case 12:t=[[1,1,0,0],[2,2,0,2],[3,3,1,6],[5,5,0,28],[6,5,1,29],[8,6,1,60],[10,7,0,122],[11,7,1,123],[13,7,2,124],[17,7,3,125],[25,7,4,126],[41,8,5,254],[73,8,32,255]];break;case 13:t=[[1,1,0,0],[2,3,0,4],[3,4,0,12],[4,5,0,28],[5,4,1,13],[7,3,3,5],[15,6,1,58],[17,6,2,59],[21,6,3,60],[29,6,4,61],[45,6,5,62],[77,7,6,126],[141,7,32,127]];break;case 14:t=[[-2,3,0,4],[-1,3,0,5],[0,1,0,0],[1,3,0,6],[2,3,0,7]];break;case 15:t=[[-24,7,4,124],[-8,6,2,60],[-4,5,1,28],[-2,4,0,12],[-1,3,0,4],[0,1,0,0],[1,3,0,5],[2,4,0,13],[3,5,1,29],[5,6,2,61],[9,7,4,125],[-25,7,32,126,"lower"],[25,7,32,127]];break;default:throw new Jbig2Error(`standard table B.${e} does not exist`)}for(let e=0,r=t.length;e<r;e++)t[e]=new HuffmanLine(t[e]);r=new HuffmanTable(t,!0);C[e]=r;return r}class Reader{constructor(e,t,r){this.data=e;this.start=t;this.end=r;this.position=t;this.shift=-1;this.currentByte=0}readBit(){if(this.shift<0){if(this.position>=this.end)throw new Jbig2Error("end of data while reading bit");this.currentByte=this.data[this.position++];this.shift=7}const e=this.currentByte>>this.shift&1;this.shift--;return e}readBits(e){let t,r=0;for(t=e-1;t>=0;t--)r|=this.readBit()<<t;return r}byteAlign(){this.shift=-1}next(){return this.position>=this.end?-1:this.data[this.position++]}}function getCustomHuffmanTable(e,t,r){let n=0;for(let i=0,o=t.length;i<o;i++){const o=r[t[i]];if(o){if(e===n)return o;n++}}throw new Jbig2Error("can't find custom Huffman table")}function readUncompressedBitmap(e,t,r){const n=[];for(let i=0;i<r;i++){const r=new Uint8Array(t);n.push(r);for(let n=0;n<t;n++)r[n]=e.readBit();e.byteAlign()}return n}function decodeMMRBitmap(e,t,r,n){const i=new CCITTFaxDecoder(e,{K:-1,Columns:t,Rows:r,BlackIs1:!0,EndOfBlock:n}),o=[];let s,a=!1;for(let e=0;e<r;e++){const e=new Uint8Array(t);o.push(e);let r=-1;for(let n=0;n<t;n++){if(r<0){s=i.readNextChar();if(-1===s){s=0;a=!0}r=7}e[n]=s>>r&1;r--}}if(n&&!a){const e=5;for(let t=0;t<e&&-1!==i.readNextChar();t++);}return o}class Jbig2Image{parseChunks(e){return function parseJbig2Chunks(e){const t=new SimpleSegmentVisitor;for(let r=0,n=e.length;r<n;r++){const n=e[r];processSegments(readSegments({},n.data,n.start,n.end),t)}return t.buffer}(e)}parse(e){const{imgData:t,width:r,height:n}=function parseJbig2(e){const t=e.length;let r=0;if(151!==e[r]||74!==e[r+1]||66!==e[r+2]||50!==e[r+3]||13!==e[r+4]||10!==e[r+5]||26!==e[r+6]||10!==e[r+7])throw new Jbig2Error("parseJbig2 - invalid header.");const n=Object.create(null);r+=8;const i=e[r++];n.randomAccess=!(1&i);if(!(2&i)){n.numberOfPages=readUint32(e,r);r+=4}const o=readSegments(n,e,r,t),s=new SimpleSegmentVisitor;processSegments(o,s);const{width:a,height:c}=s.currentPageInfo,f=s.buffer,u=new Uint8ClampedArray(a*c);let l=0,h=0;for(let e=0;e<c;e++){let e,t=0;for(let r=0;r<a;r++){if(!t){t=128;e=f[h++]}u[l++]=e&t?0:255;t>>=1}}return{imgData:u,width:a,height:c}}(e);this.width=r;this.height=n;return t}}class ColorSpace{static#r=new Uint8ClampedArray(3);constructor(e,t){this.name=e;this.numComps=t}getRgb(e,t,r=new Uint8ClampedArray(3)){this.getRgbItem(e,t,r,0);return r}getRgbHex(e,t){const r=this.getRgb(e,t,ColorSpace.#r);return util_Util.makeHexColor(r[0],r[1],r[2])}getRgbItem(e,t,r,n){unreachable("Should not call ColorSpace.getRgbItem")}getRgbBuffer(e,t,r,n,i,o,s){unreachable("Should not call ColorSpace.getRgbBuffer")}getOutputLength(e,t){unreachable("Should not call ColorSpace.getOutputLength")}isPassthrough(e){return!1}isDefaultDecode(e,t){return ColorSpace.isDefaultDecode(e,this.numComps)}fillRgb(e,t,r,n,i,o,s,a,c){const f=t*r;let u=null;const l=1<<s,h=r!==i||t!==n;if(this.isPassthrough(s))u=a;else if(1===this.numComps&&f>l&&"DeviceGray"!==this.name&&"DeviceRGB"!==this.name){const t=s<=8?new Uint8Array(l):new Uint16Array(l);for(let e=0;e<l;e++)t[e]=e;const r=new Uint8ClampedArray(3*l);this.getRgbBuffer(t,0,l,r,0,s,0);if(h){u=new Uint8Array(3*f);let e=0;for(let t=0;t<f;++t){const n=3*a[t];u[e++]=r[n];u[e++]=r[n+1];u[e++]=r[n+2]}}else{let t=0;for(let n=0;n<f;++n){const i=3*a[n];e[t++]=r[i];e[t++]=r[i+1];e[t++]=r[i+2];t+=c}}}else if(h){u=new Uint8ClampedArray(3*f);this.getRgbBuffer(a,0,f,u,0,s,0)}else this.getRgbBuffer(a,0,n*o,e,0,s,c);if(u)if(h)!function resizeRgbImage(e,t,r,n,i,o,s){s=1!==s?0:s;const a=r/i,c=n/o;let f,u=0;const l=new Uint16Array(i),h=3*r;for(let e=0;e<i;e++)l[e]=3*Math.floor(e*a);for(let r=0;r<o;r++){const n=Math.floor(r*c)*h;for(let r=0;r<i;r++){f=n+l[r];t[u++]=e[f++];t[u++]=e[f++];t[u++]=e[f++];u+=s}}}(u,e,t,r,n,i,c);else{let t=0,r=0;for(let i=0,s=n*o;i<s;i++){e[t++]=u[r++];e[t++]=u[r++];e[t++]=u[r++];t+=c}}}get usesZeroToOneRange(){return shadow(this,"usesZeroToOneRange",!0)}static isDefaultDecode(e,t){if(!Array.isArray(e))return!0;if(2*t!==e.length){util_warn("The decode map is not the correct length");return!0}for(let t=0,r=e.length;t<r;t+=2)if(0!==e[t]||1!==e[t+1])return!1;return!0}}class AlternateCS extends ColorSpace{constructor(e,t,r){super("Alternate",e);this.base=t;this.tintFn=r;this.tmpBuf=new Float32Array(t.numComps)}getRgbItem(e,t,r,n){const i=this.tmpBuf;this.tintFn(e,t,i,0);this.base.getRgbItem(i,0,r,n)}getRgbBuffer(e,t,r,n,i,o,s){const a=this.tintFn,c=this.base,f=1/((1<<o)-1),u=c.numComps,l=c.usesZeroToOneRange,h=(c.isPassthrough(8)||!l)&&0===s;let d=h?i:0;const p=h?n:new Uint8ClampedArray(u*r),m=this.numComps,g=new Float32Array(m),y=new Float32Array(u);let b,w;for(b=0;b<r;b++){for(w=0;w<m;w++)g[w]=e[t++]*f;a(g,0,y,0);if(l)for(w=0;w<u;w++)p[d++]=255*y[w];else{c.getRgbItem(y,0,p,d);d+=u}}h||c.getRgbBuffer(p,0,r,n,i,8,s)}getOutputLength(e,t){return this.base.getOutputLength(e*this.base.numComps/this.numComps,t)}}class PatternCS extends ColorSpace{constructor(e){super("Pattern",null);this.base=e}isDefaultDecode(e,t){unreachable("Should not call PatternCS.isDefaultDecode")}}class IndexedCS extends ColorSpace{constructor(e,t,r){super("Indexed",1);this.base=e;this.highVal=t;const n=e.numComps*(t+1);this.lookup=new Uint8Array(n);if(r instanceof base_stream_BaseStream){const e=r.getBytes(n);this.lookup.set(e)}else{if("string"!=typeof r)throw new FormatError(`IndexedCS - unrecognized lookup table: ${r}`);for(let e=0;e<n;++e)this.lookup[e]=255&r.charCodeAt(e)}}getRgbItem(e,t,r,n){const{base:i,highVal:o,lookup:s}=this,a=MathClamp(Math.round(e[t]),0,o)*i.numComps;i.getRgbBuffer(s,a,1,r,n,8,0)}getRgbBuffer(e,t,r,n,i,o,s){const{base:a,highVal:c,lookup:f}=this,{numComps:u}=a,l=a.getOutputLength(u,s);for(let o=0;o<r;++o){const r=MathClamp(Math.round(e[t++]),0,c)*u;a.getRgbBuffer(f,r,1,n,i,8,s);i+=l}}getOutputLength(e,t){return this.base.getOutputLength(e*this.base.numComps,t)}isDefaultDecode(e,t){if(!Array.isArray(e))return!0;if(2!