Home / decolua / 9router
Repository Analysis

decolua/9router

Unlimited FREE AI coding. Connect Claude Code, Codex, Cursor, Cline, Copilot, Antigravity to FREE Claude/GPT/Gemini via 40+ providers. Auto-fallback, RTK -40% tokens, never hit limits.

8.4 Low AI signal View on GitHub
8.4
Adjusted Score
8.4
Raw Score
100%
Time Factor
2026-05-29
Last Push
15,218
Stars
JavaScript
Language
161,336
Lines of Code
810
Files
410
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 1HIGH 168MEDIUM 96LOW 145

Pattern Findings

410 matches across 8 categories. Click a row to expand file-level details.

Magic Placeholder Names168 hits · 890 pts
SeverityFileLineSnippet
HIGHREADME.md1249Authorization: Bearer your-api-key
HIGHREADME.md1265Authorization: Bearer your-api-key
HIGHREADME.zh-CN.md1242Authorization: Bearer your-api-key
HIGHREADME.zh-CN.md1258Authorization: Bearer your-api-key
HIGHgitbook/content/vi/troubleshooting.md247 -H "Authorization: Bearer your-api-key"
HIGHgitbook/content/vi/integration/other-tools.md21API Key: your-api-key-from-dashboard
HIGHgitbook/content/vi/integration/other-tools.md28API Key: your-api-key-from-dashboard
HIGHgitbook/content/vi/integration/other-tools.md55 api_key="your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/other-tools.md75 apiKey: "your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/other-tools.md94 -H "Authorization: Bearer your-api-key-from-dashboard" \
HIGHgitbook/content/vi/integration/other-tools.md113Authorization: Bearer your-api-key-from-dashboard
HIGHgitbook/content/vi/integration/other-tools.md136 openai_api_key="your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/other-tools.md153 api_key="your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/other-tools.md169openai.api_key = "your-api-key-from-dashboard"
HIGHgitbook/content/vi/integration/other-tools.md201 apiKey: "your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/other-tools.md227 api_key="your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/other-tools.md256ROUTER_API_KEY=your-api-key-from-dashboard
HIGHgitbook/content/vi/integration/other-tools.md277 api_key="your-api-key",
HIGHgitbook/content/vi/integration/other-tools.md298 api_key="your-api-key",
HIGHgitbook/content/vi/integration/other-tools.md344- Kiểm tra format header Authorization: `Bearer your-api-key`
HIGHgitbook/content/vi/integration/continue.md33 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/continue.md48 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/continue.md55 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/continue.md62 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/continue.md69 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/vi/integration/continue.md145 "apiKey": "your-api-key",
HIGHgitbook/content/vi/integration/continue.md164 "apiKey": "your-api-key",
HIGHgitbook/content/vi/integration/roo.md26API Key: your-api-key-from-dashboard
HIGHgitbook/content/vi/integration/roo.md32API Key: your-api-key-from-dashboard
HIGHgitbook/content/vi/providers/cheap.md55API Key: zhipu-your-api-key-here
HIGHgitbook/content/vi/features/quota-tracking.md565Authorization: Bearer your-api-key
HIGHgitbook/content/vi/features/quota-tracking.md618Authorization: Bearer your-api-key
HIGHgitbook/content/vi/features/combos.md384 -H "Authorization: Bearer your-api-key" \
HIGHgitbook/content/vi/getting-started/installation.md150 -H "Authorization: Bearer your-api-key"
HIGHgitbook/content/vi/getting-started/installation.md172 -H "Authorization: Bearer your-api-key" \
HIGHgitbook/content/ja/troubleshooting.md247 -H "Authorization: Bearer your-api-key"
HIGHgitbook/content/ja/integration/other-tools.md21API Key: your-api-key-from-dashboard
HIGHgitbook/content/ja/integration/other-tools.md28API Key: your-api-key-from-dashboard
HIGHgitbook/content/ja/integration/other-tools.md55 api_key="your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/other-tools.md75 apiKey: "your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/other-tools.md94 -H "Authorization: Bearer your-api-key-from-dashboard" \
