🛡️ Sentinel: [MEDIUM] Fix SQL syntax error / DoS vector on empty memory recall

[docxology]

🚨 Severity: MEDIUM
💡 Vulnerability: Unhandled SQL syntax exception in recall_memory edge case
🎯 Impact: If query is an empty string or whitespace, query.split() creates an empty list, and where_clauses resolves to "". The resulting query SELECT * FROM memories WHERE LIMIT ? throws a fatal sqlite3.OperationalError, potentially causing application crash/Denial of Service.
🔧 Fix: Added an explicit if not search_terms: condition to run a direct SELECT * FROM memories LIMIT ? if no parameters are available.
✅ Verification: Ran uv run pytest src/codomyrmex/tests/unit/agentic_memory/ ensuring 100% stable execution and uv run ruff check for static validation.

---

PR created automatically by Jules for task 18291660171048009927 started by @docxology

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[github-actions]

🤖 Hi @docxology, I've received your request, and I'm working on it now! You can track my progress in the logs for more details.

[github-actions]

🤖 I'm sorry @docxology, but I was unable to process your request. Please see the logs for more details.

[github-actions]

📊 File Changes Analysis

Change Analysis

Source Code Changes

• src/codomyrmex/agentic_memory/cognilayer_bridge.py

Configuration Changes

• .github/workflows/dependency-review.yml
• .github/workflows/pre-commit.yml
• .github/workflows/security.yml
• pyproject.toml

Analysis

⚠️ Dependencies changed - Review dependency updates carefully
🔧 Workflow changes detected - Test workflows thoroughly
⚠️ Source code changed without test updates - Consider adding tests

[github-actions]

🔒 Security Scan Results

🔒 Comprehensive Security Report

Generated on: Sat Mar 14 02:59:54 UTC 2026
Repository: docxology/codomyrmex
Commit: ed1ed93