==e.length){util_warn("Decode map length is not correct");return!0}if(!Number.isInteger(t)||t<1){util_warn("Bits per component is not correct");return!0}return 0===e[0]&&e[1]===(1<<t)-1}}class DeviceGrayCS extends ColorSpace{constructor(){super("DeviceGray",1)}getRgbItem(e,t,r,n){const i=255*e[t];r[n]=r[n+1]=r[n+2]=i}getRgbBuffer(e,t,r,n,i,o,s){const a=255/((1<<o)-1);let c=t,f=i;for(let t=0;t<r;++t){const t=a*e[c++];n[f++]=t;n[f++]=t;n[f++]=t;f+=s}}getOutputLength(e,t){return e*(3+t)}}class DeviceRgbCS extends ColorSpace{constructor(){super("DeviceRGB",3)}getRgbItem(e,t,r,n){r[n]=255*e[t];r[n+1]=255*e[t+1];r[n+2]=255*e[t+2]}getRgbBuffer(e,t,r,n,i,o,s){if(8===o&&0===s){n.set(e.subarray(t,t+3*r),i);return}const a=255/((1<<o)-1);let c=t,f=i;for(let t=0;t<r;++t){n[f++]=a*e[c++];n[f++]=a*e[c++];n[f++]=a*e[c++];f+=s}}getOutputLength(e,t){return e*(3+t)/3|0}isPassthrough(e){return 8===e}}class DeviceRgbaCS extends ColorSpace{constructor(){super("DeviceRGBA",4)}getOutputLength(e,t){return 4*e}isPassthrough(e){return 8===e}fillRgb(e,t,r,n,i,o,s,a,c){r!==i||t!==n?function resizeRgbaImage(e,t,r,n,i,o,s){const a=r/i,c=n/o;let f=0;const u=new Uint16Array(i);if(1===s){for(let e=0;e<i;e++)u[e]=Math.floor(e*a);const n=new Uint32Array(e.buffer),s=new Uint32Array(t.buffer),l=util_FeatureTest.isLittleEndian?16777215:4294967040;for(let e=0;e<o;e++){const t=n.subarray(Math.floor(e*c)*r);for(let e=0;e<i;e++)s[f++]|=t[u[e]]&l}}else{const n=4,s=r*n;for(let e=0;e<i;e++)u[e]=Math.floor(e*a)*n;for(let r=0;r<o;r++){const n=e.subarray(Math.floor(r*c)*s);for(let e=0;e<i;e++){const r=u[e];t[f++]=n[r];t[f++]=n[r+1];t[f++]=n[r+2]}}}}(a,e,t,r,n,i,c):function copyRgbaImage(e,t,r){if(1===r){const r=new Uint32Array(e.buffer),n=new Uint32Array(t.buffer),i=util_FeatureTest.isLittleEndian?16777215:4294967040;for(let e=0,t=r.length;e<t;e++)n[e]|=r[e]&i}else{let r=0;for(let n=0,i=e.length;n<i;n+=4){t[r++]=e[n];t[r++]=e[n+1];t[r++]=e[n+2]}}}(a,e,c)}}class DeviceCmykCS extends ColorSpace{constructor(){super("DeviceCMYK",4)}#n(e,t,r,n,i){const o=e[t]*r,s=e[t+1]*r,a=e[t+2]*r,c=e[t+3]*r;n[i]=255+o*(-4.387332384609988*o+54.48615194189176*s+18.82290502165302*a+212.25662451639585*c-285.2331026137004)+s*(1.7149763477362134*s-5.6096736904047315*a+-17.873870861415444*c-5.497006427196366)+a*(-2.5217340131683033*a-21.248923337353073*c+17.5119270841813)+c*(-21.86122147463605*c-189.48180835922747);n[i+1]=255+o*(8.841041422036149*o+60.118027045597366*s+6.871425592049007*a+31.159100130055922*c-79.2970844816548)+s*(-15.310361306967817*s+17.575251261109482*a+131.35250912493976*c-190.9453302588951)+a*(4.444339102852739*a+9.8632861493405*c-24.86741582555878)+c*(-20.737325471181034*c-187.80453709719578);n[i+2]=255+o*(.8842522430003296*o+8.078677503112928*s+30.89978309703729*a-.23883238689178934*c-14.183576799673286)+s*(10.49593273432072*s+63.02378494754052*a+50.606957656360734*c-112.23884253719248)+a*(.03296041114873217*a+115.60384449646641*c-193.58209356861505)+c*(-22.33816807309886*c-180.12613974708367)}getRgbItem(e,t,r,n){this.#n(e,t,1,r,n)}getRgbBuffer(e,t,r,n,i,o,s){const a=1/((1<<o)-1);for(let o=0;o<r;o++){this.#n(e,t,a,n,i);t+=4;i+=3+s}}getOutputLength(e,t){return e/4*(3+t)|0}}class CalGrayCS extends ColorSpace{constructor(e,t,r){super("CalGray",1);if(!e)throw new FormatError("WhitePoint missing - required for color space CalGray");[this.XW,this.YW,this.ZW]=e;[this.XB,this.YB,this.ZB]=t||[0,0,0];this.G=r||1;if(this.XW<0||this.ZW<0||1!==this.YW)throw new FormatError(`Invalid WhitePoint components for ${this.name}, no fallback available`);if(this.XB<0||this.YB<0||this.ZB<0){info(`Invalid BlackPoint for ${this.name}, falling back to default.`);this.XB=this.YB=this.ZB=0}0===this.XB&&0===this.YB&&0===this.ZB||util_warn(`${this.name}, BlackPoint: XB: ${this.XB}, YB: ${this.YB}, ZB: ${this.ZB}, only default values are supported.`);if(this.G<1){info(`Invalid Gamma: ${this.G} for ${this.name}, falling back to default.`);this.G=1}}#n(e,t,r,n,i){const o=(e[t]*i)**this.G,s=this.YW*o,a=Math.max(295.8*s**.3333333333333333-40.8,0);r[n]=a;r[n+1]=a;r[n+2]=a}getRgbItem(e,t,r,n){this.#n(e,t,r,n,1)}getRgbBuffer(e,t,r,n,i,o,s){const a=1/((1<<o)-1);for(let o=0;o<r;++o){this.#n(e,t,n,i,a);t+=1;i+=3+s}}getOutputLength(e,t){return e*(3+t)}}class CalRGBCS extends ColorSpace{static#i=new Float32Array([.8951,.2664,-.1614,-.7502,1.7135,.0367,.0389,-.0685,1.0296]);static#o=new Float32Array([.9869929,-.1470543,.1599627,.4323053,.5183603,.0492912,-.0085287,.0400428,.9684867]);static#s=new Float32Array([3.2404542,-1.5371385,-.4985314,-.969266,1.8760108,.041556,.0556434,-.2040259,1.0572252]);static#a=new Float32Array([1,1,1]);static#c=new Float32Array(3);static#f=new Float32Array(3);static#u=new Float32Array(3);static#l=(24/116)**3/8;constructor(e,t,r,n){super("CalRGB",3);if(!e)throw new FormatError("WhitePoint missing - required for color space CalRGB");const[i,o,s]=this.whitePoint=e,[a,c,f]=this.blackPoint=t||new Float32Array(3);[this.GR,this.GG,this.GB]=r||new Float32Array([1,1,1]);[this.MXA,this.MYA,this.MZA,this.MXB,this.MYB,this.MZB,this.MXC,this.MYC,this.MZC]=n||new Float32Array([1,0,0,0,1,0,0,0,1]);if(i<0||s<0||1!==o)throw new FormatError(`Invalid WhitePoint components for ${this.name}, no fallback available`);if(a<0||c<0||f<0){info(`Invalid BlackPoint for ${this.name} [${a}, ${c}, ${f}], falling back to default.`);this.blackPoint=new Float32Array(3)}if(this.GR<0||this.GG<0||this.GB<0){info(`Invalid Gamma [${this.GR}, ${this.GG}, ${this.GB}] for ${this.name}, falling back to default.`);this.GR=this.GG=this.GB=1}}#h(e,t,r){r[0]=e[0]*t[0]+e[1]*t[1]+e[2]*t[2];r[1]=e[3]*t[0]+e[4]*t[1]+e[5]*t[2];r[2]=e[6]*t[0]+e[7]*t[1]+e[8]*t[2]}#d(e,t,r){r[0]=1*t[0]/e[0];r[1]=1*t[1]/e[1];r[2]=1*t[2]/e[2]}#p(e,t,r){r[0]=.95047*t[0]/e[0];r[1]=1*t[1]/e[1];r[2]=1.08883*t[2]/e[2]}#m(e){return e<=.0031308?MathClamp(12.92*e,0,1):e>=.99554525?1:MathClamp(1.055*e**(1/2.4)-.055,0,1)}#g(e){return e<0?-this.#g(-e):e>8?((e+16)/116)**3:e*CalRGBCS.#l}#y(e,t,r){if(0===e[0]&&0===e[1]&&0===e[2]){r[0]=t[0];r[1]=t[1];r[2]=t[2];return}const n=this.#g(0),i=(1-n)/(1-this.#g(e[0])),o=1-i,s=(1-n)/(1-this.#g(e[1])),a=1-s,c=(1-n)/(1-this.#g(e[2])),f=1-c;r[0]=t[0]*i+o;r[1]=t[1]*s+a;r[2]=t[2]*c+f}#b(e,t,r){if(1===e[0]&&1===e[2]){r[0]=t[0];r[1]=t[1];r[2]=t[2];return}const n=r;this.#h(CalRGBCS.#i,t,n);const i=CalRGBCS.#c;this.#d(e,n,i);this.#h(CalRGBCS.#o,i,r)}#w(e,t,r){const n=r;this.#h(CalRGBCS.#i,t,n);const i=CalRGBCS.#c;this.#p(e,n,i);this.#h(CalRGBCS.#o,i,r)}#n(e,t,r,n,i){const o=MathClamp(e[t]*i,0,1),s=MathClamp(e[t+1]*i,0,1),a=MathClamp(e[t+2]*i,0,1),c=1===o?1:o**this.GR,f=1===s?1:s**this.GG,u=1===a?1:a**this.GB,l=this.MXA*c+this.MXB*f+this.MXC*u,h=this.MYA*c+this.MYB*f+this.MYC*u,d=this.MZA*c+this.MZB*f+this.MZC*u,p=CalRGBCS.#f;p[0]=l;p[1]=h;p[2]=d;const m=CalRGBCS.#u;this.#b(this.whitePoint,p,m);const g=CalRGBCS.#f;this.#y(this.blackPoint,m,g);const y=CalRGBCS.#u;this.#w(CalRGBCS.#a,g,y);const b=CalRGBCS.#f;this.#h(CalRGBCS.#s,y,b);r[n]=255*this.#m(b[0]);r[n+1]=255*this.#m(b[1]);r[n+2]=255*this.#m(b[2])}getRgbItem(e,t,r,n){this.#n(e,t,r,n,1)}getRgbBuffer(e,t,r,n,i,o,s){const a=1/((1<<o)-1);for(let o=0;o<r;++o){this.#n(e,t,n,i,a);t+=3;i+=3+s}}getOutputLength(e,t){return e*(3+t)/3|0}}class LabCS extends ColorSpace{constructor(e,t,r){super("Lab",3);if(!e)throw new FormatError("WhitePoint missing - required for color space Lab");[this.XW,this.YW,this.ZW]=e;[this.amin,this.amax,this.bmin,this.bmax]=r||[-100,100,-100,100];[this.XB,this.YB,this.ZB]=t||[0,0,0];if(this.XW<0||this.ZW<0||1!