Close Open Privacy Scan

bolt Snapshot: commit 3a1c6df
science engine v1.14
schedule 2026-07-17T03:16:20.734705+00:00

verified_user Application data leak confirmed

High-confidence data exfiltration identified in application code.

smart_toy MCP server detected: @ai-sdk/anthropic, @ai-sdk/openai, @modelcontextprotocol/sdk, ai — detected in dependencies, not a safety judgment.
Incomplete scan — only 76/195 dependencies were analyzed. Treat the score as provisional.

App Privacy Score

0 /100
High privacy risk — application leak confirmed

High risk · 1132 finding(s)

Dependency score: 22 (High risk)

bar_chart Score Breakdown

pii_flow −60
telemetry −25
egress −15
env_fs −3

list Scan Summary

12 high 56 medium 1064 low
First-party packages: 24
Dependency packages: 32
Ecosystem: npm

swap_horiz Confirmed data exfiltration in application code

External domains: 169.254.170.2accounts.google.comaccounts.spotify.comaccounts.x.aiai-gateway.vercel.shai-sdk.devaiplatform.googleapis.comanoma.lyapi.anthropic.comapi.cerebras.aiapi.cloudflare.comapi.cohere.comapi.deepinfra.comapi.deepseek.comapi.digitalocean.comapi.emailoctopus.comapi.fireworks.aiapi.github.comapi.githubcopilot.comapi.groq.comapi.honeycomb.ioapi.kilo.aiapi.llmgateway.ioapi.login.yahoo.comapi.meuprovedor.comapi.minudbyder.dkapi.miproveedor.comapi.mistral.aiapi.mojdostawca.comapi.mojprovajder.comapi.monfournisseur.comapi.myprovider.comapi.openai.comapi.opencode.aiapi.perplexity.aiapi.releases.hashicorp.comapi.saglayicim.comapi.together.xyzapi.v0.devapi.venice.aiapi.x.aiapi.x.comapp.opencode.aiappleid.apple.comapplink.feishu.cnauth.openai.comauth.x.aibedrock-agent-runtime.us-west-2.amazonaws.combedrock-mantle.us-east-1.api.awsbedrock-runtime.us-east-1.amazonaws.combit.lychatgpt.comcloud.digitalocean.comcloud.gitlab.comcommunity.chocolatey.orgcompany.ghe.comconsole.opencode.aidashboard.stripe.comdashscope-intl.aliyuncs.comdev.opencode.aidevelopers.cloudflare.comdiscord.comdiscord.ggdocs.cloud.google.comdocs.github.comdocs.solidjs.comdownload-cdn.jetbrains.comemail.us-east-1.amazonaws.comenterprise.opencode.aifonts.googleapis.comformulae.brew.shgateway.ai.cloudflare.comgenerativelanguage.googleapis.comgithub.comgitlab.comgoogle.aip.devgraph.facebook.comgraph.microsoft.comid.twitch.tvinference.baseten.coinference.do-ai.runintegrate.api.nvidia.comjson-schema.orglogin.microsoftonline.commcp.exa.aimodels.devoauth.id.jumpcloud.comoauth2.googleapis.comopenauth.js.orgopencode.aiopencode.internalopencode.localopenrouter.aiopncd.aiorm.drizzle.teamplacehold.coraw.githubusercontent.comregistry.npmjs.orgs3-fips.dualstacks3-fips.dualstack.us-east-1s3-fips.us-east-1s3.amazonaws.coms3.dualstacks3.dualstack.us-east-1s3express-control-fips.dualstacks3express-control.dualstackschema.orgsearch.parallel.aislack.comsocial-cards.sst.devsolidjs.comsst.devstripe.comsupabase.comtoken.actions.githubusercontent.comtools.google.comtwitter.comus.i.posthog.comvercel.comvercel.linkvia.placeholder.comwww.allaboutcookies.orgwww.allaboutdnt.comwww.eclipse.orgwww.facebook.comwww.google.comwww.googleapis.comwww.sitemaps.orgwww.terminal.shopwww.typescriptlang.orgwww.w3.orgwww.youtube.comx.comzenmux.ai

high first-party (npm) A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:45
high first-party (npm) A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:52
high first-party (npm) A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:67
high first-party (npm): packages/core A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/core/src/session/compaction.ts:176 repo/packages/core/src/session/compaction.ts:197
high first-party (npm): packages/opencode A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/opencode/src/plugin/xai.ts:149 repo/packages/opencode/src/plugin/xai.ts:149
high first-party (npm): packages/opencode A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/opencode/src/plugin/xai.ts:168 repo/packages/opencode/src/plugin/xai.ts:168
high first-party (npm): packages/opencode A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/opencode/src/plugin/xai.ts:251 repo/packages/opencode/src/plugin/xai.ts:251
high first-party (npm): packages/stats/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:20 repo/packages/stats/app/src/routes/api/newsletter.ts:17
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:13 repo/packages/console/app/src/component/email-signup.tsx:10
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:63 repo/packages/console/app/src/lib/salesforce.ts:54
high first-party (npm): packages/console/app User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:42 repo/packages/console/app/src/routes/api/enterprise.ts:39
medium first-party (npm) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/.opencode/tool/github-pr-search.ts:7 repo/.opencode/tool/github-pr-search.ts:4
medium first-party (npm) A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/.opencode/tool/github-triage.ts:26 repo/.opencode/tool/github-triage.ts:23
medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:75
medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:82
medium first-party (npm) PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/script/github/close-issues.ts:7 repo/script/github/close-issues.ts:87
medium first-party (npm): packages/slack PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/slack/src/index.ts:12 repo/packages/slack/src/index.ts:12
medium first-party (npm): packages/slack PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/slack/src/index.ts:13 repo/packages/slack/src/index.ts:13
medium first-party (npm): packages/slack PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/slack/src/index.ts:14 repo/packages/slack/src/index.ts:14
medium first-party (npm): packages/opencode A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:483
medium first-party (npm): packages/opencode A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:791
medium first-party (npm): packages/opencode PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1169
medium first-party (npm): packages/opencode A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471 repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
medium first-party (npm): packages/opencode A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:92 repo/packages/opencode/src/session/llm/native-runtime.ts:90
medium first-party (npm): packages/console/app Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:57 repo/packages/console/app/src/lib/salesforce.ts:54
medium first-party (npm): packages/console/function A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/console/function/src/auth.ts:114 repo/packages/console/function/src/auth.ts:112
medium first-party (npm): packages/console/function A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/console/function/src/auth.ts:121 repo/packages/console/function/src/auth.ts:119
medium first-party (npm): packages/console/function A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/console/function/src/log-processor.ts:72 repo/packages/console/function/src/log-processor.ts:68
hub Dependency data flows (12)
high ai-gateway-provider tooling A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:145 pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:151
medium ai dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
medium ai-gateway-provider tooling A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:26 pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:23
medium ai-gateway-provider tooling A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:56 pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:54
medium ai-gateway-provider tooling PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:15 pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:34
medium ai-gateway-provider dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:244 pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:255
medium ai-gateway-provider dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:34 pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:31
medium ai-gateway-provider dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:74 pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:71
medium ai-gateway-provider dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:243 pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:240
medium @openauthjs/openauth dependency A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 pkgs/npm/@[email protected]/src/provider/oauth2.ts:193
medium @openrouter/ai-sdk-provider tooling PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:19 pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:95
medium @openrouter/ai-sdk-provider tooling A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:18 pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:16

</> First-Party Code

first-party (npm): packages/opencode

npm first-party
high pii_flow production #9d1b9670f909e9c5 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/opencode/src/plugin/xai.ts:149 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/plugin/xai.ts:149 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/plugin/xai.ts:149
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: REDIRECT_URI,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #ef49aa63b26a109a A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/opencode/src/plugin/xai.ts:168 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/plugin/xai.ts:168 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/plugin/xai.ts:168
  const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
    method: "POST",
    headers: authHeaders(),
    body: new URLSearchParams({
      grant_type: "refresh_token",
      refresh_token: refreshToken,
      client_id: CLIENT_ID,
    }).toString(),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #4208fd1af5ee6dd4 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/opencode/src/plugin/xai.ts:251 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/plugin/xai.ts:251 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/plugin/xai.ts:251
    const response = await fetch(options.tokenUrl ?? TOKEN_URL, {
      method: "POST",
      headers: authHeaders(),
      body: new URLSearchParams({
        grant_type: DEVICE_CODE_GRANT_TYPE,
        client_id: CLIENT_ID,
        device_code: device.device_code,
      }).toString(),
    })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #5af8220ab3754148 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/cli/cmd/debug/snapshot.ts:17
    const out = yield* Snapshot.Service.use((svc) => svc.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #e183a64b837d352a A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:483 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:483
      octoGraph = graphql.defaults({
        headers: { authorization: `token ${appToken}` },
      })

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #f0d434e9196a0a5d A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:791 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:791
        const res = await fetch(url, {
          headers: {
            Authorization: `Bearer ${appToken}`,
            Accept: "application/vnd.github.v3+json",
          },
        })

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #8f5366ddf5366141 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1169 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:1169
        console.log(`  permission: ${permission}`)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #f5bc6db129904705 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:471 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry production #cc18fe826f8d3c33 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:153
            return scope.track(typeof dispose === "function" ? (dispose as () => void) : undefined)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3a8b738b077fd51c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:173
        return scope.track(
          attention.soundboard.registerPack({
            ...pack,
            sounds: resolveHostAttentionSoundPaths(root, pack.sounds, { trim: true }),
          }),
        )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #62720eca836b9429 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:199
      return scope.track(mode.push(value))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9a4a58665b25d8a3 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:579
      return scope.track(api.route.register(list))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #607ffd0fec48b4b7 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:595
      return scope.track(api.event.on(type, handler))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #c9dcc178430cd02f Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/plugin/tui/runtime.ts:607
      scope.track(host.register({ ...plugin, id }))

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium pii_flow production #6fe1d9ddd7b49ed2 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/opencode/src/session/llm/native-runtime.ts:90 · flow /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/session/llm/native-runtime.ts:92 → /tmp/closeopen-tliy3dl5/repo/packages/opencode/src/session/llm/native-runtime.ts:90
  const request = LLMNative.request({
    model: input.model,
    apiKey: current.apiKey,
    baseURL: current.baseURL,
    messages: ProviderTransform.message(input.messages, input.model, input.providerOptions ?? {}),
    toolChoice: input.toolChoice,
    temperature: input.temperature,
    topP: input.topP,
    topK: input.topK,
    maxOutputTokens: input.maxOutputTokens,
    providerOptions: ProviderTransform.providerOptions(input.model, input.providerOptions ?? {}),
    headers: { ...providerHeaders(input.provider.options.headers), ...input.headers },
  })

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium telemetry production #7f89e4c32b0c8383 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:102
      const initialSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3e186ccae2a6ba90 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:425
            if (!ctx.snapshot) ctx.snapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #9deae21ea4d285bb Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/processor.ts:436
            const completedSnapshot = yield* snapshot.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #e41523b328bd94a6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/session/revert.ts:70
      rev.snapshot = session.revert?.snapshot ?? (yield* snap.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #f98e8e30da7642ee Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/opencode/src/snapshot/index.ts:780
        return yield* InstanceState.useEffect(state, (s) => s.track())

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 209 low-confidence finding(s)
low env_fs production #afe99cd86d34175d Filesystem access.
repo/packages/opencode/bin/opencode:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #945115f640208c85 Environment-variable access.
repo/packages/opencode/bin/opencode:46
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fbf455977d6e844 Filesystem access.
repo/packages/opencode/bin/opencode:81
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c7dc9213d2f8755d Filesystem access.
repo/packages/opencode/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acd0e34d8dfddb05 Environment-variable access.
repo/packages/opencode/script/build.ts:240
  await $`gh release upload v${Script.version} ./dist/*.zip ./dist/*.tar.gz --clobber --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d41908f898c850d3 Environment-variable access.
repo/packages/opencode/script/generate.ts:10
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f552d960bc40070 Environment-variable access.
repo/packages/opencode/script/generate.ts:11
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #76b50c26c0e86d32 Environment-variable access.
repo/packages/opencode/script/generate.ts:12
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #861a700da21509fd Filesystem access.
repo/packages/opencode/script/postinstall.mjs:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #267e5341dbcff91a Filesystem access.
repo/packages/opencode/script/postinstall.mjs:12
const packageJson = JSON.parse(fs.readFileSync(path.join(__dirname, "package.json"), "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84550f49b5f6c70c Filesystem access.
repo/packages/opencode/script/postinstall.mjs:36
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f6a444b772f72183 Environment-variable access.
repo/packages/opencode/script/publish.ts:199
  const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1c8172b39f9d1a73 Environment-variable access.
repo/packages/opencode/specs/v2/api.ts:28
  value: process.env.OPENAI_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e14165d48a3a584c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/account/account.ts:220
        HttpClientRequest.post(`${row.url}/auth/device/token`).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #73ffc7b20e253703 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/account/account.ts:390
        HttpClientRequest.post(`${normalizedServer}/auth/device/code`).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a2fd5c0f15722e14 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/account/account.ts:411
        HttpClientRequest.post(`${input.server}/auth/device/token`).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #525afb49b303ff59 Environment-variable access.
repo/packages/opencode/src/acp/profile.ts:1
const enabled = process.env.OPENCODE_ACP_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd90b2e0231faaab Environment-variable access.
repo/packages/opencode/src/auth/index.ts:59
      if (process.env.OPENCODE_AUTH_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12ac0a2af8981984 Environment-variable access.
repo/packages/opencode/src/auth/index.ts:61
          return JSON.parse(process.env.OPENCODE_AUTH_CONTENT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #611a3352bf5ff7b2 Environment-variable access.
repo/packages/opencode/src/cli/cmd/acp.ts:23
    process.env.OPENCODE_CLIENT = "acp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #802b268f745be739 Filesystem access.
repo/packages/opencode/src/cli/cmd/agent.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f84af2daa0db496e Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:56
    const termProgram = process.env.TERM_PROGRAM

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8f1941e6e0c264d8 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:57
      ? `${process.env.TERM_PROGRAM}${process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #01d54897dda04068 Environment-variable access.
repo/packages/opencode/src/cli/cmd/debug/index.ts:59
    const terminal = [termProgram, process.env.TERM].filter((item): item is string => Boolean(item)).join(" / ")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #08857dabecdecd35 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:406
    const variant = process.env["VARIANT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #672b1210c3cd0554 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:471
        const githubToken = process.env["GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1adbc955935bf29 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:656
      const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #55b4186f2b3b9b60 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:667
      const value = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b6a466561adefe4 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:673
      const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #70d119e30190e0c6 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:681
      const value = process.env["USE_GITHUB_TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f101723e362819b3 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:689
      const value = process.env["OIDC_BASE_URL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #be3d879df64d3a43 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:724
      const customPrompt = process.env["PROMPT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7218a8113deacdc8 Environment-variable access.
repo/packages/opencode/src/cli/cmd/github.handler.ts:739
      const mentions = (process.env["MENTIONS"] || "/opencode,/oc")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a018f9d99983e071 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/cli/cmd/github.handler.ts:1583
      await fetch("https://api.github.com/installation/token", {
        method: "DELETE",
        headers: {
          Authorization: `Bearer ${appToken}`,
          Accept: "application/vnd.github+json",
          "X-GitHub-Api-Version": "2022-11-28",
        },
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #cab29da873bebff7 Environment-variable access.
repo/packages/opencode/src/cli/cmd/providers.ts:277
        if (process.env[envVar]) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82c0b595c8450196 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run.ts:333
      const root = Filesystem.resolve(process.env.PWD ?? process.cwd())

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c424b652530e7fbb Filesystem access.
repo/packages/opencode/src/cli/cmd/run/runtime.stdin.ts:1
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ae2d2b83fdb5bb4 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:14
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #90040a6d0aa9f949 Environment-variable access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:58
  if (!process.env.OPENCODE_DIRECT_TRACE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c63c7373d80df234 Filesystem access.
repo/packages/opencode/src/cli/cmd/run/trace.ts:65
  fs.writeFileSync(
    latest(),
    text({
      time: new Date().toISOString(),
      pid: process.pid,
      cwd: process.cwd(),
      argv: process.argv.slice(2),
      path: target,
    }) + "\n",
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b7e14017fe614002 Environment-variable access.
repo/packages/opencode/src/cli/cmd/tui.ts:66
export function resolveThreadDirectory(project?: string, envPWD = process.env.PWD, cwd = process.cwd()) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a0a650b7d3c06519 Filesystem access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #357023380a30fdf0 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:236
  const shell = path.basename(process.env.SHELL || "bash")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dfd79070992eb1c7 Environment-variable access.
repo/packages/opencode/src/cli/cmd/uninstall.ts:238
  const xdgConfig = process.env.XDG_CONFIG_HOME || path.join(home, ".config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f9e30f7b90c2d2a1 Filesystem access.
repo/packages/opencode/src/config/config.ts:9
import fsNode from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2609c2374e768f9 Filesystem access.
repo/packages/opencode/src/config/config.ts:15
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6e7fdaa0486f894b Filesystem access.
repo/packages/opencode/src/config/config.ts:271
              await fsNode.writeFile(path.join(Global.Path.config, "config.json"), JSON.stringify(result, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0782c01f5f0f3a3 Environment-variable access.
repo/packages/opencode/src/config/config.ts:468
        if (process.env.OPENCODE_CONFIG_CONTENT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0654658d0e8041b8 Environment-variable access.
repo/packages/opencode/src/config/config.ts:470
          const next = yield* loadConfig(process.env.OPENCODE_CONFIG_CONTENT, {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #20e59a3a73e6d7a7 Environment-variable access.
repo/packages/opencode/src/config/config.ts:491
              process.env["OPENCODE_CONSOLE_TOKEN"] = tokenOpt.value

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9537a15f12bfe530 Filesystem access.
repo/packages/opencode/src/config/managed.ts:3
import { existsSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e9261776ed1b8e5 Environment-variable access.
repo/packages/opencode/src/config/managed.ts:25
      return path.join(process.env.ProgramData || "C:\\ProgramData", "opencode")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #11f26fbc5c0fc9ca Environment-variable access.
repo/packages/opencode/src/config/managed.ts:32
  return process.env.OPENCODE_TEST_MANAGED_CONFIG_DIR || systemManagedConfigDir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51a1b908f628ced1 Environment-variable access.
repo/packages/opencode/src/config/variable.ts:37
    return (input.env?.[varName] ?? process.env[varName]) || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2fca7c92d2e2b55b Filesystem access.
repo/packages/opencode/src/control-plane/dev/debug-workspace-plugin.ts:30
  await writeFile(
    DEV_DATA_TEMP_FILE,
    JSON.stringify(
      {
        port,
        id,
        env,
      },
      null,
      2,
    ),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #eed35785a8941726 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/control-plane/workspace.ts:330
        HttpClientRequest.post(route(url, "/sync/history"), {
          headers: new Headers(headers),
          body: HttpBody.jsonUnsafe(state),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #18ac626b9c76c2ef Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:533
        OTEL_EXPORTER_OTLP_HEADERS: process.env.OTEL_EXPORTER_OTLP_HEADERS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #903c4202c3594989 Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:534
        OTEL_EXPORTER_OTLP_ENDPOINT: process.env.OTEL_EXPORTER_OTLP_ENDPOINT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6af6099e2324f69e Environment-variable access.
repo/packages/opencode/src/control-plane/workspace.ts:535
        OTEL_RESOURCE_ATTRIBUTES: process.env.OTEL_RESOURCE_ATTRIBUTES,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #0649f9e0fd4593e5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/control-plane/workspace.ts:615
              HttpClientRequest.post(route(target.url, "/vcs/apply"), {
                headers: new Headers(target.headers),
                body: HttpBody.jsonUnsafe({ patch: sourcePatch }),
              }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bd967be8f32e9ea3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/control-plane/workspace.ts:672
                HttpClientRequest.post(route(target.url, "/sync/replay"), {
                  headers: new Headers(target.headers),
                  body: HttpBody.jsonUnsafe({
                    directory: space.directory ?? "",
                    events,
                  }),
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cffc113da08a857e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/control-plane/workspace.ts:696
          HttpClientRequest.post(route(target.url, "/sync/steal"), {
            headers: new Headers(target.headers),
            body: HttpBody.jsonUnsafe({ sessionID: input.sessionID }),
          }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1c1458c838e8da30 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:23
  if (process.env["TERM_PROGRAM"] === "vscode") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2160ab1bd78142d2 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:24
    const v = process.env["GIT_ASKPASS"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5e225746b3fbf2e3 Environment-variable access.
repo/packages/opencode/src/ide/index.ts:33
  return process.env["OPENCODE_CALLER"] === "vscode" || process.env["OPENCODE_CALLER"] === "vscode-insiders"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d582ad3a467d5cda Environment-variable access.
repo/packages/opencode/src/index.ts:67
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e8eff0b4244063a5 Environment-variable access.
repo/packages/opencode/src/index.ts:68
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2764da7f1b07c3f1 Environment-variable access.
repo/packages/opencode/src/index.ts:70
      process.env.OPENCODE_PURE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f06b6e636a629c6b Environment-variable access.
repo/packages/opencode/src/index.ts:75
    process.env.AGENT = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad863c805d72ba2b Environment-variable access.
repo/packages/opencode/src/index.ts:76
    process.env.OPENCODE = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5639abd3296db50a Environment-variable access.
repo/packages/opencode/src/index.ts:77
    process.env.OPENCODE_PID = String(process.pid)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #a4b52c3e6c5882e7 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:147
        const response = yield* httpOk.execute(HttpClientRequest.get("https://opencode.ai/install"))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #084e2d447663815f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:219
            HttpClientRequest.get("https://formulae.brew.sh/api/formula/opencode.json").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #65aa303a9eb796b5 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:239
            HttpClientRequest.get(
              "https://community.chocolatey.org/api/v2/Packages?$filter=Id%20eq%20%27opencode%27%20and%20IsLatestVersion&$select=Version",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json;odata=verbose" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #63b6aea6b5242d3e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:249
            HttpClientRequest.get(
              "https://raw.githubusercontent.com/ScoopInstaller/Main/master/bucket/opencode.json",
            ).pipe(HttpClientRequest.setHeaders({ Accept: "application/json" })),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #61673bfdecfecd23 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/installation/index.ts:258
          HttpClientRequest.get("https://api.github.com/repos/anomalyco/opencode/releases/latest").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #4b5bfbea114c62b3 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:6
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #fba9283754704315 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:183
      const response = await fetch("https://github.com/microsoft/vscode-eslint/archive/refs/heads/main.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #d99d30f56d68394c Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:445
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fdefa5d34427ea00 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:502
    const potentialVenvPaths = [process.env["VIRTUAL_ENV"], path.join(root, ".venv"), path.join(root, "venv")].filter(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #b8d338b56ca97727 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:552
        const response = await fetch("https://github.com/elixir-lsp/elixir-ls/archive/refs/heads/master.zip")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #55bf18c311d822df Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:600
      const releaseResponse = await fetch("https://api.github.com/repos/zigtools/zls/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #b995a8caa233a988 Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:779
    process.env.DOTNET_CLI_HOME ?? os.homedir(),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5639ae47eb42c55f Environment-variable access.
repo/packages/opencode/src/lsp/server.ts:789
    process.env.VSCODE_EXTENSIONS,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #234dab434caff4a8 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:976
    const releaseResponse = await fetch("https://api.github.com/repos/clangd/clangd/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #922c6e7748190dc9 Filesystem access.
repo/packages/opencode/src/lsp/server.ts:1171
        const content = await fs.readFile(pomFiles[i], "utf-8").catch(() => null)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f950fa464ee52ad3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1210
      const download = await fetch(releaseURL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #814ab381e16d1c57 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1297
      const releaseResponse = await fetch("https://api.github.com/repos/Kotlin/kotlin-lsp/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #421845b60cee4f6f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1405
      const releaseResponse = await fetch("https://api.github.com/repos/LuaLS/lua-language-server/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ea71ac7b2493863d Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1632
      const releaseResponse = await fetch("https://api.releases.hashicorp.com/v1/releases/terraform-ls/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #115a2de840806655 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1705
      const response = await fetch("https://api.github.com/repos/latex-lsp/texlab/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #68ba74d9cb9ecb3c Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/lsp/server.ts:1877
      const response = await fetch("https://api.github.com/repos/Myriad-Dreamin/tinymist/releases/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b1f6aa029ce582ec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/mcp/catalog.ts:155
            return client.request({ method: "tools/list", params }, TolerantListToolsResultSchema, { timeout })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #90d028c0f9906ea4 Environment-variable access.
repo/packages/opencode/src/plugin/azure.ts:5
  if (!process.env.AZURE_RESOURCE_NAME) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad56582221075afa Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:4
  const prompts = !process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e1a84b53b279c0d Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:31
    ...(!process.env.CLOUDFLARE_ACCOUNT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #eef7cbc44ae2cb82 Environment-variable access.
repo/packages/opencode/src/plugin/cloudflare.ts:41
    ...(!process.env.CLOUDFLARE_GATEWAY_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #e944b4d22c2da706 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/digitalocean.ts:170
  const res = await fetch(`${DO_GENAI_API}/models/routers`, {
    headers: {
      Authorization: `Bearer ${bearer}`,
      Accept: "application/json",
      "User-Agent": `opencode/${InstallationVersion}`,
    },
    signal: AbortSignal.timeout(10_000),
  }).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6cd1a8a9c91cff96 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:108
  const response = await fetch(`${ISSUER}/oauth/token`, {
    method: "POST",
    headers: { "Content-Type": "application/x-www-form-urlencoded" },
    body: new URLSearchParams({
      grant_type: "authorization_code",
      code,
      redirect_uri: redirectUri,
      client_id: CLIENT_ID,
      code_verifier: pkce.verifier,
    }).toString(),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #79bf1553364dfcc3 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:464
            const deviceResponse = await fetch(`${ISSUER}/api/accounts/deviceauth/usercode`, {
              method: "POST",
              headers: {
                "Content-Type": "application/json",
                "User-Agent": `opencode/${InstallationVersion}`,
              },
              body: JSON.stringify({ client_id: CLIENT_ID }),
            })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e1c5788543591a7f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:488
                  const response = await fetch(`${ISSUER}/api/accounts/deviceauth/token`, {
                    method: "POST",
                    headers: {
                      "Content-Type": "application/json",
                      "User-Agent": `opencode/${InstallationVersion}`,
                    },
                    body: JSON.stringify({
                      device_auth_id: deviceData.device_auth_id,
                      user_code: deviceData.user_code,
                    }),
                  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d328a24011a4e805 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/plugin/openai/codex.ts:506
                    const tokenResponse = await fetch(`${ISSUER}/oauth/token`, {
                      method: "POST",
                      headers: { "Content-Type": "application/x-www-form-urlencoded" },
                      body: new URLSearchParams({
                        grant_type: "authorization_code",
                        code: data.authorization_code,
                        redirect_uri: `${ISSUER}/deviceauth/callback`,
                        client_id: CLIENT_ID,
                        code_verifier: data.code_verifier,
                      }).toString(),
                    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #4ff952a015606b8b Filesystem access.
repo/packages/opencode/src/project/project.ts:327
      const buffer = yield* fs.readFile(shortest).pipe(Effect.orDie)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78cd2ed290dbfab9 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:315
        const envToken = process.env.AWS_BEARER_TOKEN_BEDROCK

