npm - mobbdev - Versions diffs - 0.0.140 → 0.0.142 - Mend

mobbdev 0.0.140 → 0.0.142

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +910 -940
package/package.json +6 -6

package/dist/index.mjs CHANGED Viewed

@@ -146,15 +146,17 @@ var MeDocument = `
 }
     `;
 var GetOrgAndProjectIdDocument = `
-    query getOrgAndProjectId {
-  users: user {
-    userOrganizationsAndUserOrganizationRoles {
-      organization {
+    query getOrgAndProjectId($filters: organization_to_organization_role_bool_exp, $limit: Int) {
+  organization_to_organization_role(
+    where: $filters
+    order_by: {organization: {createdOn: desc}}
+    limit: $limit
+  ) {
+    organization {
+      id
+      projects(order_by: {updatedAt: desc}) {
         id
-        projects(order_by: {updatedAt: desc}) {
-          id
-          name
-        }
+        name
       }
     }
   }
@@ -267,13 +269,12 @@ var GetVulByNodesMetadataDocument = `
 }
     `;
 var UpdateScmTokenDocument = `
-    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $username: String, $refreshToken: String) {
+    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $refreshToken: String) {
   updateScmToken(
     scmType: $scmType
     url: $url
     token: $token
     org: $org
-    username: $username
     refreshToken: $refreshToken
   ) {
     __typename
@@ -523,11 +524,11 @@ import chalk4 from "chalk";
 import Configstore from "configstore";
 import Debug12 from "debug";
 import extract from "extract-zip";
-import fetch3 from "node-fetch";
+import fetch4 from "node-fetch";
 import open2 from "open";
 import semver from "semver";
 import tmp2 from "tmp";
-import { z as z12 } from "zod";
+import { z as z11 } from "zod";
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug4 from "debug";
@@ -1208,236 +1209,31 @@ var AdoSdk = {
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 import querystring3 from "node:querystring";
 import * as bitbucketPkg from "bitbucket";
-import { z as z9 } from "zod";
-// src/features/analysis/scm/scm.ts
-import { Octokit as Octokit2 } from "@octokit/core";
 import { z as z8 } from "zod";
-// src/features/analysis/scm/github/encryptSecret.ts
-import sodium from "libsodium-wrappers";
-async function encryptSecret(secret, key) {
-  await sodium.ready;
-  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
-  const binsec = sodium.from_string(secret);
-  const encBytes = sodium.crypto_box_seal(binsec, binkey);
-  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
-}
+// src/features/analysis/scm/scm.ts
+import { z as z7 } from "zod";
 // src/features/analysis/scm/github/github.ts
 import { RequestError } from "@octokit/request-error";
-import { Octokit } from "octokit";
-import { z as z3 } from "zod";
-// src/features/analysis/scm/utils/get_issue_type.ts
-var getIssueType = (issueType) => {
-  switch (issueType) {
-    case "SQL_Injection" /* SqlInjection */:
-      return "SQL Injection";
-    case "CMDi_relative_path_command" /* CmDiRelativePathCommand */:
-      return "Relative Path Command Injection";
-    case "CMDi" /* CmDi */:
-      return "Command Injection";
-    case "XXE" /* Xxe */:
-      return "XXE";
-    case "XSS" /* Xss */:
-      return "XSS";
-    case "PT" /* Pt */:
-      return "Path Traversal";
-    case "ZIP_SLIP" /* ZipSlip */:
-      return "Zip Slip";
-    case "INSECURE_RANDOMNESS" /* InsecureRandomness */:
-      return "Insecure Randomness";
-    case "SSRF" /* Ssrf */:
-      return "Server Side Request Forgery";
-    case "TYPE_CONFUSION" /* TypeConfusion */:
-      return "Type Confusion";
-    case "REGEX_INJECTION" /* RegexInjection */:
-      return "Regular Expression Injection";
-    case "INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */:
-      return "Incomplete URL Sanitization";
-    case "LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */:
-      return "Locale Dependent Comparison";
-    case "LOG_FORGING" /* LogForging */:
-      return "Log Forging";
-    case "MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */:
-      return "Missing Check against Null";
-    case "PASSWORD_IN_COMMENT" /* PasswordInComment */:
-      return "Password in Comment";
-    case "OVERLY_BROAD_CATCH" /* OverlyBroadCatch */:
-      return "Poor Error Handling: Overly Broad Catch";
-    case "USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */:
-      return "Use of System.out/System.err";
-    case "DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */:
-      return "Use of dangerous function";
-    case "DOS_STRING_BUILDER" /* DosStringBuilder */:
-      return "Denial of Service: StringBuilder";
-    case "OPEN_REDIRECT" /* OpenRedirect */:
-      return "Open Redirect";
-    case "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */:
-      return "Weak XML Schema: Unbounded Occurrences";
-    case "SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */:
-      return "System Information Leak";
-    case "SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */:
-      return "External System Information Leak";
-    case "HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */:
-      return "HTTP response splitting";
-    case "HTTP_ONLY_COOKIE" /* HttpOnlyCookie */:
-      return "Cookie is not HttpOnly";
-    case "INSECURE_COOKIE" /* InsecureCookie */:
-      return "Insecure Cookie";
-    case "TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */:
-      return "Trust Boundary Violation";
-    case "NULL_DEREFERENCE" /* NullDereference */:
-      return "Null Dereference";
-    case "UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */:
-      return "Unsafe deserialization";
-    case "INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */:
-      return "Insecure Binder Configuration";
-    case "UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */:
-      return "Unsafe use of target blank";
-    case "IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */:
-      return "Client use of iframe without sandbox";
-    case "JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */:
-      return "jQuery deprecated symbols";
-    case "MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */:
-      return "Missing Anti-Forgery Validation";
-    case "GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */:
-      return "GraphQL Depth Limit";
-    case "UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */:
-      return "Unchecked Loop Condition";
-    case "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */:
-      return "Improper Resource Shutdown or Release";
-    case "IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */:
-      return "Improper Exception Handling";
-    case "DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */:
-      return "Default Definer Rights in Package or Object Definition";
-    case "HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */:
-      return "HTML Comment in JSP";
-    case "ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */:
-      return "Error Condition Without Action";
-    case "DEPRECATED_FUNCTION" /* DeprecatedFunction */:
-      return "Deprecated Function";
-    case "HARDCODED_SECRETS" /* HardcodedSecrets */:
-      return "Hardcoded Secrets";
-    case "PROTOTYPE_POLLUTION" /* PrototypePollution */:
-      return "Prototype Pollution";
-    case "RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */:
-      return "Race Condition Format Flaw";
-    case "NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */:
-      return "Non-final Public Static Field";
-    case "MISSING_HSTS_HEADER" /* MissingHstsHeader */:
-      return "Missing HSTS Header";
-    case "DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */:
-      return "Dead Code: Unused Field";
-    case "HEADER_MANIPULATION" /* HeaderManipulation */:
-      return "Header Manipulation";
-    case "MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */:
-      return "Missing equals or hashcode method";
-    case "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */:
-      return "WCF Misconfiguration: Insufficient Logging";
-    case "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */:
-      return "WCF Misconfiguration: Throttling Not Enabled";
-    case "USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */:
-      return "Useless regular-expression character escape";
-    case "INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */:
-      return "Incomplete Hostname Regex";
-    case "OVERLY_LARGE_RANGE" /* OverlyLargeRange */:
-      return "Regex: Overly Large Range";
-    case "INSUFFICIENT_LOGGING" /* InsufficientLogging */:
-      return "Insufficient Logging of Sensitive Operations";
-    case "PRIVACY_VIOLATION" /* PrivacyViolation */:
-      return "Privacy Violation";
-    case "INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */:
-      return "Incomplete URL Scheme Check";
-    case "VALUE_NEVER_READ" /* ValueNeverRead */:
-      return "Value Never Read";
-    case "VALUE_SHADOWING" /* ValueShadowing */:
-      return "Value Shadowing";
-    default: {
-      return issueType ? issueType.replaceAll("_", " ") : "Other";
-    }
-  }
-};
-// src/features/analysis/scm/utils/index.ts
-function getFixUrlWithRedirect(params) {
-  const {
-    fixId,
-    projectId,
-    organizationId,
-    analysisId,
-    redirectUrl,
-    appBaseUrl,
-    commentId
-  } = params;
-  const searchParams = new URLSearchParams();
-  searchParams.append("commit_redirect_url", redirectUrl);
-  searchParams.append("comment_id", commentId.toString());
-  return `${getFixUrl({
-    appBaseUrl,
-    fixId,
-    projectId,
-    organizationId,
-    analysisId
-  })}?${searchParams.toString()}`;
-}
-function getFixUrl({
-  appBaseUrl,
-  fixId,
-  projectId,
-  organizationId,
-  analysisId
-}) {
-  return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
-}
-function getCommitUrl(params) {
-  const {
-    fixId,
-    projectId,
-    organizationId,
-    analysisId,
-    redirectUrl,
-    appBaseUrl,
-    commentId
-  } = params;
-  const searchParams = new URLSearchParams();
-  searchParams.append("redirect_url", redirectUrl);
-  searchParams.append("comment_id", commentId.toString());
-  return `${getFixUrl({
-    appBaseUrl,
-    fixId,
-    projectId,
-    organizationId,
-    analysisId
-  })}/commit?${searchParams.toString()}`;
-}
-var userNamePattern = /^(https?:\/\/)([^@]+@)?([^/]+\/.+)$/;
-var sshPattern = /^git@([\w.-]+):([\w./-]+)$/;
-function normalizeUrl(repoUrl) {
-  let trimmedUrl = repoUrl.trim().replace(/\/+$/, "");
-  if (repoUrl.endsWith(".git")) {
-    trimmedUrl = trimmedUrl.slice(0, -".git".length);
-  }
-  const usernameMatch = trimmedUrl.match(userNamePattern);
-  if (usernameMatch) {
-    const [_all, protocol, _username, repoPath] = usernameMatch;
-    trimmedUrl = `${protocol}${repoPath}`;
-  }
-  const sshMatch = trimmedUrl.match(sshPattern);
-  if (sshMatch) {
-    const [_all, hostname, reporPath] = sshMatch;
-    trimmedUrl = `https://${hostname}/${reporPath}`;
-  }
-  return trimmedUrl;
-}
-// src/features/analysis/scm/github/github.ts
-var EnvVariablesZod = z3.object({
-  GITHUB_API_TOKEN: z3.string().optional()
-});
-var { GITHUB_API_TOKEN } = EnvVariablesZod.parse(process.env);
-var GetBlameDocument = `
+// src/features/analysis/scm/github/consts.ts
+var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
+var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
+var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
+var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
+var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
+var GET_USER = "GET /user";
+var GET_USER_REPOS = "GET /user/repos";
+var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
+var GET_BLAME_DOCUMENT = `
       query GetBlame(
         $owner: String!