HIGHgitbook/content/ja/integration/other-tools.md113Authorization: Bearer your-api-key-from-dashboard
HIGHgitbook/content/ja/integration/other-tools.md136 openai_api_key="your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/other-tools.md153 api_key="your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/other-tools.md169openai.api_key = "your-api-key-from-dashboard"
HIGHgitbook/content/ja/integration/other-tools.md201 apiKey: "your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/other-tools.md227 api_key="your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/other-tools.md256ROUTER_API_KEY=your-api-key-from-dashboard
HIGHgitbook/content/ja/integration/other-tools.md277 api_key="your-api-key",
HIGHgitbook/content/ja/integration/other-tools.md298 api_key="your-api-key",
HIGHgitbook/content/ja/integration/continue.md33 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/continue.md48 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/continue.md55 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/continue.md62 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/continue.md69 "apiKey": "your-api-key-from-dashboard",
HIGHgitbook/content/ja/integration/continue.md145 "apiKey": "your-api-key",
HIGHgitbook/content/ja/integration/continue.md164 "apiKey": "your-api-key",
HIGHgitbook/content/ja/integration/roo.md26API Key: your-api-key-from-dashboard
HIGHgitbook/content/ja/integration/roo.md32API Key: your-api-key-from-dashboard
HIGHgitbook/content/ja/providers/cheap.md55API Key: zhipu-your-api-key-here
108 more matches not shown…
Decorative Section Separators90 hits · 274 pts
SeverityFileLineSnippet
MEDIUMopen-sse/config/ttsModels.js3// ── Voice definitions (DRY — reused across providers) ──────────────────────
MEDIUMopen-sse/config/ttsModels.js36// ── TTS Config (config-driven, single source of truth) ─────────────────────
MEDIUMopen-sse/config/ttsModels.js110// ── Helper: get voices for a specific model ────────────────────────────────
MEDIUMopen-sse/config/ttsModels.js117// ── Build flat entries for PROVIDER_MODELS backward compat ─────────────────
MEDIUMopen-sse/utils/proxyFetch.js8// ─── TLS fingerprinting via got-scraping (browser-like JA3) ───────────────
MEDIUMopen-sse/handlers/ttsCore.js14// ── Response Formatter (DRY) ───────────────────────────────────
MEDIUMopen-sse/handlers/ttsCore.js44// ── Core handler ───────────────────────────────────────────────
MEDIUMopen-sse/handlers/search/callers.js33// ── Helpers ─────────────────────────────────────────────────────────────
MEDIUMopen-sse/handlers/search/callers.js87// ── Provider Request Builders ───────────────────────────────────────────
MEDIUMopen-sse/handlers/search/callers.js330// ── Dispatcher ──────────────────────────────────────────────────────────
MEDIUMopen-sse/services/projectId.js12// ─── Cache ────────────────────────────────────────────────────────────────────
MEDIUMopen-sse/services/projectId.js19// ─── Pending-fetch deduplication ─────────────────────────────────────────────
MEDIUMopen-sse/services/projectId.js26// ─── Periodic cleanup ────────────────────────────────────────────────────────
MEDIUMopen-sse/services/projectId.js76// ─── Public API ───────────────────────────────────────────────────────────────
MEDIUMopen-sse/services/projectId.js148// ─── Internal helpers ─────────────────────────────────────────────────────────
MEDIUMopen-sse/services/usage.js984// ── MiniMax helpers ──────────────────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js21// ─── Module mocks (hoisted before imports) ───────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js59// ─── Imports (after mocks) ────────────────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js67// ─── Fixtures ─────────────────────────────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js116// ─── Tests: CORS OPTIONS ──────────────────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js136// ─── Tests: Authentication ────────────────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js231// ─── Tests: Body validation ───────────────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js290// ─── Tests: Happy path — valid request ────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js378// ─── Tests: Rate limiting ──────────────────────────────────────────────────────