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #009af804be87a8b4 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:318
          process.env.AWS_BEARER_TOKEN_BEDROCK = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f16adf2b0b4ad3f3 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:327
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4d9af2a917e9abe Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:575
        const envAICoreServiceKey = process.env.AICORE_SERVICE_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #770d9fb2bc488f4b Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:578
          process.env.AICORE_SERVICE_KEY = auth.key

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0b499c7b4a1d564 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:583
      const deploymentId = process.env.AICORE_DEPLOYMENT_ID

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4f13b57f1235c58 Environment-variable access.
repo/packages/opencode/src/provider/provider.ts:584
      const resourceGroup = process.env.AICORE_RESOURCE_GROUP

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #5a029e11909a2bdc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/config.ts:26
        HttpApiEndpoint.patch("update", root, {
          query: WorkspaceRoutingQuery,
          payload: ConfigV1.Info,
          success: described(ConfigV1.Info, "Successfully updated config"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d362442001f42ed8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/control-plane.ts:22
      HttpApiEndpoint.post("moveSession", `${root}/move-session`, {
        payload: MoveSessionPayload,
        success: described(HttpApiSchema.NoContent, "Session moved"),
        error: ApiMoveSessionError,
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #679a8920ecb4f358 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/control.ts:39
      HttpApiEndpoint.put("authSet", ControlPaths.auth, {
        params: AuthParams,
        payload: Auth.Info,
        success: described(Schema.Boolean, "Successfully set authentication credentials"),
        error: HttpApiError.BadRequest,
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #121507ac30e9bd92 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/control.ts:62
      HttpApiEndpoint.post("log", ControlPaths.log, {
        query: LogQuery,
        payload: LogInput,
        success: described(Schema.Boolean, "Log entry written successfully"),
        error: HttpApiError.BadRequest,
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5511d0e0012a30ed Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/experimental.ts:140
        HttpApiEndpoint.post("consoleSwitch", ExperimentalPaths.consoleSwitch, {
          query: WorkspaceRoutingQuery,
          payload: ConsoleSwitchPayload,
          success: described(Schema.Boolean, "Switch success"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #828d00eea97932d1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/experimental.ts:187
        HttpApiEndpoint.post("worktreeCreate", ExperimentalPaths.worktree, {
          disableCodecs: true,
          query: WorkspaceRoutingQuery,
          payload: [HttpApiSchema.NoContent, Worktree.CreateInput],
          success: described(Worktree.Info, "Worktree created"),
          error: WorktreeApiError,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #aa2f3a1486520110 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/experimental.ts:212
        HttpApiEndpoint.post("worktreeReset", ExperimentalPaths.worktreeReset, {
          query: WorkspaceRoutingQuery,
          payload: Worktree.ResetInput,
          success: described(Schema.Boolean, "Worktree reset"),
          error: WorktreeApiError,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1cf462a3627ebd06 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/experimental.ts:235
        HttpApiEndpoint.post("sessionBackground", ExperimentalPaths.sessionBackground, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Backgrounded subagents"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #285b9ddca963120a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/global.ts:103
      HttpApiEndpoint.patch("configUpdate", GlobalPaths.config, {
        payload: ConfigV1.Info,
        success: described(ConfigV1.Info, "Successfully updated global config"),
        error: HttpApiError.BadRequest,
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e4a5c7e2cdfaabb0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/global.ts:114
      HttpApiEndpoint.post("dispose", GlobalPaths.dispose, {
        success: described(Schema.Boolean, "Global disposed"),
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #fef44ed4b674f5df Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/global.ts:123
      HttpApiEndpoint.post("upgrade", GlobalPaths.upgrade, {
        payload: [HttpApiSchema.NoContent, GlobalUpgradeInput],
        success: described(GlobalUpgradeResult, "Upgrade result"),
        error: HttpApiError.BadRequest,
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7412f9082159c56f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/instance.ts:62
        HttpApiEndpoint.post("dispose", InstancePaths.dispose, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Instance disposed"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3dbd3a48815bd808 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/instance.ts:127
        HttpApiEndpoint.post("vcsApply", InstancePaths.vcsApply, {
          query: WorkspaceRoutingQuery,
          payload: Vcs.ApplyInput,
          success: described(Vcs.ApplyResult, "VCS patch applied"),
          error: ApiVcsApplyError,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cf199c4208645ed1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/mcp.ts:55
        HttpApiEndpoint.post("add", McpPaths.status, {
          query: WorkspaceRoutingQuery,
          payload: AddPayload,
          success: described(StatusMap, "MCP server added successfully"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c3462a973c17f504 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/mcp.ts:67
        HttpApiEndpoint.post("authStart", McpPaths.auth, {
          params: { name: Schema.String },
          query: WorkspaceRoutingQuery,
          success: described(AuthStartResponse, "OAuth flow started"),
          error: [UnsupportedOAuthError, McpServerNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c3e20e7b041f72f7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/mcp.ts:79
        HttpApiEndpoint.post("authCallback", McpPaths.authCallback, {
          params: { name: Schema.String },
          query: WorkspaceRoutingQuery,
          payload: AuthCallbackPayload,
          success: described(MCP.Status, "OAuth authentication completed"),
          error: [HttpApiError.BadRequest, McpServerNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4b82604ff4a9ad2d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/mcp.ts:93
        HttpApiEndpoint.post("authAuthenticate", McpPaths.authAuthenticate, {
          params: { name: Schema.String },
          query: WorkspaceRoutingQuery,
          success: described(MCP.Status, "OAuth authentication completed"),
          error: [UnsupportedOAuthError, McpServerNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #662da76807449a11 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/mcp.ts:117
        HttpApiEndpoint.post("connect", McpPaths.connect, {
          params: { name: Schema.String },
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "MCP server connected successfully"),
          error: McpServerNotFoundError,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3fbc147f4a15071c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/mcp.ts:128
        HttpApiEndpoint.post("disconnect", McpPaths.disconnect, {
          params: { name: Schema.String },
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "MCP server disconnected successfully"),
          error: McpServerNotFoundError,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #39b5303423678e8a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/permission.ts:31
        HttpApiEndpoint.post("reply", `${root}/:requestID/reply`, {
          params: { requestID: PermissionV1.ID },
          query: WorkspaceRoutingQuery,
          payload: ReplyPayload,
          success: described(Schema.Boolean, "Permission processed successfully"),
          error: [HttpApiError.BadRequest, PermissionNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #95f419bf7bf5265b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/project-copy.ts:15
      HttpApiEndpoint.post("generateName", "/experimental/project/:projectID/copy/generate-name", {
        params: { projectID: ProjectV2.ID },
        query: WorkspaceRoutingQuery,
        payload: GenerateNamePayload,
        success: Schema.Struct({ name: Schema.String }),
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8b312c7e67a9bd38 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/project.ts:42
        HttpApiEndpoint.post("initGit", `${root}/git/init`, {
          query: WorkspaceRoutingQuery,
          success: described(Project.Info, "Project information after git initialization"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a647099968fbaf79 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/project.ts:52
        HttpApiEndpoint.patch("update", `${root}/:projectID`, {
          params: { projectID: ProjectV2.ID },
          query: WorkspaceRoutingQuery,
          payload: UpdatePayload,
          success: described(Project.Info, "Updated project information"),
          error: [HttpApiError.BadRequest, ProjectNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7c96ba582206d2b9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/provider.ts:58
        HttpApiEndpoint.post("authorize", `${root}/:providerID/oauth/authorize`, {
          params: { providerID: ProviderV2.ID },
          query: WorkspaceRoutingQuery,
          payload: ProviderAuth.AuthorizeInput,
          success: described(Schema.UndefinedOr(ProviderAuth.Authorization), "Authorization URL and method"),
          error: ProviderAuthApiError,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e864df7fb2a229f8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/provider.ts:71
        HttpApiEndpoint.post("callback", `${root}/:providerID/oauth/callback`, {
          params: { providerID: ProviderV2.ID },
          query: WorkspaceRoutingQuery,
          payload: ProviderAuth.CallbackInput,
          success: described(Schema.Boolean, "OAuth callback processed successfully"),
          error: ProviderAuthApiError,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ec040170ed30e29b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/pty.ts:64
        HttpApiEndpoint.post("create", PtyPaths.create, {
          query: WorkspaceRoutingQuery,
          payload: Pty.CreateInput,
          success: described(Pty.Info, "Created session"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f6542a0b4000bd3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/pty.ts:88
        HttpApiEndpoint.put("update", PtyPaths.update, {
          params: { ptyID: PtyID },
          query: WorkspaceRoutingQuery,
          payload: Pty.UpdateInput,
          success: described(Pty.Info, "Updated session"),
          error: [PtyNotFoundError, HttpApiError.BadRequest],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #53dfbac155860feb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/pty.ts:113
        HttpApiEndpoint.post("connectToken", PtyPaths.connectToken, {
          params: { ptyID: PtyID },
          query: WorkspaceRoutingQuery,
          success: described(PtyTicket.ConnectToken, "WebSocket connect token"),
          error: [PtyForbiddenError, PtyNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #784b69537975aa63 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/question.ts:32
        HttpApiEndpoint.post("reply", `${root}/:requestID/reply`, {
          params: { requestID: QuestionID },
          query: WorkspaceRoutingQuery,
          payload: ReplyPayload,
          success: described(Schema.Boolean, "Question answered successfully"),
          error: [HttpApiError.BadRequest, QuestionNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5adb4e97470d8c83 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/question.ts:45
        HttpApiEndpoint.post("reject", `${root}/:requestID/reject`, {
          params: { requestID: QuestionID },
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Question rejected successfully"),
          error: [HttpApiError.BadRequest, QuestionNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bddbafeaa9f839e1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:203
        HttpApiEndpoint.post("create", SessionPaths.create, {
          query: WorkspaceRoutingQuery,
          payload: [HttpApiSchema.NoContent, Session.CreateInput],
          success: described(Session.Info, "Successfully created session"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #de1911f1f52c4249 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:227
        HttpApiEndpoint.patch("update", SessionPaths.update, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: UpdatePayload,
          success: described(Session.Info, "Successfully updated session"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d7bd6e76621070f7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:240
        HttpApiEndpoint.post("fork", SessionPaths.fork, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: [HttpApiSchema.NoContent, ForkPayload],
          success: described(Session.Info, "200"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #56183c553ff0165f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:253
        HttpApiEndpoint.post("abort", SessionPaths.abort, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Aborted session"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #911f7c66c4dc3735 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:265
        HttpApiEndpoint.post("init", SessionPaths.init, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: InitPayload,
          success: described(Schema.Boolean, "200"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e89f10ae297e4fc4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:279
        HttpApiEndpoint.post("share", SessionPaths.share, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          success: described(Session.Info, "Successfully shared session"),
          error: [HttpApiError.InternalServerError, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9c79cec1e65f7f85 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:303
        HttpApiEndpoint.post("summarize", SessionPaths.summarize, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: SummarizePayload,
          success: described(Schema.Boolean, "Summarized session"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #487911b8f134a349 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:316
        HttpApiEndpoint.post("prompt", SessionPaths.prompt, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: PromptPayload,
          success: described(SessionV1.WithParts, "Created message"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #66531eb6fb50c6c1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:329
        HttpApiEndpoint.post("promptAsync", SessionPaths.promptAsync, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: PromptPayload,
          success: described(HttpApiSchema.NoContent, "Prompt accepted"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3f05224b648cfc26 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:343
        HttpApiEndpoint.post("command", SessionPaths.command, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: CommandPayload,
          success: described(SessionV1.WithParts, "Created message"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c15c875299fd438a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:356
        HttpApiEndpoint.post("shell", SessionPaths.shell, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: ShellPayload,
          success: described(SessionV1.WithParts, "Created message"),
          error: [HttpApiError.BadRequest, ApiNotFoundError, SessionBusyError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0d8ae093f9f47218 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:369
        HttpApiEndpoint.post("revert", SessionPaths.revert, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          payload: RevertPayload,
          success: described(Session.Info, "Updated session"),
          error: [HttpApiError.BadRequest, ApiNotFoundError, SessionBusyError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3e6daea8011651d3 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:383
        HttpApiEndpoint.post("unrevert", SessionPaths.unrevert, {
          params: { sessionID: SessionID },
          query: WorkspaceRoutingQuery,
          success: described(Session.Info, "Updated session"),
          error: [HttpApiError.BadRequest, ApiNotFoundError, SessionBusyError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c3ce7158b5e6e7ca Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:395
        HttpApiEndpoint.post("permissionRespond", SessionPaths.permissions, {
          params: { sessionID: SessionID, permissionID: PermissionV1.ID },
          query: WorkspaceRoutingQuery,
          payload: PermissionResponsePayload,
          success: described(Schema.Boolean, "Permission processed successfully"),
          error: [HttpApiError.BadRequest, ApiNotFoundError, PermissionNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f6ad1a89262ec591 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/session.ts:433
        HttpApiEndpoint.patch("updatePart", SessionPaths.updatePart, {
          params: { sessionID: SessionID, messageID: MessageID, partID: PartID },
          query: WorkspaceRoutingQuery,
          payload: SessionV1.Part,
          success: described(SessionV1.Part, "Successfully updated part"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #41890fd32015cac0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/sync.ts:49
        HttpApiEndpoint.post("start", SyncPaths.start, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Workspace sync started"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8726ba233e1568d6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/sync.ts:59
        HttpApiEndpoint.post("replay", SyncPaths.replay, {
          query: WorkspaceRoutingQuery,
          payload: ReplayPayload,
          success: described(ReplayResponse, "Replayed sync events"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7659bbb875b69a26 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/sync.ts:71
        HttpApiEndpoint.post("steal", SyncPaths.steal, {
          query: WorkspaceRoutingQuery,
          payload: SessionPayload,
          success: described(SessionPayload, "Session stolen into workspace"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d5c67fd9c5fad5b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/sync.ts:83
        HttpApiEndpoint.post("history", SyncPaths.history, {
          query: WorkspaceRoutingQuery,
          payload: HistoryPayload,
          success: described(Schema.Array(HistoryEvent), "Sync events"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #87e4261d630d76cc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:56
        HttpApiEndpoint.post("appendPrompt", TuiPaths.appendPrompt, {
          query: WorkspaceRoutingQuery,
          payload: TuiEvent.PromptAppend.data,
          success: described(Schema.Boolean, "Prompt processed successfully"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1d546d4f95fd4ed5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:68
        HttpApiEndpoint.post("openHelp", TuiPaths.openHelp, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Help dialog opened successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4b591baed2082043 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:78
        HttpApiEndpoint.post("openSessions", TuiPaths.openSessions, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Session dialog opened successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0af0e82bc654fcb1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:88
        HttpApiEndpoint.post("openThemes", TuiPaths.openThemes, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Theme dialog opened successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a22f9973844f9482 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:98
        HttpApiEndpoint.post("openModels", TuiPaths.openModels, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Model dialog opened successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f68b62acdc563886 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:108
        HttpApiEndpoint.post("submitPrompt", TuiPaths.submitPrompt, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Prompt submitted successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7e1169e2433c04b6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:118
        HttpApiEndpoint.post("clearPrompt", TuiPaths.clearPrompt, {
          query: WorkspaceRoutingQuery,
          success: described(Schema.Boolean, "Prompt cleared successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3f925fea60eba41a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:128
        HttpApiEndpoint.post("executeCommand", TuiPaths.executeCommand, {
          query: WorkspaceRoutingQuery,
          payload: CommandPayload,
          success: described(Schema.Boolean, "Command executed successfully"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #724f5d9bc456d8a0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:140
        HttpApiEndpoint.post("showToast", TuiPaths.showToast, {
          query: WorkspaceRoutingQuery,
          payload: TuiEvent.ToastShow.data,
          success: described(Schema.Boolean, "Toast notification shown successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a86e6e6f15ebe403 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:151
        HttpApiEndpoint.post("publish", TuiPaths.publish, {
          query: WorkspaceRoutingQuery,
          payload: TuiPublishPayload,
          success: described(Schema.Boolean, "Event published successfully"),
          error: HttpApiError.BadRequest,
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5a5a9706a6467d3c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:163
        HttpApiEndpoint.post("selectSession", TuiPaths.selectSession, {
          query: WorkspaceRoutingQuery,
          payload: TuiEvent.SessionSelect.data,
          success: described(Schema.Boolean, "Session selected successfully"),
          error: [HttpApiError.BadRequest, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #320fd0097085f8ed Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/tui.ts:185
        HttpApiEndpoint.post("controlResponse", TuiPaths.controlResponse, {
          query: WorkspaceRoutingQuery,
          payload: Schema.Unknown,
          success: described(Schema.Boolean, "Response submitted successfully"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #cb2f9983c005ad0c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/workspace.ts:73
        HttpApiEndpoint.post("create", WorkspacePaths.list, {
          query: WorkspaceRoutingQuery,
          payload: CreatePayload,
          success: described(Workspace.Info, "Workspace created"),
          error: [ApiWorkspaceCreateError, HttpApiError.BadRequest],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2dafc0781ba8b165 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/workspace.ts:85
        HttpApiEndpoint.post("syncList", WorkspacePaths.syncList, {
          query: WorkspaceRoutingQuery,
          success: described(HttpApiSchema.NoContent, "Workspace list synced"),
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3d3be97b73c553ff Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/server/routes/instance/httpapi/groups/workspace.ts:117
        HttpApiEndpoint.post("warp", WorkspacePaths.warp, {
          query: WorkspaceRoutingQuery,
          payload: WarpPayload,
          success: described(HttpApiSchema.NoContent, "Session warped"),
          error: [ApiWorkspaceWarpError, ApiVcsApplyError, ApiNotFoundError],
        }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b8ff876ec640fbc6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/opencode/src/server/shared/ui.ts:9
export const UI_UPSTREAM = new URL("https://app.opencode.ai")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #0bfedd34484a9eb4 Filesystem access.
repo/packages/opencode/src/server/shared/ui.ts:72
  return fs.readFile(file).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2dcabbd8c7dc99c Filesystem access.
repo/packages/opencode/src/session/prompt.ts:964
                    Buffer.from(yield* fsys.readFile(filepath).pipe(Effect.catch(Effect.die))).toString("base64"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1f36dc4cd8bab9cc Environment-variable access.
repo/packages/opencode/src/share/share-next.ts:23
const disabled = process.env["OPENCODE_DISABLE_SHARE"] === "true" || process.env["OPENCODE_DISABLE_SHARE"] === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #19df09e469ffc74c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/share/share-next.ts:259
      const res = yield* HttpClientRequest.post(`${req.baseUrl}${req.api.sync(share.id)}`).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b9309b7dafd211a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/share/share-next.ts:314
      const result = yield* HttpClientRequest.post(`${req.baseUrl}${req.api.create}`).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #106e97b5acb73ef9 Environment-variable access.
repo/packages/opencode/src/temporary.ts:27
    if (opts.printLogs) process.env.OPENCODE_PRINT_LOGS = "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a6f1450aa4be153 Environment-variable access.
repo/packages/opencode/src/temporary.ts:28
    if (opts.logLevel) process.env.OPENCODE_LOG_LEVEL = opts.logLevel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d67569c8f136a6d4 Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:115
            const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab355f36028d9c1d Filesystem access.
repo/packages/opencode/src/tool/apply_patch.ts:162
            const source = yield* Bom.readFile(afs, filePath).pipe(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6aa6a049cc9ec7bf Filesystem access.
repo/packages/opencode/src/tool/edit.ts:126
              const source = yield* Bom.readFile(afs, filePath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4c1299a8f482e840 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:4
export const EXA_URL = process.env.EXA_API_KEY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8e150819c08b351 Environment-variable access.
repo/packages/opencode/src/tool/mcp-websearch.ts:5
  ? `https://mcp.exa.ai/mcp?exaApiKey=${encodeURIComponent(process.env.EXA_API_KEY)}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #04d89f406177e0d6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/opencode/src/tool/mcp-websearch.ts:79
    const request = yield* HttpClientRequest.post(url).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #1f1b0a725085ddf8 Filesystem access.
repo/packages/opencode/src/tool/read.ts:307
        const bytes = yield* fs.readFile(filepath)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #94870ddb94500780 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:142
  if (process.platform !== "win32") return process.env[key]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #800d465218fb5d00 Environment-variable access.
repo/packages/opencode/src/tool/shell.ts:144
  return name ? process.env[name] : undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #06b1ee1fa7c6571f Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:31
  const override = process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1b60a29a82c49663 Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:56
  if (!process.env.PARALLEL_API_KEY) return headers

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f56b0226143c839e Environment-variable access.
repo/packages/opencode/src/tool/websearch.ts:57
  return { ...headers, Authorization: `Bearer ${process.env.PARALLEL_API_KEY}` }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1970d0393f0bc20a Filesystem access.
repo/packages/opencode/src/tool/write.ts:47
          const source = exists ? yield* Bom.readFile(fs, filepath) : { bom: false, text: "" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcfd0e3c3719ce4f Filesystem access.
repo/packages/opencode/src/util/bom.ts:19
  return split(new TextDecoder("utf-8", { ignoreBOM: true }).decode(yield* fs.readFile(filePath)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d7361610519724c Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:1
import { chmod, mkdir, readFile, stat as statFile, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ede72041da025ff4 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:2
import { createWriteStream, existsSync, statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #871d9f61a65ff824 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #174b10cae0ec6616 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:41
  return readFile(p, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3aba627e3eb30a72 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:45
  return JSON.parse(await readFile(p, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #74c458cb7872ff99 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:49
  return readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f12a20bf25a477b Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:53
  const buf = await readFile(p)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #698475e2228784be Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:64
      await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4dae0f8dd39b1d30 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:66
      await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c4ac2e6e043a84c7 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:72
        await writeFile(p, content, { mode })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f38f5ea590e479c3 Filesystem access.
repo/packages/opencode/src/util/filesystem.ts:74
        await writeFile(p, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #880ac174a006cad0 Environment-variable access.
repo/packages/opencode/src/util/proxy-env.ts:69
  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2ca316209ab7c2c0 Environment-variable access.
repo/packages/opencode/src/util/repository.ts:100
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/app

npm first-party
high pii_flow production #b58be6311e1be7fc User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/component/email-signup.tsx:10 · flow /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/component/email-signup.tsx:13 → /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #2c393539b93c105a User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/lib/salesforce.ts:63 → /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #08e39ccf18998c21 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/console/app/src/routes/api/enterprise.ts:39 · flow /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/routes/api/enterprise.ts:42 → /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #2a83ae207e31614e Credentials parsed from the request URL are applied as authorization on the same outbound HTTP request. This is intentional URL authentication, not unexpected data exfiltration.
repo/packages/console/app/src/lib/salesforce.ts:54 · flow /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/lib/salesforce.ts:57 → /tmp/closeopen-tliy3dl5/repo/packages/console/app/src/lib/salesforce.ts:54
  const res = await fetch(`${auth.url}/services/data/v59.0/sobjects/Lead`, {
    method: "POST",
    headers: {
      Authorization: `Bearer ${auth.token}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      LastName: input.name,
      Company: input.company?.trim() || "Website",
      Email: input.email,
      Phone: input.phone ?? null,
      Title: input.role,
      Description: input.message,
      LeadSource: "Website",
    }),
  }).catch((err) => {