Summary

Dependency Security

Current Dependencies

codomyrmex v1.2.2
├── aiohttp v3.13.3
│   ├── aiohappyeyeballs v2.6.1
│   ├── aiosignal v1.4.0
│   │   ├── frozenlist v1.8.0
│   │   └── typing-extensions v4.15.0
│   ├── attrs v25.4.0
│   ├── frozenlist v1.8.0
│   ├── multidict v6.7.1
│   ├── propcache v0.4.1
│   └── yarl v1.22.0
│       ├── idna v3.11
│       ├── multidict v6.7.1
│       └── propcache v0.4.1
├── bandit v1.9.4
│   ├── pyyaml v6.0.3
│   ├── rich v14.3.3
│   │   ├── markdown-it-py v4.0.0
│   │   │   ├── mdurl v0.1.2
│   │   │   └── linkify-it-py v2.0.3 (extra: linkify)
│   │   │       └── uc-micro-py v1.0.3
│   │   └── pygments v2.19.2
│   └── stevedore v5.7.0
├── beautifulsoup4 v4.14.3
│   ├── soupsieve v2.8.3
│   └── typing-extensions v4.15.0
├── cased-kit v3.5.1
│   ├── anthropic v0.84.0
│   │   ├── anyio v4.12.1
│   │   │   ├── idna v3.11
│   │   │   └── typing-extensions v4.15.0
│   │   ├── distro v1.9.0
│   │   ├── docstring-parser v0.17.0
│   │   ├── httpx v0.28.1
│   │   │   ├── anyio v4.12.1 (*)
│   │   │   ├── certifi v2026.2.25
│   │   │   ├── httpcore v1.0.9
│   │   │   │   ├── certifi v2026.2.25
│   │   │   │   └── h11 v0.16.0
│   │   │   └── idna v3.11
│   │   ├── jiter v0.13.0
│   │   ├── pydantic v2.12.5
│   │   │   ├── annotated-types v0.7.0
│   │   │   ├── pydantic-core v2.41.5
│   │   │   │   └── typing-extensions v4.15.0
│   │   │   ├── typing-extensions v4.15.0
│   │   │   └── typing-inspection v0.4.2
│   │   │       └── typing-extensions v4.15.0
│   │   ├── sniffio v1.3.1
│   │   └── typing-extensions v4.15.0
│   ├── click v8.1.8
│   ├── fastapi v0.133.1
│   │   ├── annotated-doc v0.0.4
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── starlette v0.52.1
│   │   │   ├── anyio v4.12.1 (*)
│   │   │   └── typing-extensions v4.15.0
│   │   ├── typing-extensions v4.15.0
│   │   └── typing-inspection v0.4.2 (*)
│   ├── google-genai v1.65.0
│   │   ├── anyio v4.12.1 (*)
│   │   ├── distro v1.9.0
│   │   ├── google-auth[requests] v2.48.0
│   │   │   ├── cryptography v46.0.5
│   │   │   │   └── cffi v2.0.0
│   │   │   │       └── pycparser v3.0
│   │   │   ├── pyasn1-modules v0.4.2
│   │   │   │   └── pyasn1 v0.6.2
│   │   │   ├── rsa v4.9.1
│   │   │   │   └── pyasn1 v0.6.2
│   │   │   └── requests v2.32.5 (extra: requests)
│   │   │       ├── certifi v2026.2.25
│   │   │       ├── charset-normalizer v3.4.5
│   │   │       ├── idna v3.11
│   │   │       └── urllib3 v2.6.3
│   │   ├── httpx v0.28.1 (*)
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── requests v2.32.5 (*)
│   │   ├── sniffio v1.3.1
│   │   ├── tenacity v9.1.4
│   │   ├── typing-extensions v4.15.0
│   │   └── websockets v16.0
│   ├── ignore-python v0.3.2
│   ├── mcp v1.26.0
│   │   ├── anyio v4.12.1 (*)
│   │   ├── httpx v0.28.1 (*)
│   │   ├── httpx-sse v0.4.3
│   │   ├── jsonschema v4.26.0
│   │   │   ├── attrs v25.4.0
│   │   │   ├── jsonschema-specifications v2025.9.1
│   │   │   │   └── referencing v0.37.0
│   │   │   │       ├── attrs v25.4.0
│   │   │   │       ├── rpds-py v0.30.0
│   │   │   │       └── typing-extensions v4.15.0
│   │   │   ├── referencing v0.37.0 (*)
│   │   │   └── rpds-py v0.30.0
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── pydantic-settings v2.13.1
│   │   │   ├── pydantic v2.12.5 (*)
│   │   │   ├── python-dotenv v1.2.1
│   │   │   └── typing-inspection v0.4.2 (*)
│   │   ├── pyjwt[crypto] v2.11.0
│   │   │   └── cryptography v46.0.5 (extra: crypto) (*)
│   │   ├── python-multipart v0.0.22
│   │   ├── sse-starlette v3.2.0
│   │   │   ├── anyio v4.12.1 (*)
│   │   │   └── starlette v0.52.1 (*)
│   │   ├── starlette v0.52.1 (*)
│   │   ├── typing-extensions v4.15.0
│   │   ├── typing-inspection v0.4.2 (*)