MEDIUMtests/unit/embeddings.cloud.test.js471// ─── Tests: machineId-override (old-format URL path) ─────────────────────────
MEDIUMtests/unit/antigravity-cache.test.js145 // ─── Codex-style sessionId comparison ────────────────────────────────
MEDIUMtests/unit/embeddingsCore.test.js13// ─── Mock the executors/index.js to avoid transitive uuid dependency ─────────
MEDIUMtests/unit/embeddingsCore.test.js35// ─── Helpers ─────────────────────────────────────────────────────────────────
MEDIUMtests/unit/embeddingsCore.test.js80// ─── Test: buildEmbeddingsBody (via handleEmbeddingsCore internals) ──────────
MEDIUMtests/unit/embeddingsCore.test.js191// ─── Test: buildEmbeddingsUrl ────────────────────────────────────────────────
MEDIUMtests/unit/embeddingsCore.test.js291// ─── Test: buildEmbeddingsHeaders ───────────────────────────────────────────
MEDIUMtests/unit/embeddingsCore.test.js358// ─── Test: handleEmbeddingsCore — input validation ───────────────────────────
MEDIUMtests/unit/embeddingsCore.test.js425// ─── Test: handleEmbeddingsCore — success path ───────────────────────────────
MEDIUMtests/unit/embeddingsCore.test.js502// ─── Test: handleEmbeddingsCore — provider error handling ────────────────────
MEDIUMtests/unit/embeddingsCore.test.js574// ─── Test: handleEmbeddingsCore — token refresh on 401 ───────────────────────
MEDIUMtests/unit/oauth-cursor-auto-import.test.js66 // ── macOS path probing ────────────────────────────────────────────────
MEDIUMtests/unit/oauth-cursor-auto-import.test.js88 // ── Token extraction ──────────────────────────────────────────────────
MEDIUMtests/unit/oauth-cursor-auto-import.test.js123 // ── Fuzzy fallback (macOS only) ───────────────────────────────────────
MEDIUMtests/unit/claude-header-forwarding.test.js15// ─── claudeHeaderCache ────────────────────────────────────────────────────────
MEDIUMtests/unit/claude-header-forwarding.test.js118// ─── DefaultExecutor.buildHeaders() ──────────────────────────────────────────
MEDIUMtests/unit/claude-header-forwarding.test.js231// ─── anthropic-compatible header stripping ────────────────────────────────────
MEDIUMtests/unit/claude-header-forwarding.test.js323// ─── proxyFetch anthropicFetch routing ────────────────────────────────────────
MEDIUMcli/scripts/buildMitm.js5// ── Build config ─────────────────────────────────────────
MEDIUMcli/scripts/buildMitm.js11// ─────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js23// ─── Shared helpers ───────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js35// ─── Claude Code ──────────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js172// ─── Codex CLI ────────────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js260// ─── Factory Droid ────────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js343// ─── Open Claw ────────────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js428// ─── OpenCode CLI ─────────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js516// ─── Hermes Agent ─────────────────────────────────────────────────────────────
MEDIUMcli/src/cli/menus/cliTools.js576// ─── Main CLI Tools Menu ──────────────────────────────────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js29// ─── Re-exports wrapped with local logger ─────────────────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js70// ─── Lifecycle hook ───────────────────────────────────────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js85// ─── Internal helpers ─────────────────────────────────────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js145// ─── Local-specific: persist credentials to localDb ──────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js194// ─── Local-specific: proactive token refresh ─────────────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js207 // ── 1. Regular access-token expiry ────────────────────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js249 // ── 2. GitHub Copilot token expiry ────────────────────────────────────────