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium telemetry production #40a1a832238d56d8 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:312
      await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #63d24c30867fb66d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:317
        await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4c4eab8ca42e8a99 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:318
        await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #53f63664a6c065b6 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:319
        await providerBudgetTracker?.track(providerInfo.id, providerInfo.budgetPriority, costInfo.totalCostInCent)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #a297e3fb90c5aae9 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:366
                await rateLimiter?.track()

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #4cbea9c52452674c Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:371
                  await trialLimiter?.track(usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #d80e92ce9ec99454 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:372
                  await modelTpmLimiter?.track(providerInfo.id, providerInfo.model, usageInfo)

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #114dbd576c1ac6da Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:373
                  await modelTpsLimiter?.track(
                    providerInfo.id,
                    providerInfo.model,
                    providerInfo.tpsGoal,
                    timestampFirstByte,
                    timestampLastByte,
                    usageInfo,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #25ad68aac191fd70 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/console/app/src/routes/zen/util/handler.ts:381
                  await providerBudgetTracker?.track(
                    providerInfo.id,
                    providerInfo.budgetPriority,
                    costInfo.totalCostInCent,
                  )

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 6 low-confidence finding(s)
low env_fs production #98306c487041fc63 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:2
import { readdir, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #df0592a9070c8396 Filesystem access.
repo/packages/console/app/script/generate-sitemap.ts:103
  await writeFile(outputPath, xml, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #fd5202bc15a7a07e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/component/email-signup.tsx:10
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress,
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1bcb484195ccb47e Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/lib/changelog.ts:42
  const response = await fetch("https://api.github.com/repos/anomalyco/opencode/releases?per_page=20", {
    headers: {
      Accept: "application/vnd.github.v3+json",
      "User-Agent": "OpenCode-Console",
    },
    cf: {
      // best-effort edge caching (ignored outside Cloudflare)
      cacheTtl: 60 * 5,
      cacheEverything: true,
    },
  } as RequestInit).catch(() => undefined)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bafdc052b512c3dd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/api/enterprise.ts:39
  return fetch(`https://api.emailoctopus.com/lists/${EMAIL_OCTOPUS_LIST_ID}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify(payload),
  }).then(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #613d1bba8004dec6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/app/src/routes/openapi.json.ts:2
  const response = await fetch(
    "https://raw.githubusercontent.com/anomalyco/opencode/refs/heads/dev/packages/sdk/openapi.json",
  )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm)

npm first-party
high pii_flow production #a883fc618acae171 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/script/github/close-issues.ts:45 · flow /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:45
  const comment = await fetch(`${base}/comments`, {
    method: "POST",
    headers,
    body: JSON.stringify({ body: msg }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #7896f437d693d2e1 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/script/github/close-issues.ts:52 · flow /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:52
  const patch = await fetch(base, {
    method: "PATCH",
    headers,
    body: JSON.stringify({ state: "closed", state_reason: "not_planned" }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

high pii_flow production #81c21dd0e2c2ca3e A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/script/github/close-issues.ts:67 · flow /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:67
    const res = await fetch(
      `https://api.github.com/repos/${repo}/issues?state=open&sort=updated&direction=asc&per_page=100&page=${page}`,
      { headers },
    )

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow production #9d4c8bf80ae4465b A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/.opencode/tool/github-pr-search.ts:4 · flow /tmp/closeopen-tliy3dl5/repo/.opencode/tool/github-pr-search.ts:7 → /tmp/closeopen-tliy3dl5/repo/.opencode/tool/github-pr-search.ts:4
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #b5ab0fe97280a083 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/.opencode/tool/github-triage.ts:23 · flow /tmp/closeopen-tliy3dl5/repo/.opencode/tool/github-triage.ts:26 → /tmp/closeopen-tliy3dl5/repo/.opencode/tool/github-triage.ts:23
  const response = await fetch(`https://api.github.com${endpoint}`, {
    ...options,
    headers: {
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,
      Accept: "application/vnd.github+json",
      "Content-Type": "application/json",
      ...(options.headers instanceof Headers ? Object.fromEntries(options.headers.entries()) : options.headers),
    },
  })

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #669d881552ee0107 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/script/github/close-issues.ts:75 · flow /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:75
    console.log(`Fetched page ${page} ${all.length} issues`)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #f97d018d9ebd010f PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/script/github/close-issues.ts:82 · flow /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:82
          console.log(`Skipping stale issue #${i.number}; author ${i.user?.login ?? "unknown"} is exempt`)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #a47267b328251fe9 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/script/github/close-issues.ts:87 · flow /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:7 → /tmp/closeopen-tliy3dl5/repo/script/github/close-issues.ts:87
        console.log(`\nFound fresh issue #${i.number}, stopping`)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

expand_more 38 low-confidence finding(s)
low env_fs production #2299722f0c21502a Environment-variable access.
repo/.opencode/tool/github-pr-search.ts:7
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cacf27aec605ce77 Environment-variable access.
repo/.opencode/tool/github-triage.ts:17
  const issue = parseInt(process.env.ISSUE_NUMBER ?? "", 10)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a9ac87b51337dfe7 Environment-variable access.
repo/.opencode/tool/github-triage.ts:26
      Authorization: `Bearer ${process.env.GITHUB_TOKEN}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bd48bfa3852404f4 Environment-variable access.
repo/github/index.ts:302
  const value = process.env["MODEL"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d827ca9d7a860e9b Environment-variable access.
repo/github/index.ts:316
  const runId = process.env["GITHUB_RUN_ID"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #922c3987d2891621 Environment-variable access.
repo/github/index.ts:323
  return process.env["AGENT"] || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7f0bc9ee82c2a8ac Environment-variable access.
repo/github/index.ts:327
  const value = process.env["SHARE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b0fa355a7cb849f6 Environment-variable access.
repo/github/index.ts:336
    mockEvent: process.env["MOCK_EVENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #42aa052785886b69 Environment-variable access.
repo/github/index.ts:337
    mockToken: process.env["MOCK_TOKEN"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5095967ce33d8a45 Environment-variable access.
repo/github/index.ts:342
  return process.env["TOKEN"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #111d29b1f56a0a43 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:377
    response = await fetch("https://api.opencode.ai/exchange_github_app_token_with_pat", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${useEnvMock().mockToken}`,
      },
      body: JSON.stringify({ owner: repo.owner, repo: repo.repo }),
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b607938e4f56e5e6 Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:386
    response = await fetch("https://api.opencode.ai/exchange_github_app_token", {
      method: "POST",
      headers: {
        Authorization: `Bearer ${oidcToken}`,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #458f02e12b7703fd Hardcoded external endpoint. Review what data is sent to this destination.
repo/github/index.ts:1064
  await fetch("https://api.github.com/installation/token", {
    method: "DELETE",
    headers: {
      Authorization: `Bearer ${accessToken}`,
      Accept: "application/vnd.github+json",
      "X-GitHub-Api-Version": "2022-11-28",
    },
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #27156d6d72500b6e Environment-variable access.
repo/infra/console.ts:276
          new sst.Secret("CLOUDFLARE_DEFAULT_ACCOUNT_ID", process.env.CLOUDFLARE_DEFAULT_ACCOUNT_ID!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21f6b594cc110b4a Environment-variable access.
repo/infra/console.ts:277
          new sst.Secret("CLOUDFLARE_API_TOKEN", process.env.CLOUDFLARE_API_TOKEN!),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59950f9e01c21642 Filesystem access.
repo/nix/scripts/canonicalize-node-modules.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #59ad9ed122ce90f3 Filesystem access.
repo/nix/scripts/normalize-bun-binaries.ts:1
import { lstat, mkdir, readdir, rm, symlink } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d8df81006816e86 Environment-variable access.
repo/packages/containers/script/build.ts:10
const reg = process.env.REGISTRY ?? "ghcr.io/anomalyco"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e81142af5acfbc87 Environment-variable access.
repo/packages/containers/script/build.ts:11
const tag = process.env.TAG ?? "24.04"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a3f8f664a7e91bfd Environment-variable access.
repo/packages/containers/script/build.ts:12
const push = process.argv.includes("--push") || process.env.PUSH === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f93c4d03176ac019 Filesystem access.
repo/script/beta.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99b0dc9b218d8649 Environment-variable access.
repo/script/beta.ts:61
  if (process.env.GITHUB_ACTIONS !== "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bada360b6ffa37dc Filesystem access.
repo/script/changelog.ts:3
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #561e7b84cacf7b04 Environment-variable access.
repo/script/github/close-issues.ts:7
const token = process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d40ebea09dc292e1 Environment-variable access.
repo/script/github/close-prs.ts:346
  const envToken = process.env.GITHUB_TOKEN ?? process.env.GH_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4cf8d11f8421468b Environment-variable access.
repo/script/publish.ts:72
  await $`gh release edit ${tag} --draft=false --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aa1e0d8d47ad0987 Environment-variable access.
repo/script/raw-changelog.ts:25
const repo = process.env.GH_REPO ?? "anomalyco/opencode"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b86cfaebfe2c4943 Environment-variable access.
repo/script/stats.ts:4
  const key = process.env["POSTHOG_KEY"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #f5dc0de6b5126875 Hardcoded external endpoint. Review what data is sent to this destination.
repo/script/stats.ts:11
  const response = await fetch("https://us.i.posthog.com/i/v0/e/", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      distinct_id: "download",
      api_key: key,
      event,
      properties: {
        ...properties,
      },
    }),
  }).catch(() => null)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #c7f449a0a7d25c41 Environment-variable access.
repo/script/version.ts:7
const sha = process.env.GITHUB_SHA ?? (await $`git rev-parse HEAD`.text()).trim()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #87e573a2df52b152 Environment-variable access.
repo/script/version.ts:15
  const dir = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2abe6ca1f0d63cc Environment-variable access.
repo/script/version.ts:23
  await $`gh release create v${Script.version} -d --title "v${Script.version}" --repo ${process.env.GH_REPO}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23143a84c087804d Environment-variable access.
repo/script/version.ts:25
    await $`gh release view v${Script.version} --json tagName,databaseId --repo ${process.env.GH_REPO}`.json()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #47b48bbe668b694c Environment-variable access.
repo/script/version.ts:30
output.push(`repo=${process.env.GH_REPO}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #97781034001b88bf Environment-variable access.
repo/script/version.ts:32
if (process.env.GITHUB_OUTPUT) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2b4d69ed1053b79b Environment-variable access.
repo/script/version.ts:33
  await Bun.write(process.env.GITHUB_OUTPUT, output.join("\n"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ace2f558052bf561 Environment-variable access.
repo/sst.config.ts:14
          profile: process.env.GITHUB_ACTIONS

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #059adacae9cacc9c Environment-variable access.
repo/sst.config.ts:22
          apiKey: process.env.STRIPE_SECRET_KEY!,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/core

npm first-party
high pii_flow production #e4e8da9ad1be788c A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
repo/packages/core/src/session/compaction.ts:197 · flow /tmp/closeopen-tliy3dl5/repo/packages/core/src/session/compaction.ts:176 → /tmp/closeopen-tliy3dl5/repo/packages/core/src/session/compaction.ts:197
        LLM.request({
          model: input.model,
          messages: [Message.user(summaryPrompt)],
          tools: [],
          generation: { maxTokens: summaryOutput },
        }),

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 96 low-confidence finding(s)
low env_fs production #67ec0ba6ada60b0f Filesystem access.
repo/packages/core/script/fix-node-pty.ts:3
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #562066102df36a5b Filesystem access.
repo/packages/core/script/migration.ts:4
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75586e778632232b Environment-variable access.
repo/packages/core/src/database/database.ts:50
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "1" ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75fd9f3a69dae61f Environment-variable access.
repo/packages/core/src/database/database.ts:51
    process.env.OPENCODE_DISABLE_CHANNEL_DB === "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41efb4f7d4235b9e Filesystem access.
repo/packages/core/src/file-mutation.ts:112
          const current = yield* fs
            .readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac3e9cdc1f8501f6 Filesystem access.
repo/packages/core/src/file-mutation.ts:130
              : fs.writeFile(input.target.canonical, input.content, { flag: "wx" })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #de0d70074c9e3ee8 Filesystem access.
repo/packages/core/src/file-mutation.ts:147
          const current = yield* fs.readFile(input.target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e795b493d623c0c8 Filesystem access.
repo/packages/core/src/file-mutation.ts:153
            : fs.writeFile(input.target.canonical, input.content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f19baa2d042f9efc Filesystem access.
repo/packages/core/src/filesystem.ts:83
          content: yield* fs.readFile(target.real).pipe(Effect.orDie),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e511905d7dee3f3c Environment-variable access.
repo/packages/core/src/flag/flag.ts:4
  const value = process.env[key]?.toLowerCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5d14e9ab04b8b14 Environment-variable access.
repo/packages/core/src/flag/flag.ts:8
const copy = process.env["OPENCODE_EXPERIMENTAL_DISABLE_COPY_ON_SELECT"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37ba52ec03a9897c Environment-variable access.
repo/packages/core/src/flag/flag.ts:9
const fff = process.env["OPENCODE_DISABLE_FFF"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8251860592e746b4 Environment-variable access.
repo/packages/core/src/flag/flag.ts:12
  return process.env[key] === undefined ? truthy("OPENCODE_EXPERIMENTAL") : truthy(key)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e4c9d7e93723930d Environment-variable access.
repo/packages/core/src/flag/flag.ts:16
  OTEL_EXPORTER_OTLP_ENDPOINT: process.env["OTEL_EXPORTER_OTLP_ENDPOINT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bfaf2daa7e89e45f Environment-variable access.
repo/packages/core/src/flag/flag.ts:17
  OTEL_EXPORTER_OTLP_HEADERS: process.env["OTEL_EXPORTER_OTLP_HEADERS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d23e27bc9270a62 Environment-variable access.
repo/packages/core/src/flag/flag.ts:20
  OPENCODE_GIT_BASH_PATH: process.env["OPENCODE_GIT_BASH_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #525265906f1148c8 Environment-variable access.
repo/packages/core/src/flag/flag.ts:21
  OPENCODE_CONFIG: process.env["OPENCODE_CONFIG"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #332178062219570d Environment-variable access.
repo/packages/core/src/flag/flag.ts:22
  OPENCODE_CONFIG_CONTENT: process.env["OPENCODE_CONFIG_CONTENT"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dbfea7b3ebfe64d7 Environment-variable access.
repo/packages/core/src/flag/flag.ts:31
  OPENCODE_FAKE_VCS: process.env["OPENCODE_FAKE_VCS"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6103a517a641059a Environment-variable access.
repo/packages/core/src/flag/flag.ts:32
  OPENCODE_SERVER_PASSWORD: process.env["OPENCODE_SERVER_PASSWORD"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0a6d4d35a9017ed3 Environment-variable access.
repo/packages/core/src/flag/flag.ts:33
  OPENCODE_SERVER_USERNAME: process.env["OPENCODE_SERVER_USERNAME"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7335bb06f36417e6 Environment-variable access.
repo/packages/core/src/flag/flag.ts:45
  OPENCODE_MODELS_URL: process.env["OPENCODE_MODELS_URL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #388b3365b352691a Environment-variable access.
repo/packages/core/src/flag/flag.ts:46
  OPENCODE_MODELS_PATH: process.env["OPENCODE_MODELS_PATH"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #23d2eef2755a97b6 Environment-variable access.
repo/packages/core/src/flag/flag.ts:47
  OPENCODE_DB: process.env["OPENCODE_DB"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #100ea055953c9316 Environment-variable access.
repo/packages/core/src/flag/flag.ts:49
  OPENCODE_WORKSPACE_ID: process.env["OPENCODE_WORKSPACE_ID"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ffcb68b48dbdb55 Environment-variable access.
repo/packages/core/src/flag/flag.ts:61
    return process.env["OPENCODE_TUI_CONFIG"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6712f333326004f7 Environment-variable access.
repo/packages/core/src/flag/flag.ts:64
    return process.env["OPENCODE_CONFIG_DIR"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0ee43a23ddbb3507 Environment-variable access.
repo/packages/core/src/flag/flag.ts:70
    return process.env["OPENCODE_PERMISSION"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a6043179352d8da6 Environment-variable access.
repo/packages/core/src/flag/flag.ts:73
    return process.env["OPENCODE_PLUGIN_META_FILE"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2ed582ab0eb865d Environment-variable access.
repo/packages/core/src/flag/flag.ts:76
    return process.env["OPENCODE_CLIENT"] ?? "cli"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #656ae9aaab455630 Filesystem access.
repo/packages/core/src/fs-util.ts:3
import { realpathSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9223c60720482657 Filesystem access.
repo/packages/core/src/fs-util.ts:4
import * as NFS from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c6da5bdc776c3e77 Filesystem access.
repo/packages/core/src/global.ts:2
import fs from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cc8826f19f97762e Environment-variable access.
repo/packages/core/src/global.ts:19
    return process.env.OPENCODE_TEST_HOME ?? os.homedir()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1873f7c65dc83f46 Environment-variable access.
repo/packages/core/src/integration.ts:298
        .flatMap((method) => method.names.filter((name) => process.env[name]))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #80435ca5b4e2ca7e Environment-variable access.
repo/packages/core/src/integration.ts:387
            const key = process.env[connection.name]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d344e1ce61c37c12 Environment-variable access.
repo/packages/core/src/observability/logging.ts:57
  const value = process.env.OPENCODE_LOG_LEVEL?.toUpperCase()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #094d5155207ddcdb Environment-variable access.
repo/packages/core/src/observability/logging.ts:68
  return process.env.OPENCODE_PRINT_LOGS === "1" ? [fileLogger(), stderrLogger] : [fileLogger()]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c0f0d0871c5a62af Environment-variable access.
repo/packages/core/src/observability/otlp.ts:21
  const value = process.env.OTEL_RESOURCE_ATTRIBUTES

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #127b16367f81bacd Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:85
        const profile = typeof options.profile === "string" ? options.profile : process.env.AWS_PROFILE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #36cff2ec3008c281 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:86
        const region = typeof options.region === "string" ? options.region : (process.env.AWS_REGION ?? "us-east-1")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #599f0fb22261c7c0 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:88
          process.env.AWS_BEARER_TOKEN_BEDROCK ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32db325274c0734e Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:90
        if (bearerToken && !process.env.AWS_BEARER_TOKEN_BEDROCK) process.env.AWS_BEARER_TOKEN_BEDROCK = bearerToken

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f2119e3d8f4a3156 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:92
          process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI || process.env.AWS_CONTAINER_CREDENTIALS_FULL_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e1d951f30b731f3 Environment-variable access.
repo/packages/core/src/plugin/provider/amazon-bedrock.ts:121
        const region = typeof evt.options.region === "string" ? evt.options.region : process.env.AWS_REGION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9afa22e73f77f092 Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:23
            typeof configured === "string" && configured.trim() !== "" ? configured : process.env.AZURE_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4e74378d4362d49e Environment-variable access.
repo/packages/core/src/plugin/provider/azure.ts:63
        const resourceName = process.env.AZURE_COGNITIVE_SERVICES_RESOURCE_NAME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bcbc9730b35836d0 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:47
  const accountId = process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #983af87a9f06a889 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:51
    process.env.CLOUDFLARE_GATEWAY_ID ?? stringOption(options, "gatewayId") ?? stringOption(options, "gateway")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #da4ebce98bf012ee Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-ai-gateway.ts:52
  const apiKey = process.env.CLOUDFLARE_API_TOKEN ?? process.env.CF_AIG_TOKEN ?? stringOption(options, "apiKey")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #85921778779d50c2 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:50
  return process.env.CLOUDFLARE_ACCOUNT_ID ?? stringOption(options, "accountId")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5793160013992cde Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:65
    apiKey: process.env.CLOUDFLARE_API_KEY ?? options.apiKey,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fc7f8e2073d50382 Environment-variable access.
repo/packages/core/src/plugin/provider/cloudflare-workers-ai.ts:76
  return baseURL.replaceAll("${CLOUDFLARE_ACCOUNT_ID}", process.env.CLOUDFLARE_ACCOUNT_ID ?? "${CLOUDFLARE_ACCOUNT_ID}")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #09956f7bc64dbd6e Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:19
              : (process.env.GITLAB_INSTANCE_URL ?? "https://gitlab.com"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0f105282791d461a Environment-variable access.
repo/packages/core/src/plugin/provider/gitlab.ts:20
          apiKey: typeof evt.options.apiKey === "string" ? evt.options.apiKey : process.env.GITLAB_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d24a7db0980331b3 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:10
    process.env.GOOGLE_VERTEX_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #59d4e81f7475d29d Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:11
    process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #532e5db2491874b8 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:12
    process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #abd13ec86bc42011 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:13
    process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8fe3ad4227a4fa0e Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:20
    process.env.GOOGLE_VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1ba03d15f2fd9640 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:21
    process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #fd730d9de6baa3ee Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:22
    process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #171af8120d2f622d Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:125
            process.env.GOOGLE_CLOUD_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b04e8e3b77603e0 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:126
            process.env.GCP_PROJECT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ec73cd611f100e1 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:127
            process.env.GCLOUD_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1db3b2ca8d518d56 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:130
            process.env.GOOGLE_CLOUD_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0141aade3af485e0 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:131
            process.env.VERTEX_LOCATION ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ebc32c07c02dbafa Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:147
            : (process.env.GOOGLE_CLOUD_PROJECT ?? process.env.GCP_PROJECT ?? process.env.GCLOUD_PROJECT)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #acb9f1112edbfc80 Environment-variable access.
repo/packages/core/src/plugin/provider/google-vertex.ts:151
            : (process.env.GOOGLE_CLOUD_LOCATION ?? process.env.VERTEX_LOCATION ?? "global")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #81400b24ce08e9dc Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/openai.ts:122
                fetch(`${issuer}/api/accounts/deviceauth/token`, {
                  method: "POST",
                  headers: headers("application/json"),
                  body: JSON.stringify({ device_auth_id: device.device_auth_id, user_code: device.user_code }),
                  signal,
                }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #952feb1231f16762 Environment-variable access.
repo/packages/core/src/plugin/provider/opencode.ts:167
      const hasKey = Boolean(process.env.OPENCODE_API_KEY || connected || item.provider.request.body.apiKey)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #ea290a03cbf0f4db Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/core/src/plugin/provider/opencode.ts:304
  return HttpClientRequest.post(url).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #bc7198db024b1f0e Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:15
          process.env.AICORE_SERVICE_KEY ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0187844465945af9 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:17
        if (serviceKey && !process.env.AICORE_SERVICE_KEY) process.env.AICORE_SERVICE_KEY = serviceKey

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #473ea02f45acb6a0 Environment-variable access.
repo/packages/core/src/plugin/provider/sap-ai-core.ts:34
            ? { deploymentId: process.env.AICORE_DEPLOYMENT_ID, resourceGroup: process.env.AICORE_RESOURCE_GROUP }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9f0eb6cae261c4c6 Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:74
          process.env.SNOWFLAKE_CORTEX_TOKEN ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #367023eae805e98b Environment-variable access.
repo/packages/core/src/plugin/provider/snowflake-cortex.ts:75
          process.env.SNOWFLAKE_CORTEX_PAT ??

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3186e2da464a3e04 Environment-variable access.
repo/packages/core/src/repository.ts:169
  const base = process.env.OPENCODE_REPO_CLONE_GITHUB_BASE_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a3421c0bdb46f5b Filesystem access.
repo/packages/core/src/shell.ts:5
import { readFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12b5aa2189428267 Filesystem access.
repo/packages/core/src/shell.ts:6
import { statSync } from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dd2b6b91f9df9314 Environment-variable access.
repo/packages/core/src/shell.ts:101
      [which("pwsh"), which("powershell"), gitbash(), process.env.COMSPEC || "cmd.exe"]

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d90da258d5421022 Filesystem access.
repo/packages/core/src/shell.ts:109
  const text = await readFile("/etc/shells", "utf8").catch(() => "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #495effae738caf10 Environment-variable access.
repo/packages/core/src/shell.ts:207
  defaultPreferred ??= select(process.env.SHELL)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4a02fdbda54295a Environment-variable access.
repo/packages/core/src/shell.ts:216
  defaultAcceptable ??= select(process.env.SHELL, { acceptable: true })

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #12085c2eedf50b55 Filesystem access.
repo/packages/core/src/tool/apply-patch.ts:139
                    const source = yield* fs.readFile(target.canonical)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ffb51082a5d0baa8 Environment-variable access.
repo/packages/core/src/tool/bash.ts:49
const defaultShell = () => (process.platform === "win32" ? (process.env.COMSPEC ?? "cmd.exe") : "/bin/sh")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea77356ae701ead9 Filesystem access.
repo/packages/core/src/tool/edit.ts:161
                const source = decodeUtf8(yield* unableToEdit(fs.readFile(target.canonical)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e6d865a9714dcc65 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:76
      process.env.OPENCODE_WEBSEARCH_PROVIDER === "exa" || process.env.OPENCODE_WEBSEARCH_PROVIDER === "parallel"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #516b3ac16bde0af5 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:77
        ? process.env.OPENCODE_WEBSEARCH_PROVIDER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #970b5788d9971538 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:81
    exaApiKey: process.env.EXA_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #82d8da38af83b075 Environment-variable access.
repo/packages/core/src/tool/websearch.ts:82
    parallelApiKey: process.env.PARALLEL_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #06050067d1561f1a Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:147
  const url = new URL(EXA_URL)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #89163454055e2a23 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/core/src/tool/websearch.ts:161
    const request = yield* HttpClientRequest.post(url).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #6ce9a63497248c57 Filesystem access.
repo/packages/core/src/util/flock.ts:4
import { mkdir, readFile, rm, stat, utimes, writeFile } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #968e18df48c51ed6 Environment-variable access.
repo/packages/core/src/util/which.ts:6
  const base = env?.PATH ?? env?.Path ?? process.env.PATH ?? process.env.Path ?? ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ea4276961eb6fced Environment-variable access.
repo/packages/core/src/util/which.ts:11
    pathExt: env?.PATHEXT ?? env?.PathExt ?? process.env.PATHEXT ?? process.env.PathExt,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/app

npm first-party
high pii_flow production #4294eac8d1b58282 User/PII-bearing data read from the environment or filesystem flows to an external network call. This is potential data exfiltration.
repo/packages/stats/app/src/routes/api/newsletter.ts:17 · flow /tmp/closeopen-tliy3dl5/repo/packages/stats/app/src/routes/api/newsletter.ts:20 → /tmp/closeopen-tliy3dl5/repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

expand_more 1 low-confidence finding(s)
low egress production #e44646383faecd89 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/stats/app/src/routes/api/newsletter.ts:17
  const response = await fetch(`https://api.emailoctopus.com/lists/${listId}/contacts`, {
    method: "PUT",
    headers: {
      Authorization: `Bearer ${Resource.EMAILOCTOPUS_API_KEY.value}`,
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      email_address: emailAddress.trim(),
    }),
  })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/app

npm first-party
medium telemetry production #5f849647cd0ec5b4 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/app.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #ce04b98a5df1f07d Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/entry.tsx:3
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #0675d42e2b77760e Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/src/pages/error.tsx:2
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #3e55a5b3a8f7f7d2 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/app/vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 69 low-confidence finding(s)
low env_fs production #97572e3316ce67d0 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:32
          runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3e47ff7d768fcaf1 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:125
      runID: process.env.OPENCODE_PERFORMANCE_RUN_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cd451b9dab089e59 Environment-variable access.
repo/packages/app/e2e/performance/benchmark.ts:133
        selectorTrace: process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #51f73f58c28c80b2 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:22
  const directory = process.env.OPENCODE_PERFORMANCE_TRACE_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c2643e79c86ddfc3 Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:25
  const selectors = process.env.OPENCODE_PERFORMANCE_SELECTOR_TRACE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #78f8ecc4682b1a7e Environment-variable access.
repo/packages/app/e2e/performance/chrome-trace.ts:76
  const run = process.env.OPENCODE_PERFORMANCE_RUN_ID ?? "manual"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #41b8f38a20744bf2 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3ef07d407408a1a8 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:4
process.env.PLAYWRIGHT_SERVER_PORT = String(port)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8ca8ecc68864b617 Environment-variable access.
repo/packages/app/e2e/performance/playwright.config.ts:5
process.env.OPENCODE_PERFORMANCE_RUN_ID ??= `${new Date().toISOString().replace(/[:.]/g, "-")}-${process.pid}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #61c5e03b3d7a3450 Environment-variable access.
repo/packages/app/e2e/performance/timeline-stability/fixture.ts:113
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8ab226fe858bf99b Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:10
const completionTimeoutMs = Number(process.env.REVIEW_PANE_COMPLETION_TIMEOUT_MS ?? 900_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f328f64600f5580 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:44
        const patchByteLimit = Number(process.env.REVIEW_PANE_PATCH_BYTE_LIMIT ?? Number.POSITIVE_INFINITY)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2fa58b4d608b7e33 Environment-variable access.
repo/packages/app/e2e/performance/timeline/review-pane-scaling-benchmark.spec.ts:46
          throw new Error(`Invalid REVIEW_PANE_PATCH_BYTE_LIMIT: ${process.env.REVIEW_PANE_PATCH_BYTE_LIMIT}`)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e4374209bdaab12b Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-parent-hydration-benchmark.spec.ts:11
const mode = process.env.SESSION_PARENT_HYDRATION_BENCHMARK_MODE ?? "natural"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #4518ed7eda83dc5e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-tab-switch-benchmark.spec.ts:33
    const runs = Number(process.env.SESSION_TAB_SWITCH_RUNS ?? 5)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8f1a594ac4d661ba Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:43
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a983c9c803ad41ff Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:49
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9f5f189422411c29 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:55
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f5d7b1d9da525a54 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:61
    benchmark.setTimeout(Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000) + 60_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9c44ea3f40881e1b Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:70
    const historyTurns = Number(process.env.REVIEW_PANE_HISTORY_TURNS ?? 72)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c85a1ae5d135754e Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:103
  const completionTimeoutMs = Number(process.env.TIMELINE_COMPLETION_TIMEOUT_MS ?? 420_000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #3e6ddc0038a6bab8 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:104
  const cpuThrottle = Number(process.env.TIMELINE_CPU_THROTTLE ?? 30)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2ed800f4819108d7 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:105
  const deltaCount = Number(process.env.TIMELINE_DELTA_COUNT ?? 160)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #dc36a7447900494c Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:106
  const historyTurns = Number(process.env.TIMELINE_HISTORY_TURNS ?? 320)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7364067b045b7882 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:107
  const eventBatch = Number(process.env.TIMELINE_EVENT_BATCH ?? 1)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #129e2ddb829e2219 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:108
  const minimal = process.env.TIMELINE_MINIMAL === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e805a47aec1a83f5 Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:109
  const profileCPU = process.env.TIMELINE_CPU_PROFILE === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #9add600a596f8e1a Environment-variable access.
repo/packages/app/e2e/performance/timeline/session-timeline-benchmark.spec.ts:110
  const profileVisual = !minimal && profileCPU && process.env.TIMELINE_VISUAL_PROFILE !== "0"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #dcb6a98df91494fa Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:83
  return `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #aff54b8e1881bca0 Environment-variable access.
repo/packages/app/e2e/performance/timeline/timeline-test-helpers.ts:87
  return Array.from({ length: Number(process.env.REVIEW_PANE_DIFF_COUNT ?? 72) }, (_, index) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f7e179e3ecbd9992 Environment-variable access.
repo/packages/app/e2e/regression/file-browser-sidebar-tab-switch.spec.ts:10
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5ea20461d63eb4e8 Environment-variable access.
repo/packages/app/e2e/regression/legacy-new-session.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #97c0e7a1dfa11e86 Environment-variable access.
repo/packages/app/e2e/regression/new-session-panel-corner.spec.ts:7
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e5073161a5719195 Environment-variable access.
repo/packages/app/e2e/regression/review-open-file.spec.ts:10
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8e0242e29fa3ca25 Environment-variable access.
repo/packages/app/e2e/regression/review-state-persistence.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e361f8ef4397b856 Environment-variable access.
repo/packages/app/e2e/regression/review-tab-switch.spec.ts:12
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bcad92d996cb93f2 Environment-variable access.
repo/packages/app/e2e/regression/session-request-docks.spec.ts:106
    server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f605ecfdd175fc01 Environment-variable access.
repo/packages/app/e2e/regression/session-timeline-history-root.spec.ts:58
      server: `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfefa5882ba08f97 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:136
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #2f05e412e84959c4 Environment-variable access.
repo/packages/app/e2e/regression/session-todo-dock-navigation.spec.ts:157
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #41d814c161ffa3a0 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:78
    (url) => url.pathname === "/session" && url.port === (process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d9fb09516f36c5d7 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:180
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #a9a72987f8e9c768 Environment-variable access.
repo/packages/app/e2e/regression/subagent-child-navigation.spec.ts:198
  const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #23f97714c30bf73d Environment-variable access.
repo/packages/app/e2e/regression/terminal-tab-switch.spec.ts:13
const server = `http://${process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"}:${process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #21073cecae45b2cd Environment-variable access.
repo/packages/app/e2e/reproduction/timeline-suspense/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_TIMELINE_SUSPENSE_PORT ?? 4317)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #350e0883c38d56bc Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:50
    const targetPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #39cc7f560abc6d53 Environment-variable access.
repo/packages/app/e2e/utils/mock-server.ts:52
      process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${process.env.PLAYWRIGHT_PORT ?? "3000"}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efc58195f0a35153 Environment-variable access.
repo/packages/app/e2e/utils/visual-stability/capture.ts:13
  if (process.env.OPENCODE_STABILITY_CAPTURE !== "1") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #53224b7d5a8d0ac1 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:19
  await writeFile(tracePath, JSON.stringify(trace, null, 2))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3eb96c7e00ca1f78 Filesystem access.
repo/packages/app/e2e/utils/visual-stability/reporter.ts:20
  await writeFile(
    issuesPath,
    JSON.stringify({ issues, markers: result.markers, capturedFrameCount: result.frames.length }, null, 2),
  )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b6af4c589a5cf837 Environment-variable access.
repo/packages/app/playwright.config.ts:3
const port = Number(process.env.PLAYWRIGHT_PORT ?? 3000)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a1e6c9bb2d42955e Environment-variable access.
repo/packages/app/playwright.config.ts:4
const baseURL = process.env.PLAYWRIGHT_BASE_URL ?? `http://127.0.0.1:${port}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d31cde6bf9aa9718 Environment-variable access.
repo/packages/app/playwright.config.ts:5
const serverHost = process.env.PLAYWRIGHT_SERVER_HOST ?? "127.0.0.1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #83d9ea673b36b2b9 Environment-variable access.
repo/packages/app/playwright.config.ts:6
const serverPort = process.env.PLAYWRIGHT_SERVER_PORT ?? "4096"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2d7a3971ce6671ad Environment-variable access.
repo/packages/app/playwright.config.ts:8
const reuse = !process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3640185315b79c67 Environment-variable access.
repo/packages/app/playwright.config.ts:9
const workers = Number(process.env.PLAYWRIGHT_WORKERS ?? (process.env.CI ? 5 : 0)) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #62a962f35003122f Environment-variable access.
repo/packages/app/playwright.config.ts:12
  testIgnore: process.env.OPENCODE_PERFORMANCE === "1" ? "performance/**/*.test.ts" : "performance/**",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6a024564a78f5e2e Environment-variable access.
repo/packages/app/playwright.config.ts:18
  fullyParallel: process.env.PLAYWRIGHT_FULLY_PARALLEL === "1",

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e1a7408fd3b647c4 Environment-variable access.
repo/packages/app/playwright.config.ts:19
  forbidOnly: !!process.env.CI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a2d46590be77466 Environment-variable access.
repo/packages/app/playwright.config.ts:20
  retries: process.env.CI ? 2 : 0,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0355fdf3bf4d0496 Environment-variable access.
repo/packages/app/src/i18n/parity.test.ts:45
describe.skipIf(!!process.env.CI)("i18n parity", () => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #77ec001b21dde42d Environment-variable access.
repo/packages/app/vite.config.ts:6
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63f6f17f240ec3c9 Environment-variable access.
repo/packages/app/vite.config.ts:8
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #983c30a2a983e568 Environment-variable access.
repo/packages/app/vite.config.ts:9
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a29112b8f63703b1 Environment-variable access.
repo/packages/app/vite.config.ts:10
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ab132e72f8c9cce0 Environment-variable access.
repo/packages/app/vite.config.ts:13
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9e439ea6642a9e21 Environment-variable access.
repo/packages/app/vite.js:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b2f54d8b5a73865f Environment-variable access.
repo/packages/app/vite.js:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b1c6452bbe83ee4e Filesystem access.
repo/packages/app/vite.js:42
        `<script id="oc-theme-preload-script">${readFileSync(theme, "utf8")}</script>`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/console/function

npm first-party
medium pii_flow production #0d85182a1173a491 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/console/function/src/auth.ts:112 · flow /tmp/closeopen-tliy3dl5/repo/packages/console/function/src/auth.ts:114 → /tmp/closeopen-tliy3dl5/repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #dfdaf131d7837dc8 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/console/function/src/auth.ts:119 · flow /tmp/closeopen-tliy3dl5/repo/packages/console/function/src/auth.ts:121 → /tmp/closeopen-tliy3dl5/repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow production #dc2cede3a39071a9 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
repo/packages/console/function/src/log-processor.ts:68 · flow /tmp/closeopen-tliy3dl5/repo/packages/console/function/src/log-processor.ts:72 → /tmp/closeopen-tliy3dl5/repo/packages/console/function/src/log-processor.ts:68
              fetch(lakeIngest.url, {
                method: "POST",
                headers: {
                  "Content-Type": "application/json",
                  Authorization: `Bearer ${lakeIngest.secret}`,
                },
                body: JSON.stringify({ events: events.map((event) => toLakeEvent(event.time, event.data)) }),
              }),

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 3 low-confidence finding(s)
low egress production #bd3f08d0d846f584 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:112
          const emails = (await fetch("https://api.github.com/user/emails", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6e0b7c2b84cc19da Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/auth.ts:119
          const user = (await fetch("https://api.github.com/user", {
            headers: {
              Authorization: `Bearer ${response.tokenset.access}`,
              "User-Agent": "opencode",
              Accept: "application/vnd.github+json",
            },
          }).then((x) => x.json())) as any

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #74d2a03e54ee0245 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/console/function/src/log-processor.ts:58
        fetch("https://api.honeycomb.io/1/batch/zen", {
          method: "POST",
          headers: {
            "Content-Type": "application/json",
            "X-Honeycomb-Team": Resource.HONEYCOMB_API_KEY.value,
          },
          body: JSON.stringify(events),
        }),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/slack

npm first-party
medium pii_flow production #55eaea6beb2df205 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/slack/src/index.ts:12 · flow /tmp/closeopen-tliy3dl5/repo/packages/slack/src/index.ts:12 → /tmp/closeopen-tliy3dl5/repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #7427fb2453a8861c PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/slack/src/index.ts:13 · flow /tmp/closeopen-tliy3dl5/repo/packages/slack/src/index.ts:13 → /tmp/closeopen-tliy3dl5/repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow production #843f8313786a491b PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
repo/packages/slack/src/index.ts:14 · flow /tmp/closeopen-tliy3dl5/repo/packages/slack/src/index.ts:14 → /tmp/closeopen-tliy3dl5/repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

expand_more 6 low-confidence finding(s)
low env_fs production #4dd11999e70118ad Environment-variable access.
repo/packages/slack/src/index.ts:5
  token: process.env.SLACK_BOT_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3fc5cefedd367f22 Environment-variable access.
repo/packages/slack/src/index.ts:6
  signingSecret: process.env.SLACK_SIGNING_SECRET,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d0732f25fff74ad7 Environment-variable access.
repo/packages/slack/src/index.ts:8
  appToken: process.env.SLACK_APP_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1021ae0df4516340 Environment-variable access.
repo/packages/slack/src/index.ts:12
console.log("- Bot token present:", !!process.env.SLACK_BOT_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c3b63f360f4aa068 Environment-variable access.
repo/packages/slack/src/index.ts:13
console.log("- Signing secret present:", !!process.env.SLACK_SIGNING_SECRET)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0b01e668f8877f03 Environment-variable access.
repo/packages/slack/src/index.ts:14
console.log("- App token present:", !!process.env.SLACK_APP_TOKEN)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/desktop

npm first-party
medium telemetry production #1902a4e6100fc225 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/electron.vite.config.ts:1
import { sentryVitePlugin } from "@sentry/vite-plugin"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

medium telemetry production #5866e25dba3090cf Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/desktop/src/renderer/index.tsx:18
import * as Sentry from "@sentry/solid"

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 65 low-confidence finding(s)
low env_fs test-only #ae80e7638a495877 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:14
    const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #404049acc98fe367 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:15
    process.env.OPENCODE_CHANNEL = channel.channel

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #5806cc712d320949 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:20
    if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #02dc4d5729642b40 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:21
    else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #d0c6bba99e96afc2 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:31
  const previous = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bdf7776457cbe577 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:32
  process.env.OPENCODE_CHANNEL = "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #11d71acc45b7ab13 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:37
  if (previous === undefined) delete process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bfa3057fb431aa45 Environment-variable access.
repo/packages/desktop/electron-builder.config.test.ts:38
  else process.env.OPENCODE_CHANNEL = previous

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99b08d1c74454df0 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:20
  if (process.env.GITHUB_ACTIONS !== "true") return

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8a8e0aec193eeeb2 Environment-variable access.
repo/packages/desktop/electron-builder.config.ts:30
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7322975918f1fe50 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:9
  const raw = process.env.OPENCODE_CHANNEL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d7f3d727c83cf0b Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:11
  if (process.env.OPENCODE_CHANNEL === "latest") return "prod"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fec7e7f232be2a1 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:18
  process.env.SENTRY_AUTH_TOKEN && process.env.SENTRY_ORG && process.env.SENTRY_PROJECT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c932afe820411426 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:20
        authToken: process.env.SENTRY_AUTH_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6d8ed70228a953f4 Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:21
        org: process.env.SENTRY_ORG,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f01a7ffbd7bea91c Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:22
        project: process.env.SENTRY_PROJECT,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #75c5b296b4cf134a Environment-variable access.
repo/packages/desktop/electron.vite.config.ts:25
          name: process.env.SENTRY_RELEASE ?? process.env.VITE_SENTRY_RELEASE,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #10e6fb203535cc8a Filesystem access.
repo/packages/desktop/electron.vite.config.ts:76
            await fs.writeFile(`./out/main/chunks/${l}`, await fs.readFile(`${OPENCODE_SERVER_DIST}/${l}`))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e50ecae1757db57a Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:16
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #6c364cb0dcddb5e1 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:19
const releaseId = process.env.OPENCODE_RELEASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #e2da557bfddfd5f9 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:22
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #bbc4b4260dd2600b Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:25
const dir = process.env.LATEST_YML_DIR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #91b2c67be49c6249 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:29
const token = process.env.GH_TOKEN ?? process.env.GITHUB_TOKEN

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low pii_flow test-only Excluded from app score #6111a633d08b2ff1 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/packages/desktop/scripts/finalize-latest-json.ts:32 · flow /tmp/closeopen-tliy3dl5/repo/packages/desktop/scripts/finalize-latest-json.ts:29 → /tmp/closeopen-tliy3dl5/repo/packages/desktop/scripts/finalize-latest-json.ts:32
const rel = await fetch(`https://api.github.com/repos/${repo}/releases/${releaseId}`, {
  headers: {
    Authorization: `token ${token}`,
    Accept: "application/vnd.github+json",
  },
})

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low pii_flow test-only Excluded from app score #c1796cb6ec86ce6e A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration. Non-production path — not application runtime.
repo/packages/desktop/scripts/finalize-latest-json.ts:116 · flow /tmp/closeopen-tliy3dl5/repo/packages/desktop/scripts/finalize-latest-json.ts:29 → /tmp/closeopen-tliy3dl5/repo/packages/desktop/scripts/finalize-latest-json.ts:116
  const res = await fetch(asset?.url ?? url, {
    headers: {
      Authorization: `token ${token}`,
      ...(asset ? { Accept: "application/octet-stream" } : {}),
    },
  })

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

low env_fs test-only #97d149648a3ac1b8 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:126
  const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #36633374bddee552 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-json.ts:207
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #637dfd049eabf387 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:6
const dir = process.env.LATEST_YML_DIR!

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #7fa852cc05252443 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:9
const repo = process.env.GH_REPO

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #f55b55bcb6e9af8c Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:12
const version = process.env.OPENCODE_VERSION

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c5525d3b4ad06414 Environment-variable access.
repo/packages/desktop/scripts/finalize-latest-yml.ts:115
const tmp = process.env.RUNNER_TEMP ?? "/tmp"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ef9f62704e0b1701 Environment-variable access.
repo/packages/desktop/scripts/predev.ts:3
await $`bun ./scripts/copy-icons.ts ${process.env.OPENCODE_CHANNEL ?? "dev"}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #8fdd15b899c97bbf Environment-variable access.
repo/packages/desktop/scripts/utils.ts:66
  if (process.platform === "win32" && process.env.GITHUB_ACTIONS === "true") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #84e2355c63711fe5 Environment-variable access.
repo/packages/desktop/src/main/apps.ts:27
  const home = process.env.HOME

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f561b0bd91f72b12 Filesystem access.
repo/packages/desktop/src/main/apps.ts:58
    const content = await readFile(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #c82515779c9e37e7 Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:27
      await writeFile(file, "lorem ipsum")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #0f15ca62a4b23fea Filesystem access.
repo/packages/desktop/src/main/attachment-picker.test.ts:38
      await writeFile(file, "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9977ef3d0a6a1d80 Environment-variable access.
repo/packages/desktop/src/main/index.ts:62
const TEST_ONBOARDING = process.env.OPENCODE_TEST_ONBOARDING === "1"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3acae344502e37da Environment-variable access.
repo/packages/desktop/src/main/index.ts:96
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ecc3a29425ea89c7 Environment-variable access.
repo/packages/desktop/src/main/index.ts:106
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a2465b732e6b4b0c Environment-variable access.
repo/packages/desktop/src/main/index.ts:121
  process.env.OPENCODE_DISABLE_EMBEDDED_WEB_UI = "true"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5ac36b9166eb194c Environment-variable access.
repo/packages/desktop/src/main/index.ts:132
    process.env.OPENCODE_DB = ":memory:"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d7be37723b3f05ee Environment-variable access.
repo/packages/desktop/src/main/index.ts:133
    process.env.XDG_DATA_HOME = join(root, "data")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e28c7a073837d688 Environment-variable access.
repo/packages/desktop/src/main/index.ts:134
    process.env.XDG_CONFIG_HOME = join(root, "config")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #811e47e97f197378 Environment-variable access.
repo/packages/desktop/src/main/index.ts:135
    process.env.XDG_CACHE_HOME = join(root, "cache")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ed3fe242d1e2da0b Environment-variable access.
repo/packages/desktop/src/main/index.ts:136
    process.env.XDG_STATE_HOME = join(root, "state")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7fb1c32a35d17253 Environment-variable access.
repo/packages/desktop/src/main/index.ts:316
    const fromEnv = process.env.OPENCODE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #38c5cec1ff0162ce Filesystem access.
repo/packages/desktop/src/main/logging.ts:93
    const contents = readFileSync(path, "utf8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9d5348cc1cfc5f2c Environment-variable access.
repo/packages/desktop/src/main/logging.ts:153
  const xdgData = process.env.XDG_DATA_HOME || join(homedir(), ".local", "share")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #655990b1c03942f4 Filesystem access.
repo/packages/desktop/src/main/logging.ts:184
    const data = entry.data ?? readFileSync(entry.path!)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cebdd40202697d78 Filesystem access.
repo/packages/desktop/src/main/logging.ts:188
  writeFileSync(output, Buffer.from(await zip.arrayBuffer()))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #4865a42ab0bb7229 Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:18
      return join(process.env.APPDATA ?? join(homedir(), "AppData", "Roaming"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a8db8b475abf955e Environment-variable access.
repo/packages/desktop/src/main/migrate.ts:20
      return join(process.env.XDG_DATA_HOME ?? join(homedir(), ".local", "share"), id)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #efeeeb5137efcb33 Filesystem access.
repo/packages/desktop/src/main/migrate.ts:42
    data = JSON.parse(readFileSync(datPath, "utf-8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #b5fcc7c757439c47 Environment-variable access.
repo/packages/desktop/src/main/server.ts:51
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #826117d01e0ca454 Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:19
    return resolveUserShell(process.env.SHELL, userInfo().shell)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #7388352b768cee2b Environment-variable access.
repo/packages/desktop/src/main/shell-env.ts:21
    return resolveUserShell(process.env.SHELL, undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48bde6965f37c38f Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:87
    XDG_STATE_HOME: process.env.XDG_STATE_HOME ?? userDataPath,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0c6d351c261a855a Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:94
    const items = (process.env[key] ?? "")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #37c21d6665943b59 Environment-variable access.
repo/packages/desktop/src/main/sidecar.ts:104
    process.env[key] = items.join(",")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs test-only #ec0a5aa0e5b2d42b Filesystem access.
repo/packages/desktop/src/main/store-cleanup.test.ts:16
  await writeFile(join(root, name), value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d83cd6d623c1fa2 Filesystem access.
repo/packages/desktop/src/main/store-cleanup.ts:84
  const raw = await readFile(file, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #32e0abe32032e9ae Environment-variable access.
repo/packages/desktop/src/main/windows.ts:297
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ad61eb55fe4fc935 Environment-variable access.
repo/packages/desktop/src/main/windows.ts:455
  const devUrl = process.env.ELECTRON_RENDERER_URL

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #63a95fdcdb7e54ff Environment-variable access.
repo/packages/desktop/src/main/wsl/runtime.ts:389
  const root = process.env.SystemRoot ?? process.env.windir

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/session-ui

npm first-party
medium telemetry production #30d6d32d04741973 Telemetry/analytics SDK usage detected. Confirm user consent and that no PII is sent without a lawful basis.
repo/packages/session-ui/src/components/file.tsx:231
    if (bridge.track(event.buttons, hit.line)) return

A telemetry/analytics SDK is used; event data is sent to a third-party collector.

Fix: Ensure user consent and a lawful basis; strip PII from event payloads.

expand_more 1 low-confidence finding(s)
low env_fs production #8c2362771a8fa213 Filesystem access.
repo/packages/session-ui/src/components/file-media.tsx:104
    void input.readFile(input.path).then(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/cli

npm first-party
expand_more 8 low-confidence finding(s)
low env_fs production #32bc392300717927 Filesystem access.
repo/packages/cli/bin/lildax.cjs:4
const fs = require("fs")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5d4c5e8775a8ff2a Environment-variable access.
repo/packages/cli/bin/lildax.cjs:32
const envPath = process.env.OPENCODE_BIN_PATH

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #6cb9609f44db0be4 Filesystem access.
repo/packages/cli/bin/lildax.cjs:44
      return /(^|\s)avx2(\s|$)/i.test(fs.readFileSync("/proc/cpuinfo", "utf8"))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8bad64e471a6d512 Filesystem access.
repo/packages/cli/script/build.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3b86c8a84e45f730 Filesystem access.
repo/packages/cli/script/build.ts:5
import { rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #2e9aafe4d4cfb305 Environment-variable access.
repo/packages/cli/script/generate.ts:1
const modelsUrl = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3271ea31eba91fe9 Environment-variable access.
repo/packages/cli/script/generate.ts:3
export const modelsData = process.env.MODELS_DEV_API_JSON

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #54b1807730d2ffea Environment-variable access.
repo/packages/cli/script/generate.ts:4
  ? await Bun.file(process.env.MODELS_DEV_API_JSON).text()

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/enterprise

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #65085bd73b9d4bed Environment-variable access.
repo/packages/enterprise/vite.config.ts:7
  const target = process.env.OPENCODE_DEPLOYMENT_TARGET

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bf4f2157502b9677 Environment-variable access.
repo/packages/enterprise/vite.config.ts:26
      baseURL: process.env.OPENCODE_BASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/function

npm first-party
expand_more 1 low-confidence finding(s)
low egress production #01d40ee787ce1f2f Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/function/src/api.ts:271
    const JWKS = createRemoteJWKSet(new URL(JWKS_URL))

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/http-recorder

npm first-party
expand_more 4 low-confidence finding(s)
low env_fs production #25577d5eaecf01b6 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:16
    await writeFile(
      path.join(directory, "package.json"),
      JSON.stringify({ name: "http-recorder-consumer", private: true, type: "module" }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c5a357d89fb36a5f Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:20
    await writeFile(
      path.join(directory, "consumer.ts"),
      `import { HttpRecorder } from "@opencode-ai/http-recorder"
import { NodeSocket } from "@effect/platform-node"
import { Layer } from "effect"
import { HttpClient } from "effect/unstable/http"
import { Socket } from "effect/unstable/socket"

const options: HttpRecorder.RecorderOptions = { redact: { jsonFields: ["access_token"] } }
HttpRecorder.http("consumer", options) satisfies Layer.Layer<HttpClient.HttpClient>
HttpRecorder.socket("consumer/socket", options).pipe(
  Layer.provide(NodeSocket.layerWebSocket("wss://example.test")),
) satisfies Layer.Layer<Socket.Socket>
`,
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a60b8f6feff3aa5 Filesystem access.
repo/packages/http-recorder/script/verify-package.ts:35
    await writeFile(
      path.join(directory, "tsconfig.json"),
      JSON.stringify({
        compilerOptions: {
          target: "ES2022",
          module: "NodeNext",
          moduleResolution: "NodeNext",
          strict: true,
          noEmit: true,
          // Required by [email protected]: its schema.d.ts references an undeclared SchemaErrorTypeId.
          skipLibCheck: true,
          lib: ["ES2022", "DOM", "ESNext.Disposable"],
        },
        include: ["consumer.ts"],
      }),
    )

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #a4d6726493f42a4b Environment-variable access.
repo/packages/http-recorder/src/recorder.ts:7
  const value = process.env.CI

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/llm

npm first-party
expand_more 4 low-confidence finding(s)
low egress production #1bb811931fe74c15 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/recording-cost-report.ts:219
const models = (await (await fetch(MODELS_DEV_URL)).json()) as JsonRecord

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b2149a828138ec79 Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/llm/script/setup-recording-env.ts:44
      HttpClientRequest.get("https://api.anthropic.com/v1/models").pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #df4a9bb9d79d5dd5 Environment-variable access.
repo/packages/llm/script/setup-recording-env.ts:290
  if (process.env[name]) return "shell"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #502a1582042f0256 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/llm/src/protocols/shared.ts:321
  HttpClientRequest.post(input.url).pipe(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/protocol

npm first-party
expand_more 23 low-confidence finding(s)
low egress production #7d4bbc86dcfecb3d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/credential.ts:8
    HttpApiEndpoint.patch("credential.update", "/api/credential/:credentialID", {
      params: { credentialID: Credential.ID },
      query: LocationQuery,
      payload: Schema.Struct({ label: Schema.String }),
      success: HttpApiSchema.NoContent,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7f706d7128bb8049 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/integration.ts:41
    HttpApiEndpoint.post("integration.connect.key", "/api/integration/:integrationID/connect/key", {
      params: { integrationID: Integration.ID },
      query: LocationQuery,
      payload: Schema.Struct({
        key: Schema.String,
        label: Schema.optional(Schema.String),
      }),
      success: HttpApiSchema.NoContent,
      error: InvalidRequestError,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5be4f5c604306435 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/integration.ts:61
    HttpApiEndpoint.post("integration.connect.oauth", "/api/integration/:integrationID/connect/oauth", {
      params: { integrationID: Integration.ID },
      query: LocationQuery,
      payload: Schema.Struct({
        methodID: Integration.MethodID,
        inputs: Inputs,
        label: Schema.optional(Schema.String),
      }),
      success: Location.response(Integration.Attempt),
      error: InvalidRequestError,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3cc31e5fc41cf6a7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/integration.ts:97
    HttpApiEndpoint.post("integration.attempt.complete", "/api/integration/attempt/:attemptID/complete", {
      params: { attemptID: Integration.AttemptID },
      query: LocationQuery,
      payload: Schema.Struct({ code: Schema.optional(Schema.String) }),
      success: HttpApiSchema.NoContent,
      error: InvalidRequestError,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #af22b4b8f97aaadd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/permission.ts:63
      HttpApiEndpoint.post("session.permission.create", "/api/session/:sessionID/permission", {
        params: { sessionID: Session.ID },
        payload: Schema.Struct({
          id: Permission.ID.pipe(Schema.optional),
          action: Permission.Request.fields.action,
          resources: Permission.Request.fields.resources,
          save: Permission.Request.fields.save,
          metadata: Permission.Request.fields.metadata,
          source: Permission.Request.fields.source,
          agent: Agent.ID.pipe(Schema.optional),
        }),
        success: Schema.Struct({
          data: Schema.Struct({ id: Permission.ID, effect: Permission.Effect }),
        }),
        error: SessionNotFoundError,
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b3c97b1205eabf33 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/permission.ts:119
      HttpApiEndpoint.post("session.permission.reply", "/api/session/:sessionID/permission/:requestID/reply", {
        params: { sessionID: Session.ID, requestID: Permission.ID },
        payload: Schema.Struct({
          reply: Permission.Reply,
          message: Schema.String.pipe(Schema.optional),
        }),
        success: HttpApiSchema.NoContent,
        error: [SessionNotFoundError, PermissionNotFoundError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3f6a4e3db5af4364 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/project-copy.ts:25
    HttpApiEndpoint.post("projectCopy.create", root, {
      params: { projectID: Project.ID },
      query: LocationQuery,
      payload: CreatePayload,
      success: ProjectCopy.Copy,
      error: ProjectCopyError,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5f204981f9fca522 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/project-copy.ts:47
    HttpApiEndpoint.post("projectCopy.refresh", `${root}/refresh`, {
      params: { projectID: Project.ID },
      query: LocationQuery,
      success: HttpApiSchema.NoContent,
      error: ProjectCopyError,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #10c3e73ec0f73e7c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/pty.ts:37
    HttpApiEndpoint.post("pty.create", "/api/pty", {
      query: LocationQuery,
      payload: Pty.CreateInput,
      success: Location.response(Pty.Info),
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #52c52f9068cb9281 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/pty.ts:68
    HttpApiEndpoint.put("pty.update", "/api/pty/:ptyID", {
      params: { ptyID: Pty.ID },
      query: LocationQuery,
      payload: Pty.UpdateInput,
      success: Location.response(Pty.Info),
      error: PtyNotFoundError,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bfa60ce8a2aab8c4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/pty.ts:101
    HttpApiEndpoint.post("pty.connectToken", "/api/pty/:ptyID/connect-token", {
      params: { ptyID: Pty.ID },
      query: LocationQuery,
      success: Location.response(PtyTicket.ConnectToken),
      error: [ForbiddenError, PtyNotFoundError],
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bf73e011f0ccbb53 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/question.ts:52
      HttpApiEndpoint.post("session.question.reply", "/api/session/:sessionID/question/:requestID/reply", {
        params: { sessionID: Session.ID, requestID: Question.ID },
        payload: Question.Reply,
        success: HttpApiSchema.NoContent,
        error: [SessionNotFoundError, QuestionNotFoundError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d493ec080e74b8af Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/question.ts:68
      HttpApiEndpoint.post("session.question.reject", "/api/session/:sessionID/question/:requestID/reject", {
        params: { sessionID: Session.ID, requestID: Question.ID },
        success: HttpApiSchema.NoContent,
        error: [SessionNotFoundError, QuestionNotFoundError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0ed83afc89baf842 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:129
      HttpApiEndpoint.post("session.create", "/api/session", {
        payload: Schema.Struct({
          id: Session.ID.pipe(Schema.optional),
          agent: Agent.ID.pipe(Schema.optional),
          model: Model.Ref.pipe(Schema.optional),
          location: Location.Ref.pipe(Schema.optional),
        }),
        success: Schema.Struct({ data: Session.Info }),
      }).annotateMerge(

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #27d061a26ad66432 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:173
      HttpApiEndpoint.post("session.switchAgent", "/api/session/:sessionID/agent", {
        params: { sessionID: Session.ID },
        payload: Schema.Struct({ agent: Agent.ID }),
        success: HttpApiSchema.NoContent,
        error: SessionNotFoundError,
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9a39691c00d24c95 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:189
      HttpApiEndpoint.post("session.switchModel", "/api/session/:sessionID/model", {
        params: { sessionID: Session.ID },
        payload: Schema.Struct({ model: Model.Ref }),
        success: HttpApiSchema.NoContent,
        error: SessionNotFoundError,
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9fcf882c097bce1e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:205
      HttpApiEndpoint.post("session.prompt", "/api/session/:sessionID/prompt", {
        params: { sessionID: Session.ID },
        payload: Schema.Struct({
          id: SessionMessage.ID.pipe(Schema.optional),
          prompt: PromptInput.Prompt,
          delivery: SessionInput.Delivery.pipe(Schema.optional),
          resume: Schema.Boolean.pipe(Schema.optional),
        }),
        success: Schema.Struct({ data: SessionInput.Admitted }),
        error: [ConflictError, SessionNotFoundError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b79d844252024776 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:226
      HttpApiEndpoint.post("session.compact", "/api/session/:sessionID/compact", {
        params: { sessionID: Session.ID },
        success: HttpApiSchema.NoContent,
        error: [SessionNotFoundError, ServiceUnavailableError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4a2f648a44a38c12 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:241
      HttpApiEndpoint.post("session.wait", "/api/session/:sessionID/wait", {
        params: { sessionID: Session.ID },
        success: HttpApiSchema.NoContent,
        error: [SessionNotFoundError, ServiceUnavailableError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dc6d0269372a36bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:256
      HttpApiEndpoint.post("session.revert.stage", "/api/session/:sessionID/revert/stage", {
        params: { sessionID: Session.ID },
        payload: Schema.Struct({ messageID: SessionMessage.ID, files: Schema.Boolean.pipe(Schema.optional) }),
        success: Schema.Struct({ data: Revert.State }),
        error: [MessageNotFoundError, SessionNotFoundError, UnknownError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #db136cfe062dde81 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:272
      HttpApiEndpoint.post("session.revert.clear", "/api/session/:sessionID/revert/clear", {
        params: { sessionID: Session.ID },
        success: HttpApiSchema.NoContent,
        error: [SessionNotFoundError, UnknownError],
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7b826e347d4a7fc5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:281
      HttpApiEndpoint.post("session.revert.commit", "/api/session/:sessionID/revert/commit", {
        params: { sessionID: Session.ID },
        success: HttpApiSchema.NoContent,
        error: SessionNotFoundError,
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #945d0284f17c075e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/protocol/src/groups/session.ts:345
      HttpApiEndpoint.post("session.interrupt", "/api/session/:sessionID/interrupt", {
        params: { sessionID: Session.ID },
        success: HttpApiSchema.NoContent,
        error: SessionNotFoundError,
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/script

npm first-party
expand_more 5 low-confidence finding(s)
low env_fs production #25c7047e674caae4 Environment-variable access.
repo/packages/script/src/index.ts:21
  OPENCODE_CHANNEL: process.env["OPENCODE_CHANNEL"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #1d5ceffc3a64d750 Environment-variable access.
repo/packages/script/src/index.ts:22
  OPENCODE_BUMP: process.env["OPENCODE_BUMP"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #98b90cc2a9ef488c Environment-variable access.
repo/packages/script/src/index.ts:23
  OPENCODE_VERSION: process.env["OPENCODE_VERSION"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f4071cfbb01c6d86 Environment-variable access.
repo/packages/script/src/index.ts:24
  OPENCODE_RELEASE: process.env["OPENCODE_RELEASE"],

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #edafe53c810799ca Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/script/src/index.ts:37
  const version = await fetch("https://registry.npmjs.org/opencode-ai/latest")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/sdk/js