         $repo: String!
@@ -1472,22 +1268,79 @@ var GetBlameDocument = `
         }
       }
     `;
-function getOktoKit(options) {
-  const token = options?.githubAuthToken ?? GITHUB_API_TOKEN ?? "";
-  return new Octokit({ auth: token });
-}
-function isGithbActionActionToken(token) {
-  return token.startsWith("ghs_");
+// src/features/analysis/scm/github/utils/encrypt_secret.ts
+import sodium from "libsodium-wrappers";
+async function encryptSecret(secret, key) {
+  await sodium.ready;
+  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
+  const binsec = sodium.from_string(secret);
+  const encBytes = sodium.crypto_box_seal(binsec, binkey);
+  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
 }
-async function githubValidateParams(url, accessToken) {
-  try {
-    const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-    if (accessToken) {
-      isGithbActionActionToken(accessToken) ? null : await oktoKit.rest.users.getAuthenticated();
-    }
-    if (url) {
-      const { owner, repo } = parseGithubOwnerAndRepo(url);
-      await oktoKit.request("GET /repos/{owner}/{repo}/branches", {
+// src/features/analysis/scm/github/utils/utils.ts
+import { Octokit } from "octokit";
+import { fetch as fetch2, ProxyAgent } from "undici";
+function parseGithubOwnerAndRepo(gitHubUrl) {
+  gitHubUrl = normalizeUrl(gitHubUrl);
+  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
+  if (!parsingResult) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  }
+  const { organization, repoName } = parsingResult;
+  if (!organization || !repoName) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  }
+  return { owner: organization, repo: repoName };
+}
+function isGithubOnPrem(url) {
+  if (!url) {
+    return false;
+  }
+  return !url.includes(scmCloudUrl.GitHub);
+}
+function getFetch(url) {
+  if (url && BROKERED_HOSTS.includes(new URL(url).origin)) {
+    const dispatcher = new ProxyAgent({
+      uri: process.env["GIT_PROXY_HOST"] || "http://tinyproxy:8888",
+      requestTls: {
+        rejectUnauthorized: false
+      }
+    });
+    return (input, init) => {
+      return fetch2(input, {
+        ...init,
+        dispatcher
+      });
+    };
+  }
+  return fetch2;
+}
+function getOktoKit(options) {
+  const token = !options?.auth && !isGithubOnPrem(options?.url) ? GITHUB_API_TOKEN : options?.auth;
+  const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
+  return new Octokit({
+    ...options,
+    auth: token,
+    baseUrl,
+    request: {
+      fetch: getFetch(baseUrl)
+    }
+  });
+}
+function isGithubActionActionToken(token) {
+  return token.startsWith("ghs_");
+}
+async function githubValidateParams(url, accessToken) {
+  try {
+    const oktoKit = getOktoKit({ auth: accessToken, url });
+    if (accessToken && !isGithubActionActionToken(accessToken)) {
+      await oktoKit.rest.users.getAuthenticated();
+    }
+    if (url && shouldValidateUrl(url)) {
+      const { owner, repo } = parseGithubOwnerAndRepo(url);
+      await oktoKit.request(GET_REPO_BRANCHES, {
         owner,
         repo,
         per_page: 1
@@ -1506,426 +1359,594 @@ async function githubValidateParams(url, accessToken) {
     throw e;
   }
 }
-async function getGithubUsername(accessToken) {
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  const res = await oktoKit.rest.users.getAuthenticated();
-  return res.data.login;
-}
-async function getGithubIsUserCollaborator(username, accessToken, repoUrl) {
-  try {
-    const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-    const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-    const res = await oktoKit.rest.repos.checkCollaborator({
-      owner,
-      repo,
-      username
-    });
-    if (res.status === 204) {
-      return true;
-    }
-  } catch (e) {
-    return false;
-  }
-  return false;
-}
-async function getGithubPullRequestStatus(accessToken, repoUrl, prNumber) {
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  const res = await oktoKit.rest.pulls.get({
-    owner,
-    repo,
-    pull_number: prNumber
-  });
-  if (res.data.merged) {
-    return "merged";
-  }
-  if (res.data.draft) {
-    return "draft";
-  }
-  return res.data.state;
-}
-async function getGithubIsRemoteBranch(accessToken, repoUrl, branch) {
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  try {
-    const res = await oktoKit.rest.repos.getBranch({
-      owner,
-      repo,
-      branch
-    });
-    return branch === res.data.name;
-  } catch (e) {
-    return false;
-  }
-}
-async function getGithubRepoList(accessToken) {
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  try {
-    const githubRepos = await getRepos(oktoKit);
-    return githubRepos.map(
-      (repo) => {
-        const repoLanguages = [];
-        if (repo.language) {
-          repoLanguages.push(repo.language);
+// src/features/analysis/scm/github/github.ts
+function getGithubSdk(parmas = {}) {
+  const octokit = getOktoKit(parmas);
+  return {
+    async postPrComment(params) {
+      return octokit.request(POST_COMMENT_PATH, params);
+    },
+    async updatePrComment(params) {
+      return octokit.request(UPDATE_COMMENT_PATH, params);
+    },
+    async getPrComments(params) {
+      return octokit.request(GET_PR_COMMENTS_PATH, params);
+    },
+    async getPrComment(params) {
+      return octokit.request(GET_PR_COMMENT_PATH, params);
+    },
+    async deleteComment(params) {
+      return octokit.request(DELETE_COMMENT_PATH, params);
+    },
+    async replyToCodeReviewComment(params) {
+      return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH, params);
+    },
+    async getPrDiff(params) {
+      return octokit.request(GET_PR, {
+        ...params,
+        mediaType: { format: "diff" }
+      });
+    },
+    async getPr(params) {
+      return octokit.request(GET_PR, { ...params });
+    },
+    async createOrUpdateRepositorySecret(params) {
+      return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params);
+    },
+    async getRepositoryPublicKey(params) {
+      return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY, params);
+    },
+    async postGeneralPrComment(params) {
+      return octokit.request(POST_GENERAL_PR_COMMENT, params);
+    },
+    async getGeneralPrComments(params) {
+      return octokit.request(GET_GENERAL_PR_COMMENTS, params);
+    },
+    async deleteGeneralPrComment(params) {
+      return octokit.request(DELETE_GENERAL_PR_COMMENT, params);
+    },
+    async getGithubUsername() {
+      const res = await octokit.rest.users.getAuthenticated();
+      return res.data.login;
+    },
+    async getGithubIsUserCollaborator(params) {
+      const { username, repoUrl } = params;
+      try {
+        const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+        const res = await octokit.rest.repos.checkCollaborator({
+          owner,
+          repo,
+          username
+        });
+        if (res.status === 204) {
+          return true;
         }
-        return {
+      } catch (e) {
+        return false;
+      }
+      return false;
+    },
+    async getGithubPullRequestStatus(params) {
+      const { repoUrl, prNumber } = params;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      const res = await octokit.rest.pulls.get({
+        owner,
+        repo,
+        pull_number: prNumber
+      });
+      if (res.data.merged) {
+        return "merged";
+      }
+      if (res.data.draft) {
+        return "draft";
+      }
+      return res.data.state;
+    },
+    async getGithubIsRemoteBranch(params) {
+      const { repoUrl, branch } = params;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      try {
+        const res = await octokit.rest.repos.getBranch({
+          owner,
+          repo,
+          branch
+        });
+        return branch === res.data.name;
+      } catch (e) {
+        return false;
+      }
+    },
+    async getGithubRepoList() {
+      try {
+        const githubRepos = await octokit.request(GET_USER_REPOS, {
+          sort: "updated"
+        });
+        return githubRepos.data.map((repo) => ({
           repoName: repo.name,
           repoUrl: repo.html_url,
           repoOwner: repo.owner.login,
-          repoLanguages,
+          repoLanguages: repo.language ? [repo.language] : [],
           repoIsPublic: !repo.private,
           repoUpdatedAt: repo.updated_at
-        };
+        }));
+      } catch (e) {
+        if (e instanceof RequestError && e.status === 401) {
+          return [];
+        }
+        if (e instanceof RequestError && e.status === 404) {
+          return [];
+        }
+        throw e;
       }
-    );
-  } catch (e) {
-    if (e instanceof RequestError && e.status === 401) {
-      return [];
-    }
-    if (e instanceof RequestError && e.status === 404) {
-      return [];
-    }
-    throw e;
-  }
-}
-async function getGithubBranchList(accessToken, repoUrl) {
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
-  const res = await oktoKit.rest.repos.listBranches({
-    owner,
-    repo,
-    per_page: 1e3,
-    page: 1
-  });
-  return res.data.map((branch) => branch.name);
-}
-async function createPullRequest(options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: options.accessToken });
-  const res = await oktoKit.rest.pulls.create({
-    owner,
-    repo,
-    title: options.title,
-    body: options.body,
-    head: options.sourceBranchName,
-    base: options.targetBranchName,
-    draft: false,
-    maintainer_can_modify: true
-  });
-  return res.data.number;
-}
-async function forkRepo(options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-  const oktoKit = getOktoKit({ githubAuthToken: options.accessToken });
-  const res = await oktoKit.rest.repos.createFork({
-    owner,
-    repo,
-    default_branch_only: false
-  });
-  return { url: res.data.html_url ? String(res.data.html_url) : null };
-}
-async function getRepos(oktoKit) {
-  const res = await oktoKit.request("GET /user/repos?sort=updated", {
-    headers: {
-      "X-GitHub-Api-Version": "2022-11-28",
-      per_page: 100
-    }
-  });
-  return res.data;
-}
-async function getGithubRepoDefaultBranch(repoUrl, options) {
-  const oktoKit = getOktoKit(options);
-  const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-  return (await oktoKit.rest.repos.get({ repo, owner })).data.default_branch;
-}
-async function getGithubReferenceData({ ref, gitHubUrl }, options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
-  let res;
-  try {
-    const oktoKit = getOktoKit(options);
-    res = await Promise.any([
-      getBranch({ owner, repo, branch: ref }, oktoKit).then((result) => ({
-        date: result.data.commit.commit.committer?.date ? new Date(result.data.commit.commit.committer?.date) : void 0,
-        type: "BRANCH" /* BRANCH */,
-        sha: result.data.commit.sha
-      })),
-      getCommit({ commitSha: ref, repo, owner }, oktoKit).then((commit) => ({
-        date: new Date(commit.data.committer.date),
-        type: "COMMIT" /* COMMIT */,
-        sha: commit.data.sha
-      })),
-      getTagDate({ owner, repo, tag: ref }, oktoKit).then((data) => ({
-        date: new Date(data.date),
-        type: "TAG" /* TAG */,
-        sha: data.sha
-      }))
-    ]);
-    return res;
-  } catch (e) {
-    if (e instanceof AggregateError) {
-      throw new RefNotFoundError(`ref: ${ref} does not exist`);
-    }
-    throw e;
-  }
-}
-async function getBranch({ branch, owner, repo }, oktoKit) {
-  return oktoKit.rest.repos.getBranch({
-    branch,
-    owner,
-    repo
-  });
-}
-async function getTagDate({ tag, owner, repo }, oktoKit) {
-  const refResponse = await oktoKit.rest.git.getRef({
-    ref: `tags/${tag}`,
-    owner,
-    repo
-  });
-  const tagSha = refResponse.data.object.sha;
-  if (refResponse.data.object.type === "commit") {
-    const res2 = await oktoKit.rest.git.getCommit({
-      commit_sha: tagSha,
+    },
+    async getGithubRepoDefaultBranch(repoUrl) {
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      const repos = await octokit.rest.repos.get({ repo, owner });
+      return repos.data.default_branch;
+    },
+    async getGithubReferenceData({
+      ref,
+      gitHubUrl
+    }) {
+      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
+      let res;
+      try {
+        res = await Promise.any([
+          this.getBranch({ owner, repo, branch: ref }).then((result) => ({
+            date: result.data.commit.commit.committer?.date ? new Date(result.data.commit.commit.committer?.date) : void 0,
+            type: "BRANCH" /* BRANCH */,
+            sha: result.data.commit.sha
+          })),
+          this.getCommit({ commitSha: ref, repo, owner }).then((commit) => ({
+            date: new Date(commit.data.committer.date),
+            type: "COMMIT" /* COMMIT */,
+            sha: commit.data.sha
+          })),
+          this.getTagDate({ owner, repo, tag: ref }).then((data) => ({
+            date: new Date(data.date),
+            type: "TAG" /* TAG */,
+            sha: data.sha
+          }))
+        ]);
+        return res;
+      } catch (e) {
+        if (e instanceof AggregateError) {
+          throw new RefNotFoundError(`ref: ${ref} does not exist`);
+        }
+        throw e;
+      }
+    },
+    async getBranch({
+      branch,
       owner,
       repo
-    });
-    return {
-      date: res2.data.committer.date,
-      sha: res2.data.sha
-    };
-  }
-  const res = await oktoKit.rest.git.getTag({
-    tag_sha: tagSha,
-    owner,
-    repo
-  });
-  return {
-    date: res.data.tagger.date,
-    sha: res.data.sha
-  };
-}
-async function getCommit({
-  commitSha,
-  owner,
-  repo
-}, oktoKit) {
-  return oktoKit.rest.git.getCommit({
-    repo,
-    owner,
-    commit_sha: commitSha
-  });
-}
-function parseGithubOwnerAndRepo(gitHubUrl) {
-  gitHubUrl = normalizeUrl(gitHubUrl);
-  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
-  if (!parsingResult || parsingResult.hostname !== "github.com") {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
-  }
-  const { organization, repoName } = parsingResult;
-  if (!organization || !repoName) {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
-  }
-  return { owner: organization, repo: repoName };
-}
-async function queryGithubGraphql(query, variables, options) {
-  const token = options?.githubAuthToken ?? GITHUB_API_TOKEN ?? "";
-  const parameters = variables ?? {};
-  const authorizationHeader = {
-    headers: {
-      authorization: `bearer ${token}`
+    }) {
+      return octokit.rest.repos.getBranch({
+        branch,
+        owner,
+        repo
+      });
+    },
+    async getCommit({
+      commitSha,
+      owner,
+      repo
+    }) {
+      return octokit.rest.git.getCommit({
+        repo,
+        owner,
+        commit_sha: commitSha
+      });
+    },
+    async getTagDate({
+      tag,
+      owner,
+      repo
+    }) {
+      const refResponse = await octokit.rest.git.getRef({
+        ref: `tags/${tag}`,
+        owner,
+        repo
+      });
+      const tagSha = refResponse.data.object.sha;
+      if (refResponse.data.object.type === "commit") {
+        const res2 = await octokit.rest.git.getCommit({
+          commit_sha: tagSha,
+          owner,
+          repo
+        });
+        return {
+          date: res2.data.committer.date,
+          sha: res2.data.sha
+        };
+      }
+      const res = await octokit.rest.git.getTag({
+        tag_sha: tagSha,
+        owner,
+        repo
+      });
+      return {
+        date: res.data.tagger.date,
+        sha: res.data.sha
+      };
+    },
+    async getGithubBlameRanges(params) {
+      const { ref, gitHubUrl, path: path9 } = params;
+      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
+      const res = await octokit.graphql(
+        GET_BLAME_DOCUMENT,
+        {
+          owner,
+          repo,
+          path: path9,
+          ref
+        }
+      );
+      if (!res?.repository?.object?.blame?.ranges) {
+        return [];
+      }
+      return res.repository.object.blame.ranges.map((range) => ({
+        startingLine: range.startingLine,
+        endingLine: range.endingLine,
+        email: range.commit.author.user?.email || "",
+        name: range.commit.author.user?.name || "",
+        login: range.commit.author.user?.login || ""
+      }));
+    },
+    // todo: refactor the name for this function
+    async createPr(params) {
+      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params;
+      const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
+      const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
+      const [sourceFilePath, secondFilePath] = filesPaths;
+      const sourceFileContentResponse = await octokit.rest.repos.getContent({
+        owner: sourceOwner,
+        repo: sourceRepo,
+        path: "/" + sourceFilePath
+      });
+      const { data: repository } = await octokit.rest.repos.get({ owner, repo });
+      const defaultBranch = repository.default_branch;
+      const newBranchName = `mobb/workflow-${Date.now()}`;
+      await octokit.rest.git.createRef({
+        owner,
+        repo,
+        ref: `refs/heads/${newBranchName}`,
+        sha: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+      });
+      const decodedContent = Buffer.from(
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        sourceFileContentResponse.data.content,
+        "base64"
+      ).toString("utf-8");
+      const tree = [
+        {
+          path: sourceFilePath,
+          mode: "100644",
+          type: "blob",
+          content: decodedContent
+        }
+      ];
+      if (secondFilePath) {
+        const secondFileContentResponse = await octokit.rest.repos.getContent({
+          owner: sourceOwner,
+          repo: sourceRepo,
+          path: "/" + secondFilePath
+        });
+        const secondDecodedContent = Buffer.from(
+          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+          // @ts-ignore
+          secondFileContentResponse.data.content,
+          "base64"
+        ).toString("utf-8");
+        tree.push({
+          path: secondFilePath,
+          mode: "100644",
+          type: "blob",
+          content: secondDecodedContent
+        });
+      }
+      const createTreeResponse = await octokit.rest.git.createTree({
+        owner,
+        repo,
+        base_tree: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        tree
+      });
+      const createCommitResponse = await octokit.rest.git.createCommit({
+        owner,
+        repo,
+        message: "Add new yaml file",
+        tree: createTreeResponse.data.sha,
+        parents: [
+          await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+        ]
+      });
+      await octokit.rest.git.updateRef({
+        owner,
+        repo,
+        ref: `heads/${newBranchName}`,
+        sha: createCommitResponse.data.sha
+      });
+      const createPRResponse = await octokit.rest.pulls.create({
+        owner,
+        repo,
+        title,
+        head: newBranchName,
+        head_repo: sourceRepo,
+        body,
+        base: defaultBranch
+      });
+      return {
+        pull_request_url: createPRResponse.data.html_url
+      };
+    },
+    async getGithubBranchList(repoUrl) {
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      return octokit.rest.repos.listBranches({
+        owner,
+        repo,
+        per_page: 1e3,
+        page: 1
+      });
+    },
+    async createPullRequest(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      return octokit.rest.pulls.create({
+        owner,
+        repo,
+        title: options.title,
+        body: options.body,
+        head: options.sourceBranchName,
+        base: options.targetBranchName,
+        draft: false,
+        maintainer_can_modify: true
+      });
+    },
+    async forkRepo(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      const createForkRes = await octokit.rest.repos.createFork({
+        owner,
+        repo,
+        default_branch_only: false
+      });
+      return { url: createForkRes.data.html_url };
+    },
+    async getUserInfo() {
+      return octokit.request(GET_USER);
     }
   };
-  try {
-    const oktoKit = getOktoKit(options);
-    const res = await oktoKit.graphql(query, {
-      ...parameters,
-      ...authorizationHeader
-    });
-    return res;
-  } catch (e) {
-    if (e instanceof RequestError) {
-      return null;
+}
+// src/features/analysis/scm/gitlab/gitlab.ts
+import querystring2 from "node:querystring";
+import {
+  Gitlab
+} from "@gitbeaker/rest";
+import { ProxyAgent as ProxyAgent2 } from "undici";
+// src/features/analysis/scm/env.ts
+import { z as z3 } from "zod";
+var EnvVariablesZod = z3.object({
+  GITLAB_API_TOKEN: z3.string().optional(),
+  BROKERED_HOSTS: z3.string().toLowerCase().transform(
+    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
+  ).default(""),
+  GITHUB_API_TOKEN: z3.string().optional()
+});
+var { GITLAB_API_TOKEN, BROKERED_HOSTS, GITHUB_API_TOKEN } = EnvVariablesZod.parse(process.env);
+// src/features/analysis/scm/utils/get_issue_type.ts
+var getIssueType = (issueType) => {
+  switch (issueType) {
+    case "SQL_Injection" /* SqlInjection */:
+      return "SQL Injection";
+    case "CMDi_relative_path_command" /* CmDiRelativePathCommand */:
+      return "Relative Path Command Injection";
+    case "CMDi" /* CmDi */:
+      return "Command Injection";
+    case "XXE" /* Xxe */:
+      return "XXE";
+    case "XSS" /* Xss */:
+      return "XSS";
+    case "PT" /* Pt */:
+      return "Path Traversal";
+    case "ZIP_SLIP" /* ZipSlip */:
+      return "Zip Slip";
+    case "INSECURE_RANDOMNESS" /* InsecureRandomness */:
+      return "Insecure Randomness";
+    case "SSRF" /* Ssrf */:
+      return "Server Side Request Forgery";
+    case "TYPE_CONFUSION" /* TypeConfusion */:
+      return "Type Confusion";
+    case "REGEX_INJECTION" /* RegexInjection */:
+      return "Regular Expression Injection";
+    case "INCOMPLETE_URL_SANITIZATION" /* IncompleteUrlSanitization */:
+      return "Incomplete URL Sanitization";
+    case "LOCALE_DEPENDENT_COMPARISON" /* LocaleDependentComparison */:
+      return "Locale Dependent Comparison";
+    case "LOG_FORGING" /* LogForging */:
+      return "Log Forging";
+    case "MISSING_CHECK_AGAINST_NULL" /* MissingCheckAgainstNull */:
+      return "Missing Check against Null";
+    case "PASSWORD_IN_COMMENT" /* PasswordInComment */:
+      return "Password in Comment";
+    case "OVERLY_BROAD_CATCH" /* OverlyBroadCatch */:
+      return "Poor Error Handling: Overly Broad Catch";
+    case "USE_OF_SYSTEM_OUTPUT_STREAM" /* UseOfSystemOutputStream */:
+      return "Use of System.out/System.err";
+    case "DANGEROUS_FUNCTION_OVERFLOW" /* DangerousFunctionOverflow */:
+      return "Use of dangerous function";
+    case "DOS_STRING_BUILDER" /* DosStringBuilder */:
+      return "Denial of Service: StringBuilder";
+    case "OPEN_REDIRECT" /* OpenRedirect */:
+      return "Open Redirect";
+    case "WEAK_XML_SCHEMA_UNBOUNDED_OCCURRENCES" /* WeakXmlSchemaUnboundedOccurrences */:
+      return "Weak XML Schema: Unbounded Occurrences";
+    case "SYSTEM_INFORMATION_LEAK" /* SystemInformationLeak */:
+      return "System Information Leak";
+    case "SYSTEM_INFORMATION_LEAK_EXTERNAL" /* SystemInformationLeakExternal */:
+      return "External System Information Leak";
+    case "HTTP_RESPONSE_SPLITTING" /* HttpResponseSplitting */:
+      return "HTTP response splitting";
+    case "HTTP_ONLY_COOKIE" /* HttpOnlyCookie */:
+      return "Cookie is not HttpOnly";
+    case "INSECURE_COOKIE" /* InsecureCookie */:
+      return "Insecure Cookie";
+    case "TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */:
+      return "Trust Boundary Violation";
+    case "NULL_DEREFERENCE" /* NullDereference */:
+      return "Null Dereference";
+    case "UNSAFE_DESERIALIZATION" /* UnsafeDeserialization */:
+      return "Unsafe deserialization";
+    case "INSECURE_BINDER_CONFIGURATION" /* InsecureBinderConfiguration */:
+      return "Insecure Binder Configuration";
+    case "UNSAFE_TARGET_BLANK" /* UnsafeTargetBlank */:
+      return "Unsafe use of target blank";
+    case "IFRAME_WITHOUT_SANDBOX" /* IframeWithoutSandbox */:
+      return "Client use of iframe without sandbox";
+    case "JQUERY_DEPRECATED_SYMBOLS" /* JqueryDeprecatedSymbols */:
+      return "jQuery deprecated symbols";
+    case "MISSING_ANTIFORGERY_VALIDATION" /* MissingAntiforgeryValidation */:
+      return "Missing Anti-Forgery Validation";
+    case "GRAPHQL_DEPTH_LIMIT" /* GraphqlDepthLimit */:
+      return "GraphQL Depth Limit";
+    case "UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */:
+      return "Unchecked Loop Condition";
+    case "IMPROPER_RESOURCE_SHUTDOWN_OR_RELEASE" /* ImproperResourceShutdownOrRelease */:
+      return "Improper Resource Shutdown or Release";
+    case "IMPROPER_EXCEPTION_HANDLING" /* ImproperExceptionHandling */:
+      return "Improper Exception Handling";
+    case "DEFAULT_RIGHTS_IN_OBJ_DEFINITION" /* DefaultRightsInObjDefinition */:
+      return "Default Definer Rights in Package or Object Definition";
+    case "HTML_COMMENT_IN_JSP" /* HtmlCommentInJsp */:
+      return "HTML Comment in JSP";
+    case "ERROR_CONDTION_WITHOUT_ACTION" /* ErrorCondtionWithoutAction */:
+      return "Error Condition Without Action";
+    case "DEPRECATED_FUNCTION" /* DeprecatedFunction */:
+      return "Deprecated Function";
+    case "HARDCODED_SECRETS" /* HardcodedSecrets */:
+      return "Hardcoded Secrets";
+    case "PROTOTYPE_POLLUTION" /* PrototypePollution */:
+      return "Prototype Pollution";
+    case "RACE_CONDITION_FORMAT_FLAW" /* RaceConditionFormatFlaw */:
+      return "Race Condition Format Flaw";
+    case "NON_FINAL_PUBLIC_STATIC_FIELD" /* NonFinalPublicStaticField */:
+      return "Non-final Public Static Field";
+    case "MISSING_HSTS_HEADER" /* MissingHstsHeader */:
+      return "Missing HSTS Header";
+    case "DEAD_CODE_UNUSED_FIELD" /* DeadCodeUnusedField */:
+      return "Dead Code: Unused Field";
+    case "HEADER_MANIPULATION" /* HeaderManipulation */:
+      return "Header Manipulation";
+    case "MISSING_EQUALS_OR_HASHCODE" /* MissingEqualsOrHashcode */:
+      return "Missing equals or hashcode method";
+    case "WCF_MISCONFIGURATION_INSUFFICIENT_LOGGING" /* WcfMisconfigurationInsufficientLogging */:
+      return "WCF Misconfiguration: Insufficient Logging";
+    case "WCF_MISCONFIGURATION_THROTTLING_NOT_ENABLED" /* WcfMisconfigurationThrottlingNotEnabled */:
+      return "WCF Misconfiguration: Throttling Not Enabled";
+    case "USELESS_REGEXP_CHAR_ESCAPE" /* UselessRegexpCharEscape */:
+      return "Useless regular-expression character escape";
+    case "INCOMPLETE_HOSTNAME_REGEX" /* IncompleteHostnameRegex */:
+      return "Incomplete Hostname Regex";
+    case "OVERLY_LARGE_RANGE" /* OverlyLargeRange */:
+      return "Regex: Overly Large Range";
+    case "INSUFFICIENT_LOGGING" /* InsufficientLogging */:
+      return "Insufficient Logging of Sensitive Operations";
+    case "PRIVACY_VIOLATION" /* PrivacyViolation */:
+      return "Privacy Violation";
+    case "INCOMPLETE_URL_SCHEME_CHECK" /* IncompleteUrlSchemeCheck */:
+      return "Incomplete URL Scheme Check";
+    case "VALUE_NEVER_READ" /* ValueNeverRead */:
+      return "Value Never Read";
+    case "VALUE_SHADOWING" /* ValueShadowing */:
+      return "Value Shadowing";
+    default: {
+      return issueType ? issueType.replaceAll("_", " ") : "Other";
     }
-    throw e;
-  }
-}
-async function getGithubBlameRanges({ ref, gitHubUrl, path: path9 }, options) {
-  const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
-  const variables = {
-    owner,
-    repo,
-    path: path9,
-    ref
-  };
-  const res = await queryGithubGraphql(
-    GetBlameDocument,
-    variables,
-    options
-  );
-  if (!res?.repository?.object?.blame?.ranges) {
-    return [];
-  }
-  return res.repository.object.blame.ranges.map((range) => ({
-    startingLine: range.startingLine,
-    endingLine: range.endingLine,
-    email: range.commit.author.user?.email || "",
-    name: range.commit.author.user?.name || "",
-    login: range.commit.author.user?.login || ""
-  }));
-}
-async function createPr({
-  sourceRepoUrl,
-  filesPaths,
-  userRepoUrl,
-  title,
-  body
-}, options) {
-  const oktoKit = getOktoKit(options);
-  const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
-  const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
-  const [sourceFilePath, secondFilePath] = filesPaths;
-  const sourceFileContentResponse = await oktoKit.rest.repos.getContent({
-    owner: sourceOwner,
-    repo: sourceRepo,
-    path: "/" + sourceFilePath
-  });
-  const { data: repository } = await oktoKit.rest.repos.get({ owner, repo });
-  const defaultBranch = repository.default_branch;
-  const newBranchName = `mobb/workflow-${Date.now()}`;
-  await oktoKit.rest.git.createRef({
-    owner,
-    repo,
-    ref: `refs/heads/${newBranchName}`,
-    sha: await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-  });
-  const decodedContent = Buffer.from(
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    sourceFileContentResponse.data.content,
-    "base64"
-  ).toString("utf-8");
-  const tree = [
-    {
-      path: sourceFilePath,
-      mode: "100644",
-      type: "blob",
-      content: decodedContent
-    }
-  ];
-  if (secondFilePath) {
-    const secondFileContentResponse = await oktoKit.rest.repos.getContent({
-      owner: sourceOwner,
-      repo: sourceRepo,
-      path: "/" + secondFilePath
-    });
-    const secondDecodedContent = Buffer.from(
-      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-      // @ts-ignore
-      secondFileContentResponse.data.content,
-      "base64"
-    ).toString("utf-8");
-    tree.push({
-      path: secondFilePath,
-      mode: "100644",
-      type: "blob",
-      content: secondDecodedContent
-    });
   }
-  const createTreeResponse = await oktoKit.rest.git.createTree({
-    owner,
-    repo,
-    base_tree: await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
-    // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-    // @ts-ignore
-    tree
-  });
-  const createCommitResponse = await oktoKit.rest.git.createCommit({
-    owner,
-    repo,
-    message: "Add new yaml file",
-    tree: createTreeResponse.data.sha,
-    parents: [
-      await oktoKit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-    ]
-  });
-  await oktoKit.rest.git.updateRef({
-    owner,
-    repo,
-    ref: `heads/${newBranchName}`,
-    sha: createCommitResponse.data.sha
-  });
-  const createPRResponse = await oktoKit.rest.pulls.create({
-    owner,
-    repo,
-    title,
-    head: newBranchName,
-    head_repo: sourceRepo,
-    body,
-    base: defaultBranch
-  });
-  return {
-    pull_request_url: createPRResponse.data.html_url
-  };
-}
-// src/features/analysis/scm/github/consts.ts
-var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
-var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
-var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
-var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
+};
-// src/features/analysis/scm/github/github-v2.ts
-function postPrComment(client, params) {
-  return client.request(POST_COMMENT_PATH, params);
-}
-function updatePrComment(client, params) {
-  return client.request(UPDATE_COMMENT_PATH, params);
-}
-function getPrComments(client, params) {
-  return client.request(GET_PR_COMMENTS_PATH, params);
-}
-function getPrComment(client, params) {
-  return client.request(GET_PR_COMMENT_PATH, params);
-}
-function deleteComment(client, params) {
-  return client.request(DELETE_COMMENT_PATH, params);
-}
-function getPrDiff(client, params) {
-  return client.request(GET_PR, { ...params, mediaType: { format: "diff" } });
-}
-function getPr(client, params) {
-  return client.request(GET_PR, { ...params });
-}
-function createOrUpdateRepositorySecret(client, params) {
-  return client.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params);
+// src/features/analysis/scm/utils/index.ts
+function getFixUrlWithRedirect(params) {
+  const {
+    fixId,
+    projectId,
+    organizationId,
+    analysisId,
+    redirectUrl,
+    appBaseUrl,
+    commentId
+  } = params;
+  const searchParams = new URLSearchParams();
+  searchParams.append("commit_redirect_url", redirectUrl);
+  searchParams.append("comment_id", commentId.toString());
+  return `${getFixUrl({
+    appBaseUrl,
+    fixId,
+    projectId,
+    organizationId,
+    analysisId
+  })}?${searchParams.toString()}`;
 }
-function getARepositoryPublicKey(client, params) {
-  return client.request(GET_A_REPOSITORY_PUBLIC_KEY, params);
+function getFixUrl({
+  appBaseUrl,
+  fixId,
+  projectId,
+  organizationId,
+  analysisId
+}) {
+  return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
 }
-function postGeneralPrComment(client, params) {
-  return client.request(POST_GENERAL_PR_COMMENT, params);
+function getCommitUrl(params) {
+  const {
+    fixId,
+    projectId,
+    organizationId,
+    analysisId,
+    redirectUrl,
+    appBaseUrl,
+    commentId
+  } = params;
+  const searchParams = new URLSearchParams();
+  searchParams.append("redirect_url", redirectUrl);
+  searchParams.append("comment_id", commentId.toString());
+  return `${getFixUrl({
+    appBaseUrl,
+    fixId,
+    projectId,
+    organizationId,
+    analysisId
+  })}/commit?${searchParams.toString()}`;
 }
-function getGeneralPrComments(client, params) {
-  return client.request(GET_GENERAL_PR_COMMENTS, params);
+var userNamePattern = /^(https?:\/\/)([^@]+@)?([^/]+\/.+)$/;
+var sshPattern = /^git@([\w.-]+):([\w./-]+)$/;
+function normalizeUrl(repoUrl) {
+  let trimmedUrl = repoUrl.trim().replace(/\/+$/, "");
+  if (repoUrl.endsWith(".git")) {
+    trimmedUrl = trimmedUrl.slice(0, -".git".length);
+  }
+  const usernameMatch = trimmedUrl.match(userNamePattern);
+  if (usernameMatch) {
+    const [_all, protocol, _username, repoPath] = usernameMatch;
+    trimmedUrl = `${protocol}${repoPath}`;
+  }
+  const sshMatch = trimmedUrl.match(sshPattern);
+  if (sshMatch) {
+    const [_all, hostname, reporPath] = sshMatch;
+    trimmedUrl = `https://${hostname}/${reporPath}`;
+  }
+  return trimmedUrl;
 }
-function deleteGeneralPrComment(client, params) {
-  return client.request(DELETE_GENERAL_PR_COMMENT, params);
+var isUrlHasPath = (url) => {
+  return new URL(url).origin !== url;
+};
+function shouldValidateUrl(repoUrl) {
+  return repoUrl && isUrlHasPath(repoUrl);
 }
-// src/features/analysis/scm/gitlab/gitlab.ts
-import querystring2 from "node:querystring";
-import {
-  Gitlab
-} from "@gitbeaker/rest";
-import { ProxyAgent } from "undici";
-import { z as z5 } from "zod";
 // src/features/analysis/scm/gitlab/types.ts
 import { z as z4 } from "zod";
 var GitlabAuthResultZ = z4.object({
@@ -1935,13 +1956,6 @@ var GitlabAuthResultZ = z4.object({
 });
 // src/features/analysis/scm/gitlab/gitlab.ts
-var EnvVariablesZod2 = z5.object({
-  GITLAB_API_TOKEN: z5.string().optional(),
-  BROKERED_HOSTS: z5.string().toLowerCase().transform(
-    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
-  ).default("")
-});
-var { GITLAB_API_TOKEN, BROKERED_HOSTS } = EnvVariablesZod2.parse(process.env);
 function removeTrailingSlash2(str) {
   return str.trim().replace(/\/+$/, "");
 }
@@ -1963,7 +1977,7 @@ async function gitlabValidateParams({
     if (accessToken) {
       await api2.Users.showCurrentUser();
     }
-    if (url) {
+    if (url && shouldValidateUrl(url)) {
       const { projectPath } = parseGitlabOwnerAndRepo(url);
       await api2.Projects.show(projectPath);
     }
@@ -2216,7 +2230,7 @@ function initGitlabFetchMock() {
     if (urlParsed && BROKERED_HOSTS.includes(
       `${urlParsed.protocol?.toLowerCase()}//${urlParsed.host?.toLowerCase()}`
     )) {
-      const dispatcher = new ProxyAgent({
+      const dispatcher = new ProxyAgent2({
         uri: process.env["GIT_PROXY_HOST"] || "http://tinyproxy:8888",
         requestTls: {
           rejectUnauthorized: false
@@ -2236,88 +2250,88 @@ import parseDiff from "parse-diff";
 import path3 from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
-import { z as z7 } from "zod";
+import { z as z6 } from "zod";
 // src/features/analysis/scm/scmSubmit/types.ts
-import { z as z6 } from "zod";
-var BaseSubmitToScmMessageZ = z6.object({
-  submitFixRequestId: z6.string().uuid(),
-  fixes: z6.array(
-    z6.object({
-      fixId: z6.string().uuid(),
-      patches: z6.array(z6.string())
+import { z as z5 } from "zod";
+var BaseSubmitToScmMessageZ = z5.object({
+  submitFixRequestId: z5.string().uuid(),
+  fixes: z5.array(
+    z5.object({
+      fixId: z5.string().uuid(),
+      patches: z5.array(z5.string())
     })
   ),
-  commitHash: z6.string(),
-  repoUrl: z6.string()
+  commitHash: z5.string(),
+  repoUrl: z5.string()
 });
 var submitToScmMessageType = {
   commitToSameBranch: "commitToSameBranch",
   submitFixesForDifferentBranch: "submitFixesForDifferentBranch"
 };
 var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
-  z6.object({
-    type: z6.literal(submitToScmMessageType.commitToSameBranch),
-    branch: z6.string(),
-    commitMessage: z6.string(),
-    commitDescription: z6.string().nullish(),
-    githubCommentId: z6.number().nullish()
+  z5.object({
+    type: z5.literal(submitToScmMessageType.commitToSameBranch),
+    branch: z5.string(),
+    commitMessage: z5.string(),
+    commitDescription: z5.string().nullish(),
+    githubCommentId: z5.number().nullish()
   })
 );
-var SubmitFixesToDifferentBranchParamsZ = z6.object({
-  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  submitBranch: z6.string(),
-  baseBranch: z6.string()
+var SubmitFixesToDifferentBranchParamsZ = z5.object({
+  type: z5.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  submitBranch: z5.string(),
+  baseBranch: z5.string()
 }).merge(BaseSubmitToScmMessageZ);
-var SubmitFixesMessageZ = z6.union([
+var SubmitFixesMessageZ = z5.union([
   CommitToSameBranchParamsZ,
   SubmitFixesToDifferentBranchParamsZ
 ]);
-var FixResponseArrayZ = z6.array(
-  z6.object({
-    fixId: z6.string().uuid()
+var FixResponseArrayZ = z5.array(
+  z5.object({
+    fixId: z5.string().uuid()
   })
 );
-var SubmitFixesBaseResponseMessageZ = z6.object({
-  submitFixRequestId: z6.string().uuid(),
-  submitBranches: z6.array(
-    z6.object({
-      branchName: z6.string(),
+var SubmitFixesBaseResponseMessageZ = z5.object({
+  submitFixRequestId: z5.string().uuid(),
+  submitBranches: z5.array(
+    z5.object({
+      branchName: z5.string(),
       fixes: FixResponseArrayZ
     })
   ),
-  error: z6.object({
-    type: z6.enum([
+  error: z5.object({
+    type: z5.enum([
       "InitialRepoAccessError",
       "PushBranchError",
       "UnknownError"
     ]),
-    info: z6.object({
-      message: z6.string(),
-      pushBranchName: z6.string().optional()
+    info: z5.object({
+      message: z5.string(),
+      pushBranchName: z5.string().optional()
     })
   }).optional()
 });
-var SubmitFixesToSameBranchResponseMessageZ = z6.object({
-  type: z6.literal(submitToScmMessageType.commitToSameBranch),
-  githubCommentId: z6.number().nullish()
+var SubmitFixesToSameBranchResponseMessageZ = z5.object({
+  type: z5.literal(submitToScmMessageType.commitToSameBranch),
+  githubCommentId: z5.number().nullish()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesToDifferentBranchResponseMessageZ = z6.object({
-  type: z6.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  githubCommentId: z6.number().optional()
+var SubmitFixesToDifferentBranchResponseMessageZ = z5.object({
+  type: z5.literal(submitToScmMessageType.submitFixesForDifferentBranch),
+  githubCommentId: z5.number().optional()
 }).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesResponseMessageZ = z6.discriminatedUnion("type", [
+var SubmitFixesResponseMessageZ = z5.discriminatedUnion("type", [
   SubmitFixesToSameBranchResponseMessageZ,
   SubmitFixesToDifferentBranchResponseMessageZ
 ]);
 // src/features/analysis/scm/scmSubmit/index.ts
-var EnvVariablesZod3 = z7.object({
-  BROKERED_HOSTS: z7.string().toLowerCase().transform(
+var EnvVariablesZod2 = z6.object({
+  BROKERED_HOSTS: z6.string().toLowerCase().transform(
     (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
   ).default("")
 });
-var { BROKERED_HOSTS: BROKERED_HOSTS2 } = EnvVariablesZod3.parse(process.env);
+var { BROKERED_HOSTS: BROKERED_HOSTS2 } = EnvVariablesZod2.parse(process.env);
 var isValidBranchName = async (branchName) => {
   const git = simpleGit();
   try {
@@ -2330,18 +2344,18 @@ var isValidBranchName = async (branchName) => {
     return false;
   }
 };
-var FixesZ = z7.array(
-  z7.object({
-    fixId: z7.string(),
-    patches: z7.array(z7.string())
+var FixesZ = z6.array(
+  z6.object({
+    fixId: z6.string(),
+    patches: z6.array(z6.string())
   })
 ).nonempty();
 // src/features/analysis/scm/scm.ts
-var GetRefererenceResultZ = z8.object({
-  date: z8.date().optional(),
-  sha: z8.string(),
-  type: z8.nativeEnum(ReferenceType)
+var GetRefererenceResultZ = z7.object({
+  date: z7.date().optional(),
+  sha: z7.string(),
+  type: z7.nativeEnum(ReferenceType)
 });
 function getCloudScmLibTypeFromUrl(url) {
   if (!url) {
@@ -2382,11 +2396,11 @@ var scmTypeToScmLibScmType = {
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
 function getScmTypeFromScmLibType(scmLibType) {
-  const parsedScmLibType = z8.nativeEnum(ScmLibScmType).parse(scmLibType);
+  const parsedScmLibType = z7.nativeEnum(ScmLibScmType).parse(scmLibType);
   return scmLibScmTypeToScmType[parsedScmLibType];
 }
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z8.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z7.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -2581,10 +2595,7 @@ var SCMLib = class {
     scmType,
     scmOrg
   }) {
-    let trimmedUrl = void 0;
-    if (url) {
-      trimmedUrl = url.trim().replace(/\/$/, "").replace(/.git$/i, "");
-    }
+    const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
     try {
       switch (scmType) {
         case "GITHUB" /* GITHUB */: {
@@ -2612,7 +2623,7 @@ var SCMLib = class {
       if (e instanceof InvalidRepoUrlError && url) {
         throw new RepoNoTokenAccessError(
           "no access to repo",
-          scmLibScmTypeToScmType[z8.nativeEnum(ScmLibScmType).parse(scmType)]
+          scmLibScmTypeToScmType[z7.nativeEnum(ScmLibScmType).parse(scmType)]
         );
       }
     }
@@ -2907,46 +2918,37 @@ var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
   constructor(url, accessToken, scmOrg) {
     super(url, accessToken, scmOrg);
-    __publicField(this, "oktokit");
-    this.oktokit = new Octokit2({ auth: accessToken });
+    __publicField(this, "githubSdk");
+    this.githubSdk = getGithubSdk({
+      auth: accessToken,
+      url
+    });
   }
   async createSubmitRequest(params) {
     this._validateAccessTokenAndUrl();
     const { targetBranchName, sourceBranchName, title, body } = params;
-    return String(
-      await createPullRequest({
-        title,
-        body,
-        targetBranchName,
-        sourceBranchName,
-        repoUrl: this.url,
-        accessToken: this.accessToken
-      })
-    );
+    const pullRequestResult = await this.githubSdk.createPullRequest({
+      title,
+      body,
+      targetBranchName,
+      sourceBranchName,
+      repoUrl: this.url
+    });
+    return String(pullRequestResult.data.number);
   }
   async forkRepo(repoUrl) {
     this._validateToken();
-    return forkRepo({
-      repoUrl,
-      accessToken: this.accessToken
+    return this.githubSdk.forkRepo({
+      repoUrl
     });
   }
-  async createOrUpdateRepositorySecret(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot delete comment without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async createOrUpdateRepositorySecret(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const { data: repositoryPublicKeyResponse } = await getARepositoryPublicKey(
-      oktokit,
-      {
-        owner,
-        repo
-      }
-    );
+    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
     const { key_id, key } = repositoryPublicKeyResponse;
     const encryptedValue = await encryptSecret(params.value, key);
-    return createOrUpdateRepositorySecret(oktokit, {
+    return this.githubSdk.createOrUpdateRepositorySecret({
       encrypted_value: encryptedValue,
       secret_name: params.name,
       key_id,
@@ -2955,66 +2957,49 @@ var GithubSCMLib = class extends SCMLib {
     });
   }
   async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
-    const { pull_request_url } = await createPr(
-      {
-        sourceRepoUrl,
-        filesPaths,
-        userRepoUrl,
-        title,
-        body
-      },
-      {
-        githubAuthToken: this.accessToken
-      }
-    );
+    const { pull_request_url } = await this.githubSdk.createPr({
+      sourceRepoUrl,
+      filesPaths,
+      userRepoUrl,
+      title,
+      body
+    });
     return { pull_request_url };
   }
   async validateParams() {
     return githubValidateParams(this.url, this.accessToken);
   }
-  async postPrComment(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot post on PR without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async postPrComment(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return postPrComment(oktokit, {
+    return this.githubSdk.postPrComment({
       ...params,
       owner,
       repo
     });
   }
-  async updatePrComment(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot update on PR without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async updatePrComment(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return updatePrComment(oktokit, {
+    return this.githubSdk.updatePrComment({
       ...params,
       owner,
       repo
     });
   }
-  async deleteComment(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot delete comment without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async deleteComment(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return deleteComment(oktokit, {
+    return this.githubSdk.deleteComment({
       ...params,
       owner,
       repo
     });
   }
-  async getPrComments(params, _oktokit) {
-    if (!_oktokit && !this.accessToken || !this.url) {
-      throw new Error("cannot get Pr Comments without access token or url");
-    }
-    const oktokit = _oktokit || this.oktokit;
+  async getPrComments(params) {
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return getPrComments(oktokit, {
+    return this.githubSdk.getPrComments({
       per_page: 100,
       ...params,
       owner,
@@ -3022,27 +3007,23 @@ var GithubSCMLib = class extends SCMLib {
     });
   }
   async getPrDiff(params) {
-    if (!this.accessToken || !this.url) {
-      throw new Error("cannot get Pr Comments without access token or url");
-    }
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const prRes = await getPrDiff(this.oktokit, {
+    const prRes = await this.githubSdk.getPrDiff({
       ...params,
       owner,
       repo
     });
-    return z8.string().parse(prRes.data);
+    return z7.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-    return getGithubRepoList(this.accessToken);
+    this._validateToken();
+    return this.githubSdk.getGithubRepoList();
   }
   async getBranchList() {
     this._validateAccessTokenAndUrl();
-    return getGithubBranchList(this.accessToken, this.url);
+    const branches = await this.githubSdk.getGithubBranchList(this.url);
+    return branches.data.map((branch) => branch.name);
   }
   getScmLibType() {
     return "GITHUB" /* GITHUB */;
@@ -3054,73 +3035,57 @@ var GithubSCMLib = class extends SCMLib {
     return {};
   }
   getDownloadUrl(sha) {
-    this.url;
     this._validateUrl();
     const res = parseScmURL(this.url, "GitHub" /* GitHub */);
     if (!res) {
       throw new InvalidRepoUrlError("invalid repo url");
     }
-    const { hostname, organization, repoName } = res;
-    return Promise.resolve(
-      `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`
-    );
+    const { protocol, hostname, organization, repoName } = res;
+    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
+    return Promise.resolve(downloadUrl);
   }
   async _getUsernameForAuthUrl() {
     return this.getUsername();
   }
   async getIsRemoteBranch(branch) {
-    this._validateAccessTokenAndUrl();
-    return getGithubIsRemoteBranch(this.accessToken, this.url, branch);
+    this._validateUrl();
+    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
   }
   async getUserHasAccessToRepo() {
-    if (!this.accessToken || !this.url) {
-      console.error("no access token or no url");
-      throw new Error("no access token or no url");
-    }
+    this._validateAccessTokenAndUrl();
     const username = await this.getUsername();
-    return getGithubIsUserCollaborator(username, this.accessToken, this.url);
+    return this.githubSdk.getGithubIsUserCollaborator({
+      repoUrl: this.url,
+      username
+    });
   }
   async getUsername() {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-    return getGithubUsername(this.accessToken);
+    this._validateToken();
+    return this.githubSdk.getGithubUsername();
   }
   async getSubmitRequestStatus(scmSubmitRequestId) {
-    if (!this.accessToken || !this.url) {
-      console.error("no access token or no url");
-      throw new Error("no access token or no url");
-    }
-    const state = await getGithubPullRequestStatus(
-      this.accessToken,
-      this.url,
-      Number(scmSubmitRequestId)
-    );
-    return state;
+    this._validateAccessTokenAndUrl();
+    return this.githubSdk.getGithubPullRequestStatus({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId)
+    });
   }
   async getRepoBlameRanges(ref, path9) {
     this._validateUrl();
-    return await getGithubBlameRanges(