==this.YW)throw new FormatError("Invalid WhitePoint components, no fallback available");if(this.XB<0||this.YB<0||this.ZB<0){info("Invalid BlackPoint, falling back to default");this.XB=this.YB=this.ZB=0}if(this.amin>this.amax||this.bmin>this.bmax){info("Invalid Range, falling back to defaults");this.amin=-100;this.amax=100;this.bmin=-100;this.bmax=100}}#v(e){return e>=6/29?e**3:108/841*(e-4/29)}#_(e,t,r,n){return r+e*(n-r)/t}#n(e,t,r,n,i){let o=e[t],s=e[t+1],a=e[t+2];if(!1!==r){o=this.#_(o,r,0,100);s=this.#_(s,r,this.amin,this.amax);a=this.#_(a,r,this.bmin,this.bmax)}s>this.amax?s=this.amax:s<this.amin&&(s=this.amin);a>this.bmax?a=this.bmax:a<this.bmin&&(a=this.bmin);const c=(o+16)/116,f=c+s/500,u=c-a/200,l=this.XW*this.#v(f),h=this.YW*this.#v(c),d=this.ZW*this.#v(u);let p,m,g;if(this.ZW<1){p=3.1339*l+-1.617*h+-.4906*d;m=-.9785*l+1.916*h+.0333*d;g=.072*l+-.229*h+1.4057*d}else{p=3.2406*l+-1.5372*h+-.4986*d;m=-.9689*l+1.8758*h+.0415*d;g=.0557*l+-.204*h+1.057*d}n[i]=255*Math.sqrt(p);n[i+1]=255*Math.sqrt(m);n[i+2]=255*Math.sqrt(g)}getRgbItem(e,t,r,n){this.#n(e,t,!1,r,n)}getRgbBuffer(e,t,r,n,i,o,s){const a=(1<<o)-1;for(let o=0;o<r;o++){this.#n(e,t,a,n,i);t+=3;i+=3+s}}getOutputLength(e,t){return e*(3+t)/3|0}isDefaultDecode(e,t){return!0}get usesZeroToOneRange(){return shadow(this,"usesZeroToOneRange",!1)}}__webpack_require__(4603),__webpack_require__(7566),__webpack_require__(8721);class QCMS{static#x=null;static _memory=null;static _mustAddAlpha=!1;static _destBuffer=null;static _destOffset=0;static _destLength=0;static _cssColor="";static _makeHexColor=null;static get _memoryArray(){const e=this.#x;return e?.byteLength?e:this.#x=new Uint8Array(this._memory.buffer)}}let S;const R="undefined"!=typeof TextDecoder?new TextDecoder("utf-8",{ignoreBOM:!0,fatal:!0}):{decode:()=>{throw Error("TextDecoder not available")}};"undefined"!=typeof TextDecoder&&R.decode();let A=null;function getUint8ArrayMemory0(){null!==A&&0!==A.byteLength||(A=new Uint8Array(S.memory.buffer));return A}let B=0;function passArray8ToWasm0(e,t){const r=t(1*e.length,1)>>>0;getUint8ArrayMemory0().set(e,r/1);B=e.length;return r}const I=Object.freeze({RGB8:0,0:"RGB8",RGBA8:1,1:"RGBA8",BGRA8:2,2:"BGRA8",Gray8:3,3:"Gray8",GrayA8:4,4:"GrayA8",CMYK:5,5:"CMYK"}),E=Object.freeze({Perceptual:0,0:"Perceptual",RelativeColorimetric:1,1:"RelativeColorimetric",Saturation:2,2:"Saturation",AbsoluteColorimetric:3,3:"AbsoluteColorimetric"});function __wbg_get_imports(){const e={wbg:{}};e.wbg.__wbg_copyresult_b08ee7d273f295dd=function(e,t){!function copy_result(e,t){const{_mustAddAlpha:r,_destBuffer:n,_destOffset:i,_destLength:o,_memoryArray:s}=QCMS;if(t!==o)if(r)for(let r=e,o=e+t,a=i;r<o;r+=3,a+=4){n[a]=s[r];n[a+1]=s[r+1];n[a+2]=s[r+2];n[a+3]=255}else for(let r=e,o=e+t,a=i;r<o;r+=3,a+=4){n[a]=s[r];n[a+1]=s[r+1];n[a+2]=s[r+2]}else n.set(s.subarray(e,e+t),i)}(e>>>0,t>>>0)};e.wbg.__wbg_copyrgb_d60ce17bb05d9b67=function(e){!function copy_rgb(e){const{_destBuffer:t,_destOffset:r,_memoryArray:n}=QCMS;t[r]=n[e];t[r+1]=n[e+1];t[r+2]=n[e+2]}(e>>>0)};e.wbg.__wbg_makecssRGB_893bf0cd9fdb302d=function(e){!function make_cssRGB(e){const{_memoryArray:t}=QCMS;QCMS._cssColor=QCMS._makeHexColor(t[e],t[e+1],t[e+2])}(e>>>0)};e.wbg.__wbindgen_init_externref_table=function(){const e=S.__wbindgen_export_0,t=e.grow(4);e.set(0,void 0);e.set(t+0,void 0);e.set(t+1,null);e.set(t+2,!0);e.set(t+3,!1)};e.wbg.__wbindgen_throw=function(e,t){throw new Error(function getStringFromWasm0(e,t){e>>>=0;return R.decode(getUint8ArrayMemory0().subarray(e,e+t))}(e,t))};return e}function __wbg_finalize_init(e,t){S=e.exports;__wbg_init.__wbindgen_wasm_module=t;A=null;S.__wbindgen_start();return S}async function __wbg_init(e){if(void 0!==S)return S;void 0!==e&&(Object.getPrototypeOf(e)===Object.prototype?({module_or_path:e}=e):console.warn("using deprecated parameters for the initialization function; pass a single object instead"));const t=__wbg_get_imports();("string"==typeof e||"function"==typeof Request&&e instanceof Request||"function"==typeof URL&&e instanceof URL)&&(e=fetch(e));const{instance:r,module:n}=await async function __wbg_load(e,t){if("function"==typeof Response&&e instanceof Response){if("function"==typeof WebAssembly.instantiateStreaming)try{return await WebAssembly.instantiateStreaming(e,t)}catch(t){if("application/wasm"==e.headers.get("Content-Type"))throw t;console.warn("`WebAssembly.instantiateStreaming` failed because your server does not serve Wasm with `application/wasm` MIME type. Falling back to `WebAssembly.instantiate` which is slower. Original error:\n",t)}const r=await e.arrayBuffer();return await WebAssembly.instantiate(r,t)}{const r=await WebAssembly.instantiate(e,t);return r instanceof WebAssembly.Instance?{instance:r,module:e}:r}}(await e,t);return __wbg_finalize_init(r,n)}function fetchSync(e){const t=new XMLHttpRequest;t.open("GET",e,!1);t.responseType="arraybuffer";t.send(null);return t.response}class IccColorSpace extends ColorSpace{#C;#S;static#R=!0;static#A=null;static#B=null;constructor(e,t,r){if(!IccColorSpace.isUsable)throw new Error("No ICC color space support");super(t,r);let n;switch(r){case 1:n=I.Gray8;this.#S=(e,t,r)=>function qcms_convert_one(e,t,r){S.qcms_convert_one(e,t,r)}(this.#C,255*e[t],r);break;case 3:n=I.RGB8;this.#S=(e,t,r)=>function qcms_convert_three(e,t,r,n,i){S.qcms_convert_three(e,t,r,n,i)}(this.#C,255*e[t],255*e[t+1],255*e[t+2],r);break;case 4:n=I.CMYK;this.#S=(e,t,r)=>function qcms_convert_four(e,t,r,n,i,o){S.qcms_convert_four(e,t,r,n,i,o)}(this.#C,255*e[t],255*e[t+1],255*e[t+2],255*e[t+3],r);break;default:throw new Error(`Unsupported number of components: ${r}`)}this.#C=function qcms_transformer_from_memory(e,t,r){const n=passArray8ToWasm0(e,S.__wbindgen_malloc),i=B;return S.qcms_transformer_from_memory(n,i,t,r)>>>0}(e,n,E.Perceptual);if(!this.#C)throw new Error("Failed to create ICC color space");IccColorSpace.#B||=new FinalizationRegistry(e=>{!function qcms_drop_transformer(e){S.qcms_drop_transformer(e)}(e)});IccColorSpace.#B.register(this,this.#C)}getRgbHex(e,t){this.#S(e,t,!0);return QCMS._cssColor}getRgbItem(e,t,r,n){QCMS._destBuffer=r;QCMS._destOffset=n;QCMS._destLength=3;this.#S(e,t,!1);QCMS._destBuffer=null}getRgbBuffer(e,t,r,n,i,o,s){e=e.subarray(t,t+r*this.numComps);if(8!==o){const t=255/((1<<o)-1);for(let r=0,n=e.length;r<n;r++)e[r]*=t}QCMS._mustAddAlpha=s&&n.buffer===e.buffer;QCMS._destBuffer=n;QCMS._destOffset=i;QCMS._destLength=r*(3+s);!function qcms_convert_array(e,t){const r=passArray8ToWasm0(t,S.__wbindgen_malloc),n=B;S.qcms_convert_array(e,r,n)}(this.#C,e);QCMS._mustAddAlpha=!1;QCMS._destBuffer=null}getOutputLength(e,t){return e/this.numComps*(3+t)|0}static setOptions({useWasm:e,useWorkerFetch:t,wasmUrl:r}){if(t){this.#R=e;this.#A=r}else this.#R=!1}static get isUsable(){let e=!1;if(this.#R)if(this.#A)try{this._module=function initSync(e){if(void 0!==S)return S;void 0!