│   │   └── uvicorn v0.41.0
│   │       ├── click v8.1.8
│   │       ├── h11 v0.16.0
│   │       ├── httptools v0.7.1 (extra: standard)
│   │       ├── python-dotenv v1.2.1 (extra: standard)
│   │       ├── pyyaml v6.0.3 (extra: standard)
│   │       ├── uvloop v0.22.1 (extra: standard)
│   │       ├── watchfiles v1.1.1 (extra: standard)
│   │       │   └── anyio v4.12.1 (*)
│   │       └── websockets v16.0 (extra: standard)
│   ├── numpy v2.4.2
│   ├── openai v2.24.0
│   │   ├── anyio v4.12.1 (*)
│   │   ├── distro v1.9.0
│   │   ├── httpx v0.28.1 (*)
│   │   ├── jiter v0.13.0
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── sniffio v1.3.1
│   │   ├── tqdm v4.67.3
│   │   └── typing-extensions v4.15.0
│   ├── pathspec v1.0.4
│   ├── python-hcl2 v7.3.1
│   │   ├── lark v1.3.1
│   │   └── regex v2026.2.19
│   ├── pyyaml v6.0.3
│   ├── redis v7.2.1
│   ├── requests v2.32.5 (*)
│   ├── tiktoken v0.12.0
│   │   ├── regex v2026.2.19
│   │   └── requests v2.32.5 (*)
│   ├── tree-sitter v0.25.2
│   ├── tree-sitter-language-pack v0.13.0
│   │   ├── tree-sitter v0.25.2
│   │   ├── tree-sitter-c-sharp v0.23.1
│   │   ├── tree-sitter-embedded-template v0.25.0
│   │   └── tree-sitter-yaml v0.7.2
│   ├── typer v0.15.4
│   │   ├── click v8.1.8
│   │   ├── rich v14.3.3 (*)
│   │   ├── shellingham v1.5.4
│   │   └── typing-extensions v4.15.0
│   └── uvicorn[standard] v0.41.0 (*)
├── cryptography v46.0.5 (*)
├── diff-match-patch v20241021
├── email-validator v2.3.0
│   ├── dnspython v2.8.0
│   └── idna v3.11
├── gitpython v3.1.46
│   └── gitdb v4.0.12
│       └── smmap v5.0.2
├── jsonschema v4.26.0 (*)
├── lizard v1.21.0
│   ├── pathspec v1.0.4
│   └── pygments v2.19.2
├── loguru v0.7.3
├── mako v1.3.10
│   └── markupsafe v3.0.3
├── markdownify v1.2.2
│   ├── beautifulsoup4 v4.14.3 (*)
│   └── six v1.17.0
├── matplotlib v3.10.8
│   ├── contourpy v1.3.3
│   │   └── numpy v2.4.2
│   ├── cycler v0.12.1
│   ├── fonttools v4.61.1
│   ├── kiwisolver v1.4.9
│   ├── numpy v2.4.2
│   ├── packaging v26.0
│   ├── pillow v11.3.0
│   ├── pyparsing v3.3.2
│   └── python-dateutil v2.9.0.post0
│       └── six v1.17.0
├── mlx-lm v0.31.1
│   ├── jinja2 v3.1.6
│   │   └── markupsafe v3.0.3
│   ├── numpy v2.4.2
│   ├── protobuf v5.29.6
│   ├── pyyaml v6.0.3
│   ├── sentencepiece v0.2.1
│   └── transformers v5.2.0
│       ├── huggingface-hub v1.5.0
│       │   ├── filelock v3.12.4
│       │   ├── fsspec v2026.2.0
│       │   ├── hf-xet v1.3.2
│       │   ├── httpx v0.28.1 (*)
│       │   ├── packaging v26.0
│       │   ├── pyyaml v6.0.3
│       │   ├── tqdm v4.67.3
│       │   ├── typer v0.15.4 (*)
│       │   └── typing-extensions v4.15.0
│       ├── numpy v2.4.2
│       ├── packaging v26.0
│       ├── pyyaml v6.0.3
│       ├── regex v2026.2.19
│       ├── safetensors v0.7.0
│       ├── tokenizers v0.22.2
│       │   └── huggingface-hub v1.5.0 (*)
│       ├── tqdm v4.67.3
│       └── typer-slim v0.21.2
│           ├── annotated-doc v0.0.4
│           └── click v8.1.8
├── psutil v6.0.0
├── pydantic v2.12.5 (*)
├── pygments v2.19.2
├── pylint v4.0.5
│   ├── astroid v4.0.4
│   ├── dill v0.4.1
│   ├── isort v8.0.0
│   ├── mccabe v0.7.0
│   ├── platformdirs v4.9.2
│   └── tomlkit v0.14.0
├── python-dotenv v1.2.1
├── pytz v2025.2
├── pyyaml v6.0.3
├── radon v6.0.1
│   ├── colorama v0.4.6
│   └── mando v0.7.1
│       └── six v1.17.0
├── requests v2.32.5 (*)
├── rich v14.3.3 (*)
├── tqdm v4.67.3
├── unidiff v0.7.5
├── wasmtime v42.0.0
├── watchdog v6.0.0
├── fastapi v0.133.1 (extra: api) (*)
├── uvicorn v0.41.0 (extra: api) (*)
├── edge-tts v7.2.7 (extra: audio)
│   ├── aiohttp v3.13.3 (*)
│   ├── certifi v2026.2.25
│   ├── tabulate v0.9.0
│   └── typing-extensions v4.15.0