MEDIUMsrc/sse/services/tokenRefresh.js282// ─── Local-specific: combined GitHub + Copilot refresh ───────────────────────
30 more matches not shown…
Hyper-Verbose Identifiers106 hits · 109 pts
SeverityFileLineSnippet
LOWopen-sse/config/kiroConstants.js219export function buildThinkingSystemPrefix(budget = KIRO_THINKING_BUDGET_DEFAULT) {
LOWopen-sse/config/providers.js454export function resolveXiaomiTokenplanBaseUrl(credentials) {
LOWopen-sse/transformer/responsesTransformer.js54export function createResponsesApiTransformStream(logger = null) {
LOWopen-sse/transformer/streamToJsonConverter.js49export async function convertResponsesStreamToJson(stream) {
LOWopen-sse/utils/streamHandler.js97export function createDisconnectAwareStream(transformStream, streamController) {
LOWopen-sse/utils/stream.js377export function createSSETransformStreamWithLogger(targetFormat, sourceFormat, provider = null, reqLogger = null, toolNa
LOWopen-sse/utils/stream.js393export function createPassthroughStreamWithLogger(provider = null, reqLogger = null, model = null, connectionId = null,
LOWopen-sse/utils/bypassHandler.js128function createNonStreamingResponse(sourceFormat, model, text) {
LOWopen-sse/utils/bypassHandler.js264function createOpenAIStreamingChunks(completeResponse) {
LOWopen-sse/utils/proxyFetch.js203function resolveConnectionProxyUrl(targetUrl, proxyOptions) {
LOWopen-sse/translator/response/openai-to-antigravity.js8export function openaiToAntigravityResponse(chunk, state) {
LOWopen-sse/translator/response/openai-responses.js12export function openaiToOpenAIResponsesResponse(chunk, state) {
LOWopen-sse/translator/response/openai-responses.js370export function openaiResponsesToOpenAIResponse(chunk, state) {
LOWopen-sse/translator/response/commandcode-to-openai.js58export function convertCommandCodeToOpenAI(chunk, state) {
LOWopen-sse/translator/request/openai-to-gemini.js26function sanitizeGeminiFunctionName(name) {
LOWopen-sse/translator/request/openai-to-gemini.js320function wrapInCloudCodeEnvelopeForClaude(model, claudeRequest, credentials = null) {
LOWopen-sse/translator/request/openai-to-gemini.js456export function openaiToAntigravityRequest(model, body, stream, credentials = null) {
LOWopen-sse/translator/request/antigravity-to-openai.js7export function antigravityToOpenAIRequest(model, body, stream) {
LOWopen-sse/translator/request/openai-responses.js18export function openaiResponsesToOpenAIRequest(model, body, stream, credentials) {
LOWopen-sse/translator/request/openai-responses.js201export function openaiToOpenAIResponsesRequest(model, body, stream, credentials) {
LOWopen-sse/translator/request/openai-to-claude.js210function getContentBlocksFromMessage(msg, toolNameMap = new Map()) {
LOWopen-sse/translator/request/openai-to-claude.js326function openaiToClaudeRequestForAntigravity(model, body, stream) {
LOWopen-sse/translator/helpers/geminiHelper.js35export function convertOpenAIContentToParts(content) {
LOWopen-sse/translator/helpers/geminiHelper.js124function removeUnsupportedKeywords(obj, keywords) {
LOWopen-sse/translator/helpers/geminiHelper.js164function convertEnumValuesToStrings(obj) {
LOWopen-sse/translator/helpers/geminiHelper.js298export function cleanJSONSchemaForAntigravity(schema) {
LOWopen-sse/translator/helpers/responsesApiHelper.js29export function convertResponsesApiFormat(body) {
LOWopen-sse/executors/codex.js36function convertSystemToDeveloperRole(body) {
LOWopen-sse/executors/codex.js46function stripStoredItemReferences(body) {