npm first-party
expand_more 126 low-confidence finding(s)
low egress production #aeccec5f2f34f81b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:282
    return (options?.client ?? this._client).post<PtyCreateResponses, PtyCreateErrors, ThrowOnError>({
      url: "/pty",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5f9e0ab3e606095e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:316
    return (options.client ?? this._client).put<PtyUpdateResponses, PtyUpdateErrors, ThrowOnError>({
      url: "/pty/{id}",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8fef094539edabe0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:352
    return (options?.client ?? this._client).patch<ConfigUpdateResponses, ConfigUpdateErrors, ThrowOnError>({
      url: "/config",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9d9801214eefaba0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:400
    return (options?.client ?? this._client).post<InstanceDisposeResponses, unknown, ThrowOnError>({
      url: "/instance/dispose",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #71f253ea7e583b24 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:446
    return (options?.client ?? this._client).post<SessionCreateResponses, SessionCreateErrors, ThrowOnError>({
      url: "/session",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dddf2ac38cba078f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:490
    return (options.client ?? this._client).patch<SessionUpdateResponses, SessionUpdateErrors, ThrowOnError>({
      url: "/session/{id}",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f72b5b218ab75e3a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:524
    return (options.client ?? this._client).post<SessionInitResponses, SessionInitErrors, ThrowOnError>({
      url: "/session/{id}/init",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #83aa460522047a01 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:538
    return (options.client ?? this._client).post<SessionForkResponses, unknown, ThrowOnError>({
      url: "/session/{id}/fork",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0b20024db8f3c809 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:552
    return (options.client ?? this._client).post<SessionAbortResponses, SessionAbortErrors, ThrowOnError>({
      url: "/session/{id}/abort",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #b42fdca8b77b12b5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:572
    return (options.client ?? this._client).post<SessionShareResponses, SessionShareErrors, ThrowOnError>({
      url: "/session/{id}/share",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0fa7bbda59d30d07 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:592
    return (options.client ?? this._client).post<SessionSummarizeResponses, SessionSummarizeErrors, ThrowOnError>({
      url: "/session/{id}/summarize",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c17e31e7e966dbb4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:616
    return (options.client ?? this._client).post<SessionPromptResponses, SessionPromptErrors, ThrowOnError>({
      url: "/session/{id}/message",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ba0560e8131f3bde Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:640
    return (options.client ?? this._client).post<SessionPromptAsyncResponses, SessionPromptAsyncErrors, ThrowOnError>({
      url: "/session/{id}/prompt_async",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3e77a798c019b265 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:654
    return (options.client ?? this._client).post<SessionCommandResponses, SessionCommandErrors, ThrowOnError>({
      url: "/session/{id}/command",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #981d1809279370c7 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:668
    return (options.client ?? this._client).post<SessionShellResponses, SessionShellErrors, ThrowOnError>({
      url: "/session/{id}/shell",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3ac082cadaddd5b1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:682
    return (options.client ?? this._client).post<SessionRevertResponses, SessionRevertErrors, ThrowOnError>({
      url: "/session/{id}/revert",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #73b81d9cd69ccf25 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:696
    return (options.client ?? this._client).post<SessionUnrevertResponses, SessionUnrevertErrors, ThrowOnError>({
      url: "/session/{id}/unrevert",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #484e858b23c89e13 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:720
    return (options.client ?? this._client).post<
      ProviderOauthAuthorizeResponses,
      ProviderOauthAuthorizeErrors,
      ThrowOnError
    >({
      url: "/provider/{id}/oauth/authorize",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c738b086fb1fd702 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:738
    return (options.client ?? this._client).post<
      ProviderOauthCallbackResponses,
      ProviderOauthCallbackErrors,
      ThrowOnError
    >({
      url: "/provider/{id}/oauth/callback",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #deeaa76a9d8d42fa Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:845
    return (options?.client ?? this._client).post<AppLogResponses, AppLogErrors, ThrowOnError>({
      url: "/log",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1ed0e21375e86132 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:881
    return (options.client ?? this._client).post<McpAuthStartResponses, McpAuthStartErrors, ThrowOnError>({
      url: "/mcp/{name}/auth",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #536bb8752f04b636 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:891
    return (options.client ?? this._client).post<McpAuthCallbackResponses, McpAuthCallbackErrors, ThrowOnError>({
      url: "/mcp/{name}/auth/callback",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #add4f6187827d2ba Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:905
    return (options.client ?? this._client).post<McpAuthAuthenticateResponses, McpAuthAuthenticateErrors, ThrowOnError>(
      {
        url: "/mcp/{name}/auth/authenticate",
        ...options,
      },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ce7d23f8457d0dd2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:917
    return (options.client ?? this._client).put<AuthSetResponses, AuthSetErrors, ThrowOnError>({
      url: "/auth/{id}",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c3b840ee2658bb93 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:943
    return (options?.client ?? this._client).post<McpAddResponses, McpAddErrors, ThrowOnError>({
      url: "/mcp",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9168bf57380df2d4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:957
    return (options.client ?? this._client).post<McpConnectResponses, unknown, ThrowOnError>({
      url: "/mcp/{name}/connect",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0cc71f84cbf10619 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:967
    return (options.client ?? this._client).post<McpDisconnectResponses, unknown, ThrowOnError>({
      url: "/mcp/{name}/disconnect",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #af3a7598711e3615 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1015
    return (options?.client ?? this._client).post<TuiControlResponseResponses, unknown, ThrowOnError>({
      url: "/tui/control/response",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #96e2f9b86bd535a1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1031
    return (options?.client ?? this._client).post<TuiAppendPromptResponses, TuiAppendPromptErrors, ThrowOnError>({
      url: "/tui/append-prompt",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2cbf7e9d8636e8fd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1045
    return (options?.client ?? this._client).post<TuiOpenHelpResponses, unknown, ThrowOnError>({
      url: "/tui/open-help",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #395e6ca19814538f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1055
    return (options?.client ?? this._client).post<TuiOpenSessionsResponses, unknown, ThrowOnError>({
      url: "/tui/open-sessions",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8908e4efa5ea7ff9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1065
    return (options?.client ?? this._client).post<TuiOpenThemesResponses, unknown, ThrowOnError>({
      url: "/tui/open-themes",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #03ebc7c992042647 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1075
    return (options?.client ?? this._client).post<TuiOpenModelsResponses, unknown, ThrowOnError>({
      url: "/tui/open-models",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #73f173b8be0c8584 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1085
    return (options?.client ?? this._client).post<TuiSubmitPromptResponses, unknown, ThrowOnError>({
      url: "/tui/submit-prompt",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #710a6fab09683d93 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1095
    return (options?.client ?? this._client).post<TuiClearPromptResponses, unknown, ThrowOnError>({
      url: "/tui/clear-prompt",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #74f36f5a93c10e2e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1105
    return (options?.client ?? this._client).post<TuiExecuteCommandResponses, TuiExecuteCommandErrors, ThrowOnError>({
      url: "/tui/execute-command",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f6f91c0f30188496 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1119
    return (options?.client ?? this._client).post<TuiShowToastResponses, unknown, ThrowOnError>({
      url: "/tui/show-toast",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #04e499483a99b430 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1133
    return (options?.client ?? this._client).post<TuiPublishResponses, TuiPublishErrors, ThrowOnError>({
      url: "/tui/publish",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #44378f03d0e21da4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/gen/sdk.gen.ts:1164
    return (options.client ?? this._client).post<
      PostSessionIdPermissionsPermissionIdResponses,
      PostSessionIdPermissionsPermissionIdErrors,
      ThrowOnError
    >({
      url: "/session/{id}/permissions/{permissionID}",
      ...options,
      headers: {
        "Content-Type": "application/json",
        ...options.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9b6e1bb8106b7b77 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:497
    return (options?.client ?? this.client).put<AuthSetResponses, AuthSetErrors, ThrowOnError>({
      url: "/auth/{providerID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #671e91b1e20ef3e4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:544
    return (options?.client ?? this.client).post<AppLogResponses, AppLogErrors, ThrowOnError>({
      url: "/log",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0daabf28d02552b0 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:643
    return (options?.client ?? this.client).post<
      ExperimentalControlPlaneMoveSessionResponses,
      ExperimentalControlPlaneMoveSessionErrors,
      ThrowOnError
    >({
      url: "/experimental/control-plane/move-session",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1d522784d7ed349c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:792
    return (options?.client ?? this.client).post<ExperimentalConsoleSwitchOrgResponses, unknown, ThrowOnError>({
      url: "/experimental/console/switch",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bc95c667ec31867c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:877
    return (options?.client ?? this.client).post<
      ExperimentalSessionBackgroundResponses,
      ExperimentalSessionBackgroundErrors,
      ThrowOnError
    >({
      url: "/experimental/session/{sessionID}/background",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #739d5a507cd4f3b9 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:953
    return (options?.client ?? this.client).post<
      ExperimentalProjectCopyGenerateNameResponses,
      ExperimentalProjectCopyGenerateNameErrors,
      ThrowOnError
    >({
      url: "/experimental/project/{projectID}/copy/generate-name",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #98dbd43d5e32b5ba Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1072
    return (options?.client ?? this.client).post<
      ExperimentalWorkspaceCreateResponses,
      ExperimentalWorkspaceCreateErrors,
      ThrowOnError
    >({
      url: "/experimental/workspace",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a60c9456208c039a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1111
    return (options?.client ?? this.client).post<
      ExperimentalWorkspaceSyncListResponses,
      ExperimentalWorkspaceSyncListErrors,
      ThrowOnError
    >({
      url: "/experimental/workspace/sync-list",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e0fa526545356b25 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1221
    return (options?.client ?? this.client).post<
      ExperimentalWorkspaceWarpResponses,
      ExperimentalWorkspaceWarpErrors,
      ThrowOnError
    >({
      url: "/experimental/workspace/warp",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #038a81972e3acb76 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1305
    return (options?.client ?? this.client).patch<GlobalConfigUpdateResponses, GlobalConfigUpdateErrors, ThrowOnError>({
      url: "/global/config",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e4246757736bad1d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1349
    return (options?.client ?? this.client).post<GlobalDisposeResponses, GlobalDisposeErrors, ThrowOnError>({
      url: "/global/dispose",
      ...options,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #456c010127296323 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1367
    return (options?.client ?? this.client).post<GlobalUpgradeResponses, GlobalUpgradeErrors, ThrowOnError>({
      url: "/global/upgrade",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e7d0ebf4de2f31ef Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1473
    return (options?.client ?? this.client).patch<ConfigUpdateResponses, ConfigUpdateErrors, ThrowOnError>({
      url: "/config",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #81e66cf6464178bf Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1675
    return (options?.client ?? this.client).post<WorktreeCreateResponses, WorktreeCreateErrors, ThrowOnError>({
      url: "/experimental/worktree",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #55f79f575b77cd61 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1712
    return (options?.client ?? this.client).post<WorktreeResetResponses, WorktreeResetErrors, ThrowOnError>({
      url: "/experimental/worktree/reset",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #00b99105c127c036 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:1949
    return (options?.client ?? this.client).post<InstanceDisposeResponses, InstanceDisposeErrors, ThrowOnError>({
      url: "/instance/dispose",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c05e9cee60911161 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2141
    return (options?.client ?? this.client).post<VcsApplyResponses, VcsApplyErrors, ThrowOnError>({
      url: "/vcs/apply",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4a89e18445ae6117 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2313
    return (options?.client ?? this.client).post<McpAuthStartResponses, McpAuthStartErrors, ThrowOnError>({
      url: "/mcp/{name}/auth",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dbbe4aa6814ed524 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2347
    return (options?.client ?? this.client).post<McpAuthCallbackResponses, McpAuthCallbackErrors, ThrowOnError>({
      url: "/mcp/{name}/auth/callback",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #d7783eb45085899d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2384
    return (options?.client ?? this.client).post<McpAuthAuthenticateResponses, McpAuthAuthenticateErrors, ThrowOnError>(
      {
        url: "/mcp/{name}/auth/authenticate",
        ...options,
        ...params,
      },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #5a998cc08aeeaa00 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2452
    return (options?.client ?? this.client).post<McpAddResponses, McpAddErrors, ThrowOnError>({
      url: "/mcp",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #80a70b04b57ef593 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2487
    return (options?.client ?? this.client).post<McpConnectResponses, McpConnectErrors, ThrowOnError>({
      url: "/mcp/{name}/connect",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6036a27a59cce772 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2517
    return (options?.client ?? this.client).post<McpDisconnectResponses, McpDisconnectErrors, ThrowOnError>({
      url: "/mcp/{name}/disconnect",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7d186a4da7c449ab Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2614
    return (options?.client ?? this.client).post<ProjectInitGitResponses, ProjectInitGitErrors, ThrowOnError>({
      url: "/project/git/init",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2ee7a22288018b0b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2652
    return (options?.client ?? this.client).patch<ProjectUpdateResponses, ProjectUpdateErrors, ThrowOnError>({
      url: "/project/{projectID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #91c866a6dcb36bcd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2793
    return (options?.client ?? this.client).post<PtyCreateResponses, PtyCreateErrors, ThrowOnError>({
      url: "/pty",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c906e71e516b2b90 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2901
    return (options?.client ?? this.client).put<PtyUpdateResponses, PtyUpdateErrors, ThrowOnError>({
      url: "/pty/{ptyID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #36fa8b43e3037b47 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:2938
    return (options?.client ?? this.client).post<PtyConnectTokenResponses, PtyConnectTokenErrors, ThrowOnError>({
      url: "/pty/{ptyID}/connect-token",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f0b55e7c678711fb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3040
    return (options?.client ?? this.client).post<QuestionReplyResponses, QuestionReplyErrors, ThrowOnError>({
      url: "/question/{requestID}/reply",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #40c645b88bfe7e4b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3077
    return (options?.client ?? this.client).post<QuestionRejectResponses, QuestionRejectErrors, ThrowOnError>({
      url: "/question/{requestID}/reject",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2734cd14713cd8ee Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3145
    return (options?.client ?? this.client).post<PermissionReplyResponses, PermissionReplyErrors, ThrowOnError>({
      url: "/permission/{requestID}/reply",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #9c06533e915dc3c1 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3188
    return (options?.client ?? this.client).post<PermissionRespondResponses, PermissionRespondErrors, ThrowOnError>({
      url: "/session/{sessionID}/permissions/{permissionID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c9850faa1e122f64 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3233
    return (options?.client ?? this.client).post<
      ProviderOauthAuthorizeResponses,
      ProviderOauthAuthorizeErrors,
      ThrowOnError
    >({
      url: "/provider/{providerID}/oauth/authorize",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f81b49d682405362 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3278
    return (options?.client ?? this.client).post<
      ProviderOauthCallbackResponses,
      ProviderOauthCallbackErrors,
      ThrowOnError
    >({
      url: "/provider/{providerID}/oauth/callback",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1a2a368fc60ea495 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3448
    return (options?.client ?? this.client).post<SessionCreateResponses, SessionCreateErrors, ThrowOnError>({
      url: "/session",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c84b600f16d27e49 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3591
    return (options?.client ?? this.client).patch<SessionUpdateResponses, SessionUpdateErrors, ThrowOnError>({
      url: "/session/{sessionID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dc34643f09e9a878 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3785
    return (options?.client ?? this.client).post<SessionPromptResponses, SessionPromptErrors, ThrowOnError>({
      url: "/session/{sessionID}/message",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e592a8955f0f0b2c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3896
    return (options?.client ?? this.client).post<SessionForkResponses, SessionForkErrors, ThrowOnError>({
      url: "/session/{sessionID}/fork",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #16132580f0b3967c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3933
    return (options?.client ?? this.client).post<SessionAbortResponses, SessionAbortErrors, ThrowOnError>({
      url: "/session/{sessionID}/abort",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8f95d667a7bdbf7a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:3971
    return (options?.client ?? this.client).post<SessionInitResponses, SessionInitErrors, ThrowOnError>({
      url: "/session/{sessionID}/init",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bdba1e476cadbc89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4040
    return (options?.client ?? this.client).post<SessionShareResponses, SessionShareErrors, ThrowOnError>({
      url: "/session/{sessionID}/share",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #89569365bf16df7c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4078
    return (options?.client ?? this.client).post<SessionSummarizeResponses, SessionSummarizeErrors, ThrowOnError>({
      url: "/session/{sessionID}/summarize",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #979404bed3b60e21 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4138
    return (options?.client ?? this.client).post<SessionPromptAsyncResponses, SessionPromptAsyncErrors, ThrowOnError>({
      url: "/session/{sessionID}/prompt_async",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3d6c6d949da0992b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4196
    return (options?.client ?? this.client).post<SessionCommandResponses, SessionCommandErrors, ThrowOnError>({
      url: "/session/{sessionID}/command",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #05a442d13fea9494 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4244
    return (options?.client ?? this.client).post<SessionShellResponses, SessionShellErrors, ThrowOnError>({
      url: "/session/{sessionID}/shell",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #08c269aa6e0fe4c4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4285
    return (options?.client ?? this.client).post<SessionRevertResponses, SessionRevertErrors, ThrowOnError>({
      url: "/session/{sessionID}/revert",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #129672bc88d1f413 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4322
    return (options?.client ?? this.client).post<SessionUnrevertResponses, SessionUnrevertErrors, ThrowOnError>({
      url: "/session/{sessionID}/unrevert",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6118b33cbcfa6578 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4394
    return (options?.client ?? this.client).patch<PartUpdateResponses, PartUpdateErrors, ThrowOnError>({
      url: "/session/{sessionID}/message/{messageID}/part/{partID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #63d6508a13c8b0f4 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4435
    return (options?.client ?? this.client).post<SyncHistoryListResponses, SyncHistoryListErrors, ThrowOnError>({
      url: "/sync/history",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #27ad92973a38ca88 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4472
    return (options?.client ?? this.client).post<SyncStartResponses, SyncStartErrors, ThrowOnError>({
      url: "/sync/start",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #08495b280ceddd36 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4522
    return (options?.client ?? this.client).post<SyncReplayResponses, SyncReplayErrors, ThrowOnError>({
      url: "/sync/replay",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #6f80cbd1e3d44e66 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4559
    return (options?.client ?? this.client).post<SyncStealResponses, SyncStealErrors, ThrowOnError>({
      url: "/sync/steal",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4200cbc06cd22d0c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4633
    return (options?.client ?? this.client).post<TuiControlResponseResponses, TuiControlResponseErrors, ThrowOnError>({
      url: "/tui/control/response",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ba48e6ea3b4bfc75 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4672
    return (options?.client ?? this.client).post<TuiAppendPromptResponses, TuiAppendPromptErrors, ThrowOnError>({
      url: "/tui/append-prompt",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #43cf995dda2f17dc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4707
    return (options?.client ?? this.client).post<TuiOpenHelpResponses, TuiOpenHelpErrors, ThrowOnError>({
      url: "/tui/open-help",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #ea15db6b023f4d01 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4737
    return (options?.client ?? this.client).post<TuiOpenSessionsResponses, TuiOpenSessionsErrors, ThrowOnError>({
      url: "/tui/open-sessions",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #466053f4901853b2 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4767
    return (options?.client ?? this.client).post<TuiOpenThemesResponses, TuiOpenThemesErrors, ThrowOnError>({
      url: "/tui/open-themes",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #808f92294a51f447 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4797
    return (options?.client ?? this.client).post<TuiOpenModelsResponses, TuiOpenModelsErrors, ThrowOnError>({
      url: "/tui/open-models",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0e6b78463ce3c893 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4827
    return (options?.client ?? this.client).post<TuiSubmitPromptResponses, TuiSubmitPromptErrors, ThrowOnError>({
      url: "/tui/submit-prompt",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #76878d1563d546eb Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4857
    return (options?.client ?? this.client).post<TuiClearPromptResponses, TuiClearPromptErrors, ThrowOnError>({
      url: "/tui/clear-prompt",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #483b0fb2fb5cc386 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4889
    return (options?.client ?? this.client).post<TuiExecuteCommandResponses, TuiExecuteCommandErrors, ThrowOnError>({
      url: "/tui/execute-command",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3143ea398bd532cd Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4932
    return (options?.client ?? this.client).post<TuiShowToastResponses, TuiShowToastErrors, ThrowOnError>({
      url: "/tui/show-toast",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #021bc48d1addc59b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:4969
    return (options?.client ?? this.client).post<TuiPublishResponses, TuiPublishErrors, ThrowOnError>({
      url: "/tui/publish",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #dfe0a7159dd27377 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5006
    return (options?.client ?? this.client).post<TuiSelectSessionResponses, TuiSelectSessionErrors, ThrowOnError>({
      url: "/tui/select-session",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #84230fa90266bd04 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5112
    return (options?.client ?? this.client).post<
      V2SessionRevertStageResponses,
      V2SessionRevertStageErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/revert/stage",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1f0bf1d0845b193a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5138
    return (options?.client ?? this.client).post<
      V2SessionRevertClearResponses,
      V2SessionRevertClearErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/revert/clear",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8422ed1ae822514d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5159
    return (options?.client ?? this.client).post<
      V2SessionRevertCommitResponses,
      V2SessionRevertCommitErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/revert/commit",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #2377269382f75f7b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5232
    return (options?.client ?? this.client).post<
      V2SessionPermissionCreateResponses,
      V2SessionPermissionCreateErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/permission",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #83788f70f8d97c27 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5309
    return (options?.client ?? this.client).post<
      V2SessionPermissionReplyResponses,
      V2SessionPermissionReplyErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/permission/{requestID}/reply",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #76fb2f364df098f6 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5375
    return (options?.client ?? this.client).post<
      V2SessionQuestionReplyResponses,
      V2SessionQuestionReplyErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/question/{requestID}/reply",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f83dad011277363e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5414
    return (options?.client ?? this.client).post<
      V2SessionQuestionRejectResponses,
      V2SessionQuestionRejectErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/question/{requestID}/reject",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #e7b0961e390223f5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5496
    return (options?.client ?? this.client).post<V2SessionCreateResponses, V2SessionCreateErrors, ThrowOnError>({
      url: "/api/session",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #f147f95f8cfd9cea Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5562
    return (options?.client ?? this.client).post<
      V2SessionSwitchAgentResponses,
      V2SessionSwitchAgentErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/agent",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #bf38fea38803d7ec Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5601
    return (options?.client ?? this.client).post<
      V2SessionSwitchModelResponses,
      V2SessionSwitchModelErrors,
      ThrowOnError
    >({
      url: "/api/session/{sessionID}/model",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1ded58f1752b7082 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5646
    return (options?.client ?? this.client).post<V2SessionPromptResponses, V2SessionPromptErrors, ThrowOnError>({
      url: "/api/session/{sessionID}/prompt",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #fc2718fd18b9a602 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5670
    return (options?.client ?? this.client).post<V2SessionCompactResponses, V2SessionCompactErrors, ThrowOnError>({
      url: "/api/session/{sessionID}/compact",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #c32399ce84fe64a5 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5689
    return (options?.client ?? this.client).post<V2SessionWaitResponses, V2SessionWaitErrors, ThrowOnError>({
      url: "/api/session/{sessionID}/wait",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #0e208ca115c8de83 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5789
    return (options?.client ?? this.client).post<V2SessionInterruptResponses, V2SessionInterruptErrors, ThrowOnError>({
      url: "/api/session/{sessionID}/interrupt",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #1275a162fb164a89 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:5988
    return (options?.client ?? this.client).post<
      V2IntegrationConnectKeyResponses,
      V2IntegrationConnectKeyErrors,
      ThrowOnError
    >({
      url: "/api/integration/{integrationID}/connect/key",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #8da8147903366479 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6038
    return (options?.client ?? this.client).post<
      V2IntegrationConnectOauthResponses,
      V2IntegrationConnectOauthErrors,
      ThrowOnError
    >({
      url: "/api/integration/{integrationID}/connect/oauth",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #3c34dc23b719d56c Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6158
    return (options?.client ?? this.client).post<
      V2IntegrationAttemptCompleteResponses,
      V2IntegrationAttemptCompleteErrors,
      ThrowOnError
    >({
      url: "/api/integration/attempt/{attemptID}/complete",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #a8dccdc181108fde Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6306
    return (options?.client ?? this.client).patch<V2CredentialUpdateResponses, V2CredentialUpdateErrors, ThrowOnError>({
      url: "/api/credential/{credentialID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #7f190b2e22209b8b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6622
    return (options?.client ?? this.client).post<V2PtyCreateResponses, V2PtyCreateErrors, ThrowOnError>({
      url: "/api/pty",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #689bfaf8a70e0e9a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6733
    return (options?.client ?? this.client).put<V2PtyUpdateResponses, V2PtyUpdateErrors, ThrowOnError>({
      url: "/api/pty/{ptyID}",
      ...options,
      ...params,
      headers: {
        "Content-Type": "application/json",
        ...options?.headers,
        ...params.headers,
      },
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4b12afaba4249203 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6771
    return (options?.client ?? this.client).post<V2PtyConnectTokenResponses, V2PtyConnectTokenErrors, ThrowOnError>({
      url: "/api/pty/{ptyID}/connect-token",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #4ca515d6fcba5a0b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6943
    return (options?.client ?? this.client).post<V2ProjectCopyCreateResponses, V2ProjectCopyCreateErrors, ThrowOnError>(
      {
        url: "/experimental/project/{projectID}/copy",
        ...options,
        ...params,
        headers: {
          "Content-Type": "application/json",
          ...options?.headers,
          ...params.headers,
        },
      },
    )

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress production #16f28395a80bb824 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
repo/packages/sdk/js/src/v2/gen/sdk.gen.ts:6978
    return (options?.client ?? this.client).post<
      V2ProjectCopyRefreshResponses,
      V2ProjectCopyRefreshErrors,
      ThrowOnError
    >({
      url: "/experimental/project/{projectID}/copy/refresh",
      ...options,
      ...params,
    })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

first-party (npm): packages/server

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #01f533be76c37614 Environment-variable access.
repo/packages/server/src/auth.ts:53
  const password = credentials?.password ?? process.env.OPENCODE_SERVER_PASSWORD

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #56d30b079e6767dd Environment-variable access.
repo/packages/server/src/auth.ts:56
  return `Basic ${Buffer.from(`${credentials?.username ?? process.env.OPENCODE_SERVER_USERNAME ?? "opencode"}:${password}`).toString("base64")}`

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/stats/core

npm first-party
expand_more 10 low-confidence finding(s)
low env_fs production #628477d15acf22f3 Environment-variable access.
repo/packages/stats/core/src/domain/home.ts:282
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #360555d0c1051b9c Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:32
    process.env.PLANETSCALE_HOST &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #229674fc53100ca6 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:33
    process.env.PLANETSCALE_USERNAME &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #596822a372ddcd7a Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:34
    process.env.PLANETSCALE_PASSWORD &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #e3a442f4769d0485 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:35
    process.env.PLANETSCALE_DATABASE

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #9b4b81f33d310e45 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:37
    return `mysql://${encodeURIComponent(process.env.PLANETSCALE_USERNAME)}:${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #678d3e3051e684b4 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:38
      process.env.PLANETSCALE_PASSWORD,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #99a22d777247123d Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:39
    )}@${process.env.PLANETSCALE_HOST}/${process.env.PLANETSCALE_DATABASE}?ssl=${encodeURIComponent(

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c14877235774bb98 Environment-variable access.
repo/packages/stats/core/src/ensure-unique-users.ts:43
  return process.env.DATABASE_URL ?? Resource.StatsDatabase.url

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9542bcc3c9e4311 Environment-variable access.
repo/packages/stats/core/src/honeycomb-backfill.ts:944
    databaseUrl: flags.get("database-url")?.[0] ?? process.env.DATABASE_URL,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/storybook

npm first-party
expand_more 2 low-confidence finding(s)
low env_fs production #2e9d56438c2b2915 Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:117
              const content = fs.readFileSync(abs, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #c9bd5393174cb6ae Filesystem access.
repo/packages/storybook/.storybook/playground-css-plugin.ts:122
                fs.writeFileSync(abs, applied.content, "utf-8")

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/tui

npm first-party
expand_more 27 low-confidence finding(s)
low env_fs production #cfe6ee1cf6b584bd Environment-variable access.
repo/packages/tui/src/app.tsx:267
                        multiplexer: process.env.TMUX ? "tmux" : process.env.STY ? "screen" : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f98e42a4f3206bc8 Environment-variable access.
repo/packages/tui/src/app.tsx:268
                        displayServer: process.env.WAYLAND_DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cda8a2856b504c7f Environment-variable access.
repo/packages/tui/src/app.tsx:270
                          : process.env.DISPLAY

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ac6a1d97a4ba12c9 Environment-variable access.
repo/packages/tui/src/app.tsx:277
                          initialRoute: process.env.OPENCODE_ROUTE ? JSON.parse(process.env.OPENCODE_ROUTE) : undefined,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #920a6db3c7c67881 Environment-variable access.
repo/packages/tui/src/app.tsx:278
                          skipInitialLoading: Boolean(process.env.OPENCODE_FAST_BOOT),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #03f8b3846b4ab0c6 Filesystem access.
repo/packages/tui/src/audio.ts:28
  const task = readFile(file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5c0e8c1daac6dc18 Environment-variable access.
repo/packages/tui/src/clipboard.ts:26
  process.stdout.write(process.env.TMUX || process.env.STY ? `\x1bPtmux;\x1b${sequence}\x1b\\` : sequence)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #8d6c6fad3107c37d Filesystem access.
repo/packages/tui/src/clipboard.ts:45
      return { data: (await readFile(file)).toString("base64"), mime: "image/png" }

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #71053246dfabdf91 Environment-variable access.
repo/packages/tui/src/clipboard.ts:101
    const native = copyCommand(platform(), Boolean(process.env.WAYLAND_DISPLAY), (name) => Boolean(which(name)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress production #20fd600424c22abd Hardcoded external endpoint. Review what data is sent to this destination.
repo/packages/tui/src/component/error-component.tsx:207
  const url = new URL("https://github.com/anomalyco/opencode/issues/new?template=bug-report.yml")

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs production #a98bfe258c48a335 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:17
      readText: (value) => readFile(value, "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #0fe2e87ba30d1be6 Filesystem access.
repo/packages/tui/src/component/prompt/local-attachment.ts:18
      readBytes: (value) => readFile(value),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #31fae373ec27642e Environment-variable access.
repo/packages/tui/src/context/editor.ts:117
    const value = process.env.CLAUDE_CODE_SSE_PORT || process.env.OPENCODE_EDITOR_SSE_PORT

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #cdca19346de85317 Environment-variable access.
repo/packages/tui/src/context/editor.ts:121
    const zedTerminal = process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #bc61d0bbb6991f4c Filesystem access.
repo/packages/tui/src/context/theme.tsx:57
      result[path.basename(file, ".json")] = JSON.parse(await readFile(file, "utf8")) as unknown

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #30156b6ebfcb48e0 Filesystem access.
repo/packages/tui/src/editor-zed.ts:67
      : await readFileAsync(row.buffer_path, "utf8").catch(() => undefined)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3cf06b253db89482 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:189
    process.env.OPENCODE_ZED_DB,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #121a10319d4d5d38 Environment-variable access.
repo/packages/tui/src/editor-zed.ts:198
  return process.env.ZED_TERM === "true" || process.env.TERM_PROGRAM?.toLowerCase() === "zed"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #48e8fe01bf008ba3 Environment-variable access.
repo/packages/tui/src/editor.ts:27
  const editor = process.env.VISUAL || process.env.EDITOR

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #699f01e40cb94c6c Filesystem access.
repo/packages/tui/src/editor.ts:30
  await writeFile(file, input.value)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #5f61410a48b2c225 Filesystem access.
repo/packages/tui/src/editor.ts:47
    return (await readFile(file, "utf8")) || undefined

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #ba4cf92a78d90941 Filesystem access.
repo/packages/tui/src/editor.ts:71
          const value = JSON.parse(readFileSync(file, "utf8")) as Record<string, unknown>

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #533c3175aca2ecb0 Filesystem access.
repo/packages/tui/src/routes/session/index.tsx:183
    await writeFile(file, content)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #515e7ce36f21271f Filesystem access.
repo/packages/tui/src/util/persistence.ts:2
import { appendFile, mkdir, rename, rm } from "fs/promises"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #f70ffbccf31f6c94 Environment-variable access.
repo/packages/tui/src/util/system.ts:16
  const program = process.env.TERM_PROGRAM || process.env.TERM || "unknown"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #151e8ed3720edaa6 Environment-variable access.
repo/packages/tui/src/util/system.ts:17
  const version = process.env.TERM_PROGRAM_VERSION ? ` ${process.env.TERM_PROGRAM_VERSION}` : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #d1d31940fab038b8 Environment-variable access.
repo/packages/tui/src/util/system.ts:18
  const multiplexer = process.env.TMUX ? " in tmux" : process.env.STY ? " in screen" : ""

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/ui

npm first-party
expand_more 3 low-confidence finding(s)
low env_fs production #02b1f08105c871d2 Filesystem access.
repo/packages/ui/vite.config.ts:4
import fs from "fs"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #3a47bd21fdf40b04 Environment-variable access.
repo/packages/ui/vite.config.ts:48
  const url = process.env.OPENCODE_MODELS_URL || "https://models.dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs production #26433ac6a3becd7f Filesystem access.
repo/packages/ui/vite.config.ts:56
        .then((svg) => fs.writeFileSync(`./src/assets/icons/provider/${provider}.svg`, svg)),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

first-party (npm): packages/web

npm first-party
expand_more 1 low-confidence finding(s)
low env_fs production #c6c6ee20e52428d8 Environment-variable access.
repo/packages/web/config.mjs:1
const stage = process.env.SST_STAGE || "dev"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

</> Dependencies

ai-gateway-provider

npm dependency
high pii_flow tooling Excluded from app score unknown #8a1dd0909f06d942 A credential read from the environment/filesystem flows to an external network call in a non-auth-header position (request body). Review what is sent.
pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:151 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:145 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/mcp-stytch-b2b-okr-manager/update-policy.js:151
		const response = await fetch(rbac_url, {
			body: JSON.stringify(body),
			headers,
			method: "PUT",
		});

User/PII-bearing data flows to an external sink — the classic data-exfiltration shape.