├── faster-whisper v1.2.1 (extra: audio)
│   ├── av v16.1.0
│   ├── ctranslate2 v4.7.1
│   │   ├── numpy v2.4.2
│   │   ├── pyyaml v6.0.3
│   │   └── setuptools v82.0.0
│   ├── huggingface-hub v1.5.0 (*)
│   ├── onnxruntime v1.24.2
│   │   ├── flatbuffers v25.12.19
│   │   ├── numpy v2.4.2
│   │   ├── packaging v26.0
│   │   ├── protobuf v5.29.6
│   │   └── sympy v1.14.0
│   │       └── mpmath v1.3.0
│   ├── tokenizers v0.22.2 (*)
│   └── tqdm v4.67.3
├── pydub v0.25.1 (extra: audio)
├── pyttsx3 v2.99 (extra: audio)
├── soundfile v0.13.1 (extra: audio)
│   ├── cffi v2.0.0 (*)
│   └── numpy v2.4.2
├── redis v7.2.1 (extra: cache)
├── google-api-python-client v2.190.0 (extra: calendar)
│   ├── google-api-core v2.25.2
│   │   ├── google-auth v2.48.0 (*)
│   │   ├── googleapis-common-protos v1.72.0
│   │   │   └── protobuf v5.29.6
│   │   ├── proto-plus v1.27.1
│   │   │   └── protobuf v5.29.6
│   │   ├── protobuf v5.29.6
│   │   └── requests v2.32.5 (*)
│   ├── google-auth v2.48.0 (*)
│   ├── google-auth-httplib2 v0.3.0
│   │   ├── google-auth v2.48.0 (*)
│   │   └── httplib2 v0.31.2
│   │       └── pyparsing v3.3.2
│   ├── httplib2 v0.31.2 (*)
│   └── uritemplate v4.2.0
├── google-auth-httplib2 v0.3.0 (extra: calendar) (*)
├── google-auth-oauthlib v1.3.0 (extra: calendar)
│   ├── google-auth v2.48.0 (*)
│   └── requests-oauthlib v2.0.0
│       ├── oauthlib v3.3.1
│       └── requests v2.32.5 (*)
├── azure-identity v1.25.2 (extra: cloud)
│   ├── azure-core v1.38.2
│   │   ├── requests v2.32.5 (*)
│   │   └── typing-extensions v4.15.0
│   ├── cryptography v46.0.5 (*)
│   ├── msal v1.35.0
│   │   ├── cryptography v46.0.5 (*)
│   │   ├── pyjwt[crypto] v2.11.0 (*)
│   │   └── requests v2.32.5 (*)
│   ├── msal-extensions v1.3.1
│   │   └── msal v1.35.0 (*)
│   └── typing-extensions v4.15.0
├── azure-storage-blob v12.28.0 (extra: cloud)
│   ├── azure-core v1.38.2 (*)
│   ├── cryptography v46.0.5 (*)
│   ├── isodate v0.7.2
│   └── typing-extensions v4.15.0
├── boto3 v1.42.58 (extra: cloud)
│   ├── botocore v1.42.58
│   │   ├── jmespath v1.1.0
│   │   ├── python-dateutil v2.9.0.post0 (*)
│   │   └── urllib3 v2.6.3
│   ├── jmespath v1.1.0
│   └── s3transfer v0.16.0
│       └── botocore v1.42.58 (*)
├── google-cloud-storage v3.4.1 (extra: cloud)
│   ├── google-api-core v2.25.2 (*)
│   ├── google-auth v2.48.0 (*)
│   ├── google-cloud-core v2.5.0
│   │   ├── google-api-core v2.25.2 (*)
│   │   └── google-auth v2.48.0 (*)
│   ├── google-crc32c v1.8.0
│   ├── google-resumable-media v2.8.0
│   │   └── google-crc32c v1.8.0
│   └── requests v2.32.5 (*)
├── openstacksdk v4.10.0 (extra: cloud)
│   ├── cryptography v46.0.5 (*)
│   ├── decorator v5.2.1
│   ├── dogpile-cache v1.5.0
│   │   ├── decorator v5.2.1
│   │   └── stevedore v5.7.0
│   ├── iso8601 v2.1.0
│   ├── jmespath v1.1.0
│   ├── jsonpatch v1.33
│   │   └── jsonpointer v3.0.0
│   ├── keystoneauth1 v5.13.1
│   │   ├── iso8601 v2.1.0
│   │   ├── os-service-types v1.8.2
│   │   │   ├── pbr v7.0.3
│   │   │   │   └── setuptools v82.0.0
│   │   │   └── typing-extensions v4.15.0
│   │   ├── pbr v7.0.3 (*)
│   │   ├── requests v2.32.5 (*)
│   │   ├── stevedore v5.7.0
│   │   └── typing-extensions v4.15.0
│   ├── os-service-types v1.8.2 (*)
│   ├── pbr v7.0.3 (*)
│   ├── platformdirs v4.9.2
│   ├── psutil v6.0.0
│   ├── pyyaml v6.0.3
│   ├── requestsexceptions v1.4.0
│   └── typing-extensions v4.15.0
├── safety v3.2.11 (extra: code-review)
│   ├── authlib v1.6.8
│   │   └── cryptography v46.0.5 (*)
│   ├── click v8.1.8
│   ├── dparse v0.6.4
│   │   └── packaging v26.0
│   ├── filelock v3.12.4
│   ├── jinja2 v3.1.6 (*)
│   ├── marshmallow v4.2.2
│   ├── packaging v26.0
│   ├── psutil v6.0.0
│   ├── pydantic v2.12.5 (*)
│   ├── requests v2.32.5 (*)
│   ├── rich v14.3.3 (*)
│   ├── ruamel-yaml v0.19.1
│   ├── safety-schemas v0.0.18
│   │   ├── dparse v0.6.4 (*)
│   │   ├── packaging v26.0
│   │   ├── pydantic v2.12.5 (*)
│   │   ├── ruamel-yaml v0.19.1
│   │   └── typing-extensions v4.15.0
│   ├── setuptools v82.0.0
│   ├── typer v0.15.4 (*)
│   ├── typing-extensions v4.15.0
│   └── urllib3 v2.6.3
├── typing-extensions v4.15.0 (extra: code-review)
├── vulture v2.14 (extra: code-review)
├── docker v7.1.0 (extra: containerization)
│   ├── requests v2.32.5 (*)
│   └── urllib3 v2.6.3
├── mnemonic v0.21 (extra: crypto)
├── pillow v11.3.0 (extra: crypto)
├── pillow v11.3.0 (extra: dark)
├── pymupdf v1.27.1 (extra: dark)
├── matplotlib v3.10.8 (extra: data-visualization) (*)
├── seaborn v0.13.2 (extra: data-visualization)
│   ├── matplotlib v3.10.8 (*)
│   ├── numpy v2.4.2
│   └── pandas v3.0.1
│       ├── numpy v2.4.2
│       └── python-dateutil v2.9.0.post0 (*)
├── paramiko v4.0.0 (extra: deployment)
│   ├── bcrypt v5.0.0
│   ├── cryptography v46.0.5 (*)
│   ├── invoke v2.2.1
│   └── pynacl v1.6.2
│       └── cffi v2.0.0 (*)
├── chardet v6.0.0.post1 (extra: documents)
├── pypdf v6.7.4 (extra: documents)
├── agentmail v0.2.22 (extra: email)
│   ├── httpx v0.28.1 (*)
│   ├── pydantic v2.12.5 (*)
│   ├── pydantic-core v2.41.5 (*)
│   ├── typing-extensions v4.15.0
│   └── websockets v16.0
├── google-api-python-client v2.190.0 (extra: email) (*)
├── google-auth-httplib2 v0.3.0 (extra: email) (*)
├── google-auth-oauthlib v1.3.0 (extra: email) (*)
├── chromadb v1.5.2 (extra: embedding)
│   ├── bcrypt v5.0.0
│   ├── build v1.4.0
│   │   ├── packaging v26.0
│   │   └── pyproject-hooks v1.2.0
│   ├── grpcio v1.78.0
│   │   └── typing-extensions v4.15.0
│   ├── httpx v0.28.1 (*)
│   ├── importlib-resources v6.5.2
│   ├── jsonschema v4.26.0 (*)
│   ├── kubernetes v35.0.0
│   │   ├── certifi v2026.2.25
│   │   ├── durationpy v0.10
│   │   ├── python-dateutil v2.9.0.post0 (*)
│   │   ├── pyyaml v6.0.3
│   │   ├── requests v2.32.5 (*)
│   │   ├── requests-oauthlib v2.0.0 (*)
│   │   ├── six v1.17.0
│   │   ├── urllib3 v2.6.3
│   │   └── websocket-client v1.9.0
│   ├── mmh3 v5.2.0
│   ├── numpy v2.4.2
│   ├── onnxruntime v1.24.2 (*)
│   ├── opentelemetry-api v1.39.1
│   │   ├── importlib-metadata v8.7.1
│   │   │   └── zipp v3.23.0
│   │   └── typing-extensions v4.15.0
│   ├── opentelemetry-exporter-otlp-proto-grpc v1.39.1
│   │   ├── googleapis-common-protos v1.72.0 (*)
│   │   ├── grpcio v1.78.0 (*)
│   │   ├── opentelemetry-api v1.39.1 (*)
│   │   ├── opentelemetry-exporter-otlp-proto-common v1.39.1
│   │   │   └── opentelemetry-proto v1.39.1
│   │   │       └── protobuf v5.29.6
│   │   ├── opentelemetry-proto v1.39.1 (*)
│   │   ├── opentelemetry-sdk v1.39.1
│   │   │   ├── opentelemetry-api v1.39.1 (*)
│   │   │   ├── opentelemetry-semantic-conventions v0.60b1
│   │   │   │   ├── opentelemetry-api v1.39.1 (*)
│   │   │   │   └── typing-extensions v4.15.0
│   │   │   └── typing-extensions v4.15.0
│   │   └── typing-extensions v4.15.0
│   ├── opentelemetry-sdk v1.39.1 (*)
│   ├── orjson v3.11.7
│   ├── overrides v7.7.0
│   ├── posthog v5.4.0
│   │   ├── backoff v2.2.1
│   │   ├── distro v1.9.0
│   │   ├── python-dateutil v2.9.0.post0 (*)
│   │   ├── requests v2.32.5 (*)
│   │   └── six v1.17.0
│   ├── pybase64 v1.4.3
│   ├── pydantic v2.12.5 (*)
│   ├── pypika v0.51.1
│   ├── pyyaml v6.0.3
│   ├── rich v14.3.3 (*)
│   ├── tenacity v9.1.4
│   ├── tokenizers v0.22.2 (*)
│   ├── tqdm v4.67.3
│   ├── typer v0.15.4 (*)
│   ├── typing-extensions v4.15.0
│   └── uvicorn[standard] v0.41.0 (*)
├── sentence-transformers v5.2.3 (extra: embedding)
│   ├── huggingface-hub v1.5.0 (*)
│   ├── numpy v2.4.2
│   ├── scikit-learn v1.8.0
│   │   ├── joblib v1.5.3
│   │   ├── numpy v2.4.2
│   │   ├── scipy v1.17.1
│   │   │   └── numpy v2.4.2
│   │   └── threadpoolctl v3.6.0
│   ├── scipy v1.17.1 (*)
│   ├── torch v2.10.0
│   │   ├── cuda-bindings v12.9.4
│   │   │   └── cuda-pathfinder v1.4.0
│   │   ├── filelock v3.12.4
│   │   ├── fsspec v2026.2.0
│   │   ├── jinja2 v3.1.6 (*)
│   │   ├── networkx v3.6.1
│   │   ├── nvidia-cublas-cu12 v12.8.4.1
│   │   ├── nvidia-cuda-cupti-cu12 v12.8.90
│   │   ├── nvidia-cuda-nvrtc-cu12 v12.8.93
│   │   ├── nvidia-cuda-runtime-cu12 v12.8.90
│   │   ├── nvidia-cudnn-cu12 v9.10.2.21
│   │   │   └── nvidia-cublas-cu12 v12.8.4.1
│   │   ├── nvidia-cufft-cu12 v11.3.3.83
│   │   │   └── nvidia-nvjitlink-cu12 v12.8.93
│   │   ├── nvidia-cufile-cu12 v1.13.1.3
│   │   ├── nvidia-curand-cu12 v10.3.9.90
│   │   ├── nvidia-cusolver-cu12 v11.7.3.90
│   │   │   ├── nvidia-cublas-cu12 v12.8.4.1
│   │   │   ├── nvidia-cusparse-cu12 v12.5.8.93
│   │   │   │   └── nvidia-nvjitlink-cu12 v12.8.93
│   │   │   └── nvidia-nvjitlink-cu12 v12.8.93
│   │   ├── nvidia-cusparse-cu12 v12.5.8.93 (*)
│   │   ├── nvidia-cusparselt-cu12 v0.7.1
│   │   ├── nvidia-nccl-cu12 v2.27.5
│   │   ├── nvidia-nvjitlink-cu12 v12.8.93
│   │   ├── nvidia-nvshmem-cu12 v3.4.5
│   │   ├── nvidia-nvtx-cu12 v12.8.90
│   │   ├── sympy v1.14.0 (*)
│   │   ├── triton v3.6.0
│   │   └── typing-extensions v4.15.0
│   ├── tqdm v4.67.3
│   ├── transformers v5.2.0 (*)
│   └── typing-extensions v4.15.0
├── z3-solver v4.16.0.0 (extra: formal-verification)
├── pillow v11.3.0 (extra: fpf)
├── google-api-python-client v2.190.0 (extra: google-workspace) (*)
├── google-auth v2.48.0 (extra: google-workspace) (*)
├── google-auth-httplib2 v0.3.0 (extra: google-workspace) (*)
├── google-auth-oauthlib v1.3.0 (extra: google-workspace) (*)
├── certifi v2026.2.25 (extra: language-models)
├── typing-extensions v4.15.0 (extra: language-models)
├── urllib3 v2.6.3 (extra: language-models)
├── anthropic v0.84.0 (extra: llm-providers) (*)
├── google-genai v1.65.0 (extra: llm-providers) (*)
├── openai v2.24.0 (extra: llm-providers) (*)
├── tiktoken v0.12.0 (extra: llm-providers) (*)
├── moderngl v5.12.0 (extra: modeling-3d)
│   └── glcontext v3.0.0
├── pillow v11.3.0 (extra: modeling-3d)
├── pygame v2.6.1 (extra: modeling-3d)
├── pyopengl v3.1.10 (extra: modeling-3d)
├── pyrr v0.10.3 (extra: modeling-3d)
│   ├── multipledispatch v1.0.0
│   └── numpy v2.4.2
├── trimesh v4.11.2 (extra: modeling-3d)
│   └── numpy v2.4.2
├── opentelemetry-api v1.39.1 (extra: observability) (*)
├── opentelemetry-exporter-otlp v1.39.1 (extra: observability)
│   ├── opentelemetry-exporter-otlp-proto-grpc v1.39.1 (*)
│   └── opentelemetry-exporter-otlp-proto-http v1.39.1
│       ├── googleapis-common-protos v1.72.0 (*)
│       ├── opentelemetry-api v1.39.1 (*)
│       ├── opentelemetry-exporter-otlp-proto-common v1.39.1 (*)
│       ├── opentelemetry-proto v1.39.1 (*)
│       ├── opentelemetry-sdk v1.39.1 (*)
│       ├── requests v2.32.5 (*)
│       └── typing-extensions v4.15.0
├── opentelemetry-sdk v1.39.1 (extra: observability) (*)
├── prometheus-client v0.24.1 (extra: observability)
├── statsd v4.0.1 (extra: observability)
├── python-frontmatter v1.1.0 (extra: obsidian)
│   └── pyyaml v6.0.3
├── pyyaml v6.0.3 (extra: obsidian)
├── tree-sitter v0.25.2 (extra: parsing)
├── psutil v6.0.0 (extra: performance)
├── alembic v1.18.4 (extra: physical-management)
│   ├── mako v1.3.10 (*)
│   ├── sqlalchemy v2.0.47
│   │   ├── greenlet v3.3.2
│   │   └── typing-extensions v4.15.0
│   └── typing-extensions v4.15.0
├── dynaconf v3.2.12 (extra: physical-management)
├── marshmallow v4.2.2 (extra: physical-management)
├── mkdocs v1.6.1 (extra: physical-management)
│   ├── click v8.1.8
│   ├── ghp-import v2.1.0
│   │   └── python-dateutil v2.9.0.post0 (*)
│   ├── jinja2 v3.1.6 (*)
│   ├── markdown v3.10.2
│   ├── markupsafe v3.0.3
│   ├── mergedeep v1.3.4
│   ├── mkdocs-get-deps v0.2.0
│   │   ├── mergedeep v1.3.4
│   │   ├── platformdirs v4.9.2
│   │   └── pyyaml v6.0.3
│   ├── packaging v26.0
│   ├── pathspec v1.0.4
│   ├── pyyaml v6.0.3
│   ├── pyyaml-env-tag v1.1
│   │   └── pyyaml v6.0.3
│   └── watchdog v6.0.0
├── mkdocs-material v9.7.3 (extra: physical-management)
│   ├── babel v2.18.0
│   ├── backrefs v6.2
│   ├── colorama v0.4.6
│   ├── jinja2 v3.1.6 (*)
│   ├── markdown v3.10.2
│   ├── mkdocs v1.6.1 (*)
│   ├── mkdocs-material-extensions v1.3.1
│   ├── paginate v0.5.7
│   ├── pygments v2.19.2
│   ├── pymdown-extensions v10.21
│   │   ├── markdown v3.10.2
│   │   └── pyyaml v6.0.3
│   └── requests v2.32.5 (*)
├── pyserial v3.5 (extra: physical-management)
├── smbus2 v0.6.0 (extra: physical-management)
├── sqlalchemy v2.0.47 (extra: physical-management) (*)
├── websockets v16.0 (extra: physical-management)
├── networkx v3.6.1 (extra: scientific)
├── numpy v2.4.2 (extra: scientific)
├── scipy v1.17.1 (extra: scientific) (*)
├── firecrawl-py v4.18.0 (extra: scrape)
│   ├── aiohttp v3.13.3 (*)
│   ├── httpx v0.28.1 (*)
│   ├── nest-asyncio v1.6.0
│   ├── pydantic v2.12.5 (*)
│   ├── python-dotenv v1.2.1
│   ├── requests v2.32.5 (*)
│   └── websockets v16.0
├── cryptography v46.0.5 (extra: security-audit) (*)
├── jinja2 v3.1.6 (extra: security-audit) (*)
├── pyopenssl v25.3.0 (extra: security-audit)
│   ├── cryptography v46.0.5 (*)
│   └── typing-extensions v4.15.0
├── safety v3.2.11 (extra: security-audit) (*)
├── fastavro v1.12.1 (extra: serialization)
├── msgpack v1.1.2 (extra: serialization)
├── pandas v3.0.1 (extra: serialization) (*)
├── protobuf v5.29.6 (extra: serialization)
├── pyarrow v23.0.1 (extra: serialization)
├── soul-agent v0.1.4 (extra: soul)
│   └── requests v2.32.5 (*)
├── pyrefly v0.54.0 (extra: static-analysis)
├── moviepy v2.2.1 (extra: video)
│   ├── decorator v5.2.1
│   ├── imageio v2.37.2
│   │   ├── numpy v2.4.2
│   │   └── pillow v11.3.0
│   ├── imageio-ffmpeg v0.6.0
│   ├── numpy v2.4.2
│   ├── pillow v11.3.0
│   ├── proglog v0.1.12
│   │   └── tqdm v4.67.3
│   └── python-dotenv v1.2.1
├── opencv-python v4.13.0.92 (extra: video)
│   └── numpy v2.4.2
├── pillow v11.3.0 (extra: video)
├── fakeredis v2.34.1 (group: dev)
│   ├── redis v7.2.1
│   └── sortedcontainers v2.4.0
├── fire v0.7.1 (group: dev)
│   └── termcolor v3.3.0
├── hypothesis v6.151.9 (group: dev)
│   └── sortedcontainers v2.4.0
├── mutmut v3.5.0 (group: dev)
│   ├── click v8.1.8
│   ├── coverage v7.13.4
│   ├── libcst v1.8.6
│   │   └── pyyaml v6.0.3
│   ├── pytest v9.0.2
│   │   ├── iniconfig v2.3.0
│   │   ├── packaging v26.0
│   │   ├── pluggy v1.6.0
│   │   └── pygments v2.19.2
│   ├── setproctitle v1.3.7
│   └── textual v8.0.0
│       ├── markdown-it-py[linkify] v4.0.0 (*)
│       ├── mdit-py-plugins v0.5.0
│       │   └── markdown-it-py v4.0.0 (*)
│       ├── platformdirs v4.9.2
│       ├── pygments v2.19.2
│       ├── rich v14.3.3 (*)
│       └── typing-extensions v4.15.0
├── pytest v9.0.2 (group: dev) (*)
├── pytest-asyncio v1.3.0 (group: dev)
│   ├── pytest v9.0.2 (*)
│   └── typing-extensions v4.15.0
├── pytest-benchmark v5.2.3 (group: dev)
│   ├── py-cpuinfo v9.0.0
│   └── pytest v9.0.2 (*)
├── pytest-cov v7.0.0 (group: dev)
│   ├── coverage[toml] v7.13.4
│   ├── pluggy v1.6.0
│   └── pytest v9.0.2 (*)
├── pytest-timeout v2.4.0 (group: dev)
│   └── pytest v9.0.2 (*)
├── pyyaml v6.0.3 (group: dev)
├── ruff v0.15.4 (group: dev)
└── ty v0.0.20 (group: dev)
(*) Package tree already displayed