LOWopen-sse/executors/cursor.js49function visibleComposerContentFromThinking(thinking) {
LOWopen-sse/executors/grok-web.js192async function buildNonStreamingResponse(eventStream, model, cid, created, isThinkingModel, signal) {
LOWopen-sse/executors/perplexity-web.js359async function buildNonStreamingResponse(eventStream, model, cid, created, history, currentMsg, signal) {
LOWopen-sse/executors/qwen.js39function sanitizeQwenThinkingToolChoice(body) {
LOWopen-sse/handlers/imageGenerationCore.js29export async function handleImageGenerationCore({
LOWopen-sse/handlers/sttCore.js141async function transcribeOpenAICompatible(cfg, file, model, token, formData) {
LOWopen-sse/handlers/embeddingProviders/openai.js17export default function createOpenAIEmbeddingAdapter(providerId) {
LOWopen-sse/handlers/chatCore/nonStreamingHandler.js15export function translateNonStreamingResponse(responseBody, targetFormat, sourceFormat) {
LOWopen-sse/handlers/chatCore/nonStreamingHandler.js131export async function handleNonStreamingResponse({ providerResponse, provider, model, sourceFormat, targetFormat, body,
LOWopen-sse/handlers/chatCore/sseToJsonHandler.js8function textFromResponsesMessageItem(item) {
LOWopen-sse/handlers/chatCore/sseToJsonHandler.js21function pickAssistantMessageForChatCompletion(output) {
LOWopen-sse/handlers/imageProviders/cloudflareAi.js117function normalizeCloudflareResponse(responseBody) {
LOWopen-sse/services/provider.js33function buildAnthropicCompatibleUrl(baseUrl) {
LOWopen-sse/services/tokenRefresh.js71export function isUnrecoverableRefreshError(result) {
LOWopen-sse/services/tokenRefresh.js703export function formatProviderCredentials(provider, credentials, log) {
LOWopen-sse/services/kiroModels.js67function buildKiroFingerprintHeaders(credentials) {
LOWopen-sse/services/projectId.js86export async function getProjectIdForConnection(connectionId, accessToken) {
LOWopen-sse/services/projectId.js290function extractProjectIdFromOnboard(data) {
LOWopen-sse/services/usage.js209function formatGitHubQuotaSnapshot(quota) {
LOWopen-sse/services/usage.js302function normalizeCloudCodeProjectId(project) {
LOWopen-sse/services/usage.js313async function getGeminiSubscriptionInfo(accessToken, proxyOptions = null) {
LOWopen-sse/services/usage.js467async function getAntigravitySubscriptionInfo(accessToken, proxyOptions = null) {
LOWopen-sse/services/model.js246function inferProviderFromModelName(modelName) {
LOWopen-sse/services/accountFallback.js72export function getEarliestRateLimitedUntil(accounts) {
LOWopen-sse/services/accountFallback.js131export function getEarliestModelLockUntil(connection) {
LOWopen-sse/services/accountFallback.js155export function buildClearModelLocksUpdate(connection) {
LOWtests/unit/embeddingsCore.test.js46function makeProviderErrorResponse(status, message) {
LOWtests/unit/compatible-provider-connections.test.js54function expectCompatibleConnection(connection, node, { apiType } = {}) {
LOWcli/hooks/sqliteRuntime.js47function isBetterSqliteBinaryValid() {
LOWcli/src/cli/utils/modelSelector.js34async function getAvailableModelsGrouped() {
LOWcli/src/cli/menus/providers.js154function countConnectionsByProvider(connections) {
46 more matches not shown…
Verbosity Indicators36 hits · 58 pts
SeverityFileLineSnippet
LOWopen-sse/translator/index.js93 // Step 1: source -> openai (if source is not openai)
LOWopen-sse/translator/index.js103 // Step 2: openai -> target (if target is not openai)
LOWopen-sse/translator/index.js160 // Step 1: target -> openai (if target is not openai)
LOWopen-sse/translator/index.js173 // Step 2: openai -> source (if source is not openai)
LOWcli/scripts/build-cli.js91// Step 0: Sync version from app/cli/package.json to app/package.json
LOWcli/scripts/build-cli.js104// Step 1: Build app with Next.js (workspace tracing root → traced node_modules in standalone).
LOWcli/scripts/build-cli.js126// Step 2: Clean old app/cli/app if exists
LOWcli/scripts/build-cli.js133// Step 3: Copy Next.js standalone build to app/cli/app.
