AI Assessment
VERDICT
Based on automated scanning, this codebase is likely production-ready from a security perspective but has significant code quality and maintainability concerns that should be addressed before deployment.
TOP RISKS
→ Cyclomatic complexity violations detected in pkg/providers/factory.go:38, web/frontend/src/components/channels/channel-config-page.tsx:47, and pkg/config/config.go:538 — the scanner flagged resolveProviderSelection with CCN 144, indicating highly complex branching logic that is difficult to test and maintain.
→ High-severity duplicated code block (119 lines) flagged across web/frontend/src/components/models/add-model-sheet.tsx and web/frontend/src/components/channels/channel-forms/feishu-form.tsx — scanner detected significant code duplication that increases maintenance burden.
→ Container security issues in docker/Dockerfile.full and docker/Dockerfile.goreleaser — images flagged for running as root user (DS-0002) and missing HEALTHCHECK directives (DS-0026).
→ 240 code quality issues spanning formatting, import organization, and TypeScript strict mode violations across the web frontend codebase.
WHAT TO FIX FIRST
Refactor the resolveProviderSelection function in pkg/providers/factory.go:38. The scanner flagged this with cyclomatic complexity of 144, making it a significant maintainability bottleneck. Breaking this into smaller, focused functions would improve testability and reduce cognitive load.
Note: Verify critical security findings (container root user, complexity) against actual code patterns, as some flagged items may be false positives in the scanner's analysis.
Category Breakdown
Findings(247 in 23 groups)
Function "resolveProviderSelection cfg * config . Config" has a cyclomatic complexity of 144 (355 lines, 1 parameters). This function is extremely complex and should be refactored into smaller functions.
Affected files
Duplicate found between web/frontend/src/components/models/add-model-sheet.tsx:204 and web/frontend/src/components/models/edit-model-sheet.tsx:173. Consider extracting shared logic into a reusable function or module.
Affected files
Running containers with 'root' user can lead to a container escape situation. It is a best practice to run containers as non-root users, which can be done by adding a 'USER' statement to the Dockerfile. | Fix: Add 'USER <non root user name>' line to the Dockerfile | Target: docker/Dockerfile.full
Affected files
Biome rule: lint/correctness/useExhaustiveDependencies
Affected files
Biome rule: lint/correctness/noChildrenProp
Affected files
Biome rule: lint/suspicious/noArrayIndexKey
Affected files
No test directory or test files were found. Automated tests are critical for maintaining code quality and preventing regressions.
Affected files
Biome rule: lint/a11y/useSemanticElements
Affected files
Biome rule: lint/suspicious/noDoubleEquals
Affected files
Biome rule: lint/suspicious/noAssignInExpressions
Affected files
Share your ShipScanner
Show the world your code quality. Your report has a beautiful preview image built in.
Embed Trust Badge
Show your code quality score in your README. The badge updates automatically every time you re-scan.
[](https://shipscanner.dev/report/cmmthcy560003jp04obnhlrd7)