Vulnerability Scan Results

No vulnerabilities found or scan failed

Safety Scan Results

Safety scan completed - check artifacts for full results

Static Security Analysis (Bandit)

Bandit Security Analysis Report

Generated on: Sat Mar 14 02:59:39 UTC 2026

Summary

Run started:2026-03-14 02:58:55.325591+00:00

Test results:
>> Issue: [B608:hardcoded_sql_expressions] Possible SQL injection vector through string-based query construction.
   Severity: Medium   Confidence: Medium
   CWE: CWE-89 (https://cwe.mitre.org/data/definitions/89.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/plugins/b608_hardcoded_sql_expressions.html
   Location: src/codomyrmex/agentic_memory/cognilayer_bridge.py:171:20
170	                rows = conn.execute(
171	                    f"SELECT * FROM memories WHERE {where_clauses} LIMIT ?",
172	                    [*search_terms, top_k],

--------------------------------------------------
>> Issue: [B404:blacklist] Consider possible security implications associated with the subprocess module.
   Severity: Low   Confidence: High
   CWE: CWE-78 (https://cwe.mitre.org/data/definitions/78.html)
   More Info: https://bandit.readthedocs.io/en/1.9.4/blacklists/blacklist_imports.html#b404-import-subprocess
   Location: src/codomyrmex/agentic_memory/obsidian/cli.py:14:0
13	import shutil
14	import subprocess

Key Metrics

Total lines of code: 556959

475 assert "Total Issues" in content
475 assert "Total Issues" in content
519 assert "Total Issues**: 0" in content
Total issues (by severity):
Total issues (by confidence):

License Compliance

License Compliance Report

Generated on: Sat Mar 14 02:57:25 UTC 2026

Dependencies and Their Licenses

License Summary

Recommendations

1. Review all HIGH and MEDIUM severity vulnerabilities
2. Update dependencies with known security issues
3. Address any Bandit security warnings
4. Ensure license compliance for all dependencies
5. Review and rotate any exposed secrets