LOWcli/scripts/build-cli.js189// Step 4: Copy static files
LOWcli/scripts/build-cli.js201// Step 5: Copy public folder if exists
LOWcli/scripts/build-cli.js212// Step 6: Copy vendor-chunks (required for production)
LOWcli/scripts/build-cli.js224// Step 7: Copy MITM server files (not bundled by Next.js standalone)
LOWcli/scripts/build-cli.js246// Step 8: Build MITM server (config driven - see app/cli/scripts/buildMitm.js)
LOWcli/src/cli/menus/providers.js458 // Step 1: Get auth URL
LOWcli/src/cli/menus/providers.js480 // Step 2: Show URL and instructions
LOWcli/src/cli/menus/providers.js503 // Step 3: Parse callback URL and extract code
LOWcli/src/cli/menus/providers.js529 // Step 4: Exchange code for tokens
LOWcli/src/cli/menus/providers.js556 // Step 1: Request device code
LOWcli/src/cli/menus/providers.js580 // Step 2: Show instructions
LOWcli/src/cli/menus/providers.js597 // Step 3: Poll for token
LOWcli/src/cli/menus/providers.js775 // Step 1: Select type
LOWcli/src/cli/menus/providers.js785 // Step 2: Inputs
LOWcli/src/cli/menus/providers.js795 // Step 3: API type (OpenAI only)
LOWsrc/app/api/oauth/iflow/cookie/route.js28 // Step 1: GET API key info to get the name
LOWsrc/app/api/oauth/iflow/cookie/route.js65 // Step 2: POST to refresh API key
LOWsrc/app/api/cli-tools/cowork-mcp-tools/route.js18 // Step 1: initialize
LOWsrc/app/api/cli-tools/cowork-mcp-tools/route.js40 // Step 2: notifications/initialized (required by spec before tools/list)
LOWsrc/app/api/cli-tools/cowork-mcp-tools/route.js48 // Step 3: tools/list
LOWsrc/app/(dashboard)/dashboard/translator/page.js67 // Step 1: detect provider/format from model field
LOWsrc/mitm/manager.js512 // Step 1: Generate Root CA if missing or expired
LOWsrc/mitm/manager.js552 // Step 2: Spawn server (Root CA already installed in Step 1.5)
LOWsrc/lib/oauth/providers.js858 // Step 1: Register client with AWS SSO OIDC
LOWsrc/lib/oauth/providers.js881 // Step 2: Request device authorization
LOWsrc/lib/oauth/constants/oauth.js247// Step 1: POST /v2/plugin/auth/state?platform=CLI → get { state, authUrl }
LOWsrc/lib/oauth/constants/oauth.js248// Step 2: Open authUrl in browser
LOWsrc/lib/oauth/constants/oauth.js249// Step 3: Poll POST /v2/plugin/auth/token with state until success
Excessive Try-Catch Wrapping5 hits · 10 pts
SeverityFileLineSnippet
MEDIUMgitbook/content/vi/integration/other-tools.md288 print(f"Error: {e}")
MEDIUMgitbook/content/ja/integration/other-tools.md288 print(f"Error: {e}")
MEDIUMgitbook/content/zh-CN/integration/other-tools.md288 print(f"Error: {e}")
MEDIUMgitbook/content/es/integration/other-tools.md288 print(f"Error: {e}")
MEDIUMgitbook/content/en/integration/other-tools.md288 print(f"Error: {e}")
Hallucination Indicators1 hit · 10 pts
SeverityFileLineSnippet
CRITICAL…rd)/dashboard/cli-tools/components/OpenCodeToolCard.js62 setSubagentModel(status.config.agent.explorer.model.replace("9router/", ""));
AI Slop Vocabulary1 hit · 3 pts
SeverityFileLineSnippet
MEDIUMopen-sse/config/codexInstructions.js30## Codex CLI harness, sandboxing, and approvals
Over-Commented Block3 hits · 3 pts
SeverityFileLineSnippet
LOWopen-sse/utils/requestLogger.js81 // for (const key of Object.keys(masked)) {
LOWsrc/shared/constants/cliTools.js341 },
LOWsrc/shared/constants/providers.js121 // aimlapi: { id: "aimlapi", alias: "aiml", name: "AI/ML API", icon: "hub", color: "#6366F1", textIcon: "AI", website: