mobbdev 0.0.139 → 0.0.141

package/dist/index.mjs

@@ -267,13 +267,12 @@ var GetVulByNodesMetadataDocument = `
 }
     `;
 var UpdateScmTokenDocument = `
-    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $username: String, $refreshToken: String) {
+    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $refreshToken: String) {
   updateScmToken(
     scmType: $scmType
     url: $url
     token: $token
     org: $org
-    username: $username
     refreshToken: $refreshToken
   ) {
     __typename
@@ -523,11 +522,11 @@ import chalk4 from "chalk";
 import Configstore from "configstore";
 import Debug12 from "debug";
 import extract from "extract-zip";
-import fetch3 from "node-fetch";
+import fetch4 from "node-fetch";
 import open2 from "open";
 import semver from "semver";
 import tmp2 from "tmp";
-import { z as z12 } from "zod";
+import { z as z11 } from "zod";
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug4 from "debug";
@@ -1208,13 +1207,67 @@ var AdoSdk = {
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 import querystring3 from "node:querystring";
 import * as bitbucketPkg from "bitbucket";
-import { z as z9 } from "zod";
+import { z as z8 } from "zod";
 
 // src/features/analysis/scm/scm.ts
-import { Octokit as Octokit2 } from "@octokit/core";
-import { z as z8 } from "zod";
+import { z as z7 } from "zod";
+
+// src/features/analysis/scm/github/github.ts
+import { RequestError } from "@octokit/request-error";
+
+// src/features/analysis/scm/github/consts.ts
+var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
+var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
+var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
+var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
+var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
+var GET_USER = "GET /user";
+var GET_USER_REPOS = "GET /user/repos";
+var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
+var GET_BLAME_DOCUMENT = `
+      query GetBlame(
+        $owner: String!
+        $repo: String!
+        $ref: String!
+        $path: String!
+      ) {
+        repository(name: $repo, owner: $owner) {
+          # branch name
+          object(expression: $ref) {
+            # cast Target to a Commit
+            ... on Commit {
+              # full repo-relative path to blame file
+              blame(path: $path) {
+                ranges {
+                  commit {
+                    author {
+                      user {
+                        name
+                        login
+                      }
+                    }
+                    authoredDate
+                  }
+                  startingLine
+                  endingLine
+                  age
+                }
+              }
+            }
+            
+          }
+        }
+      }
+    `;
 
-// src/features/analysis/scm/github/encryptSecret.ts
+// src/features/analysis/scm/github/utils/encrypt_secret.ts
 import sodium from "libsodium-wrappers";
 async function encryptSecret(secret, key) {
   await sodium.ready;
@@ -1224,10 +1277,464 @@ async function encryptSecret(secret, key) {
   return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
 }
 
-// src/features/analysis/scm/github/github.ts
-import { RequestError } from "@octokit/request-error";
+// src/features/analysis/scm/github/utils/utils.ts
 import { Octokit } from "octokit";
+import { fetch as fetch2, ProxyAgent } from "undici";
+function parseGithubOwnerAndRepo(gitHubUrl) {
+  gitHubUrl = normalizeUrl(gitHubUrl);
+  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
+  if (!parsingResult) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  }
+  const { organization, repoName } = parsingResult;
+  if (!organization || !repoName) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  }
+  return { owner: organization, repo: repoName };
+}
+function isGithubOnPrem(url) {
+  if (!url) {
+    return false;
+  }
+  return !url.includes(scmCloudUrl.GitHub);
+}
+function getFetch(url) {
+  if (url && BROKERED_HOSTS.includes(new URL(url).origin)) {
+    const dispatcher = new ProxyAgent({
+      uri: process.env["GIT_PROXY_HOST"] || "http://tinyproxy:8888",
+      requestTls: {
+        rejectUnauthorized: false
+      }
+    });
+    return (input, init) => {
+      return fetch2(input, {
+        ...init,
+        dispatcher
+      });
+    };
+  }
+  return fetch2;
+}
+function getOktoKit(options) {
+  const token = !options?.auth && !isGithubOnPrem(options?.url) ? GITHUB_API_TOKEN : options?.auth;
+  const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
+  return new Octokit({
+    ...options,
+    auth: token,
+    baseUrl,
+    request: {
+      fetch: getFetch(baseUrl)
+    }
+  });
+}
+function isGithubActionActionToken(token) {
+  return token.startsWith("ghs_");
+}
+async function githubValidateParams(url, accessToken) {
+  try {
+    const oktoKit = getOktoKit({ auth: accessToken, url });
+    if (accessToken && !isGithubActionActionToken(accessToken)) {
+      await oktoKit.rest.users.getAuthenticated();
+    }
+    if (url && shouldValidateUrl(url)) {
+      const { owner, repo } = parseGithubOwnerAndRepo(url);
+      await oktoKit.request(GET_REPO_BRANCHES, {
+        owner,
+        repo,
+        per_page: 1
+      });
+    }
+  } catch (e) {
+    console.log("could not init github scm", e);
+    const error = e;
+    const code = error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    if (code === 401 || code === 403) {
+      throw new InvalidAccessTokenError(`invalid github access token`);
+    }
+    if (code === 404) {
+      throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
+    }
+    throw e;
+  }
+}
+
+// src/features/analysis/scm/github/github.ts
+function getGithubSdk(parmas = {}) {
+  const octokit = getOktoKit(parmas);
+  return {
+    async postPrComment(params) {
+      return octokit.request(POST_COMMENT_PATH, params);
+    },
+    async updatePrComment(params) {
+      return octokit.request(UPDATE_COMMENT_PATH, params);
+    },
+    async getPrComments(params) {
+      return octokit.request(GET_PR_COMMENTS_PATH, params);
+    },
+    async getPrComment(params) {
+      return octokit.request(GET_PR_COMMENT_PATH, params);
+    },
+    async deleteComment(params) {
+      return octokit.request(DELETE_COMMENT_PATH, params);
+    },
+    async replyToCodeReviewComment(params) {
+      return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH, params);
+    },
+    async getPrDiff(params) {
+      return octokit.request(GET_PR, {
+        ...params,
+        mediaType: { format: "diff" }
+      });
+    },
+    async getPr(params) {
+      return octokit.request(GET_PR, { ...params });
+    },
+    async createOrUpdateRepositorySecret(params) {
+      return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params);
+    },
+    async getRepositoryPublicKey(params) {
+      return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY, params);
+    },
+    async postGeneralPrComment(params) {
+      return octokit.request(POST_GENERAL_PR_COMMENT, params);
+    },
+    async getGeneralPrComments(params) {
+      return octokit.request(GET_GENERAL_PR_COMMENTS, params);
+    },
+    async deleteGeneralPrComment(params) {
+      return octokit.request(DELETE_GENERAL_PR_COMMENT, params);
+    },
+    async getGithubUsername() {
+      const res = await octokit.rest.users.getAuthenticated();
+      return res.data.login;
+    },
+    async getGithubIsUserCollaborator(params) {
+      const { username, repoUrl } = params;
+      try {
+        const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+        const res = await octokit.rest.repos.checkCollaborator({
+          owner,
+          repo,
+          username
+        });
+        if (res.status === 204) {
+          return true;
+        }
+      } catch (e) {
+        return false;
+      }
+      return false;
+    },
+    async getGithubPullRequestStatus(params) {
+      const { repoUrl, prNumber } = params;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      const res = await octokit.rest.pulls.get({
+        owner,
+        repo,
+        pull_number: prNumber
+      });
+      if (res.data.merged) {
+        return "merged";
+      }
+      if (res.data.draft) {
+        return "draft";
+      }
+      return res.data.state;
+    },
+    async getGithubIsRemoteBranch(params) {
+      const { repoUrl, branch } = params;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      try {
+        const res = await octokit.rest.repos.getBranch({
+          owner,
+          repo,
+          branch
+        });
+        return branch === res.data.name;
+      } catch (e) {
+        return false;
+      }
+    },
+    async getGithubRepoList() {
+      try {
+        const githubRepos = await octokit.request(GET_USER_REPOS, {
+          sort: "updated"
+        });
+        return githubRepos.data.map((repo) => ({
+          repoName: repo.name,
+          repoUrl: repo.html_url,
+          repoOwner: repo.owner.login,
+          repoLanguages: repo.language ? [repo.language] : [],
+          repoIsPublic: !repo.private,
+          repoUpdatedAt: repo.updated_at
+        }));
+      } catch (e) {
+        if (e instanceof RequestError && e.status === 401) {
+          return [];
+        }
+        if (e instanceof RequestError && e.status === 404) {
+          return [];
+        }
+        throw e;
+      }
+    },
+    async getGithubRepoDefaultBranch(repoUrl) {
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      const repos = await octokit.rest.repos.get({ repo, owner });
+      return repos.data.default_branch;
+    },
+    async getGithubReferenceData({
+      ref,
+      gitHubUrl
+    }) {
+      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
+      let res;
+      try {
+        res = await Promise.any([
+          this.getBranch({ owner, repo, branch: ref }).then((result) => ({
+            date: result.data.commit.commit.committer?.date ? new Date(result.data.commit.commit.committer?.date) : void 0,
+            type: "BRANCH" /* BRANCH */,
+            sha: result.data.commit.sha
+          })),
+          this.getCommit({ commitSha: ref, repo, owner }).then((commit) => ({
+            date: new Date(commit.data.committer.date),
+            type: "COMMIT" /* COMMIT */,
+            sha: commit.data.sha
+          })),
+          this.getTagDate({ owner, repo, tag: ref }).then((data) => ({
+            date: new Date(data.date),
+            type: "TAG" /* TAG */,
+            sha: data.sha
+          }))
+        ]);
+        return res;
+      } catch (e) {
+        if (e instanceof AggregateError) {
+          throw new RefNotFoundError(`ref: ${ref} does not exist`);
+        }
+        throw e;
+      }
+    },
+    async getBranch({
+      branch,
+      owner,
+      repo
+    }) {
+      return octokit.rest.repos.getBranch({
+        branch,
+        owner,
+        repo
+      });
+    },
+    async getCommit({
+      commitSha,
+      owner,
+      repo
+    }) {
+      return octokit.rest.git.getCommit({
+        repo,
+        owner,
+        commit_sha: commitSha
+      });
+    },
+    async getTagDate({
+      tag,
+      owner,
+      repo
+    }) {
+      const refResponse = await octokit.rest.git.getRef({
+        ref: `tags/${tag}`,
+        owner,
+        repo
+      });
+      const tagSha = refResponse.data.object.sha;
+      if (refResponse.data.object.type === "commit") {
+        const res2 = await octokit.rest.git.getCommit({
+          commit_sha: tagSha,
+          owner,
+          repo
+        });
+        return {
+          date: res2.data.committer.date,
+          sha: res2.data.sha
+        };
+      }
+      const res = await octokit.rest.git.getTag({
+        tag_sha: tagSha,
+        owner,
+        repo
+      });
+      return {
+        date: res.data.tagger.date,
+        sha: res.data.sha
+      };
+    },
+    async getGithubBlameRanges(params) {
+      const { ref, gitHubUrl, path: path9 } = params;
+      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
+      const res = await octokit.graphql(
+        GET_BLAME_DOCUMENT,
+        {
+          owner,
+          repo,
+          path: path9,
+          ref
+        }
+      );
+      if (!res?.repository?.object?.blame?.ranges) {
+        return [];
+      }
+      return res.repository.object.blame.ranges.map((range) => ({
+        startingLine: range.startingLine,
+        endingLine: range.endingLine,
+        email: range.commit.author.user?.email || "",
+        name: range.commit.author.user?.name || "",
+        login: range.commit.author.user?.login || ""
+      }));
+    },
+    // todo: refactor the name for this function
+    async createPr(params) {
+      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params;
+      const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
+      const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
+      const [sourceFilePath, secondFilePath] = filesPaths;
+      const sourceFileContentResponse = await octokit.rest.repos.getContent({
+        owner: sourceOwner,
+        repo: sourceRepo,
+        path: "/" + sourceFilePath
+      });
+      const { data: repository } = await octokit.rest.repos.get({ owner, repo });
+      const defaultBranch = repository.default_branch;
+      const newBranchName = `mobb/workflow-${Date.now()}`;
+      await octokit.rest.git.createRef({
+        owner,
+        repo,
+        ref: `refs/heads/${newBranchName}`,
+        sha: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+      });
+      const decodedContent = Buffer.from(
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        sourceFileContentResponse.data.content,
+        "base64"
+      ).toString("utf-8");
+      const tree = [
+        {
+          path: sourceFilePath,
+          mode: "100644",
+          type: "blob",
+          content: decodedContent
+        }
+      ];
+      if (secondFilePath) {
+        const secondFileContentResponse = await octokit.rest.repos.getContent({
+          owner: sourceOwner,
+          repo: sourceRepo,
+          path: "/" + secondFilePath
+        });
+        const secondDecodedContent = Buffer.from(
+          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+          // @ts-ignore
+          secondFileContentResponse.data.content,
+          "base64"
+        ).toString("utf-8");
+        tree.push({
+          path: secondFilePath,
+          mode: "100644",
+          type: "blob",
+          content: secondDecodedContent
+        });
+      }
+      const createTreeResponse = await octokit.rest.git.createTree({
+        owner,
+        repo,
+        base_tree: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        tree
+      });
+      const createCommitResponse = await octokit.rest.git.createCommit({
+        owner,
+        repo,
+        message: "Add new yaml file",
+        tree: createTreeResponse.data.sha,
+        parents: [
+          await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+        ]
+      });
+      await octokit.rest.git.updateRef({
+        owner,
+        repo,
+        ref: `heads/${newBranchName}`,
+        sha: createCommitResponse.data.sha
+      });
+      const createPRResponse = await octokit.rest.pulls.create({
+        owner,
+        repo,
+        title,
+        head: newBranchName,
+        head_repo: sourceRepo,
+        body,
+        base: defaultBranch
+      });
+      return {
+        pull_request_url: createPRResponse.data.html_url
+      };
+    },
+    async getGithubBranchList(repoUrl) {
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      return octokit.rest.repos.listBranches({
+        owner,
+        repo,
+        per_page: 1e3,
+        page: 1
+      });
+    },
+    async createPullRequest(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      return octokit.rest.pulls.create({
+        owner,
+        repo,
+        title: options.title,
+        body: options.body,
+        head: options.sourceBranchName,
+        base: options.targetBranchName,
+        draft: false,
+        maintainer_can_modify: true
+      });
+    },
+    async forkRepo(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      const createForkRes = await octokit.rest.repos.createFork({
+        owner,
+        repo,
+        default_branch_only: false
+      });
+      return { url: createForkRes.data.html_url };
+    },
+    async getUserInfo() {
+      return octokit.request(GET_USER);
+    }
+  };
+}
+
+// src/features/analysis/scm/gitlab/gitlab.ts
+import querystring2 from "node:querystring";
+import {
+  Gitlab
+} from "@gitbeaker/rest";
+import { ProxyAgent as ProxyAgent2 } from "undici";
+
+// src/features/analysis/scm/env.ts
 import { z as z3 } from "zod";
+var EnvVariablesZod = z3.object({
+  GITLAB_API_TOKEN: z3.string().optional(),
+  BROKERED_HOSTS: z3.string().toLowerCase().transform(
+    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
+  ).default(""),
+  GITHUB_API_TOKEN: z3.string().optional()
+});
+var { GITLAB_API_TOKEN, BROKERED_HOSTS, GITHUB_API_TOKEN } = EnvVariablesZod.parse(process.env);
 
 // src/features/analysis/scm/utils/get_issue_type.ts
 var getIssueType = (issueType) => {
@@ -1336,594 +1843,108 @@ var getIssueType = (issueType) => {
       return "Missing equals or hashcode method";
     case "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */:
       return "WCF Misconfiguration: Insufficient Logging";
-    case "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */:
-      return "WCF Misconfiguration: Throttling Not Enabled";
-    case "USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */:
-      return "Useless regular-expression character escape";
-    case "INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */:
-      return "Incomplete Hostname Regex";
-    case "OVERLY_LARGE_RANGE" /* OverlyLargeRange */:
-      return "Regex: Overly Large Range";
-    case "INSUFFICIENT_LOGGING" /* InsufficientLogging */:
-      return "Insufficient Logging of Sensitive Operations";
-    case "PRIVACY_VIOLATION" /* PrivacyViolation */:
-      return "Privacy Violation";
-    case "INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */:
-      return "Incomplete URL Scheme Check";
-    case "VALUE_SHADOWING" /* ValueShadowing */:
-      return "Value Shadowing";
-    default: {
-      return issueType ? issueType.replaceAll("_", " ") : "Other";
-    }
-  }
-};
-
-// src/features/analysis/scm/utils/index.ts
-function getFixUrlWithRedirect(params) {
-  const {
-    fixId,
-    projectId,
-    organizationId,
-    analysisId,
-    redirectUrl,
-    appBaseUrl,
-    commentId
-  } = params;
-  const searchParams = new URLSearchParams();
-  searchParams.append("commit_redirect_url", redirectUrl);
-  searchParams.append("comment_id", commentId.toString());
-  return `${getFixUrl({
-    appBaseUrl,
-    fixId,
-    projectId,
-    organizationId,
-    analysisId
-  })}?${searchParams.toString()}`;
-}
-function getFixUrl({
-  appBaseUrl,
-  fixId,
-  projectId,
-  organizationId,
-  analysisId
-}) {
-  return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
-}
-function getCommitUrl(params) {
-  const {
-    fixId,
-    projectId,
-    organizationId,
-    analysisId,
-    redirectUrl,
-    appBaseUrl,
-    commentId
-  } = params;
-  const searchParams = new URLSearchParams();
-  searchParams.append("redirect_url", redirectUrl);
-  searchParams.append("comment_id", commentId.toString());
-  return `${getFixUrl({
-    appBaseUrl,
-    fixId,
-    projectId,
-    organizationId,
-    analysisId
-  })}/commit?${searchParams.toString()}`;
-}
-var userNamePattern = /^(https?:\/\/)([^@]+@)?([^/]+\/.+)$/;
-var sshPattern = /^git@([\w.-]+):([\w./-]+)$/;
-function normalizeUrl(repoUrl) {
-  let trimmedUrl = repoUrl.trim().replace(/\/+$/, "");
-  if (repoUrl.endsWith(".git")) {
-    trimmedUrl = trimmedUrl.slice(0, -".git".length);
-  }
-  const usernameMatch = trimmedUrl.match(userNamePattern);
-  if (usernameMatch) {
-    const [_all, protocol, _username, repoPath] = usernameMatch;
-    trimmedUrl = `${protocol}${repoPath}`;
-  }
-  const sshMatch = trimmedUrl.match(sshPattern);
-  if (sshMatch) {
-    const [_all, hostname, reporPath] = sshMatch;
-    trimmedUrl = `https://${hostname}/${reporPath}`;
-  }
-  return trimmedUrl;
-}
-
-// src/features/analysis/scm/github/github.ts
-var EnvVariablesZod = z3.object({
-  GITHUB_API_TOKEN: z3.string().optional()
-});
-var { GITHUB_API_TOKEN } = EnvVariablesZod.parse(process.env);
-var GetBlameDocument = `
-      query GetBlame(
-        $owner: String!
-        $repo: String!
-        $ref: String!
-        $path: String!
-      ) {
-        repository(name: $repo, owner: $owner) {
-          # branch name
-          object(expression: $ref) {
-            # cast Target to a Commit
-            ... on Commit {
-              # full repo-relative path to blame file
-              blame(path: $path) {
-                ranges {
-                  commit {
-                    author {
-                      user {
-                        name
-                        login
-                      }
-                    }
-                    authoredDate
-                  }
-                  startingLine
-                  endingLine
-                  age
-                }
-              }
-            }
-            
-          }
-        }
-      }
-    `;
-function getOktoKit(options) {
-  const token = options?.githubAuthToken ?? GITHUB_API_TOKEN ?? "";
-  return new Octokit({ auth: token });
-}
-function isGithbActionActionToken(token) {
-  return token.startsWith("ghs_");
-}
-async function githubValidateParams(url, accessToken) {
-  try {
-    const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-    if (accessToken) {
-      isGithbActionActionToken(accessToken) ? null : await oktoKit.rest.users.getAuthenticated();
-    }
-    if (url) {
-      const { owner, repo } = parseGithubOwnerAndRepo(url);
-      await oktoKit.request("GET /repos/{owner}/{repo}/branches", {
-        owner,
-        repo,
-        per_page: 1
-      });
-    }
-  } catch (e) {
-    console.log("could not init github scm", e);
-    const error = e;
-    const code = error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    if (code === 401 || code === 403) {
-      throw new InvalidAccessTokenError(`invalid github access token`);
-    }
-    if (code === 404) {
-      throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
-    }
-    throw e;
-  }
-}
-async function getGithubUsername(accessToken) {
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  const res = await oktoKit.rest.users.getAuthenticated();
-  return res.data.login;
-}
-async function getGithubIsUserCollaborator(username, accessToken, repoUrl) {
-  try {
-    const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-    const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-    const res = await oktoKit.rest.repos.checkCollaborator({
-      owner,
-      repo,
-      username
-    });
-    if (res.status === 204) {
-      return true;
-    }
-  } catch (e) {
-    return false;
-  }
-  return false;
-}
-async function getGithubPullRequestStatus(accessToken, repoUrl, prNumber) {
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  const res = await oktoKit.rest.pulls.get({
-    owner,
-    repo,
-    pull_number: prNumber
-  });
-  if (res.data.merged) {
-    return "merged";
-  }
-  if (res.data.draft) {
-    return "draft";
-  }
-  return res.data.state;
-}
-async function getGithubIsRemoteBranch(accessToken, repoUrl, branch) {
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  try {
-    const res = await oktoKit.rest.repos.getBranch({
-      owner,
-      repo,
-      branch
-    });
-    return branch === res.data.name;
-  } catch (e) {
-    return false;
-  }
-}
-async function getGithubRepoList(accessToken) {
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  try {
-    const githubRepos = await getRepos(oktoKit);
-    return githubRepos.map(
-      (repo) => {
-        const repoLanguages = [];
-        if (repo.language) {
-          repoLanguages.push(repo.language);
-        }
-        return {
-          repoName: repo.name,
-          repoUrl: repo.html_url,
-          repoOwner: repo.owner.login,
-          repoLanguages,
-          repoIsPublic: !repo.private,
-          repoUpdatedAt: repo.updated_at
-        };
-      }
-    );
-  } catch (e) {
-    if (e instanceof RequestError && e.status === 401) {
-      return [];
-    }
-    if (e instanceof RequestError && e.status === 404) {
-      return [];
-    }
-    throw e;
-  }
-}
-async function getGithubBranchList(accessToken, repoUrl) {
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  const res = await oktoKit.rest.repos.listBranches({
-    owner,
-    repo,
-    per_page: 1e3,
-    page: 1
-  });
-  return res.data.map((branch) => branch.name);
-}
-async function createPullRequest(options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: options.accessToken });
-  const res = await oktoKit.rest.pulls.create({
-    owner,
-    repo,
-    title: options.title,
-    body: options.body,
-    head: options.sourceBranchName,
-    base: options.targetBranchName,
-    draft: false,
-    maintainer_can_modify: true
-  });
-  return res.data.number;
-}
-async function forkRepo(options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: options.accessToken });
-  const res = await oktoKit.rest.repos.createFork({
-    owner,
-    repo,
-    default_branch_only: false
-  });
-  return { url: res.data.html_url ? String(res.data.html_url) : null };
-}
-async function getRepos(oktoKit) {
-  const res = await oktoKit.request("GET /user/repos?sort=updated", {
-    headers: {
-      "X-GitHub-Api-Version": "2022-11-28",
-      per_page: 100
-    }
-  });
-  return res.data;
-}
-async function getGithubRepoDefaultBranch(repoUrl, options) {
-  const oktoKit = getOktoKit(options);
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  return (await oktoKit.rest.repos.get({ repo, owner })).data.default_branch;
-}
-async function getGithubReferenceData({ ref, gitHubUrl }, options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
-  let res;
-  try {
-    const oktoKit = getOktoKit(options);
-    res = await Promise.any([
-      getBranch({ owner, repo, branch: ref }, oktoKit).then((result) => ({
-        date: result.data.commit.commit.committer?.date ? new Date(result.data.commit.commit.committer?.date) : void 0,
-        type: "BRANCH" /* BRANCH */,
-        sha: result.data.commit.sha
-      })),
-      getCommit({ commitSha: ref, repo, owner }, oktoKit).then((commit) => ({
-        date: new Date(commit.data.committer.date),
-        type: "COMMIT" /* COMMIT */,
-        sha: commit.data.sha
-      })),
-      getTagDate({ owner, repo, tag: ref }, oktoKit).then((data) => ({
-        date: new Date(data.date),
-        type: "TAG" /* TAG */,
-        sha: data.sha
-      }))
-    ]);
-    return res;
-  } catch (e) {
-    if (e instanceof AggregateError) {
-      throw new RefNotFoundError(`ref: ${ref} does not exist`);
-    }
-    throw e;
-  }
-}
-async function getBranch({ branch, owner, repo }, oktoKit) {
-  return oktoKit.rest.repos.getBranch({
-    branch,
-    owner,
-    repo
-  });
-}
-async function getTagDate({ tag, owner, repo }, oktoKit) {
-  const refResponse = await oktoKit.rest.git.getRef({
-    ref: `tags/${tag}`,
-    owner,
-    repo
-  });
-  const tagSha = refResponse.data.object.sha;
-  if (refResponse.data.object.type === "commit") {
-    const res2 = await oktoKit.rest.git.getCommit({
-      commit_sha: tagSha,
-      owner,
-      repo
-    });
-    return {
-      date: res2.data.committer.date,
-      sha: res2.data.sha
-    };
-  }
-  const res = await oktoKit.rest.git.getTag({
-    tag_sha: tagSha,
-    owner,
-    repo
-  });
-  return {
-    date: res.data.tagger.date,
-    sha: res.data.sha
-  };
-}
-async function getCommit({
-  commitSha,
-  owner,
-  repo
-}, oktoKit) {
-  return oktoKit.rest.git.getCommit({
-    repo,
-    owner,
-    commit_sha: commitSha
-  });
-}
-function parseGithubOwnerAndRepo(gitHubUrl) {
-  gitHubUrl = normalizeUrl(gitHubUrl);
-  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
-  if (!parsingResult || parsingResult.hostname !== "github.com") {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
-  }
-  const { organization, repoName } = parsingResult;
-  if (!organization || !repoName) {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
-  }
-  return { owner: organization, repo: repoName };
-}
-async function queryGithubGraphql(query, variables, options) {
-  const token = options?.githubAuthToken ?? GITHUB_API_TOKEN ?? "";
-  const parameters = variables ?? {};
-  const authorizationHeader = {
-    headers: {
-      authorization: `bearer ${token}`
-    }
-  };
-  try {
-    const oktoKit = getOktoKit(options);
-    const res = await oktoKit.graphql(query, {
-      ...parameters,
-      ...authorizationHeader
-    });
-    return res;
-  } catch (e) {
-    if (e instanceof RequestError) {
-      return null;
+    case "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */:
+      return "WCF Misconfiguration: Throttling Not Enabled";
+    case "USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */:
+      return "Useless regular-expression character escape";
+    case "INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */:
+      return "Incomplete Hostname Regex";
+    case "OVERLY_LARGE_RANGE" /* OverlyLargeRange */:
+      return "Regex: Overly Large Range";
+    case "INSUFFICIENT_LOGGING" /* InsufficientLogging */:
+      return "Insufficient Logging of Sensitive Operations";
+    case "PRIVACY_VIOLATION" /* PrivacyViolation */:
+      return "Privacy Violation";
+    case "INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */:
+      return "Incomplete URL Scheme Check";
+    case "VALUE_NEVER_READ" /* ValueNeverRead */:
+      return "Value Never Read";
+    case "VALUE_SHADOWING" /* ValueShadowing */:
+      return "Value Shadowing";
+    default: {
+      return issueType ? issueType.replaceAll("_", " ") : "Other";
     }
-    throw e;
-  }
-}
-async function getGithubBlameRanges({ ref, gitHubUrl, path: path9 }, options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
-  const variables = {
-    owner,
-    repo,
-    path: path9,
-    ref
-  };
-  const res = await queryGithubGraphql(
-    GetBlameDocument,
-    variables,
-    options
-  );
-  if (!res?.repository?.object?.blame?.ranges) {
-    return [];
-  }
-  return res.repository.object.blame.ranges.map((range) => ({
-    startingLine: range.startingLine,
-    endingLine: range.endingLine,
-    email: range.commit.author.user?.email || "",
-    name: range.commit.author.user?.name || "",
-    login: range.commit.author.user?.login || ""
-  }));
-}
-async function createPr({
-  sourceRepoUrl,
-  filesPaths,
-  userRepoUrl,
-  title,
-  body
-}, options) {
-  const oktoKit = getOktoKit(options);
-  const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
-  const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
-  const [sourceFilePath, secondFilePath] = filesPaths;
-  const sourceFileContentResponse = await oktoKit.rest.repos.getContent({
-    owner: sourceOwner,
-    repo: sourceRepo,
-    path: "/" + sourceFilePath
-  });
-  const { data: repository } = await oktoKit.rest.repos.get({ owner, repo });
-  const defaultBranch = repository.default_branch;
-  const newBranchName = `mobb/workflow-${Date.now()}`;
-  await oktoKit.rest.git.createRef({
-    owner,
-    repo,
-    ref: `refs/heads/${newBranchName}`,
-    sha: await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-  });
-  const decodedContent = Buffer.from(
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    sourceFileContentResponse.data.content,
-    "base64"
-  ).toString("utf-8");
-  const tree = [
-    {
-      path: sourceFilePath,
-      mode: "100644",
-      type: "blob",
-      content: decodedContent
-    }
-  ];
-  if (secondFilePath) {
-    const secondFileContentResponse = await oktoKit.rest.repos.getContent({
-      owner: sourceOwner,
-      repo: sourceRepo,
-      path: "/" + secondFilePath
-    });
-    const secondDecodedContent = Buffer.from(
-      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-      // @ts-ignore
-      secondFileContentResponse.data.content,
-      "base64"
-    ).toString("utf-8");
-    tree.push({
-      path: secondFilePath,
-      mode: "100644",
-      type: "blob",
-      content: secondDecodedContent
-    });
   }
-  const createTreeResponse = await oktoKit.rest.git.createTree({
-    owner,
-    repo,
-    base_tree: await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    tree
-  });
-  const createCommitResponse = await oktoKit.rest.git.createCommit({
-    owner,
-    repo,
-    message: "Add new yaml file",
-    tree: createTreeResponse.data.sha,
-    parents: [
-      await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-    ]
-  });
-  await oktoKit.rest.git.updateRef({
-    owner,
-    repo,
-    ref: `heads/${newBranchName}`,
-    sha: createCommitResponse.data.sha
-  });
-  const createPRResponse = await oktoKit.rest.pulls.create({
-    owner,
-    repo,
-    title,
-    head: newBranchName,
-    head_repo: sourceRepo,
-    body,
-    base: defaultBranch
-  });
-  return {
-    pull_request_url: createPRResponse.data.html_url
-  };
-}
-
-// src/features/analysis/scm/github/consts.ts
-var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
-var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
-var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
-var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
+};
 
-// src/features/analysis/scm/github/github-v2.ts
-function postPrComment(client, params) {
-  return client.request(POST_COMMENT_PATH, params);
-}
-function updatePrComment(client, params) {
-  return client.request(UPDATE_COMMENT_PATH, params);
-}
-function getPrComments(client, params) {
-  return client.request(GET_PR_COMMENTS_PATH, params);
-}
-function getPrComment(client, params) {
-  return client.request(GET_PR_COMMENT_PATH, params);
-}
-function deleteComment(client, params) {
-  return client.request(DELETE_COMMENT_PATH, params);
-}
-function getPrDiff(client, params) {
-  return client.request(GET_PR, { ...params, mediaType: { format: "diff" } });
-}
-function getPr(client, params) {
-  return client.request(GET_PR, { ...params });
-}
-function createOrUpdateRepositorySecret(client, params) {
-  return client.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params);
+// src/features/analysis/scm/utils/index.ts
+function getFixUrlWithRedirect(params) {
+  const {
+    fixId,
+    projectId,
+    organizationId,
+    analysisId,
+    redirectUrl,
+    appBaseUrl,
+    commentId
+  } = params;
+  const searchParams = new URLSearchParams();
+  searchParams.append("commit_redirect_url", redirectUrl);
+  searchParams.append("comment_id", commentId.toString());
+  return `${getFixUrl({
+    appBaseUrl,
+    fixId,
+    projectId,
+    organizationId,
+    analysisId
+  })}?${searchParams.toString()}`;
 }
-function getARepositoryPublicKey(client, params) {
-  return client.request(GET_A_REPOSITORY_PUBLIC_KEY, params);
+function getFixUrl({
+  appBaseUrl,
+  fixId,
+  projectId,
+  organizationId,
+  analysisId
+}) {
+  return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
 }
-function postGeneralPrComment(client, params) {
-  return client.request(POST_GENERAL_PR_COMMENT, params);
+function getCommitUrl(params) {
+  const {
+    fixId,
+    projectId,
+    organizationId,
+    analysisId,
+    redirectUrl,
+    appBaseUrl,
+    commentId
+  } = params;
+  const searchParams = new URLSearchParams();
+  searchParams.append("redirect_url", redirectUrl);
+  searchParams.append("comment_id", commentId.toString());
+  return `${getFixUrl({
+    appBaseUrl,
+    fixId,
+    projectId,
+    organizationId,
+    analysisId
+  })}/commit?${searchParams.toString()}`;
 }
-function getGeneralPrComments(client, params) {
-  return client.request(GET_GENERAL_PR_COMMENTS, params);
+var userNamePattern = /^(https?:\/\/)([^@]+@)?([^/]+\/.+)$/;
+var sshPattern = /^git@([\w.-]+):([\w./-]+)$/;
+function normalizeUrl(repoUrl) {
+  let trimmedUrl = repoUrl.trim().replace(/\/+$/, "");
+  if (repoUrl.endsWith(".git")) {
+    trimmedUrl = trimmedUrl.slice(0, -".git".length);
+  }
+  const usernameMatch = trimmedUrl.match(userNamePattern);
+  if (usernameMatch) {
+    const [_all, protocol, _username, repoPath] = usernameMatch;
+    trimmedUrl = `${protocol}${repoPath}`;
+  }
+  const sshMatch = trimmedUrl.match(sshPattern);
+  if (sshMatch) {
+    const [_all, hostname, reporPath] = sshMatch;
+    trimmedUrl = `https://${hostname}/${reporPath}`;
+  }
+  return trimmedUrl;
 }
-function deleteGeneralPrComment(client, params) {
-  return client.request(DELETE_GENERAL_PR_COMMENT, params);
+var isUrlHasPath = (url) => {
+  return new URL(url).origin !== url;
+};
+function shouldValidateUrl(repoUrl) {
+  return repoUrl && isUrlHasPath(repoUrl);
 }
 
-// src/features/analysis/scm/gitlab/gitlab.ts
-import querystring2 from "node:querystring";
-import {
-  Gitlab
-} from "@gitbeaker/rest";
-import { ProxyAgent } from "undici";
-import { z as z5 } from "zod";
-
 // src/features/analysis/scm/gitlab/types.ts
 import { z as z4 } from "zod";
 var GitlabAuthResultZ = z4.object({
@@ -1933,13 +1954,6 @@ var GitlabAuthResultZ = z4.object({
 });
 
 // src/features/analysis/scm/gitlab/gitlab.ts
-var EnvVariablesZod2 = z5.object({
-  GITLAB_API_TOKEN: z5.string().optional(),
-  BROKERED_HOSTS: z5.string().toLowerCase().transform(
-    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
-  ).default("")
-});
-var { GITLAB_API_TOKEN, BROKERED_HOSTS } = EnvVariablesZod2.parse(process.env);
 function removeTrailingSlash2(str) {
   return str.trim().replace(/\/+$/, "");
 }
@@ -1961,7 +1975,7 @@ async function gitlabValidateParams({
     if (accessToken) {
       await api2.Users.showCurrentUser();
     }
-    if (url) {
+    if (url && shouldValidateUrl(url)) {
       const { projectPath } = parseGitlabOwnerAndRepo(url);
       await api2.Projects.show(projectPath);
     }
@@ -2214,7 +2228,7 @@ function initGitlabFetchMock() {
     if (urlParsed && BROKERED_HOSTS.includes(
       `${urlParsed.protocol?.toLowerCase()}//${urlParsed.host?.toLowerCase()}`
     )) {
-      const dispatcher = new ProxyAgent({
+      const dispatcher = new ProxyAgent2({
         uri: process.env["GIT_PROXY_HOST"] || "http://tinyproxy:8888",
         requestTls: {
           rejectUnauthorized: false
@@ -2234,88 +2248,88 @@ import parseDiff from "parse-diff";
 import path3 from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
-import { z as z7 } from "zod";
+import { z as z6 } from "zod";
 
 // src/features/analysis/scm/scmSubmit/types.ts
-import { z as z6 } from "zod";
-var BaseSubmitToScmMessageZ = z6.object({
-  submitFixRequestId: z6.string().uuid(),
-  fixes: z6.array(
-    z6.object({
-      fixId: z6.string().uuid(),
-      patches: z6.array(z6.string())
+import { z as z5 } from "zod";
+var BaseSubmitToScmMessageZ = z5.object({
+  submitFixRequestId: z5.string().uuid(),
+  fixes: z5.array(
+    z5.object({
+      fixId: z5.string().uuid(),
+      patches: z5.array(z5.string())
     })
   ),
-  commitHash: z6.string(),
-  repoUrl: z6.string()
+  commitHash: z5.string(),
+  repoUrl: z5.string()
 });
 var submitToScmMessageType = {
   commitToSameBranch: "commitToSameBranch",
   submitFixesForDifferentBranch: "submitFixesForDifferentBranch"
 };
 var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
-  z6.object({
-    type: z6.literal(submitToScmMessageType.commitToSameBranch),
-    branch: z6.string(),
-    commitMessage: z6.string(),
-    commitDescription: z6.string().nullish(),
-    githubCommentId: z6.number().nullish()
+  z5.object({
+    type: z5.literal(submitToScmMessageType.commitToSameBranch),
+    branch: z5.string(),
+    commitMessage: z5.string(),
+    commitDescription: z5.string().nullish(),
+    githubCommentId: z5.number().nullish()
   })
 );
-var SubmitFixesToDifferentBranchParamsZ = z6.object({
-  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  submitBranch: z6.string(),
-  baseBranch: z6.string()
+var SubmitFixesToDifferentBranchParamsZ = z5.object({
+  type: z5.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  submitBranch: z5.string(),
+  baseBranch: z5.string()
 }).merge(BaseSubmitToScmMessageZ);
-var SubmitFixesMessageZ = z6.union([
+var SubmitFixesMessageZ = z5.union([
   CommitToSameBranchParamsZ,
   SubmitFixesToDifferentBranchParamsZ
 ]);
-var FixResponseArrayZ = z6.array(
-  z6.object({
-    fixId: z6.string().uuid()
+var FixResponseArrayZ = z5.array(
+  z5.object({
+    fixId: z5.string().uuid()
   })
 );
-var SubmitFixesBaseResponseMessageZ = z6.object({
-  submitFixRequestId: z6.string().uuid(),
-  submitBranches: z6.array(
-    z6.object({
-      branchName: z6.string(),
+var SubmitFixesBaseResponseMessageZ = z5.object({
+  submitFixRequestId: z5.string().uuid(),
+  submitBranches: z5.array(
+    z5.object({
+      branchName: z5.string(),
       fixes: FixResponseArrayZ
     })
   ),
-  error: z6.object({
-    type: z6.enum([
+  error: z5.object({
+    type: z5.enum([
       "InitialRepoAccessError",
       "PushBranchError",
       "UnknownError"
     ]),
-    info: z6.object({
-      message: z6.string(),
-      pushBranchName: z6.string().optional()
+    info: z5.object({
+      message: z5.string(),
+      pushBranchName: z5.string().optional()
     })
   }).optional()
 });
-var SubmitFixesToSameBranchResponseMessageZ = z6.object({
-  type: z6.literal(submitToScmMessageType.commitToSameBranch),
-  githubCommentId: z6.number().nullish()
+var SubmitFixesToSameBranchResponseMessageZ = z5.object({
+  type: z5.literal(submitToScmMessageType.commitToSameBranch),
+  githubCommentId: z5.number().nullish()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesToDifferentBranchResponseMessageZ = z6.object({
-  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  githubCommentId: z6.number().optional()
+var SubmitFixesToDifferentBranchResponseMessageZ = z5.object({
+  type: z5.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  githubCommentId: z5.number().optional()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesResponseMessageZ = z6.discriminatedUnion("type", [
+var SubmitFixesResponseMessageZ = z5.discriminatedUnion("type", [
   SubmitFixesToSameBranchResponseMessageZ,
   SubmitFixesToDifferentBranchResponseMessageZ
 ]);
 
 // src/features/analysis/scm/scmSubmit/index.ts
-var EnvVariablesZod3 = z7.object({
-  BROKERED_HOSTS: z7.string().toLowerCase().transform(
+var EnvVariablesZod2 = z6.object({
+  BROKERED_HOSTS: z6.string().toLowerCase().transform(
     (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
   ).default("")
 });
-var { BROKERED_HOSTS: BROKERED_HOSTS2 } = EnvVariablesZod3.parse(process.env);
+var { BROKERED_HOSTS: BROKERED_HOSTS2 } = EnvVariablesZod2.parse(process.env);
 var isValidBranchName = async (branchName) => {
   const git = simpleGit();
   try {
@@ -2328,18 +2342,18 @@ var isValidBranchName = async (branchName) => {
     return false;
   }
 };
-var FixesZ = z7.array(
-  z7.object({
-    fixId: z7.string(),
-    patches: z7.array(z7.string())
+var FixesZ = z6.array(
+  z6.object({
+    fixId: z6.string(),
+    patches: z6.array(z6.string())
   })
 ).nonempty();
 
 // src/features/analysis/scm/scm.ts
-var GetRefererenceResultZ = z8.object({
-  date: z8.date().optional(),
-  sha: z8.string(),
-  type: z8.nativeEnum(ReferenceType)
+var GetRefererenceResultZ = z7.object({
+  date: z7.date().optional(),
+  sha: z7.string(),
+  type: z7.nativeEnum(ReferenceType)
 });
 function getCloudScmLibTypeFromUrl(url) {
   if (!url) {
@@ -2380,11 +2394,11 @@ var scmTypeToScmLibScmType = {
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
 function getScmTypeFromScmLibType(scmLibType) {
-  const parsedScmLibType = z8.nativeEnum(ScmLibScmType).parse(scmLibType);
+  const parsedScmLibType = z7.nativeEnum(ScmLibScmType).parse(scmLibType);
   return scmLibScmTypeToScmType[parsedScmLibType];
 }
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z8.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z7.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -2579,10 +2593,7 @@ var SCMLib = class {
     scmType,
     scmOrg
   }) {
-    let trimmedUrl = void 0;
-    if (url) {
-      trimmedUrl = url.trim().replace(/\/$/, "").replace(/.git$/i, "");
-    }
+    const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
     try {
       switch (scmType) {
         case "GITHUB" /* GITHUB */: {
@@ -2610,7 +2621,7 @@ var SCMLib = class {
       if (e instanceof InvalidRepoUrlError && url) {
         throw new RepoNoTokenAccessError(
           "no access to repo",
-          scmLibScmTypeToScmType[z8.nativeEnum(ScmLibScmType).parse(scmType)]
+          scmLibScmTypeToScmType[z7.nativeEnum(ScmLibScmType).parse(scmType)]
         );
       }
     }
@@ -2905,46 +2916,37 @@ var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
   constructor(url, accessToken, scmOrg) {
     super(url, accessToken, scmOrg);
-    __publicField(this, "oktokit");
-    this.oktokit = new Octokit2({ auth: accessToken });
+    __publicField(this, "githubSdk");
+    this.githubSdk = getGithubSdk({
+      auth: accessToken,
+      url
+    });
   }
   async createSubmitRequest(params) {
     this._validateAccessTokenAndUrl();
     const { targetBranchName, sourceBranchName, title, body } = params;
-    return String(
-      await createPullRequest({
-        title,
-        body,
-        targetBranchName,
-        sourceBranchName,
-        repoUrl: this.url,
-        accessToken: this.accessToken
-      })
-    );
+    const pullRequestResult = await this.githubSdk.createPullRequest({
+      title,
+      body,
+      targetBranchName,
+      sourceBranchName,
+      repoUrl: this.url
+    });
+    return String(pullRequestResult.data.number);
   }
   async forkRepo(repoUrl) {
     this._validateToken();
-    return forkRepo({
-      repoUrl,
-      accessToken: this.accessToken
+    return this.githubSdk.forkRepo({
+      repoUrl
     });
   }
-  async createOrUpdateRepositorySecret(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot delete comment without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async createOrUpdateRepositorySecret(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const { data: repositoryPublicKeyResponse } = await getARepositoryPublicKey(
-      oktokit,
-      {
-        owner,
-        repo
-      }
-    );
+    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
     const { key_id, key } = repositoryPublicKeyResponse;
     const encryptedValue = await encryptSecret(params.value, key);
-    return createOrUpdateRepositorySecret(oktokit, {
+    return this.githubSdk.createOrUpdateRepositorySecret({
       encrypted_value: encryptedValue,
       secret_name: params.name,
       key_id,
@@ -2953,66 +2955,49 @@ var GithubSCMLib = class extends SCMLib {
     });
   }
   async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
-    const { pull_request_url } = await createPr(
-      {
-        sourceRepoUrl,
-        filesPaths,
-        userRepoUrl,
-        title,
-        body
-      },
-      {
-        githubAuthToken: this.accessToken
-      }
-    );
+    const { pull_request_url } = await this.githubSdk.createPr({
+      sourceRepoUrl,
+      filesPaths,
+      userRepoUrl,
+      title,
+      body
+    });
     return { pull_request_url };
   }
   async validateParams() {
     return githubValidateParams(this.url, this.accessToken);
   }
-  async postPrComment(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot post on PR without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async postPrComment(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return postPrComment(oktokit, {
+    return this.githubSdk.postPrComment({
       ...params,
       owner,
       repo
     });
   }
-  async updatePrComment(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot update on PR without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async updatePrComment(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return updatePrComment(oktokit, {
+    return this.githubSdk.updatePrComment({
       ...params,
       owner,
       repo
     });
   }
-  async deleteComment(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot delete comment without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async deleteComment(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return deleteComment(oktokit, {
+    return this.githubSdk.deleteComment({
       ...params,
       owner,
       repo
     });
   }
-  async getPrComments(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot get Pr Comments without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async getPrComments(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return getPrComments(oktokit, {
+    return this.githubSdk.getPrComments({
       per_page: 100,
       ...params,
       owner,
@@ -3020,27 +3005,23 @@ var GithubSCMLib = class extends SCMLib {
     });
   }
   async getPrDiff(params) {
-    if (!this.accessToken || !this.url) {
-      throw new Error("cannot get Pr Comments without access token or url");
-    }
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const prRes = await getPrDiff(this.oktokit, {
+    const prRes = await this.githubSdk.getPrDiff({
       ...params,
       owner,
       repo
     });
-    return z8.string().parse(prRes.data);
+    return z7.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-    return getGithubRepoList(this.accessToken);
+    this._validateToken();
+    return this.githubSdk.getGithubRepoList();
   }
   async getBranchList() {
     this._validateAccessTokenAndUrl();
-    return getGithubBranchList(this.accessToken, this.url);
+    const branches = await this.githubSdk.getGithubBranchList(this.url);
+    return branches.data.map((branch) => branch.name);
   }
   getScmLibType() {
     return "GITHUB" /* GITHUB */;
@@ -3052,73 +3033,57 @@ var GithubSCMLib = class extends SCMLib {
     return {};
   }
   getDownloadUrl(sha) {
-    this.url;
     this._validateUrl();
     const res = parseScmURL(this.url, "GitHub" /* GitHub */);
     if (!res) {
       throw new InvalidRepoUrlError("invalid repo url");
     }
-    const { hostname, organization, repoName } = res;
-    return Promise.resolve(
-      `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`
-    );
+    const { protocol, hostname, organization, repoName } = res;
+    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
+    return Promise.resolve(downloadUrl);
   }
   async _getUsernameForAuthUrl() {
     return this.getUsername();
   }
   async getIsRemoteBranch(branch) {
-    this._validateAccessTokenAndUrl();
-    return getGithubIsRemoteBranch(this.accessToken, this.url, branch);
+    this._validateUrl();
+    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
   }
   async getUserHasAccessToRepo() {
-    if (!this.accessToken || !this.url) {
-      console.error("no access token or no url");
-      throw new Error("no access token or no url");
-    }
+    this._validateAccessTokenAndUrl();
     const username = await this.getUsername();
-    return getGithubIsUserCollaborator(username, this.accessToken, this.url);
+    return this.githubSdk.getGithubIsUserCollaborator({
+      repoUrl: this.url,
+      username
+    });
   }
   async getUsername() {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-    return getGithubUsername(this.accessToken);
+    this._validateToken();
+    return this.githubSdk.getGithubUsername();
   }
   async getSubmitRequestStatus(scmSubmitRequestId) {
-    if (!this.accessToken || !this.url) {
-      console.error("no access token or no url");
-      throw new Error("no access token or no url");
-    }
-    const state = await getGithubPullRequestStatus(
-      this.accessToken,
-      this.url,
-      Number(scmSubmitRequestId)
-    );
-    return state;
+    this._validateAccessTokenAndUrl();
+    return this.githubSdk.getGithubPullRequestStatus({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId)
+    });
   }
   async getRepoBlameRanges(ref, path9) {
     this._validateUrl();
-    return await getGithubBlameRanges(
-      { ref, path: path9, gitHubUrl: this.url },
-      {
-        githubAuthToken: this.accessToken
-      }
-    );
+    return await this.githubSdk.getGithubBlameRanges({
+      ref,
+      path: path9,
+      gitHubUrl: this.url
+    });
   }
   async getReferenceData(ref) {
     this._validateUrl();
-    return await getGithubReferenceData(
-      { ref, gitHubUrl: this.url },
-      {
-        githubAuthToken: this.accessToken
-      }
-    );
+    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
   }
   async getPrComment(commentId) {
     this._validateUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await getPrComment(this.oktokit, {
+    return await this.githubSdk.getPrComment({
       repo,
       owner,
       comment_id: commentId
@@ -3126,17 +3091,12 @@ var GithubSCMLib = class extends SCMLib {
   }
   async getRepoDefaultBranch() {
     this._validateUrl();
-    return await getGithubRepoDefaultBranch(this.url, {
-      githubAuthToken: this.accessToken
-    });
+    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
   }
   async getPrUrl(prNumber) {
-    if (!this.url || !this.oktokit) {
-      console.error("no url");
-      throw new Error("no url");
-    }
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getPrRes = await getPr(this.oktokit, {
+    const getPrRes = await this.githubSdk.getPr({
       owner,
       repo,
       pull_number: prNumber
@@ -3145,21 +3105,20 @@ var GithubSCMLib = class extends SCMLib {
   }
   async postGeneralPrComment(params) {
     const { prNumber, body } = params;
-    this._validateUrl();
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await postGeneralPrComment(this.oktokit, {
+    return await this.githubSdk.postGeneralPrComment({
       issue_number: prNumber,
       owner,
       repo,
       body
     });
   }
-  async getGeneralPrComments(params, auth) {
+  async getGeneralPrComments(params) {
     const { prNumber } = params;
-    this._validateUrl();
-    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await getGeneralPrComments(oktoKit, {
+    return await this.githubSdk.getGeneralPrComments({
       issue_number: prNumber,
       owner,
       repo
@@ -3168,9 +3127,9 @@ var GithubSCMLib = class extends SCMLib {
   async deleteGeneralPrComment({
     commentId
   }) {
-    this._validateUrl();
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return deleteGeneralPrComment(this.oktokit, {
+    return this.githubSdk.deleteGeneralPrComment({
       owner,
       repo,
       comment_id: commentId
@@ -3244,7 +3203,7 @@ var StubSCMLib = class extends SCMLib {
 };
 function getUserAndPassword(token) {
   const [username, password] = token.split(":");
-  const safePasswordAndUsername = z8.object({ username: z8.string(), password: z8.string() }).parse({ username, password });
+  const safePasswordAndUsername = z7.object({ username: z7.string(), password: z7.string() }).parse({ username, password });
   return {
     username: safePasswordAndUsername.username,
     password: safePasswordAndUsername.password
@@ -3280,7 +3239,7 @@ var BitbucketSCMLib = class extends SCMLib {
         return { username, password, authType };
       }
       case "token": {
-        return { authType, token: z8.string().parse(this.accessToken) };
+        return { authType, token: z7.string().parse(this.accessToken) };
       }
       case "public":
         return { authType };
@@ -3292,7 +3251,7 @@ var BitbucketSCMLib = class extends SCMLib {
       ...params,
       repoUrl: this.url
     });
-    return String(z8.number().parse(pullRequestRes.id));
+    return String(z7.number().parse(pullRequestRes.id));
   }
   async validateParams() {
     return validateBitbucketParams({
@@ -3364,7 +3323,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateToken();
     const res = await this.bitbucketSdk.getUser();
-    return z8.string().parse(res.username);
+    return z7.string().parse(res.username);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -3393,7 +3352,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getRepoDefaultBranch() {
     this._validateUrl();
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z8.string().parse(repoRes.mainbranch?.name);
+    return z7.string().parse(repoRes.mainbranch?.name);
   }
   getPrUrl(prNumber) {
     this._validateUrl();
@@ -3417,25 +3376,25 @@ var BitbucketSCMLib = class extends SCMLib {
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var { Bitbucket } = bitbucketPkg;
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z9.object({
-  status: z9.number(),
-  error: z9.object({
-    type: z9.string(),
-    error: z9.object({
-      message: z9.string()
+var TokenExpiredErrorZ = z8.object({
+  status: z8.number(),
+  error: z8.object({
+    type: z8.string(),
+    error: z8.object({
+      message: z8.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
-var BitbucketAuthResultZ = z9.object({
-  access_token: z9.string(),
-  token_type: z9.string(),
-  refresh_token: z9.string()
+var BitbucketAuthResultZ = z8.object({
+  access_token: z8.string(),
+  token_type: z8.string(),
+  refresh_token: z8.string()
 });
-var BitbucketParseResultZ = z9.object({
-  organization: z9.string(),
-  repoName: z9.string(),
-  hostname: z9.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z8.object({
+  organization: z8.string(),
+  repoName: z8.string(),
+  hostname: z8.literal(BITBUCKET_HOSTNAME)
 });
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
@@ -3513,7 +3472,7 @@ function getBitbucketSdk(params) {
       if (!res.data.values) {
         return [];
       }
-      return res.data.values.filter((branch) => !!branch.name).map((branch) => z9.string().parse(branch.name));
+      return res.data.values.filter((branch) => !!branch.name).map((branch) => z8.string().parse(branch.name));
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
@@ -3628,7 +3587,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: tagRes.data.target?.hash,
         type: "TAG" /* TAG */,
-        date: new Date(z9.string().parse(tagRes.data.target?.date))
+        date: new Date(z8.string().parse(tagRes.data.target?.date))
       });
     },
     async getBranchRef(params2) {
@@ -3636,7 +3595,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getBranchRes.target?.hash,
         type: "BRANCH" /* BRANCH */,
-        date: new Date(z9.string().parse(getBranchRes.target?.date))
+        date: new Date(z8.string().parse(getBranchRes.target?.date))
       });
     },
     async getCommitRef(params2) {
@@ -3644,13 +3603,13 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getCommitRes.hash,
         type: "COMMIT" /* COMMIT */,
-        date: new Date(z9.string().parse(getCommitRes.date))
+        date: new Date(z8.string().parse(getCommitRes.date))
       });
     },
     async getDownloadUrl({ url, sha }) {
       this.getReferenceData({ ref: sha, url });
       const repoRes = await this.getRepo({ repoUrl: url });
-      const parsedRepoUrl = z9.string().url().parse(repoRes.links?.html?.href);
+      const parsedRepoUrl = z8.string().url().parse(repoRes.links?.html?.href);
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
@@ -3673,7 +3632,7 @@ async function validateBitbucketParams(params) {
     if (authType !== "public") {
       await bitbucketClient.getUser();
     }
-    if (params.url) {
+    if (params.url && shouldValidateUrl(params.url)) {
       await bitbucketClient.getRepo({ repoUrl: params.url });
     }
   } catch (e) {
@@ -3693,7 +3652,7 @@ async function validateBitbucketParams(params) {
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
   const res = await bitbucketClient.workspaces.getWorkspaces({});
-  return res.data.values?.map((v) => z9.string().parse(v.slug));
+  return res.data.values?.map((v) => z8.string().parse(v.slug));
 }
 async function getllUsersrepositories(bitbucketClient) {
   const userWorspacesSlugs = await getUsersworkspacesSlugs(bitbucketClient);
@@ -3725,7 +3684,7 @@ var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
 // src/features/analysis/add_fix_comments_for_pr/utils.ts
 import Debug3 from "debug";
 import parseDiff2 from "parse-diff";
-import { z as z10 } from "zod";
+import { z as z9 } from "zod";
 