Fix: Confirm no user identifiers reach this sink; redact/hash before sending, or remove the flow.

medium pii_flow tooling Excluded from app score unknown #1f7944cd1ea2dee6 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:23 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:26 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:23
				const response = await fetch(`${this.env.API_BASE_URL}/api/todos`, {
					headers: {
						// The Auth0 Access Token is available in props.tokenSet and can be used to call the Upstream API (Todos API).
						Authorization: `Bearer ${this.props!.tokenSet.accessToken}`,
					},
				});

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow tooling Excluded from app score unknown #fb5871f9dc42abe4 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:54 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:56 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/remote-mcp-auth0/mcp-auth0-oidc/src/index.ts:54
				const response = await fetch(`${this.env.API_BASE_URL}/api/billing`, {
					headers: {
						Authorization: `Bearer ${this.props!.tokenSet.accessToken}`,
					},
				});

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow tooling Excluded from app score unknown #a40233396b7724a2 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:34 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:15 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:34
console.log(JSON.stringify(object, null, 2));

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow dependency Excluded from app score #9364501bf4b0bcd1 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:255 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:244 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/create-fetcher.ts:255
		return fetch(
			`https://gateway.ai.cloudflare.com/v1/${config.accountId}/${config.gatewayId}`,
			{
				...init,
				headers: {
					"Content-Type": "application/json",
					...headers,
					...cacheHeaders,
					...(config.cfApiKey
						? { "cf-aig-authorization": `Bearer ${config.cfApiKey}` }
						: {}),
				},
				body: JSON.stringify(request),
			},
		);

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #4893d07e032deed0 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:31 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:34 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:31
	const response = await fetch(`${WORKERS_AI_REST_BASE}/${config.accountId}/ai/run/${model}`, {
		method: "POST",
		headers: {
			Authorization: `Bearer ${config.apiKey}`,
			"Content-Type": "application/json",
		},
		body: JSON.stringify(body),
		signal: options?.signal,
	});

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #d771ee1b6b961edc A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:71 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:74 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/tanstack-ai/src/utils/workers-ai-rest.ts:71
	const response = await fetch(`${WORKERS_AI_REST_BASE}/${config.accountId}/ai/run/${model}`, {
		method: "POST",
		headers: {
			Authorization: `Bearer ${config.apiKey}`,
			"Content-Type": contentType,
		},
		body: audioBytes,
		signal: options?.signal,
	});

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

medium pii_flow dependency Excluded from app score #456d0990775e554c A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:240 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:243 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]__reposrc/packages/workers-ai-provider/src/utils.ts:240
	const response = await fetch(url, {
		method: "POST",
		headers: {
			Authorization: `Bearer ${config.apiKey}`,
			"Content-Type": contentType,
		},
		body: audioBytes,
		signal,
	});

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 19 low-confidence finding(s)
low egress tooling Excluded from app score unknown #96f88d679aee2e5d Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/mcp-slack-oauth/src/slack-handler.ts:210
	const response = await fetch("https://slack.com/api/oauth.v2.access", {
		body: new URLSearchParams({
			client_id: c.env.SLACK_CLIENT_ID,
			client_secret: c.env.SLACK_CLIENT_SECRET,
			code,
			redirect_uri: new URL("/callback", c.req.url).href,
		}).toString(),
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
		},
		method: "POST",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #39964be8d2306148 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/mcp-slack-oauth/src/slack-handler.ts:289
	const response = await fetch("https://slack.com/api/oauth.v2.access", {
		body: new URLSearchParams({
			client_id: env.SLACK_CLIENT_ID,
			client_secret: env.SLACK_CLIENT_SECRET,
			grant_type: "refresh_token",
			refresh_token,
		}).toString(),
		headers: {
			"Content-Type": "application/x-www-form-urlencoded",
		},
		method: "POST",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #924f562a2612f549 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/model-scraper/src/index.ts:178
		const response = await fetch(apiUrl, {
			method: "GET",
			headers: {
				"Content-Type": "application/json",
				Authorization: `Bearer ${token}`,
				Accept: "application/vnd.github+json",
				"User-Agent": "model-scraper",
				"X-GitHub-Api-Version": "2022-11-28",
			},
		});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #7611d208d341c3b1 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-google-oauth/src/google-handler.ts:181
	const userResponse = await fetch("https://www.googleapis.com/oauth2/v2/userinfo", {
		headers: {
			Authorization: `Bearer ${accessToken}`,
		},
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #0287c4ae7e67b605 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-server-descope-auth/src/descope-utils.ts:20
	const upstream = new URL("https://api.descope.com/oauth2/v1/apps/authorize");

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #bbb57f0d19ad00d6 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-server-descope-auth/src/descope-utils.ts:54
	const resp = await fetch("https://api.descope.com/oauth2/v1/apps/token", {
		body: JSON.stringify({
			code,
			grant_type: "authorization_code",
			redirect_uri,
		}),
		headers: {
			Authorization: `Bearer ${project_id}:${management_key}`,
			"Content-Type": "application/json",
		},
		method: "POST",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #9dc5129df9d00b65 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/[email protected]__reposrc/demos/remote-mcp-server-descope-auth/src/descope-utils.ts:89
	const resp = await fetch("https://api.descope.com/oauth2/v1/apps/userinfo", {
		headers: {
			Authorization: `Bearer ${accessToken}`,
		},
		method: "GET",
	});

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #f11426f03aa07a45 Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:5
if (!process.env.CLOUDFLARE_API_TOKEN) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4d2b43918f3d933b Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:9
if (!process.env.CLOUDFLARE_ACCOUNT_ID) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2ff07c92b7b7f5c5 Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:14
	accountId: process.env.CLOUDFLARE_ACCOUNT_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #084fa3bee2e52b6f Environment-variable access.
pkgs/npm/[email protected]__reposrc/demos/structured-output-node/src/index.ts:15
	apiKey: process.env.CLOUDFLARE_API_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #82f3236142bdf799 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/aicli/src/npm.ts:69
		const cfg = Config.parse(JSON.parse(await fs.readFile(this.configPath, "utf8")));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7033eea5e51eabee Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/aicli/src/npm.ts:76
		await fs.writeFile(
			this.configPath,
			JSON.stringify(
				Config.parse({
					demos: this.demos,
				} satisfies Config),
				null,
				2,
			),
		);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #53ce844b65ca8130 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:34
					const templateContent = await fs.readFile(srcPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #47da7118d0274116 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:37
					await fs.writeFile(destPath, compiledContent, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ab212f0536690f8a Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:58
			const templateContent = await fs.readFile(src, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8eb698a186f15669 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:61
			await fs.writeFile(destPath, compiledContent, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5134e333aa841847 Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:75
	const fileContents = await fs.readFile(filePath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6ce001f42c4290dc Filesystem access.
pkgs/npm/[email protected]__reposrc/tools/create-demo/utils.ts:91
	await fs.writeFile(filePath, jsonData, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@openrouter/ai-sdk-provider

npm dependency
medium pii_flow tooling Excluded from app score unknown #4a70143220b205c7 PII-bearing data is written to a log sink. Logged PII is a privacy concern even when it does not leave the process.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:95 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:19 → /tmp/closeopen-tliy3dl5/pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:95
      console.log(reasoning);

PII-bearing data is written to a log/print sink — it stays in-process and does not leave the application, but logged PII is still a privacy concern.

Fix: Avoid logging user identifiers; redact or omit PII from log/print statements.

medium pii_flow tooling Excluded from app score unknown #40aec88ebf743764 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:16 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:18 → /tmp/closeopen-tliy3dl5/pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:16
    const response = await fetch(url, {
      headers: {
        Authorization: `Bearer ${process.env.OPENROUTER_API_KEY}`,
      },
    });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 120 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #ca9d27bda6c63270 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/cache-control.test.ts:38
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3da23abd14644438 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/cache-control.test.ts:39
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e60cdf45431c46d3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/embeddings/index.test.ts:8
  apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dfd054d4292e5f84 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/embeddings/index.test.ts:9
  baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d451eaa434316aa5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:38
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #84f1d5ff313175fb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:39
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #497dd1f003346730 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:132
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6fe1428ad2e30099 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/gemini/reasoning-multiturn.test.ts:133
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9f2c96690712b772 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-160-toolcallid-uniqueness.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0539677694b97c8f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-160-toolcallid-uniqueness.test.ts:26
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #475688f9b29c3ce7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-166-finish-reason-null.test.ts:38
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8154a83662af2dcb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-166-finish-reason-null.test.ts:39
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1f027bc55ea0f92b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-171-cache-tool-key-ordering.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #541b4fe4b9fe083e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-171-cache-tool-key-ordering.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b1a23927a2946789 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-190-streamobject-flush-error.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0057c8e86567f6d6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-190-streamobject-flush-error.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dbfac03167c60684 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-194-grok-invalid-json.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7e7b6c083ad868c1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-194-grok-invalid-json.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6e07521c8b56ed21 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-196-anthropic-1h-cache-ttl.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7eee04ab07491683 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-196-anthropic-1h-cache-ttl.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #337ff845a6e8ce9d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-199-openai-pdf-processing.test.ts:29
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0fb04f3f6ff26af9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-199-openai-pdf-processing.test.ts:30
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #b1c378fc763698fb Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-199-openai-pdf-processing.test.ts:35
    const pdfBlob = await fetch('https://bitcoin.org/bitcoin.pdf').then((res) =>

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #3ce6e33af03bd0c8 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-212-anthropic-web-search-online.test.ts:34
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #184025c01b6d67fe Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-212-anthropic-web-search-online.test.ts:35
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #13958057fa8ce4b6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-234-prompt-caching.test.ts:40
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5abbdc9a39ec992c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-234-prompt-caching.test.ts:41
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #86bdafedd3af677e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:19
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1d0eac811bdce056 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-237-reasoning-linebreaks.test.ts:20
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4179756f0579aba5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-248-gemini-web-search-empty-response.test.ts:28
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #418ca0185c1d02c6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-248-gemini-web-search-empty-response.test.ts:29
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3bfdb3c5eff661da Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-269-image-size-parameter.test.ts:78
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f6020f0de38da635 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-287-tool-calls-missing-arguments.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b8951e7e5539288c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-287-tool-calls-missing-arguments.test.ts:26
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8c03e76476318f04 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-341-cache-control-last-text-part.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c90de49ced0cb48c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-341-cache-control-last-text-part.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1d73db04e91155f7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-383-video-url-support.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6d8b67bc3e431d5d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-386-image-files-parameter.test.ts:80
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b20c30cca187897f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-387-temperature-settings.test.ts:32
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #65dec9908776ce33 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-389-system-cache-control.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c707eb6f7045923c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-389-system-cache-control.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6d7cdac1c9aad85e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-391-reasoning-effort-values.test.ts:28
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dd90a886bff0c6dd Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-391-reasoning-effort-values.test.ts:29
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #edb08a9b50118696 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-392-auto-router-plugin.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c62f335e30137368 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-392-auto-router-plugin.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b1734b9946a5681e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-394-reasoning-end-signature.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #57404635bb0ece13 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-394-reasoning-end-signature.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ccc9f899093a64d8 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-407-token-usage-details.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #fc27da91316e021b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-407-token-usage-details.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #18feb46954441862 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-411-output-object-tools-conflict.test.ts:24
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #58be5b969ab9ccc5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-411-output-object-tools-conflict.test.ts:25
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b2c68df06689d672 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-418-gemini-thought-signature.test.ts:29
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #25546bd8bf80c6d9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-418-gemini-thought-signature.test.ts:30
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0b69dfc504a6c026 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-420-finish-reason-usage-fallback.test.ts:40
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b71e781b523dff4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-420-finish-reason-usage-fallback.test.ts:41
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8544849b4d8dc12d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-usage-fallback.test.ts:23
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5569106c088f68cb Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-419-usage-fallback.test.ts:24
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c0cb7a298b4f7aab Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-422-incomplete-error-information.test.ts:23
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a4834af081c67aca Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-signature-stripped.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #55ab196760d33d02 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-signature-stripped.test.ts:26
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b399d0d285a2e61d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-streaming-signature-loss.test.ts:21
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1a5a986e7cda3af6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-streaming-signature-loss.test.ts:22
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #bb11a00ce0a92020 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-uimessage-roundtrip.test.ts:29
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2f2eb0753dfe7efd Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-423-uimessage-roundtrip.test.ts:30
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #52592d861ad9d4d5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-424-anthropic-auto-cache.test.ts:22
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0e3f49e53c4d72ee Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-424-anthropic-auto-cache.test.ts:23
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6d6d87299a34987b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-432-raw-response-body.test.ts:25
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #839d708184abcae4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-438-gemini-reasoning-redacted.test.ts:23
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5989883cfc531301 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-438-gemini-reasoning-redacted.test.ts:24
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #22f88b2980392844 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-439-exact-payload.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #22c8ae80ffaca27b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-439-exact-payload.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #68a72803c639b988 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-453-signature-reopen.test.ts:27
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #41611dec4e19171f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-453-signature-reopen.test.ts:28
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #497ebad789ce6e53 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-474-web-search-server-tool.test.ts:26
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #fff5ef58e0ba290f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-474-web-search-server-tool.test.ts:27
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ee97e0c1c6ed82df Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-63-web-search-annotations.test.ts:24
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7afbecdcd6c80e72 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/issues/issue-63-web-search-annotations.test.ts:25
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3a422e07d79a3378 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:166
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #45ef30c641e73721 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:167
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #835c690cc5e38664 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:232
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e028dba0b05dbd97 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:233
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #08b9bfa3f22dc38a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:304
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8fd15997d8d807ab Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:305
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #882e7d5a6e6f89b3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:366
          apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0f967ff6b16c1f83 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/parallel-tool-calls.test.ts:367
          baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #56932a6a49cc3d60 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:4
import { readFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #ecb6e676a1f039b3 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:14
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1950c866564821bc Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:15
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #2a3f32055b388a0a Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:24
  const pdfBlob = await fetch('https://bitcoin.org/bitcoin.pdf').then((res) =>

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #1382b75733159733 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:70
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8bdc28b242908735 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:71
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #842154542ffc5118 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:90
  const metadataText = await readFile(metadataPath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5f782b5846920a39 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-blob/index.test.ts:98
  const pdfBuffer = await readFile(pdfPath);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6fe0809252755b10 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:4
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #7e4793ed42484775 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:14
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #a4ccdaa5b4a47b05 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:15
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #6136408a10c6f7a2 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:33
        data: new URL('https://bitcoin.org/bitcoin.pdf'),

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #954aac97737dcbc4 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/pdf-url/index.test.ts:56
  await writeFile(
    new URL('./output.ignore.json', import.meta.url),
    JSON.stringify(messageHistory, null, 2),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b0a6592be8550730 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:12
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4a90c292c5bc0638 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:13
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #43c641894035f9c4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:55
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #430cf79ae80f33bd Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:56
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #644eb991f01e98ec Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:98
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #c83b423e58f70177 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-effort.test.ts:99
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #1527fb37dda7c766 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-multiturn/index.test.ts:14
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #3b0f1e7642c18b1f Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/reasoning-multiturn/index.test.ts:15
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #fce2e796124f0a32 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools-with-reasoning.test.ts:24
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e304296a02830173 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools-with-reasoning.test.ts:25
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #52d019eaa9cc58e4 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools.ts:8
  apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4fab75b8c412c93e Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/tools.ts:9
  baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e94d9a248ad1d549 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/usage-accounting.test.ts:11
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #2ea80814f8c5a287 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/usage-accounting.test.ts:12
    baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #69909b2ae2368c70 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/utils.ts:12
  writeFile(
    new URL(fileName ?? './output.ignore.json', baseUrl),
    JSON.stringify(fileData, null, 2),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #4cf8d825e2be3e77 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:11
    apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #24049655fc92356b Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/video-generation.test.ts:18
        Authorization: `Bearer ${process.env.OPENROUTER_API_KEY}`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #20b45db325a37086 Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:2
import { writeFile } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0f25cce5e4142f93 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:13
      apiKey: process.env.OPENROUTER_API_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #69fdf786d3d5b386 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:14
      baseUrl: `${process.env.OPENROUTER_API_BASE}/api/v1`,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0c65580e8d13fbdd Filesystem access.
pkgs/npm/@[email protected]__reposrc/e2e/web-search/index.test.ts:45
    await writeFile(
      new URL('./output.ignore.json', import.meta.url),
      JSON.stringify(sources, null, 2),
    );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #26f83cef2bad9e80 Filesystem access.
pkgs/npm/@[email protected]__reposrc/tsup.config.ts:5
  readFileSync(new URL('package.json', import.meta.url), 'utf8'),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@openauthjs/openauth

npm dependency
medium pii_flow dependency Excluded from app score #3934f01e683435cb A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193 → /tmp/closeopen-tliy3dl5/pkgs/npm/@[email protected]/src/provider/oauth2.ts:193
        const json: any = await fetch(config.endpoint.token, {
          method: "POST",
          headers: {
            "Content-Type": "application/x-www-form-urlencoded",
            Accept: "application/json",
          },
          body: body.toString(),
        }).then((r) => r.json())

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

expand_more 13 low-confidence finding(s)
low env_fs dependency Excluded from app score #f7e305635b072371 Environment-variable access.
pkgs/npm/@[email protected]/src/client.ts:550
  const issuer = input.issuer || process.env.OPENAUTH_ISSUER

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4be304205b5aa9c8 Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:491
  if (process.env.OPENAUTH_STORAGE) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #690d90be1a04d5ea Environment-variable access.
pkgs/npm/@[email protected]/src/issuer.ts:492
    const parsed = JSON.parse(process.env.OPENAUTH_STORAGE)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #43c06bdeef9cd9f2 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:31
  if (process.env.AWS_ACCESS_KEY_ID && process.env.AWS_SECRET_ACCESS_KEY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7e05b151589aee74 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:33
      accessKeyId: process.env.AWS_ACCESS_KEY_ID,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b6d0cc909abbdd3f Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:34
      secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #673b4d42d09314ea Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:35
      sessionToken: process.env.AWS_SESSION_TOKEN,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #14a6f6237129d893 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:36
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7ad905546a7759f9 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:40
  if (process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8cbd3d65b7bf05bc Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:43
        process.env.AWS_CONTAINER_CREDENTIALS_RELATIVE_URI,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fc08a7aad36dd390 Environment-variable access.
pkgs/npm/@[email protected]/src/storage/aws.ts:49
      region: process.env.AWS_REGION,

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #abe469511a98b988 Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:59
      const file = readFileSync(input?.persist)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8638002021401d4c Filesystem access.
pkgs/npm/@[email protected]/src/storage/memory.ts:67
    await writeFile(input.persist, file)

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

ai

npm dependency
medium pii_flow dependency Excluded from app score #9af6e7fc0b322a43 A credential read from the environment/filesystem is applied as authorization on the same outbound request (auth header). This is intentional authentication, not unexpected data exfiltration.
pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 · flow /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110 → /tmp/closeopen-tliy3dl5/pkgs/npm/[email protected]/src/realtime/realtime-session.ts:110
      const response = await fetch(this.api.token, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ sessionConfig: this.sessionConfig }),
      });

A credential read from the environment/filesystem is applied as authorization on the same outbound request (an auth header). This is intentional authentication to the service the credential belongs to, not unexpected data exfiltration.

Fix: Confirm the destination is the credential's own service; scope the credential and avoid logging it. No action if this is the intended authenticated API call.

@actions/core

npm dependency
expand_more 15 low-confidence finding(s)
low env_fs dependency Excluded from app score #96bc63c6ebd40700 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:67
    process.env[name] = convertedVal;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e962f3d3ed97bbf5 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:68
    const filePath = process.env['GITHUB_ENV'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #221f3acb5d665371 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:88
    const filePath = process.env['GITHUB_PATH'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0171d803b964f3c8 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:95
    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1a1efcb95bfe4453 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:108
    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6906f07c4d84e841 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:166
    const filePath = process.env['GITHUB_OUTPUT'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d690a86406aaa78c Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:203
    return process.env['RUNNER_DEBUG'] === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a038158355b2e010 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:300
    const filePath = process.env['GITHUB_STATE'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #74e0bdc0da67c073 Environment-variable access.
pkgs/npm/@[email protected]/lib/core.js:314
    return process.env[`STATE_${name}`] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b8c3484655e8d113 Filesystem access.
pkgs/npm/@[email protected]/lib/file-command.js:31
const fs = __importStar(require("fs"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e0487e63b6af80f0 Environment-variable access.
pkgs/npm/@[email protected]/lib/file-command.js:35
    const filePath = process.env[`GITHUB_${command}`];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a2b275a387cc57b6 Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:25
        const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65fe40d0c375f714 Environment-variable access.
pkgs/npm/@[email protected]/lib/oidc-utils.js:32
        const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f84a1b1c4302d38b Filesystem access.
pkgs/npm/@[email protected]/lib/summary.js:14
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7fcee82a669dbb97 Environment-variable access.
pkgs/npm/@[email protected]/lib/summary.js:33
            const pathFromEnv = process.env[exports.SUMMARY_ENV_VAR];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@actions/github

npm dependency
expand_more 21 low-confidence finding(s)
low env_fs dependency Excluded from app score #3a425ae5bc0ddc3c Filesystem access.
pkgs/npm/@[email protected]/lib/context.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e479845be03d3f47 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:13
        if (process.env.GITHUB_EVENT_PATH) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #67c11d6cfe682832 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:14
            if ((0, fs_1.existsSync)(process.env.GITHUB_EVENT_PATH)) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2602ef05871d443d Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:15
                this.payload = JSON.parse((0, fs_1.readFileSync)(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #93852cf1629a8ef8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:18
                const path = process.env.GITHUB_EVENT_PATH;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #fd68de132d8cf6d7 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:22
        this.eventName = process.env.GITHUB_EVENT_NAME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #bcb58718de38b0bf Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:23
        this.sha = process.env.GITHUB_SHA;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c16525b38c5f85b0 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:24
        this.ref = process.env.GITHUB_REF;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0f85459975166edf Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:25
        this.workflow = process.env.GITHUB_WORKFLOW;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #351d7fce3952b7d5 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:26
        this.action = process.env.GITHUB_ACTION;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f061290748e3f66c Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:27
        this.actor = process.env.GITHUB_ACTOR;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #30a937bd69fc52d8 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:28
        this.job = process.env.GITHUB_JOB;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2f5dfc8b309991ae Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:29
        this.runAttempt = parseInt(process.env.GITHUB_RUN_ATTEMPT, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f4f273f87e16a345 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:30
        this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a15648b1f6fd35a5 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:31
        this.runId = parseInt(process.env.GITHUB_RUN_ID, 10);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e3cd956813877222 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:32
        this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a64d9af0da1ee600 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:33
        this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c3c54f9022dc4ec2 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:35
            (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #21c10dfadb062753 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:42
        if (process.env.GITHUB_REPOSITORY) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4f85ef33ee4b7111 Environment-variable access.
pkgs/npm/@[email protected]/lib/context.js:43
            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76fb224ff8166f64 Environment-variable access.
pkgs/npm/@[email protected]/lib/internal/utils.js:67
    return process.env['GITHUB_API_URL'] || 'https://api.github.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@agentclientprotocol/sdk

npm dependency
expand_more 11 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #bcaf5ded0989beab Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:4
import * as fs from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #e046821a8848b063 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:17
  const metadata = JSON.parse(await fs.readFile("./schema/meta.json", "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #dcf2ceb1e3adcdef Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:19
  const schemaSrc = await fs.readFile("./schema/schema.json", "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #d651cf30a876a499 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:46
    await fs.readFile("./schema/schema.json", "utf8"),

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #9d75f552861f80ed Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:50
  const zodSrc = await fs.readFile(zodPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5ed666fa8fbcc009 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:72
  await fs.writeFile(zodPath, zod);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0a0347b658377596 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:75
  const tsSrc = await fs.readFile(tsPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #0e683b4753487215 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:86
  await fs.writeFile(tsPath, ts);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #b5d5894f34db5e94 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:98
  const indexSrc = await fs.readFile(indexPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #6b16c6425e90d674 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:99
  await fs.writeFile(
    indexPath,
    `${indexSrc.replace(/\s*ClientOptions,/, "")}\n${meta}`,
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #8d36a55c78a788e8 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/generate.js:125
  await fs.writeFile(outputPath, response.body);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@ai-sdk/google-vertex

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #2fb35fd01e43b80e Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/edge/google-vertex-auth-edge.ts:139
    const response = await fetch('https://oauth2.googleapis.com/token', {
      method: 'POST',
      headers: withUserAgentSuffix(
        { 'Content-Type': 'application/x-www-form-urlencoded' },
        `ai-sdk/google-vertex/${VERSION}`,
        getRuntimeEnvironmentUserAgent(),
      ),
      body: new URLSearchParams({
        grant_type: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
        assertion: jwt,
      }),
    });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@ai-sdk/togetherai

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #fe3784e56c25619e Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:105
  if (typeof process.env.TOGETHER_API_KEY === 'string') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #09c682a0f2605c02 Environment-variable access.
pkgs/npm/@[email protected]/src/togetherai-provider.ts:108
  const key = process.env.TOGETHER_AI_API_KEY;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@aws-sdk/credential-providers

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #6132ef131b601c31 Environment-variable access.
pkgs/npm/@[email protected]/dist-cjs/fromTemporaryCredentials.js:8
    return (0, fromTemporaryCredentials_base_1.fromTemporaryCredentials)(options, fromNodeProviderChain_1.fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => (0, config_1.loadConfig)({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #78c58e41052f8843 Environment-variable access.
pkgs/npm/@[email protected]/dist-es/fromTemporaryCredentials.js:5
    return fromTemporaryCredentialsBase(options, fromNodeProviderChain, async ({ profile = process.env.AWS_PROFILE }) => loadConfig({

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@clack/prompts

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #7c08bc061257f941 Environment-variable access.
pkgs/npm/@[email protected]__sourcemap/src/common.ts:7
export const isCI = (): boolean => process.env.CI === 'true';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@effect/opentelemetry

npm dependency
expand_more 1 low-confidence finding(s)
low egress dependency Excluded from app score #57f6ec2203f5f658 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/internal/otlpExporter.ts:64
  const request = HttpClientRequest.post(options.url, { headers })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@effect/platform-node

npm dependency
expand_more 2 low-confidence finding(s)
low egress dependency Excluded from app score #4185caafcc0777a8 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/internal/httpClient.ts:60
      Https.request(url, {
        agent: agent.https,
        method: request.method,
        headers: request.headers,
        signal
      }) :

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress dependency Excluded from app score #07d523cbb744980f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]/src/internal/httpClient.ts:66
      Http.request(url, {
        agent: agent.http,
        method: request.method,
        headers: request.headers,
        signal
      })

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

@ff-labs/fff-bun

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #e3830350a0e869de Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:171
  const nvimCache = process.env.XDG_CACHE_HOME || join(homedir(), ".cache", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #224965ae9a7bfeb6 Environment-variable access.
pkgs/npm/@[email protected]/examples/search.ts:173
    process.env.XDG_DATA_HOME || join(homedir(), ".local", "share", "nvim");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@modelcontextprotocol/sdk

npm dependency
expand_more 35 low-confidence finding(s)
low egress tooling Excluded from app score unknown #0395df6b93220c24 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/scripts/cli.ts:54
    await client.request({ method: 'resources/list' }, ListResourcesResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #a80d972672213918 Hardcoded external endpoint. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/scripts/fetch-spec-types.ts:16
    const response = await fetch(url);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #5b02c64e3d2a7fc9 Filesystem access.
pkgs/npm/@[email protected]__reposrc/scripts/fetch-spec-types.ts:77
        writeFileSync(outputPath, fullContent, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a93619cadf1b1e19 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/client/stdio.ts:71
        const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #2473ddd91e3edd84 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/elicitationUrlExample.ts:632
        const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #06c7401958864b52 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/elicitationUrlExample.ts:663
        const result = await client.request(request, CallToolResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #851c2890e8f79669 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/multipleClientsParallel.ts:64
        const result = await client.request(toolRequest, CallToolResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #26bef0399866d624 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/parallelToolCallsClient.ts:95
        const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #7d7f761597481c38 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/parallelToolCallsClient.ts:167
            return client
                .request(request, CallToolResultSchema)

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #b8fe04ead65b53d9 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:26
const DEFAULT_SERVER_URL = process.env.MCP_SERVER_URL || 'http://localhost:3000/mcp';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #40268c89e3c85b40 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:29
    const clientId = process.env.MCP_CLIENT_ID;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #da1013750dd57536 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:36
    const privateKeyPem = process.env.MCP_CLIENT_PRIVATE_KEY_PEM;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #73abb5c64aaba517 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:38
        const algorithm = process.env.MCP_CLIENT_ALGORITHM || 'RS256';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #970e1f10f6db4c43 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleClientCredentials.ts:48
    const clientSecret = process.env.MCP_CLIENT_SECRET;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low egress tooling Excluded from app score unknown #cb691e1f4c717e41 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleOAuthClient.ts:232
            const result = await this.client.request(request, ListToolsResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #b14bee171b2dd34a Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleOAuthClient.ts:290
            const result = await this.client.request(request, CallToolResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #bb3cbb80ebae7903 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:510
                const resourcesResult = await client.request(
                    {
                        method: 'resources/list',
                        params: {}
                    },
                    ListResourcesResultSchema
                );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #bd84c67eab2bc938 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:601
        const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #842a249098e4f22b Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:632
        const result = await client.request(request, CallToolResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #5ee5882f734d5407 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:719
        const result = await client.request(request, CallToolResultSchema, {
            resumptionToken: notificationsToolLastEventId,
            onresumptiontoken: onLastEventIdUpdate
        });

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #4111836625f3da9f Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:748
        const promptsResult = await client.request(promptsRequest, ListPromptsResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #23cc3cf045602109 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:777
        const promptResult = await client.request(promptRequest, GetPromptResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #7f1dfae8d51a0821 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:798
        const resourcesResult = await client.request(resourcesRequest, ListResourcesResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #e2ea180bda9827bc Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/simpleStreamableHttp.ts:826
        const result = await client.request(request, ReadResourceResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #5171231967d0d33d Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/ssePollingClient.ts:75
        const result = await client.request(
            {
                method: 'tools/call',
                params: {
                    name: 'long-task',
                    arguments: {}
                }
            },
            CallToolResultSchema,
            {
                // Track resumption tokens for debugging
                onresumptiontoken: token => {
                    lastEventId = token;
                    console.log(`[Event ID] ${token}`);
                }
            }
        );

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #26cb55f752a9e69e Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/streamableHttpWithSseFallbackClient.ts:139
        const toolsResult = await client.request(toolsRequest, ListToolsResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low egress tooling Excluded from app score unknown #cb04dcf526d92a16 Outbound request to a variable or assembled URL on a network client. Review what data is sent to this destination.
pkgs/npm/@[email protected]__reposrc/src/examples/client/streamableHttpWithSseFallbackClient.ts:172
        const result = await client.request(request, CallToolResultSchema);

Data is sent to a hardcoded external endpoint; review what leaves the process.

Fix: Verify the destination and that only non-sensitive data is sent; pin and audit the dependency.

low env_fs tooling Excluded from app score unknown #07c9aae1afa7646d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationFormExample.ts:350
    const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #917ceaa1f24d54c8 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:215
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #5a3cf3f6b38866b6 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/elicitationUrlExample.ts:216
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #598766da47e6e6d1 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/honoWebStandardStreamableHttp.ts:69
const PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f79a848a4352c871 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:621
const MCP_PORT = process.env.MCP_PORT ? parseInt(process.env.MCP_PORT, 10) : 3000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #f6a39cf9051d39a7 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleStreamableHttp.ts:622
const AUTH_PORT = process.env.MCP_AUTH_PORT ? parseInt(process.env.MCP_AUTH_PORT, 10) : 3001;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs tooling Excluded from app score unknown #447f9d5e3fbc9ee0 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/examples/server/simpleTaskInteractive.ts:448
const PORT = process.env.PORT ? parseInt(process.env.PORT, 10) : 8000;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #755cbab2a573e732 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/src/server/auth/router.ts:12
    process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === 'true' || process.env.MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL === '1';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/core

npm dependency
expand_more 37 low-confidence finding(s)
low env_fs dependency Excluded from app score #eac82d8f578ac753 Filesystem access.
pkgs/npm/@[email protected]/index-7z5n7k9m.js:5372
      fs.writeFileSync(filepath, content, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c740fc6948250812 Environment-variable access.
pkgs/npm/@[email protected]/index-7z5n7k9m.js:6659
  if (process.env.OTUI_USE_ALTERNATE_SCREEN !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #850ce5fd08d83dc7 Environment-variable access.
pkgs/npm/@[email protected]/index-7z5n7k9m.js:6664
  if (process.env.OTUI_OVERRIDE_STDOUT !== undefined) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #15cabf61335f9cf7 Environment-variable access.
pkgs/npm/@[email protected]/index-7z5n7k9m.js:7209
      const value = process.env[key];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5bfc5691691cfc1e Filesystem access.
pkgs/npm/@[email protected]/index-za1krqsf.js:725
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #4ac3102140f522b5 Filesystem access.
pkgs/npm/@[email protected]/index-za1krqsf.js:730
import { existsSync as existsSync3, writeFileSync } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4f2392860bbac6a Environment-variable access.
pkgs/npm/@[email protected]/index-za1krqsf.js:5946
  const envValue = process.env[config.name];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7f134a9190f127ad Filesystem access.
pkgs/npm/@[email protected]/index-za1krqsf.js:7928
import { existsSync as existsSync2 } from "fs";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2ba465a2c440fa24 Environment-variable access.
pkgs/npm/@[email protected]/index-za1krqsf.js:11872
  const libc = process.env.OPENTUI_LIBC;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d374a384d9474da4 Environment-variable access.
pkgs/npm/@[email protected]/index-za1krqsf.js:11887
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3d785fc4ff97bb08 Environment-variable access.
pkgs/npm/@[email protected]/index-za1krqsf.js:11894
      if (process.env.OPENTUI_LIBC === "musl") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5838fa53c3bd6a3e Filesystem access.
pkgs/npm/@[email protected]/index-za1krqsf.js:13387
      writeFileSync(logPath, msg + `
`, { flag: "a" });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c4eadaacfdda0e2c Filesystem access.
pkgs/npm/@[email protected]/index.js:3905
    const bytes = await readFile(filePath).catch((err) => {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #eff39fa1eb5f52d3 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:5
import { readFile as readFile2, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1aafd0243c157b76 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:9
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #65a402ed31aca7e6 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:35
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b5a165c717f5f17e Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:49
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #720921b9de9cdb65 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:61
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6fa2de67ed95272 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:79
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2e5fac2e9f154421 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:88
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f61ab11c561d674b Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:89
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ea9a968db40656a9 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:118
import { readdir } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a231257769aef74e Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:142
    const configContent = await readFile2(resolvedConfigPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2de259f74b5a671d Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:170
        const content = await readFile2(localPath, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #22cdac79d7d3f6d8 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:204
  await writeFile2(queryPath, combinedContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #18d65aef95559ae7 Filesystem access.
pkgs/npm/@[email protected]/lib/tree-sitter/update-assets.js:276
  await writeFile2(outputPath, fileContent, "utf-8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c1345cd080356eb0 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:44
import { mkdir as mkdir3 } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #55791a52c8b96b98 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:48
import { mkdir, readFile, writeFile } from "fs/promises";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ff57b2acd5a7f65f Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:74
        const cachedContent = await readFile(cacheFile);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d4c1a1985a36a93 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:88
          await writeFile(cacheFile, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #367d6288a3c72241 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:100
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f40d1e80389775b Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:118
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ddbfc87ffbd941a9 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:127
        const content = await readFile(source);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #1addc032d965e840 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:128
        await writeFile(targetPath, Buffer.from(content));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d6e479b45a1f3a50 Filesystem access.
pkgs/npm/@[email protected]/parser.worker.js:322
  await writeFileNode(destinationPath, bytes, { mode: options?.mode });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #24099b401e39b980 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:113
                const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #099abbeb7ba83401 Filesystem access.
pkgs/npm/@[email protected]/runtime-plugin.js:374
                    contents = readFileSync(normalizedPath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@opentui/solid

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #357945e1836e4cc6 Environment-variable access.
pkgs/npm/@[email protected]/index.bun.js:518
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #8f17032bb454af12 Environment-variable access.
pkgs/npm/@[email protected]/index.js:492
  if (process.env.DEBUG) {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@parcel/watcher

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs tooling Excluded from app score unknown #ade907e005e5c730 Environment-variable access.
pkgs/npm/@[email protected]/scripts/build-from-source.js:5
if (process.env.npm_config_build_from_source === 'true') {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@pierre/diffs

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #301480ffbaf3d458 Environment-variable access.
pkgs/npm/@[email protected]__sourcemap/src/constants.ts:16
    return process.env.NODE_ENV === 'development';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@silvia-odwyer/photon-node

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #ef5cb35f24ee2217 Filesystem access.
pkgs/npm/@[email protected]/photon_rs.js:4513
const bytes = require('fs').readFileSync(path);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

@standard-schema/spec

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #764a2079b763d5c6 Filesystem access.
pkgs/npm/@[email protected]__reposrc/packages/web/app/page.tsx:45
  const md = readFileSync(mdPath, "utf-8").split("<!-- start -->")[1];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9bd1c3ab3a01720d Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:11
  return process.env.NODE_ENV === "development";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5862c38920a5607a Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:15
  return process.env.CF_PAGES_BRANCH !== "main";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #6e84c9d4bc7729c5 Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:19
  return process.env.CF_PAGES_BRANCH === "main";

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7941d59b867db74c Environment-variable access.
pkgs/npm/@[email protected]__reposrc/packages/web/lib/utils.ts:28
    return process.env.CF_PAGES_URL!;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

chokidar

npm dependency
expand_more 14 low-confidence finding(s)
low env_fs dependency Excluded from app score #ed937826235df797 Filesystem access.
pkgs/npm/[email protected]/esm/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3ba5a6ffd26f59b9 Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:1
import { watchFile, unwatchFile, watch as fs_watch } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #2296c913044c0948 Filesystem access.
pkgs/npm/[email protected]/esm/handler.js:2
import { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #d50e24fc8bf2c78c Filesystem access.
pkgs/npm/[email protected]/esm/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c493f3c85d273a1e Filesystem access.
pkgs/npm/[email protected]/esm/index.js:2
import { stat as statcb } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e5a2b0c6fe667982 Filesystem access.
pkgs/npm/[email protected]/esm/index.js:3
import { stat, readdir } from 'fs/promises';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #620f4ef9ca2db061 Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:260
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0ecd558c14079678 Environment-variable access.
pkgs/npm/[email protected]/esm/index.js:270
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9b894b68b77ce1b4 Filesystem access.
pkgs/npm/[email protected]/handler.d.ts:1
import type { WatchEventType, Stats, FSWatcher as NativeFsWatcher } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #72dce2fcdc296e02 Filesystem access.
pkgs/npm/[email protected]/handler.js:4
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9d75db684d52912e Filesystem access.
pkgs/npm/[email protected]/index.d.ts:2
import { Stats } from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7073d8add176c4d0 Filesystem access.
pkgs/npm/[email protected]/index.js:6
const fs_1 = require("fs");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7bcfd6f4cdefa2c9 Environment-variable access.
pkgs/npm/[email protected]/index.js:265
        const envPoll = process.env.CHOKIDAR_USEPOLLING;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #a163cde2c8720a27 Environment-variable access.
pkgs/npm/[email protected]/index.js:275
        const envInterval = process.env.CHOKIDAR_INTERVAL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

cross-spawn

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #cdbee610ae2820b6 Environment-variable access.
pkgs/npm/[email protected]/lib/parse.js:58
        parsed.command = process.env.comspec || 'cmd.exe';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #662b0439ca1d2c81 Filesystem access.
pkgs/npm/[email protected]/lib/util/readShebang.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

drizzle-orm

npm dependency
expand_more 4 low-confidence finding(s)
low env_fs dependency Excluded from app score #93fc9e4544dd80ee Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:43
  const journalAsString = import_node_fs.default.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #33ba6d2d2a56a605 Filesystem access.
pkgs/npm/[email protected]/migrator.cjs:48
      const query = import_node_fs.default.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e8bfcb4fa4724e7b Filesystem access.
pkgs/npm/[email protected]/migrator.js:10
  const journalAsString = fs.readFileSync(`${migrationFolderTo}/meta/_journal.json`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f0d3dd19d4f721fe Filesystem access.
pkgs/npm/[email protected]/migrator.js:15
      const query = fs.readFileSync(`${migrationFolderTo}/${journalEntry.tag}.sql`).toString();

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gitlab-ai-provider

npm dependency
expand_more 23 low-confidence finding(s)
low env_fs dependency Excluded from app score #0b379c7648d2646b Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-direct-access.ts:61
      config.aiGatewayUrl || process.env['GITLAB_AI_GATEWAY_URL'] || DEFAULT_AI_GATEWAY_URL;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #200717c241d2e96d Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:19
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #b389781d50682981 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:41
  const cacheHome = process.env.XDG_CACHE_HOME || path.join(os.homedir(), '.cache');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5577dd1027b8b2b0 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:68
      const raw = fs.readFileSync(this.filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #39d313b89bcc58b0 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-cache.ts:80
      fs.writeFileSync(tmpPath, JSON.stringify(data, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #414c1dffddde3259 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:13
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #9be252872c5734e0 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:56
  const cacheHome = process.env.XDG_CACHE_HOME || path.join(os.homedir(), '.cache');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #77afd5205d5c0759 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:64
    const raw = fs.readFileSync(filePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #73f5de23fd12df19 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-model-config.ts:80
    fs.writeFileSync(filePath, JSON.stringify(data, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #f1d5bcfdec7000ca Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-oauth-manager.ts:158
    const envClientId = process.env['GITLAB_OAUTH_CLIENT_ID'];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #866ccba6954d4c25 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:12
import * as fs from 'fs';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c298fa059c04f2b8 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:181
  const xdgDataHome = process.env.XDG_DATA_HOME;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #127ab88271dbec24 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:206
    const authData = JSON.parse(fs.readFileSync(authPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #08ef401f61ae1e0d Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:277
    const authData = JSON.parse(fs.readFileSync(authPath, 'utf-8'));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #76df2242378bd9a5 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:287
    fs.writeFileSync(authPath, JSON.stringify(authData, null, 2), { mode: 0o600 });

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #c330a6f98a348a47 Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:337
        const envApiKey = process.env[options.environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #12db93278789662b Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:356
  const apiKey = process.env[options.environmentVariableName];

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e4292d241d4be19d Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:380
    options.instanceUrl ?? process.env['GITLAB_INSTANCE_URL'] ?? 'https://gitlab.com';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bd3e2d27979f42e Environment-variable access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-provider.ts:452
    const apiKey = cachedApiKey || options.apiKey || process.env['GITLAB_TOKEN'] || '';

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e44e66d9640aaefb Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:419
      fs.writeFileSync(safePath, content, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0bfec8965e874684 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:442
      content = fs.readFileSync(safePath, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #81c10d38afe28537 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:448
      fs.writeFileSync(safePath, newString, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #ec7d84c7a640b322 Filesystem access.
pkgs/npm/[email protected]__sourcemap/src/gitlab-workflow-builtins.ts:463
    fs.writeFileSync(safePath, newContent, 'utf-8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

gray-matter

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #4e8ea42a3084634c Filesystem access.
pkgs/npm/[email protected]/index.js:3
const fs = require('fs');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #650c483ce5e4e71d Filesystem access.
pkgs/npm/[email protected]/index.js:179
  const str = fs.readFileSync(filepath, 'utf8');

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

immer

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #e8e1000510ce153c Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:269
	if (process.env.NODE_ENV !== "production" && isNaN(parseInt(prop as any)))

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e6a7506ed29f7ffc Environment-variable access.
pkgs/npm/[email protected]/src/core/proxy.ts:276
		process.env.NODE_ENV !== "production" &&

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #7d0b99cde2a56311 Environment-variable access.
pkgs/npm/[email protected]/src/plugins/patches.ts:37
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #0804d7d2de3c0f4f Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:4
	process.env.NODE_ENV !== "production"

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #3069067e608ccd60 Environment-variable access.
pkgs/npm/[email protected]/src/utils/errors.ts:42
	if (process.env.NODE_ENV !== "production") {

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

minimatch

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #c8c22400212fe20d Environment-variable access.
pkgs/npm/[email protected]__reposrc/src/index.ts:115
        process.env.__MINIMATCH_TESTING_PLATFORM__) ||

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

open

npm dependency
expand_more 2 low-confidence finding(s)
low env_fs dependency Excluded from app score #1ce6a1fdcd283238 Filesystem access.
pkgs/npm/[email protected]/index.js:52
		const configContent = await fs.readFile(configFilePath, {encoding: 'utf8'});

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5f233566252b0a08 Environment-variable access.
pkgs/npm/[email protected]/index.js:219
			: `${process.env.SYSTEMROOT || process.env.windir || 'C:\\Windows'}\\System32\\WindowsPowerShell\\v1.0\\powershell`;

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

opentui-spinner

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #a4ecaa6e0a68e18d Filesystem access.
pkgs/npm/[email protected]__reposrc/bench/scheduler-benchmark.ts:741
  writeFileSync(
    absolutePath,
    JSON.stringify(
      {
        meta: {
          benchmarkVersion: BENCHMARK_VERSION,
          timestamp: new Date().toISOString(),
          args: process.argv.slice(2),
          runtime: {
            bun: Bun.version,
            node: process.versions.node,
            v8: process.versions.v8,
            platform: process.platform,
            arch: process.arch,
          },
          cpu: cpus()[0]?.model,
          git: {
            commit: git(["rev-parse", "HEAD"]),
            branch: git(["branch", "--show-current"]),
            dirty: Boolean(git(["status", "--porcelain"])),
          },
          correctnessChecksum,
        },
        results,
      },
      null,
      2,
    ),
  );

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

remeda

npm dependency
expand_more 5 low-confidence finding(s)
low env_fs dependency Excluded from app score #9ba16b8b9b9773b4 Filesystem access.
pkgs/npm/[email protected]__reposrc/.claude/hooks/post-edit-prettier.ts:34
    const beforePrettier = readFileSync(filePath, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5a9e7784a8523327 Filesystem access.
pkgs/npm/[email protected]__reposrc/.claude/hooks/post-edit-prettier.ts:45
    writeFileSync(filePath, afterPrettier);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #846b15d252fead1d Filesystem access.
pkgs/npm/[email protected]__reposrc/packages/remeda/tsdown.config.ts:153
        const content = await readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #5adefb70720c68cc Filesystem access.
pkgs/npm/[email protected]__reposrc/packages/remeda/tsdown.config.ts:173
        await writeFile(file, withSymbols);

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

low env_fs dependency Excluded from app score #e99717702a720b01 Filesystem access.
pkgs/npm/[email protected]__reposrc/packages/remeda/tsdown.config.ts:193
    const content = await readFile(file, "utf8");

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

typescript

npm dependency
expand_more 1 low-confidence finding(s)
low env_fs dependency Excluded from app score #8fe5fc2a6bedff9d Filesystem access.
pkgs/npm/[email protected]/lib/getExePath.js:11
    const pkg = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "package.json"), "utf8"));

Reads environment variables or the filesystem — an inventory-level capability, not a leak on its own.

Fix: Usually benign; confirm any secret read here is not later sent externally.

Skipped dependencies

Production

  • @gitlab/opencode-gitlab-auth prod — dist-only: no readable source
  • @opencode-ai/codemode prod — registry 404
  • @opencode-ai/llm prod — registry 404
  • @opencode-ai/tui prod — registry 404
  • @solid-primitives/event-bus prod — dist-only: no readable source
  • @solid-primitives/scheduled prod — dist-only: no readable source
  • opencode-gitlab-auth prod — dist-only: no readable source
  • opencode-poe-auth prod — dist-only: no readable source
  • partial-json prod — dist-only: no readable source
  • strip-ansi prod — scan budget exceeded
  • tree-sitter-bash prod — scan budget exceeded
  • tree-sitter-powershell prod — scan budget exceeded
  • turndown prod — scan budget exceeded
  • ulid prod — scan budget exceeded
  • venice-ai-sdk-provider prod — scan budget exceeded
  • vscode-jsonrpc prod — scan budget exceeded
  • web-tree-sitter prod — scan budget exceeded
  • ws prod — scan budget exceeded
  • xdg-basedir prod — scan budget exceeded
  • yargs prod — scan budget exceeded
  • zod prod — scan budget exceeded
  • @octokit/auth-app prod — scan budget exceeded
  • hono prod — scan budget exceeded
  • jose prod — scan budget exceeded
  • @opencode-ai/client prod — scan budget exceeded
  • electron-context-menu prod — scan budget exceeded
  • electron-log prod — scan budget exceeded
  • electron-store prod — scan budget exceeded
  • electron-updater prod — scan budget exceeded
  • electron-window-state prod — scan budget exceeded
  • marked prod — scan budget exceeded
  • acorn prod — scan budget exceeded
  • @ai-sdk/provider-utils prod — scan budget exceeded
  • @effect/sql-sqlite-bun prod — scan budget exceeded
  • @npmcli/arborist prod — scan budget exceeded
  • @npmcli/config prod — scan budget exceeded
  • @opencode-ai/effect-drizzle-sqlite prod — scan budget exceeded
  • @opencode-ai/effect-sqlite-node prod — scan budget exceeded
  • bun-pty prod — scan budget exceeded
  • which prod — scan budget exceeded
  • @kobalte/core prod — scan budget exceeded
  • @shikijs/transformers prod — scan budget exceeded
  • @solid-primitives/bounds prod — scan budget exceeded
  • @solid-primitives/event-listener prod — scan budget exceeded
  • @solid-primitives/media prod — scan budget exceeded
  • @solid-primitives/resize-observer prod — scan budget exceeded
  • @shikijs/stream prod — scan budget exceeded
  • dompurify prod — scan budget exceeded
  • katex prod — scan budget exceeded
  • luxon prod — scan budget exceeded
  • marked-katex-extension prod — scan budget exceeded
  • marked-shiki prod — scan budget exceeded
  • morphdom prod — scan budget exceeded
  • motion prod — scan budget exceeded
  • motion-dom prod — scan budget exceeded
  • motion-utils prod — scan budget exceeded
  • remend prod — scan budget exceeded
  • shiki prod — scan budget exceeded
  • solid-list prod — scan budget exceeded
  • @slack/bolt prod — scan budget exceeded
  • @corvu/drawer prod — scan budget exceeded
  • @dnd-kit/abstract prod — scan budget exceeded
  • @dnd-kit/dom prod — scan budget exceeded
  • @dnd-kit/helpers prod — scan budget exceeded
  • @dnd-kit/solid prod — scan budget exceeded
  • @pierre/trees prod — scan budget exceeded
  • @solid-primitives/active-element prod — scan budget exceeded
  • @solid-primitives/audio prod — scan budget exceeded
  • @solid-primitives/scroll prod — scan budget exceeded
  • @solid-primitives/timer prod — scan budget exceeded
  • @solid-primitives/websocket prod — scan budget exceeded
  • @tanstack/solid-query prod — scan budget exceeded
  • @tanstack/solid-virtual prod — scan budget exceeded
  • @thisbeyond/solid-dnd prod — scan budget exceeded
  • ghostty-web prod — scan budget exceeded
  • solid-presence prod — scan budget exceeded
  • aws4fetch prod — scan budget exceeded
  • @solidjs/start prod — scan budget exceeded
  • @hono/standard-validator prod — scan budget exceeded
  • hono-openapi prod — scan budget exceeded
  • js-base64 prod — scan budget exceeded
  • nitro prod — scan budget exceeded
  • clipboardy prod — scan budget exceeded
  • @astrojs/cloudflare prod — scan budget exceeded
  • @astrojs/markdown-remark prod — scan budget exceeded
  • @astrojs/solid-js prod — scan budget exceeded
  • @astrojs/starlight prod — scan budget exceeded
  • @fontsource/ibm-plex-mono prod — scan budget exceeded
  • astro prod — scan budget exceeded
  • lang-map prod — scan budget exceeded
  • rehype-autolink-headings prod — scan budget exceeded
  • toolbeam-docs-theme prod — scan budget exceeded
  • @smithy/eventstream-codec prod — scan budget exceeded
  • @smithy/util-utf8 prod — scan budget exceeded
  • @effect/platform-node-shared prod — scan budget exceeded
  • @jsx-email/all prod — scan budget exceeded
  • @jsx-email/cli prod — scan budget exceeded
  • @opencode-ai/console-core prod — scan budget exceeded
  • @opencode-ai/console-resource prod — scan budget exceeded
  • @aws-sdk/client-sts prod — scan budget exceeded
  • @jsx-email/render prod — scan budget exceeded
  • @opencode-ai/console-mail prod — scan budget exceeded
  • @planetscale/database prod — scan budget exceeded
  • postgres prod — scan budget exceeded
  • stripe prod — scan budget exceeded
  • @cloudflare/vite-plugin prod — scan budget exceeded
  • @ibm/plex prod — scan budget exceeded
  • @stripe/stripe-js prod — scan budget exceeded
  • @upstash/redis prod — scan budget exceeded
  • chart.js prod — scan budget exceeded
  • solid-stripe prod — scan budget exceeded
  • @aws-sdk/client-firehose prod — scan budget exceeded
  • @opencode-ai/stats-core prod — scan budget exceeded
  • @aws-sdk/client-athena prod — scan budget exceeded
  • d3-geo prod — scan budget exceeded
  • d3-scale prod — scan budget exceeded
  • i18n-iso-countries prod — scan budget exceeded
  • topojson-client prod — scan budget exceeded
  • world-atlas prod — scan budget exceeded