==e&&(Object.getPrototypeOf(e)===Object.prototype?({module:e}=e):console.warn("using deprecated parameters for `initSync()`; pass a single object instead"));const t=__wbg_get_imports();e instanceof WebAssembly.Module||(e=new WebAssembly.Module(e));return __wbg_finalize_init(new WebAssembly.Instance(e,t),e)}({module:fetchSync(`${this.#A}qcms_bg.wasm`)});e=!!this._module;QCMS._memory=this._module.memory;QCMS._makeHexColor=util_Util.makeHexColor}catch(e){util_warn(`ICCBased color space: "${e}".`)}else util_warn("No ICC color space support due to missing `wasmUrl` API option");return shadow(this,"isUsable",e)}}class CmykICCBasedCS extends IccColorSpace{static#I;constructor(){super(new Uint8Array(fetchSync(`${CmykICCBasedCS.#I}CGATS001Compat-v2-micro.icc`)),"DeviceCMYK",4)}static setOptions({iccUrl:e}){this.#I=e}static get isUsable(){let e=!1;IccColorSpace.isUsable&&(this.#I?e=!0:util_warn("No CMYK ICC profile support due to missing `iccUrl` API option"));return shadow(this,"isUsable",e)}}class ColorSpaceUtils{static parse({cs:e,xref:t,resources:r=null,pdfFunctionFactory:n,globalColorSpaceCache:i,localColorSpaceCache:o,asyncIfNotCached:s=!1}){const a={xref:t,resources:r,pdfFunctionFactory:n,globalColorSpaceCache:i,localColorSpaceCache:o};let c,f,u;if(e instanceof primitives_Ref){f=e;const r=i.getByRef(f)||o.getByRef(f);if(r)return r;e=t.fetch(e)}if(e instanceof Name){c=e.name;const t=o.getByName(c);if(t)return t}try{u=this.#E(e,a)}catch(e){if(s&&!(e instanceof MissingDataException))return Promise.reject(e);throw e}if(c||f){o.set(c,f,u);f&&i.set(null,f,u)}return s?Promise.resolve(u):u}static#k(e,t){const{globalColorSpaceCache:r}=t;let n;if(e instanceof primitives_Ref){n=e;const t=r.getByRef(n);if(t)return t}const i=this.#E(e,t);n&&r.set(null,n,i);return i}static#E(e,t){const{xref:r,resources:n,pdfFunctionFactory:i,globalColorSpaceCache:o}=t;if((e=r.fetchIfRef(e))instanceof Name)switch(e.name){case"G":case"DeviceGray":return this.gray;case"RGB":case"DeviceRGB":return this.rgb;case"DeviceRGBA":return this.rgba;case"CMYK":case"DeviceCMYK":return this.cmyk;case"Pattern":return new PatternCS(null);default:if(n instanceof primitives_Dict){const r=n.get("ColorSpace");if(r instanceof primitives_Dict){const n=r.get(e.name);if(n){if(n instanceof Name)return this.#E(n,t);e=n;break}}}util_warn(`Unrecognized ColorSpace: ${e.name}`);return this.gray}if(Array.isArray(e)){const n=r.fetchIfRef(e[0]).name;let s,a,c,f,u,l;switch(n){case"G":case"DeviceGray":return this.gray;case"RGB":case"DeviceRGB":return this.rgb;case"CMYK":case"DeviceCMYK":return this.cmyk;case"CalGray":s=r.fetchIfRef(e[1]);f=s.getArray("WhitePoint");u=s.getArray("BlackPoint");l=s.get("Gamma");return new CalGrayCS(f,u,l);case"CalRGB":s=r.fetchIfRef(e[1]);f=s.getArray("WhitePoint");u=s.getArray("BlackPoint");l=s.getArray("Gamma");const h=s.getArray("Matrix");return new CalRGBCS(f,u,l,h);case"ICCBased":const d=e[1]instanceof primitives_Ref;if(d){const t=o.getByRef(e[1]);if(t)return t}const p=r.fetchIfRef(e[1]),m=p.dict;a=m.get("N");if(IccColorSpace.isUsable)try{const t=new IccColorSpace(p.getBytes(),"ICCBased",a);d&&o.set(null,e[1],t);return t}catch(t){if(t instanceof MissingDataException)throw t;util_warn(`ICCBased color space (${e[1]}): "${t}".`)}const g=m.getRaw("Alternate");if(g){const e=this.#k(g,t);if(e.numComps===a)return e;util_warn("ICCBased color space: Ignoring incorrect /Alternate entry.")}if(1===a)return this.gray;if(3===a)return this.rgb;if(4===a)return this.cmyk;break;case"Pattern":c=e[1]||null;c&&(c=this.#k(c,t));return new PatternCS(c);case"I":case"Indexed":c=this.#k(e[1],t);const y=MathClamp(r.fetchIfRef(e[2]),0,255),b=r.fetchIfRef(e[3]);return new IndexedCS(c,y,b);case"Separation":case"DeviceN":const w=r.fetchIfRef(e[1]);a=Array.isArray(w)?w.length:1;c=this.#k(e[2],t);const v=i.create(e[3]);return new AlternateCS(a,c,v);case"Lab":s=r.fetchIfRef(e[1]);f=s.getArray("WhitePoint");u=s.getArray("BlackPoint");const _=s.getArray("Range");return new LabCS(f,u,_);default:util_warn(`Unimplemented ColorSpace object: ${n}`);return this.gray}}util_warn(`Unrecognized ColorSpace object: ${e}`);return this.gray}static get gray(){return shadow(this,"gray",new DeviceGrayCS)}static get rgb(){return shadow(this,"rgb",new DeviceRgbCS)}static get rgba(){return shadow(this,"rgba",new DeviceRgbaCS)}static get cmyk(){if(CmykICCBasedCS.isUsable)try{return shadow(this,"cmyk",new CmykICCBasedCS)}catch{util_warn("CMYK fallback: DeviceCMYK")}return shadow(this,"cmyk",new DeviceCmykCS)}}class JpegError extends i{constructor(e){super(e,"JpegError")}}class DNLMarkerError extends i{constructor(e,t){super(e,"DNLMarkerError");this.scanLines=t}}class EOIMarkerError extends i{constructor(e){super(e,"EOIMarkerError")}}const k=new Uint8Array([0,1,8,16,9,2,3,10,17,24,32,25,18,11,4,5,12,19,26,33,40,48,41,34,27,20,13,6,7,14,21,28,35,42,49,56,57,50,43,36,29,22,15,23,30,37,44,51,58,59,52,45,38,31,39,46,53,60,61,54,47,55,62,63]),T=4017,D=799,P=3406,M=2276,O=1567,U=3784,L=5793,N=2896;function buildHuffmanTable(e,t){let r,n,i=0,o=16;for(;o>0&&!e[o-1];)o--;const s=[{children:[],index:0}];let a,c=s[0];for(r=0;r<o;r++){for(n=0;n<e[r];n++){c=s.pop();c.children[c.index]=t[i];for(;c.index>0;)c=s.pop();c.index++;s.push(c);for(;s.length<=r;){s.push(a={children:[],index:0});c.children[c.index]=a.children;c=a}i++}if(r+1<o){s.push(a={children:[],index:0});c.children[c.index]=a.children;c=a}}return s[0].children}function getBlockBufferOffset(e,t,r){return 64*((e.blocksPerLine+1)*t+r)}function decodeScan(e,t,r,n,i,o,s,a,c,f=!1){const u=r.mcusPerLine,l=r.progressive,h=t;let d=0,p=0;function readBit(){if(p>0){p--;return d>>p&1}d=e[t++];if(255===d){const n=e[t++];if(n){if(220===n&&f){const n=readUint16(e,t+=2);t+=2;if(n>0&&n!==r.scanLines)throw new DNLMarkerError("Found DNL marker (0xFFDC) while parsing scan data",n)}else if(217===n){if(f){const e=b*(8===r.precision?8:0);if(e>0&&Math.round(r.scanLines/e)>=5)throw new DNLMarkerError("Found EOI marker (0xFFD9) while parsing scan data, possibly caused by incorrect `scanLines` parameter",e)}throw new EOIMarkerError("Found EOI marker (0xFFD9) while parsing scan data")}throw new JpegError(`unexpected marker ${(d<<8|n).toString(16)}`)}}p=7;return d>>>7}function decodeHuffman(e){let t=e;for(;;){t=t[readBit()];switch(typeof t){case"number":return t;case"object":continue}throw new JpegError("invalid huffman sequence")}}function receive(e){let t=0;for(;e>0;){t=t<<1|readBit();e--}return t}function receiveAndExtend(e){if(1===e)return 1===readBit()?1:-1;const t=receive(e);return t>=1<<e-1?t:t+(-1<<e)+1}let m=0;let g,y=0;let b=0;function decodeMcu(e,t,r,n,i){const o=r%u;b=(r/u|0)*e.v+n;const s=o*e.h+i;t(e,getBlockBufferOffset(e,b,s))}function decodeBlock(e,t,r){b=r/e.blocksPerLine|0;const n=r%e.blocksPerLine;t(e,getBlockBufferOffset(e,b,n))}const w=n.length;let v,_,x,C,S,R;R=l?0===o?0===a?function decodeDCFirst(e,t){const r=decodeHuffman(e.huffmanTableDC),n=0===r?0:receiveAndExtend(r)<<c;e.blockData[t]=e.pred+=n}:function decodeDCSuccessive(e,t){e.blockData[t]|=readBit()<<c}:0===a?function decodeACFirst(e,t){if(m>0){m--;return}let r=o;const n=s;for(;r<=n;){const n=decodeHuffman(e.huffmanTableAC),i=15&n,o=n>>4;if(0===i){if(o<15){m=receive(o)+(1<<o)-1;break}r+=16;continue}r+=o;const s=k[r];e.blockData[t+s]=receiveAndExtend(i)*(1<<c);r++}}:function decodeACSuccessive(e,t){let r=o;const n=s;let i,a,f=0;for(;r<=n;){const n=t+k[r],o=e.blockData[n]<0?