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -3956,7 +3915,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z10.string().parse(file.to),
+      path: z9.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -4263,30 +4222,30 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 
 // src/features/analysis/graphql/types.ts
-import { z as z11 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z11.object({
-  vulnerabilityReportIssueId: z11.string(),
-  path: z11.string(),
-  startLine: z11.number(),
-  vulnerabilityReportIssue: z11.object({
-    fixId: z11.string()
+import { z as z10 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z10.object({
+  vulnerabilityReportIssueId: z10.string(),
+  path: z10.string(),
+  startLine: z10.number(),
+  vulnerabilityReportIssue: z10.object({
+    fixId: z10.string()
   })
 });
-var GetVulByNodesMetadataZ = z11.object({
-  vulnerabilityReportIssueCodeNodes: z11.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+var GetVulByNodesMetadataZ = z10.object({
+  vulnerabilityReportIssueCodeNodes: z10.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z10.object({
+    aggregate: z10.object({
+      count: z10.number()
     })
   }),
-  fixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  fixablePrVuls: z10.object({
+    aggregate: z10.object({
+      count: z10.number()
     })
   }),
-  totalScanVulnerabilities: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  totalScanVulnerabilities: z10.object({
+    aggregate: z10.object({
+      count: z10.number()
     })
   })
 });
@@ -4381,13 +4340,12 @@ var GQLClient = class {
     }
   }
   async updateScmToken(args) {
-    const { scmType, url, token, org, username, refreshToken } = args;
+    const { scmType, url, token, org, refreshToken } = args;
     const updateScmTokenResult = await this._clientSdk.updateScmToken({
       scmType,
       url,
       token,
       org,
-      username,
       refreshToken
     });
     return updateScmTokenResult;
@@ -4917,7 +4875,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
 
 // src/features/analysis/upload-file.ts
 import Debug11 from "debug";
-import fetch2, { File, fileFrom, FormData } from "node-fetch";
+import fetch3, { File, fileFrom, FormData } from "node-fetch";
 var debug10 = Debug11("mobbdev:upload-file");
 async function uploadFile({
   file,
@@ -4942,7 +4900,7 @@ async function uploadFile({
     debug10("upload file from buffer");
     form.append("file", new File([file], "file"));
   }
-  const response = await fetch2(url, {
+  const response = await fetch3(url, {
     method: "POST",
     body: form
   });
@@ -4973,7 +4931,7 @@ async function downloadRepo({
   debug11("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path6.join(dirname, "repo.zip");
   debug11("download URL: %s auth headers: %o", downloadUrl, authHeaders);
-  const response = await fetch3(downloadUrl, {
+  const response = await fetch4(downloadUrl, {
     method: "GET",
     headers: {
       ...authHeaders
@@ -5184,7 +5142,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z12.string().parse(repo),
+      repoUrl: z11.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -5436,9 +5394,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z12.object({
-          repo: z12.string().url(),
-          githubActionToken: z12.string()
+        const params2 = z11.object({
+          repo: z11.string().url(),
+          githubActionToken: z11.string()
         }).parse({ repo, githubActionToken });
         const scm2 = await SCMLib.init({
           url: params2.repo,
@@ -5455,7 +5413,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
               analysisId,
               gqlClient,
               scm: scm2,
-              scanner: z12.nativeEnum(SCANNERS).parse(scanner)
+              scanner: z11.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -5539,7 +5497,7 @@ var packageJson2 = JSON.parse(
 );
 var config3 = new Configstore2(packageJson2.name, { apiToken: "" });
 async function addScmToken(addScmTokenOptions) {
-  const { apiKey, token, organization, scmType, url, username, refreshToken } = addScmTokenOptions;
+  const { apiKey, token, organization, scmType, url, refreshToken } = addScmTokenOptions;
   const gqlClient = new GQLClient({
     apiKey: apiKey || config3.get("apiToken"),
     type: "apiKey"
@@ -5552,7 +5510,6 @@ async function addScmToken(addScmTokenOptions) {
     url,
     token,
     org: organization,
-    username,
     refreshToken
   });
 }
@@ -5648,10 +5605,6 @@ var scmOrgOption = {
   describe: chalk5.bold("Organization name in SCM (used in Azure DevOps)"),
   type: "string"
 };
-var scmUsernameOption = {
-  describe: chalk5.bold("Username in SCM (used in GitHub, Bitbucket)"),
-  type: "string"
-};
 var scmRefreshTokenOption = {
   describe: chalk5.bold("SCM refresh token (used in GitLab)"),
   type: "string"
@@ -5665,7 +5618,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z13 } from "zod";
+import { z as z12 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -5682,7 +5635,7 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z13.string({
+var UrlZ = z12.string({
   invalid_type_error: "is not a valid GitHub / GitLab / ADO URL"
 }).refine((data) => !!sanityRepoURL(data), {
   message: "is not a valid GitHub / GitLab / ADO URL"
@@ -5837,15 +5790,15 @@ async function scanHandler(args) {
 }
 
 // src/args/commands/token.ts
-import { z as z14 } from "zod";
+import { z as z13 } from "zod";
 function addScmTokenBuilder(args) {
-  return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("username", scmUsernameOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
+  return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
     "$0 add-scm-token --scm-type Ado --url https://dev.azure.com/adoorg/test/_git/repo --token abcdef0123456 --organization myOrg",
     "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
   ).help().demandOption(["url", "token"]);
 }
 function validateAddScmTokenOptions(argv) {
-  if (!z14.nativeEnum(ScmType).safeParse(argv.scmType).success) {
+  if (!z13.nativeEnum(ScmType).safeParse(argv.scmType).success) {
     throw new CliError(
       "\nError: --scm-type must reference a valid SCM type (GitHub, GitLab, Ado, Bitbutcket)"
     );
@@ -5853,25 +5806,17 @@ function validateAddScmTokenOptions(argv) {
   Object.values(scmValidationMap).forEach((validate) => validate(argv));
 }
 var scmValidationMap = {
-  ["GitHub" /* GitHub */]: validateGithub,
+  ["GitHub" /* GitHub */]: () => {
+    return;
+  },
   ["GitLab" /* GitLab */]: () => {
     return;
   },
   ["Ado" /* Ado */]: validateAdo,
-  ["Bitbucket" /* Bitbucket */]: validateBitbucket
-};
-function validateBitbucket(argv) {
-  const urlObj = new URL(argv.url);
-  if (urlObj.hostname.toLowerCase() === scmCloudHostname.Bitbucket && !argv.username) {
-    throw new CliError("\nError: --username flag is required for Bitbucket");
-  }
-}
-function validateGithub(argv) {
-  const urlObj = new URL(argv.url);
-  if (urlObj.hostname.toLowerCase() === scmCloudHostname.GitHub && !argv.username) {
-    throw new CliError("\nError: --username flag is required for GitHub");
+  ["Bitbucket" /* Bitbucket */]: () => {
+    return;
   }
-}
+};
 function validateAdo(argv) {
   const urlObj = new URL(argv.url);
   if ((urlObj.hostname.toLowerCase() === scmCloudHostname.Ado || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com")) && !argv.organization) {