-1:1;switch(y){case 0:a=decodeHuffman(e.huffmanTableAC);i=15&a;f=a>>4;if(0===i)if(f<15){m=receive(f)+(1<<f);y=4}else{f=16;y=1}else{if(1!==i)throw new JpegError("invalid ACn encoding");g=receiveAndExtend(i);y=f?2:3}continue;case 1:case 2:if(e.blockData[n])e.blockData[n]+=o*(readBit()<<c);else{f--;0===f&&(y=2===y?3:0)}break;case 3:if(e.blockData[n])e.blockData[n]+=o*(readBit()<<c);else{e.blockData[n]=g<<c;y=0}break;case 4:e.blockData[n]&&(e.blockData[n]+=o*(readBit()<<c))}r++}if(4===y){m--;0===m&&(y=0)}}:function decodeBaseline(e,t){const r=decodeHuffman(e.huffmanTableDC),n=0===r?0:receiveAndExtend(r);e.blockData[t]=e.pred+=n;let i=1;for(;i<64;){const r=decodeHuffman(e.huffmanTableAC),n=15&r,o=r>>4;if(0===n){if(o<15)break;i+=16;continue}i+=o;const s=k[i];e.blockData[t+s]=receiveAndExtend(n);i++}};let A,B=0;const I=1===w?n[0].blocksPerLine*n[0].blocksPerColumn:u*r.mcusPerColumn;let E,T;for(;B<=I;){const r=i?Math.min(I-B,i):I;if(r>0){for(_=0;_<w;_++)n[_].pred=0;m=0;if(1===w){v=n[0];for(S=0;S<r;S++){decodeBlock(v,R,B);B++}}else for(S=0;S<r;S++){for(_=0;_<w;_++){v=n[_];E=v.h;T=v.v;for(x=0;x<T;x++)for(C=0;C<E;C++)decodeMcu(v,R,B,x,C)}B++}}p=0;A=findNextFileMarker(e,t);if(!A)break;if(A.invalid){util_warn(`decodeScan - ${r>0?"unexpected":"excessive"} MCU data, current marker is: ${A.invalid}`);t=A.offset}if(!(A.marker>=65488&&A.marker<=65495))break;t+=2}return t-h}function quantizeAndInverse(e,t,r){const n=e.quantizationTable,i=e.blockData;let o,s,a,c,f,u,l,h,d,p,m,g,y,b,w,v,_;if(!n)throw new JpegError("missing required Quantization Table.");for(let e=0;e<64;e+=8){d=i[t+e];p=i[t+e+1];m=i[t+e+2];g=i[t+e+3];y=i[t+e+4];b=i[t+e+5];w=i[t+e+6];v=i[t+e+7];d*=n[e];if(0!==(p|m|g|y|b|w|v)){p*=n[e+1];m*=n[e+2];g*=n[e+3];y*=n[e+4];b*=n[e+5];w*=n[e+6];v*=n[e+7];o=L*d+128>>8;s=L*y+128>>8;a=m;c=w;f=N*(p-v)+128>>8;h=N*(p+v)+128>>8;u=g<<4;l=b<<4;o=o+s+1>>1;s=o-s;_=a*U+c*O+128>>8;a=a*O-c*U+128>>8;c=_;f=f+l+1>>1;l=f-l;h=h+u+1>>1;u=h-u;o=o+c+1>>1;c=o-c;s=s+a+1>>1;a=s-a;_=f*M+h*P+2048>>12;f=f*P-h*M+2048>>12;h=_;_=u*D+l*T+2048>>12;u=u*T-l*D+2048>>12;l=_;r[e]=o+h;r[e+7]=o-h;r[e+1]=s+l;r[e+6]=s-l;r[e+2]=a+u;r[e+5]=a-u;r[e+3]=c+f;r[e+4]=c-f}else{_=L*d+512>>10;r[e]=_;r[e+1]=_;r[e+2]=_;r[e+3]=_;r[e+4]=_;r[e+5]=_;r[e+6]=_;r[e+7]=_}}for(let e=0;e<8;++e){d=r[e];p=r[e+8];m=r[e+16];g=r[e+24];y=r[e+32];b=r[e+40];w=r[e+48];v=r[e+56];if(0!==(p|m|g|y|b|w|v)){o=L*d+2048>>12;s=L*y+2048>>12;a=m;c=w;f=N*(p-v)+2048>>12;h=N*(p+v)+2048>>12;u=g;l=b;o=4112+(o+s+1>>1);s=o-s;_=a*U+c*O+2048>>12;a=a*O-c*U+2048>>12;c=_;f=f+l+1>>1;l=f-l;h=h+u+1>>1;u=h-u;o=o+c+1>>1;c=o-c;s=s+a+1>>1;a=s-a;_=f*M+h*P+2048>>12;f=f*P-h*M+2048>>12;h=_;_=u*D+l*T+2048>>12;u=u*T-l*D+2048>>12;l=_;d=o+h;v=o-h;p=s+l;w=s-l;m=a+u;b=a-u;g=c+f;y=c-f;d<16?d=0:d>=4080?d=255:d>>=4;p<16?p=0:p>=4080?p=255:p>>=4;m<16?m=0:m>=4080?m=255:m>>=4;g<16?g=0:g>=4080?g=255:g>>=4;y<16?y=0:y>=4080?y=255:y>>=4;b<16?b=0:b>=4080?b=255:b>>=4;w<16?w=0:w>=4080?w=255:w>>=4;v<16?v=0:v>=4080?v=255:v>>=4;i[t+e]=d;i[t+e+8]=p;i[t+e+16]=m;i[t+e+24]=g;i[t+e+32]=y;i[t+e+40]=b;i[t+e+48]=w;i[t+e+56]=v}else{_=L*d+8192>>14;_=_<-2040?0:_>=2024?255:_+2056>>4;i[t+e]=_;i[t+e+8]=_;i[t+e+16]=_;i[t+e+24]=_;i[t+e+32]=_;i[t+e+40]=_;i[t+e+48]=_;i[t+e+56]=_}}}function buildComponentData(e,t){const r=t.blocksPerLine,n=t.blocksPerColumn,i=new Int16Array(64);for(let e=0;e<n;e++)for(let n=0;n<r;n++){quantizeAndInverse(t,getBlockBufferOffset(t,e,n),i)}return t.blockData}function findNextFileMarker(e,t,r=t){const n=e.length-1;let i=r<t?r:t;if(t>=n)return null;const o=readUint16(e,t);if(o>=65472&&o<=65534)return{invalid:null,marker:o,offset:t};let s=readUint16(e,i);for(;!(s>=65472&&s<=65534);){if(++i>=n)return null;s=readUint16(e,i)}return{invalid:o.toString(16),marker:s,offset:i}}function prepareComponents(e){const t=Math.ceil(e.samplesPerLine/8/e.maxH),r=Math.ceil(e.scanLines/8/e.maxV);for(const n of e.components){const i=Math.ceil(Math.ceil(e.samplesPerLine/8)*n.h/e.maxH),o=Math.ceil(Math.ceil(e.scanLines/8)*n.v/e.maxV),s=t*n.h,a=64*(r*n.v)*(s+1);n.blockData=new Int16Array(a);n.blocksPerLine=i;n.blocksPerColumn=o}e.mcusPerLine=t;e.mcusPerColumn=r}function readDataBlock(e,t){const r=readUint16(e,t);let n=(t+=2)+r-2;const i=findNextFileMarker(e,n,t);if(i?.invalid){util_warn("readDataBlock - incorrect length, current marker is: "+i.invalid);n=i.offset}const o=e.subarray(t,n);return{appData:o,oldOffset:t,newOffset:t+o.length}}function skipData(e,t){const r=readUint16(e,t),n=(t+=2)+r-2,i=findNextFileMarker(e,n,t);return i?.invalid?i.offset:n}class JpegImage{constructor({decodeTransform:e=null,colorTransform:t=-1}={}){this._decodeTransform=e;this._colorTransform=t}static canUseImageDecoder(e,t=-1){let r=null,n=0,i=null,o=readUint16(e,n);n+=2;if(65496!==o)throw new JpegError("SOI not found");o=readUint16(e,n);n+=2;e:for(;65497!==o;){switch(o){case 65505:const{appData:t,oldOffset:s,newOffset:a}=readDataBlock(e,n);n=a;if(69===t[0]&&120===t[1]&&105===t[2]&&102===t[3]&&0===t[4]&&0===t[5]){if(r)throw new JpegError("Duplicate EXIF-blocks found.");r={exifStart:s+6,exifEnd:a}}o=readUint16(e,n);n+=2;continue;case 65472:case 65473:case 65474:i=e[n+7];break e;case 65535:255!==e[n]&&n--}n=skipData(e,n);o=readUint16(e,n);n+=2}return 4===i||3===i&&0===t?null:r||{}}parse(e,{dnlScanLines:t=null}={}){let r,n,i=0,o=null,s=null,a=0;const c=[],f=[],u=[];let l=readUint16(e,i);i+=2;if(65496!==l)throw new JpegError("SOI not found");l=readUint16(e,i);i+=2;e:for(;65497!==l;){let h,d,p;switch(l){case 65504:case 65505:case 65506:case 65507:case 65508:case 65509:case 65510:case 65511:case 65512:case 65513:case 65514:case 65515:case 65516:case 65517:case 65518:case 65519:case 65534:const{appData:m,newOffset:g}=readDataBlock(e,i);i=g;65504===l&&74===m[0]&&70===m[1]&&73===m[2]&&70===m[3]&&0===m[4]&&(o={version:{major:m[5],minor:m[6]},densityUnits:m[7],xDensity:m[8]<<8|m[9],yDensity:m[10]<<8|m[11],thumbWidth:m[12],thumbHeight:m[13],thumbData:m.subarray(14,14+3*m[12]*m[13])});65518===l&&65===m[0]&&100===m[1]&&111===m[2]&&98===m[3]&&101===m[4]&&(s={version:m[5]<<8|m[6],flags0:m[7]<<8|m[8],flags1:m[9]<<8|m[10],transformCode:m[11]});break;case 65499:const y=readUint16(e,i);i+=2;const b=y+i-2;let w;for(;i<b;){const t=e[i++],r=new Uint16Array(64);if(t>>4){if(t>>4!=1)throw new JpegError("DQT - invalid table spec");for(d=0;d<64;d++){w=k[d];r[w]=readUint16(e,i);i+=2}}else for(d=0;d<64;d++){w=k[d];r[w]=e[i++]}c[15&t]=r}break;case 65472:case 65473:case 65474:if(r)throw new JpegError("Only single frame JPEGs supported");i+=2;r={};r.extended=65473===l;r.progressive=65474===l;r.precision=e[i++];const v=readUint16(e,i);i+=2;r.scanLines=t||v;r.samplesPerLine=readUint16(e,i);i+=2;r.components=[];r.componentIds={};const _=e[i++];let x=0,C=0;for(h=0;h<_;h++){const t=e[i],n=e[i+1]>>4,o=15&e[i+1];x<n&&(x=n);C<o&&(C=o);const s=e[i+2];p=r.components.push({h:n,v:o,quantizationId:s,quantizationTable:null});r.componentIds[t]=p-1;i+=3}r.maxH=x;r.maxV=C;prepareComponents(r);break;case 65476:const S=readUint16(e,i);i+=2;for(h=2;h<S;){const t=e[i++],r=new Uint8Array(16);let n=0;for(d=0;d<16;d++,i++)n+=r[d]=e[i];const o=new Uint8Array(n);for(d=0;d<n;d++,i++)o[d]=e[i];h+=17+n;(t>>4?f:u)[15&t]=buildHuffmanTable(r,o)}break;case 65501:i+=2;n=readUint16(e,i);i+=2;break;case 65498:const R=1===++a&&!t;i+=2;const A=e[i++],B=[];for(h=0;h<A;h++){const t=e[i++],n=r.componentIds[t],o=r.components[n];o.index=t;const s=e[i++];o.huffmanTableDC=u[s>>4];o.huffmanTableAC=f[15&s];B.push(o)}const I=e[i++],E=e[i++],T=e[i++];try{i+=decodeScan(e,i,r,B,n,I,E,T>>4,15&T,R)}catch(t){if(t instanceof DNLMarkerError){util_warn(`${t.message} -- attempting to re-parse the JPEG image.`);return this.parse(e,{dnlScanLines:t.scanLines})}if(t instanceof EOIMarkerError){util_warn(`${t.message} -- ignoring the rest of the image data.`);break e}throw t}break;case 65500:i+=4;break;case 65535:255!==e[i]&&i--;break;default:const D=findNextFileMarker(e,i-2,i-3);if(D?.invalid){util_warn("JpegImage.parse - unexpected data, current marker is: "+D.invalid);i=D.offset;break}if(!D||i>=e.length-1){util_warn("JpegImage.parse - reached the end of the image data without finding an EOI marker (0xFFD9).");break e}throw new JpegError("JpegImage.parse - unknown marker: "+l.toString(16))}l=readUint16(e,i);i+=2}if(!r)throw new JpegError("JpegImage.parse - no frame data found.");this.width=r.samplesPerLine;this.height=r.scanLines;this.jfif=o;this.adobe=s;this.components=[];for(const e of r.components){const t=c[e.quantizationId];t&&(e.quantizationTable=t);this.components.push({index:e.index,output:buildComponentData(0,e),scaleX:e.h/r.maxH,scaleY:e.v/r.maxV,blocksPerLine:e.blocksPerLine,blocksPerColumn:e.blocksPerColumn})}this.numComponents=this.components.length}_getLinearizedBlockData(e,t,r=!1){const n=this.width/e,i=this.height/t;let o,s,a,c,f,u,l,h,d,p,m,g=0;const y=this.components.length,b=e*t*y,w=new Uint8ClampedArray(b),v=new Uint32Array(e),_=4294967288;let x;for(l=0;l<y;l++){o=this.components[l];s=o.scaleX*n;a=o.scaleY*i;g=l;m=o.output;c=o.blocksPerLine+1<<3;if(s!==x){for(f=0;f<e;f++){h=0|f*s;v[f]=(h&_)<<3|7&h}x=s}for(u=0;u<t;u++){h=0|u*a;p=c*(h&_)|(7&h)<<3;for(f=0;f<e;f++){w[g]=m[p+v[f]];g+=y}}}let C=this._decodeTransform;r||4!==y||C||(C=new Int32Array([-256,255,-256,255,-256,255,-256,255]));if(C)for(l=0;l<b;)for(h=0,d=0;h<y;h++,l++,d+=2)w[l]=(w[l]*C[d]>>8)+C[d+1];return w}get _isColorConversionNeeded(){return this.adobe?!!this.adobe.transformCode:3===this.numComponents?0!==this._colorTransform&&(82!==this.components[0].index||71!==this.components[1].index||66!==this.components[2].index):1===this._colorTransform}_convertYccToRgb(e){let t,r,n;for(let i=0,o=e.length;i<o;i+=3){t=e[i];r=e[i+1];n=e[i+2];e[i]=t-179.456+1.402*n;e[i+1]=t+135.459-.344*r-.714*n;e[i+2]=t-226.816+1.772*r}return e}_convertYccToRgba(e,t){for(let r=0,n=0,i=e.length;r<i;r+=3,n+=4){const i=e[r],o=e[r+1],s=e[r+2];t[n]=i-179.456+1.402*s;t[n+1]=i+135.459-.344*o-.714*s;t[n+2]=i-226.816+1.772*o;t[n+3]=255}return t}_convertYcckToRgb(e){this._convertYcckToCmyk(e);return this._convertCmykToRgb(e)}_convertYcckToRgba(e){this._convertYcckToCmyk(e);return this._convertCmykToRgba(e)}_convertYcckToCmyk(e){let t,r,n;for(let i=0,o=e.length;i<o;i+=4){t=e[i];r=e[i+1];n=e[i+2];e[i]=434.456-t-1.402*n;e[i+1]=119.541-t+.344*r+.714*n;e[i+2]=481.816-t-1.772*r}return e}_convertCmykToRgb(e){const t=e.length/4;ColorSpaceUtils.cmyk.getRgbBuffer(e,0,t,e,0,8,0);return e.subarray(0,3*t)}_convertCmykToRgba(e){ColorSpaceUtils.cmyk.getRgbBuffer(e,0,e.length/4,e,0,8,1);if(ColorSpaceUtils.cmyk instanceof DeviceCmykCS)for(let t=3,r=e.length;t<r;t+=4)e[t]=255;return e}getData({width:e,height:t,forceRGBA:r=!1,forceRGB:n=!1,isSourcePDF:i=!1}){if(this.numComponents>4)throw new JpegError("Unsupported color mode");const o=this._getLinearizedBlockData(e,t,i);if(1===this.numComponents&&(r||n)){const e=o.length*(r?4:3),t=new Uint8ClampedArray(e);let n=0;if(r)!function grayToRGBA(e,t){if(util_FeatureTest.isLittleEndian)for(let r=0,n=e.length;r<n;r++)t[r]=65793*e[r]|4278190080;else for(let r=0,n=e.length;r<n;r++)t[r]=16843008*e[r]|255}(o,new Uint32Array(t.buffer));else for(const e of o){t[n++]=e;t[n++]=e;t[n++]=e}return t}if(3===this.numComponents&&this._isColorConversionNeeded){if(r){const e=new Uint8ClampedArray(o.length/3*4);return this._convertYccToRgba(o,e)}return this._convertYccToRgb(o)}if(4===this.numComponents){if(this._isColorConversionNeeded)return r?this._convertYcckToRgba(o):n?this._convertYcckToRgb(o):this._convertYcckToCmyk(o);if(r)return this._convertCmykToRgba(o);if(n)return this._convertCmykToRgb(o)}return o}}__webpack_require__(4628);const G=async function OpenJPEG(e={}){var t=e,r="./this.program",quit_=(e,t)=>{throw t},n=import.meta.url;try{new URL(".",n).href}catch{}0;var i,o,s,a,c,f,u,l,h=console.log.bind(console),d=console.error.bind(console),p=!1,m=!1;function updateMemoryViews(){var e=a.buffer;c=new Int8Array(e);new Int16Array(e);f=new Uint8Array(e);new Uint16Array(e);u=new Int32Array(e);l=new Uint32Array(e);new Float32Array(e);new Float64Array(e);new BigInt64Array(e);new BigUint64Array(e)}class ExitStatus{name="ExitStatus";constructor(e){this.message=`Program terminated with exit(${e})`;this.status=e}}var g,callRuntimeCallbacks=e=>{for(;e.length>0;)e.shift()(t)},y=[],addOnPostRun=e=>y.push(e),b=[],addOnPreRun=e=>b.push(e),w=!0,v=0,_={},handleException=e=>{if(e instanceof ExitStatus||"unwind"==e)return i;quit_(0,e)},keepRuntimeAlive=()=>w||v>0,_proc_exit=e=>{i=e;if(!keepRuntimeAlive()){t.onExit?.(e);p=!0}quit_(0,new ExitStatus(e))},_exit=(e,t)=>{i=e;_proc_exit(e)},callUserCallback=e=>{if(!p)try{e();(()=>{if(!keepRuntimeAlive())try{_exit(i)}catch(e){handleException(e)}})()}catch(e){handleException(e)}},alignMemory=(e,t)=>Math.ceil(e/t)*t,growMemory=e=>{var t=(e-a.buffer.byteLength+65535)/65536|0;try{a.grow(t);updateMemoryViews();return 1}catch(e){}},x={},getEnvStrings=()=>{if(!getEnvStrings.strings){var e={USER:"web_user",LOGNAME:"web_user",PATH:"/",PWD:"/",HOME:"/home/web_user",LANG:("object"==typeof navigator&&navigator.language||"C").replace("-","_")+".UTF-8",_:r||"./this.program"};for(var t in x)void 0===x[t]?delete e[t]:e[t]=x[t];var n=[];for(var t in e)n.push(`${t}=${e[t]}`);getEnvStrings.strings=n}return getEnvStrings.strings},stringToUTF8=(e,t,r)=>((e,t,r,n)=>{if(!(n>0))return 0;for(var i=r,o=r+n-1,s=0;s<e.length;++s){var a=e.codePointAt(s);if(a<=127){if(r>=o)break;t[r++]=a}else if(a<=2047){if(r+1>=o)break;t[r++]=192|a>>6;t[r++]=128|63&a}else if(a<=65535){if(r+2>=o)break;t[r++]=224|a>>12;t[r++]=128|a>>6&63;t[r++]=128|63&a}else{if(r+3>=o)break;t[r++]=240|a>>18;t[r++]=128|a>>12&63;t[r++]=128|a>>6&63;t[r++]=128|63&a;s++}}t[r]=0;return r-i})(e,f,t,r),lengthBytesUTF8=e=>{for(var t=0,r=0;r<e.length;++r){var n=e.charCodeAt(r);if(n<=127)t++;else if(n<=2047)t+=2;else if(n>=55296&&n<=57343){t+=4;++r}else t+=3}return t},C=[null,[],[]],S="undefined"!=typeof TextDecoder?new TextDecoder:void 0,UTF8ArrayToString=(e,t=0,r,n)=>{var i=((e,t,r,n)=>{var i=t+r;if(n)return i;for(;e[t]&&!(t>=i);)++t;return t})(e,t,r,n);if(i-t>16&&e.buffer&&S)return S.decode(e.subarray(t,i));for(var o="";t<i;){var s=e[t++];if(128&s){var a=63&e[t++];if(192!=(224&s)){var c=63&e[t++];if((s=224==(240&s)?(15&s)<<12|a<<6|c:(7&s)<<18|a<<12|c<<6|63&e[t++])<65536)o+=String.fromCharCode(s);else{var f=s-65536;o+=String.fromCharCode(55296|f>>10,56320|1023&f)}}else o+=String.fromCharCode((31&s)<<6|a)}else o+=String.fromCharCode(s)}return o},printChar=(e,t)=>{var r=C[e];if(0===t||10===t){(1===e?h:d)(UTF8ArrayToString(r));r.length=0}else r.push(t)},UTF8ToString=(e,t,r)=>e?UTF8ArrayToString(f,e,t,r):"";t.noExitRuntime&&(w=t.noExitRuntime);t.print&&(h=t.print);t.printErr&&(d=t.printErr);t.wasmBinary&&t.wasmBinary;t.arguments&&t.arguments;t.thisProgram&&(r=t.thisProgram);if(t.preInit){"function"==typeof t.preInit&&(t.preInit=[t.preInit]);for(;t.preInit.length>0;)t.preInit.shift()()}t.writeArrayToMemory=(e,t)=>{c.set(e,t)};var R,A={k:()=>function abort(e){t.onAbort?.(e);d(e="Aborted("+e+")");p=!0;e+=". Build with -sASSERTIONS for more info.";var r=new WebAssembly.RuntimeError(e);s?.(r);throw r}(""),j:()=>{w=!1;v=0},l:(e,t)=>{if(_[e]){clearTimeout(_[e].id);delete _[e]}if(!t)return 0;var r=setTimeout(()=>{delete _[e];callUserCallback(()=>g(e,performance.now()))},t);_[e]={id:r,timeout_ms:t};return 0},f:function _copy_pixels_1(e,r){e>>=2;const n=t.imageData=new Uint8ClampedArray(r),i=u.subarray(e,e+r);n.set(i)},e:function _copy_pixels_3(e,r,n,i){e>>=2;r>>=2;n>>=2;const o=t.imageData=new Uint8ClampedArray(3*i),s=u.subarray(e,e+i),a=u.subarray(r,r+i),c=u.subarray(n,n+i);for(let e=0;e<i;e++){o[3*e]=s[e];o[3*e+1]=a[e];o[3*e+2]=c[e]}},d:function _copy_pixels_4(e,r,n,i,o){e>>=2;r>>=2;n>>=2;i>>=2;const s=t.imageData=new Uint8ClampedArray(4*o),a=u.subarray(e,e+o),c=u.subarray(r,r+o),f=u.subarray(n,n+o),l=u.subarray(i,i+o);for(let e=0;e<o;e++){s[4*e]=a[e];s[4*e+1]=c[e];s[4*e+2]=f[e];s[4*e+3]=l[e]}},m:e=>{var t=f.length,r=2147483648;if((e>>>=0)>r)return!1;for(var n=1;n<=4;n*=2){var i=t*(1+.2/n);i=Math.min(i,e+100663296);var o=Math.min(r,alignMemory(Math.max(e,i),65536));if(growMemory(o))return!0}return!1},o:(e,t)=>{var r=0,n=0;for(var i of getEnvStrings()){var o=t+r;l[e+n>>2]=o;r+=stringToUTF8(i,o,1/0)+1;n+=4}return 0},p:(e,t)=>{var r=getEnvStrings();l[e>>2]=r.length;var n=0;for(var i of r)n+=lengthBytesUTF8(i)+1;l[t>>2]=n;return 0},n:function _fd_seek(e,t,r,n){t=(i=t)<-9007199254740992||i>9007199254740992?NaN:Number(i);var i;return 70},b:(e,t,r,n)=>{for(var i=0,o=0;o<r;o++){var s=l[t>>2],a=l[t+4>>2];t+=8;for(var c=0;c<a;c++)printChar(e,f[s+c]);i+=a}l[n>>2]=i;return 0},q:function _gray_to_rgba(e,r){e>>=2;const n=t.imageData=new Uint8ClampedArray(4*r),i=u.subarray(e,e+r);for(let e=0;e<r;e++){n[4*e]=n[4*e+1]=n[4*e+2]=i[e];n[4*e+3]=255}},h:function _graya_to_rgba(e,r,n){e>>=2;r>>=2;const i=t.imageData=new Uint8ClampedArray(4*n),o=u.subarray(e,e+n),s=u.subarray(r,r+n);for(let e=0;e<n;e++){i[4*e]=i[4*e+1]=i[4*e+2]=o[e];i[4*e+3]=s[e]}},c:function _jsPrintWarning(e){const r=UTF8ToString(e);(t.warn||console.warn)(`OpenJPEG: ${r}`)},i:_proc_exit,g:function _rgb_to_rgba(e,r,n,i){e>>=2;r>>=2;n>>=2;const o=t.imageData=new Uint8ClampedArray(4*i),s=u.subarray(e,e+i),a=u.subarray(r,r+i),c=u.subarray(n,n+i);for(let e=0;e<i;e++){o[4*e]=s[e];o[4*e+1]=a[e];o[4*e+2]=c[e];o[4*e+3]=255}},a:function _storeErrorMessage(e){const r=UTF8ToString(e);t.errorMessages?t.errorMessages+="\n"+r:t.errorMessages=r}};R=await async function createWasm(){function receiveInstance(e,r){R=e.exports;a=R.r;updateMemoryViews();!function assignWasmExports(e){t._malloc=e.t;t._free=e.u;t._jp2_decode=e.v;g=e.w}(R);return R}var e=function getWasmImports(){return{a:A}}();return new Promise((r,n)=>{t.instantiateWasm(e,(e,t)=>{r(receiveInstance(e))})})}();!function run(){!function preRun(){if(t.preRun){"function"==typeof t.preRun&&(t.preRun=[t.preRun]);for(;t.preRun.length;)addOnPreRun(t.preRun.shift())}callRuntimeCallbacks(b)}();function doRun(){t.calledRun=!0;if(!p){!function initRuntime(){m=!0;R.s()}();o?.(t);t.onRuntimeInitialized?.();!function postRun(){if(t.postRun){"function"==typeof t.postRun&&(t.postRun=[t.postRun]);for(;t.postRun.length;)addOnPostRun(t.postRun.shift())}callRuntimeCallbacks(y)}()}}if(t.setStatus){t.setStatus("Running...");setTimeout(()=>{setTimeout(()=>t.setStatus(""),1);doRun()},1)}else doRun()}();return m?t:new Promise((e,t)=>{o=e;s=t})};class Stream extends base_stream_BaseStream{constructor(e,t,r,n){super();this.bytes=e instanceof Uint8Array?e:new Uint8Array(e);this.start=t||0;this.pos=this.start;this.end=t+r||this.bytes.length;this.dict=n}get length(){return this.end-this.start}get isEmpty(){return 0===this.length}getByte(){return this.pos>=this.end?-1:this.bytes[this.pos++]}getBytes(e){const t=this.bytes,r=this.pos,n=this.end;if(!e)return t.subarray(r,n);let i=r+e;i>n&&(i=n);this.pos=i;return t.subarray(r,i)}getByteRange(e,t){e<0&&(e=0);t>this.end&&(t=this.end);return this.bytes.subarray(e,t)}reset(){this.pos=this.start}moveStart(){this.start=this.pos}makeSubStream(e,t,r=null){return new Stream(this.bytes.buffer,e,t,r)}}class JpxError extends i{constructor(e){super(e,"JpxError")}}class JpxImage{static#T=null;static#D=null;static#P=null;static#R=!0;static#M=!0;static#A=null;static setOptions({handler:e,useWasm:t,useWorkerFetch:r,wasmUrl:n}){this.#R=t;this.#M=r;this.#A=n;r||(this.#D=e)}static async#O(e){const t=`${this.#A}openjpeg_nowasm_fallback.js`;let r=null;try{r=(await import(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f484b18c371a6d47 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/legacy/image_decoders/pdf.image_decoders.mjs:3701
    || new URL('https://a@b').username !== 'a'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #3e29c153e0db3745 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/legacy/image_decoders/pdf.image_decoders.mjs:3704
    || new URL('https://тест').host !== 'xn--e1aybc'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #81ad3a3eaa717db4 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/legacy/image_decoders/pdf.image_decoders.mjs:3706
    || new URL('https://a#б').hash !== '#%D0%B1'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #8ac7303dcfedf8ea Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/legacy/web/pdf_viewer.mjs:3132
    || new URL('https://a@b').username !== 'a'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a94dcd875161c968 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/legacy/web/pdf_viewer.mjs:3135
    || new URL('https://тест').host !== 'xn--e1aybc'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #319c3c1926c7e785 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/legacy/web/pdf_viewer.mjs:3137
    || new URL('https://a#б').hash !== '#%D0%B1'

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

puppeteer-core

npm dependency
expand_more 43 low-confidence finding(s)
low env_fs dependency Excluded from app score #b12aec4df28e0742 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:3407
          await fileHandle.writeFile(value);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #80657a757d437f94 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:9481
          content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9cb29201ec9b7898 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:9536
          content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5b6f4cbc10d30fd7 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:11665
        await environment.value.fs.promises.writeFile(path, typedArray);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #11217f5125c80530 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23671
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0cd202270c054d4c Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23677
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #dae5a008c74def53 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23687
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #f0d9522726b36d26 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23693
    let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #a8db26a8c12134c2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23735
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #53a1126bee5f675c Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23741
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #213891f8321721a8 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23748
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d90e11e4c7817942 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23765
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #4eac0f2d747a5ba7 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23775
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #d9ad885fe398d3cb Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:23781
    let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #5c04bba69862da64 Filesystem access.
pkgs/npm/[email protected]/lib/es5-iife/puppeteer-core-browser.js:27077
        const fileContent = await environment.value.fs.promises.readFile(portPath, 'ascii');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #29c4024f5b928e9e Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/api/Frame.js:659
                content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1e1103e3b226817e Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/api/Frame.js:698
                content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #854672abafbee9fb Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/api/Page.js:835
            await environment.value.fs.promises.writeFile(path, typedArray);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #44192cd552d17e9d Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/bidi/Connection.js:57
        if (process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #787f0379e3201734 Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/common/BrowserConnector.js:97
            const fileContent = await environment.value.fs.promises.readFile(portPath, 'ascii');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #713405584dcceebd Filesystem access.
pkgs/npm/[email protected]/lib/puppeteer/common/util.js:163
                await fileHandle.writeFile(value);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #261784d53c279e0a Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/node/BrowserLauncher.js:241
        const bidiOnly = process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #62be5492e3f01233 Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/node/ChromeLauncher.js:121
        const turnOnExperimentalFeaturesForTesting = process.env['PUPPETEER_TEST_EXPERIMENTAL_CHROME_FEATURES'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2592d1c781ff5b6e Environment-variable access.
pkgs/npm/[email protected]/lib/puppeteer/node/ChromeLauncher.js:191
        if (process.env['PUPPETEER_DANGEROUS_NO_SANDBOX'] === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress dependency Excluded from app score #795453e2896990f3 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:294
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #0019f2cb7f69b449 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:300
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #6f7be30b88fe9645 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:310
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #bd85dd9520dff0dd Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:316
  let r = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #83eeb89f46ba922e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:358
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #39332744b61eaa16 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:364
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #90ca15c7770e9b32 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:371
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #c7d7c01c8a4b0a2e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:388
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #257c9a4624df4928 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:398
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #5cd806dc9ab58c48 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]/lib/third_party/urlpattern-polyfill/urlpattern-polyfill.js:404
  let t = new URL("https://example.com");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs dependency Excluded from app score #16fb5fea53ccaa28 Filesystem access.
pkgs/npm/[email protected]/src/api/Frame.ts:934
      content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8dc1d6d9c534a15 Filesystem access.
pkgs/npm/[email protected]/src/api/Frame.ts:1014
      content = await environment.value.fs.promises.readFile(path, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d7b4cf820700b03 Filesystem access.
pkgs/npm/[email protected]/src/api/Page.ts:2462
    await environment.value.fs.promises.writeFile(path, typedArray);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3db6f44e334519e Environment-variable access.
pkgs/npm/[email protected]/src/bidi/Connection.ts:110
    if (process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bec926fe118bd332 Filesystem access.
pkgs/npm/[email protected]/src/common/BrowserConnector.ts:143
      const fileContent = await environment.value.fs.promises.readFile(
        portPath,
        'ascii',
      );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff6cb9d609c597a1 Filesystem access.
pkgs/npm/[email protected]/src/common/util.ts:220
        await fileHandle.writeFile(value);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26878cac6ce5a1a4 Environment-variable access.
pkgs/npm/[email protected]/src/node/BrowserLauncher.ts:440
    const bidiOnly = process.env['PUPPETEER_WEBDRIVER_BIDI_ONLY'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b2148e69c6e5bda1 Environment-variable access.
pkgs/npm/[email protected]/src/node/ChromeLauncher.ts:180
      process.env['PUPPETEER_TEST_EXPERIMENTAL_CHROME_FEATURES'] === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d75427bb3701efe Environment-variable access.
pkgs/npm/[email protected]/src/node/ChromeLauncher.ts:262
      process.env['PUPPETEER_DANGEROUS_NO_SANDBOX'] === 'true' &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

shx

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #d9eab46050873c7f Filesystem access.
pkgs/npm/[email protected]/lib/shx.js:12
var _fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 10 low-confidence finding(s)
low env_fs dependency Excluded from app score #a50f65c090ba24bb Filesystem access.
pkgs/npm/[email protected]/lib/_tsserver.js:51
var import_fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b63eccc5248b5ab1 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:309
    const envLogOptions = parseLoggingEnvironmentString(process.env.TSS_LOG);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8ed431db81f1af8f Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:535
  const traceDir = commandLineTraceDir ? (0, typescript_exports.stripQuotes)(commandLineTraceDir) : process.env.TSS_TRACE;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f1e066b94bff179 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:548
        const basePath = process.env.LOCALAPPDATA || process.env.APPDATA || import_os.default.homedir && import_os.default.homedir() || process.env.USERPROFILE || process.env.HOMEDRIVE && process.env.HOMEPATH && (0, typescript_exports.normalizeSlashes)(process.env.HOMEDRIVE + process.env.HOMEPATH) || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea245e3b69ad4775 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:565
    if (process.env.XDG_CACHE_HOME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3b0cc3fd41fc7c49 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:566
      return process.env.XDG_CACHE_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e2173eb256877560 Environment-variable access.
pkgs/npm/[email protected]/lib/_tsserver.js:569
    const homePath = import_os.default.homedir && import_os.default.homedir() || process.env.HOME || (process.env.LOGNAME || process.env.USER) && `/${usersDir}/${process.env.LOGNAME || process.env.USER}` || import_os.default.tmpdir();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1ca414747c2371e5 Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:44
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2d91d7af049ef29b Filesystem access.
pkgs/npm/[email protected]/lib/_typingsInstaller.js:88
    const content = JSON.parse(host.readFile(typesRegistryFilePath));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #384caaf802058b27 Filesystem access.
pkgs/npm/[email protected]/lib/watchGuard.js:42
var fs = __toESM(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

undici

npm dependency
expand_more 12 low-confidence finding(s)
low env_fs dependency Excluded from app score #0304ee4ba36afdb6 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/client-h1.js:67
  const llhttpWasmData = process.env.JEST_WORKER_ID ? require('../llhttp/llhttp-wasm.js') : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #71fb726b060c4627 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/client-h1.js:74
  if (process.env.UNDICI_NO_WASM_SIMD === '1') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7a8c250976c9a547 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/client-h1.js:76
  } else if (process.env.UNDICI_NO_WASM_SIMD === '0') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #87de2f503043ad62 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:26
    const HTTP_PROXY = httpProxy ?? process.env.http_proxy ?? process.env.HTTP_PROXY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a893053a65a64775 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:33
    const HTTPS_PROXY = httpsProxy ?? process.env.https_proxy ?? process.env.HTTPS_PROXY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #97089407075d61a2 Environment-variable access.
pkgs/npm/[email protected]/lib/dispatcher/env-http-proxy-agent.js:142
    return process.env.no_proxy ?? process.env.NO_PROXY ?? ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #42eb40d2638647e1 Environment-variable access.
pkgs/npm/[email protected]/lib/mock/pending-interceptors-formatter.js:23
        colors: !disableColors && !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4bdff4a3f50054d Filesystem access.
pkgs/npm/[email protected]/lib/mock/snapshot-recorder.js:424
      const data = await readFile(resolve(path), 'utf8')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ee23cfffea039e4 Filesystem access.
pkgs/npm/[email protected]/lib/mock/snapshot-recorder.js:470
    await writeFile(resolvedPath, JSON.stringify(data, null, 2), { flush: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #662f2e105ab24f38 Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:7
  ? transcode(readFileSync('./undici-fetch.js'), 'utf8', 'latin1')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c318985db09af0ea Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:8
  : readFileSync('./undici-fetch.js')

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8788617bff9b46ee Filesystem access.
pkgs/npm/[email protected]/scripts/strip-comments.js:10
writeFileSync('./undici-fetch.js', buffer.toString('latin1'))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

vite

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #12a90292e8d425c6 Environment-variable access.
pkgs/npm/[email protected]/bin/vite.js:6
  if (!process.env.DEBUG_DISABLE_SOURCE_MAP) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #90f288bcdf06eb5b Environment-variable access.
pkgs/npm/[email protected]/bin/vite.js:36
  process.env.DEBUG = `${

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #faad181dccab79ed Environment-variable access.
pkgs/npm/[email protected]/bin/vite.js:37
    process.env.DEBUG ? process.env.DEBUG + ',' : ''

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ac8938edb325561a Environment-variable access.
pkgs/npm/[email protected]/bin/vite.js:43
      process.env.VITE_DEBUG_FILTER = filter

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ws

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #3f57cf35f65e13ea Environment-variable access.
pkgs/npm/[email protected]/lib/buffer-util.js:115
if (!process.env.WS_NO_BUFFER_UTIL) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2fd9bfe5d935a2bd Environment-variable access.
pkgs/npm/[email protected]/lib/validation.js:142
} /* istanbul ignore else  */ else if (!process.env.WS_NO_UTF_8_VALIDATE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

zod-to-json-schema

npm dependency
expand_more 6 low-confidence finding(s)
low env_fs dependency Excluded from app score #412027570f2b4b07 Filesystem access.
pkgs/npm/[email protected]/createIndex.ts:1
import { readdirSync, writeFileSync, statSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a2a3f35624d7e1d Filesystem access.
pkgs/npm/[email protected]/createIndex.ts:32
writeFileSync("./src/index.ts", lines.join(";\n"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3a0f4f8344c8a347 Filesystem access.
pkgs/npm/[email protected]/postcjs.ts:1
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8d12ae204f580b79 Filesystem access.
pkgs/npm/[email protected]/postcjs.ts:3
writeFileSync("./dist/cjs/package.json", '{"type":"commonjs"}', "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5489db683aba1904 Filesystem access.
pkgs/npm/[email protected]/postesm.ts:1
import { writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a4f2c2038e877868 Filesystem access.
pkgs/npm/[email protected]/postesm.ts:3
writeFileSync("./dist/esm/package.json", '{"type":"module","main":"index.js"}', "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @juliusbrussee/caveman-agent prod — dist-only: no readable source
  • @juliusbrussee/caveman-ai prod — dist-only: no readable source
  • @juliusbrussee/caveman-tui prod — dist-only: no readable source
  • cli-highlight prod — dist-only: no readable source
  • glob prod — dist-only: no readable source
  • minimatch prod — dist-only: no readable source
  • @lmstudio/sdk prod — dist-only: no readable source
  • docx-preview prod — dist-only: no readable source
  • lucide prod — dist-only: no readable source
  • @google/genai prod — dist-only: no readable source
  • partial-json prod — dist-only: no readable source
  • proxy-agent prod — dist-only: no readable source
  • @slack/socket-mode prod — dist-only: no readable source
  • croner prod — dist-only: no readable source
  • @slack/web-api prod — dist-only: no readable source
  • @tailwindcss/vite prod — dist-only: no readable source
  • @juliusbrussee/caveman-web-ui prod — dist-only: no readable source

Development

  • @biomejs/biome dev — no javascript source
  • concurrently dev — dist-only: no readable source
  • tsx dev — dist-only: no readable source
  • @types/diff dev — no javascript source
  • @mariozechner/mini-lit dev — dist-only: no readable source
  • @tailwindcss/cli dev — dist-only: no readable source