-      { ref, path: path9, gitHubUrl: this.url },
-      {
-        githubAuthToken: this.accessToken
-      }
-    );
+    return await this.githubSdk.getGithubBlameRanges({
+      ref,
+      path: path9,
+      gitHubUrl: this.url
+    });
   }
   async getReferenceData(ref) {
     this._validateUrl();
-    return await getGithubReferenceData(
-      { ref, gitHubUrl: this.url },
-      {
-        githubAuthToken: this.accessToken
-      }
-    );
+    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
   }
   async getPrComment(commentId) {
     this._validateUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await getPrComment(this.oktokit, {
+    return await this.githubSdk.getPrComment({
       repo,
       owner,
       comment_id: commentId
@@ -3128,17 +3093,12 @@ var GithubSCMLib = class extends SCMLib {
   }
   async getRepoDefaultBranch() {
     this._validateUrl();
-    return await getGithubRepoDefaultBranch(this.url, {
-      githubAuthToken: this.accessToken
-    });
+    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
   }
   async getPrUrl(prNumber) {
-    if (!this.url || !this.oktokit) {
-      console.error("no url");
-      throw new Error("no url");
-    }
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getPrRes = await getPr(this.oktokit, {
+    const getPrRes = await this.githubSdk.getPr({
       owner,
       repo,
       pull_number: prNumber
@@ -3147,21 +3107,20 @@ var GithubSCMLib = class extends SCMLib {
   }
   async postGeneralPrComment(params) {
     const { prNumber, body } = params;
-    this._validateUrl();
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await postGeneralPrComment(this.oktokit, {
+    return await this.githubSdk.postGeneralPrComment({
       issue_number: prNumber,
       owner,
       repo,
       body
     });
   }
-  async getGeneralPrComments(params, auth) {
+  async getGeneralPrComments(params) {
     const { prNumber } = params;
-    this._validateUrl();
-    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await getGeneralPrComments(oktoKit, {
+    return await this.githubSdk.getGeneralPrComments({
       issue_number: prNumber,
       owner,
       repo
@@ -3170,9 +3129,9 @@ var GithubSCMLib = class extends SCMLib {
   async deleteGeneralPrComment({
     commentId
   }) {
-    this._validateUrl();
+    this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return deleteGeneralPrComment(this.oktokit, {
+    return this.githubSdk.deleteGeneralPrComment({
       owner,
       repo,
       comment_id: commentId
@@ -3246,7 +3205,7 @@ var StubSCMLib = class extends SCMLib {
 };
 function getUserAndPassword(token) {
   const [username, password] = token.split(":");
-  const safePasswordAndUsername = z8.object({ username: z8.string(), password: z8.string() }).parse({ username, password });
+  const safePasswordAndUsername = z7.object({ username: z7.string(), password: z7.string() }).parse({ username, password });
   return {
     username: safePasswordAndUsername.username,
     password: safePasswordAndUsername.password
@@ -3282,7 +3241,7 @@ var BitbucketSCMLib = class extends SCMLib {
         return { username, password, authType };
       }
       case "token": {
-        return { authType, token: z8.string().parse(this.accessToken) };
+        return { authType, token: z7.string().parse(this.accessToken) };
       }
       case "public":
         return { authType };
@@ -3294,7 +3253,7 @@ var BitbucketSCMLib = class extends SCMLib {
       ...params,
       repoUrl: this.url
     });
-    return String(z8.number().parse(pullRequestRes.id));
+    return String(z7.number().parse(pullRequestRes.id));
   }
   async validateParams() {
     return validateBitbucketParams({
@@ -3366,7 +3325,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateToken();
     const res = await this.bitbucketSdk.getUser();
-    return z8.string().parse(res.username);
+    return z7.string().parse(res.username);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -3395,7 +3354,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getRepoDefaultBranch() {
     this._validateUrl();
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z8.string().parse(repoRes.mainbranch?.name);
+    return z7.string().parse(repoRes.mainbranch?.name);
   }
   getPrUrl(prNumber) {
     this._validateUrl();
@@ -3419,25 +3378,25 @@ var BitbucketSCMLib = class extends SCMLib {
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var { Bitbucket } = bitbucketPkg;
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z9.object({
-  status: z9.number(),
-  error: z9.object({
-    type: z9.string(),
-    error: z9.object({
-      message: z9.string()
+var TokenExpiredErrorZ = z8.object({
+  status: z8.number(),
+  error: z8.object({
+    type: z8.string(),
+    error: z8.object({
+      message: z8.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
-var BitbucketAuthResultZ = z9.object({
-  access_token: z9.string(),
-  token_type: z9.string(),
-  refresh_token: z9.string()
+var BitbucketAuthResultZ = z8.object({
+  access_token: z8.string(),
+  token_type: z8.string(),
+  refresh_token: z8.string()
 });
-var BitbucketParseResultZ = z9.object({
-  organization: z9.string(),
-  repoName: z9.string(),
-  hostname: z9.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z8.object({
+  organization: z8.string(),
+  repoName: z8.string(),
+  hostname: z8.literal(BITBUCKET_HOSTNAME)
 });
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
@@ -3515,7 +3474,7 @@ function getBitbucketSdk(params) {
       if (!res.data.values) {
         return [];
       }
-      return res.data.values.filter((branch) => !!branch.name).map((branch) => z9.string().parse(branch.name));
+      return res.data.values.filter((branch) => !!branch.name).map((branch) => z8.string().parse(branch.name));
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
@@ -3630,7 +3589,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: tagRes.data.target?.hash,
         type: "TAG" /* TAG */,
-        date: new Date(z9.string().parse(tagRes.data.target?.date))
+        date: new Date(z8.string().parse(tagRes.data.target?.date))
       });
     },
     async getBranchRef(params2) {
@@ -3638,7 +3597,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getBranchRes.target?.hash,
         type: "BRANCH" /* BRANCH */,
-        date: new Date(z9.string().parse(getBranchRes.target?.date))
+        date: new Date(z8.string().parse(getBranchRes.target?.date))
       });
     },
     async getCommitRef(params2) {
@@ -3646,13 +3605,13 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getCommitRes.hash,
         type: "COMMIT" /* COMMIT */,
-        date: new Date(z9.string().parse(getCommitRes.date))
+        date: new Date(z8.string().parse(getCommitRes.date))
       });
     },
     async getDownloadUrl({ url, sha }) {
       this.getReferenceData({ ref: sha, url });
       const repoRes = await this.getRepo({ repoUrl: url });
-      const parsedRepoUrl = z9.string().url().parse(repoRes.links?.html?.href);
+      const parsedRepoUrl = z8.string().url().parse(repoRes.links?.html?.href);
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
@@ -3675,7 +3634,7 @@ async function validateBitbucketParams(params) {
     if (authType !== "public") {
       await bitbucketClient.getUser();
     }
-    if (params.url) {
+    if (params.url && shouldValidateUrl(params.url)) {
       await bitbucketClient.getRepo({ repoUrl: params.url });
     }
   } catch (e) {
@@ -3695,7 +3654,7 @@ async function validateBitbucketParams(params) {
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
   const res = await bitbucketClient.workspaces.getWorkspaces({});
-  return res.data.values?.map((v) => z9.string().parse(v.slug));
+  return res.data.values?.map((v) => z8.string().parse(v.slug));
 }
 async function getllUsersrepositories(bitbucketClient) {
   const userWorspacesSlugs = await getUsersworkspacesSlugs(bitbucketClient);
@@ -3727,7 +3686,7 @@ var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
 // src/features/analysis/add_fix_comments_for_pr/utils.ts
 import Debug3 from "debug";
 import parseDiff2 from "parse-diff";
-import { z as z10 } from "zod";
+import { z as z9 } from "zod";
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -3958,7 +3917,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z10.string().parse(file.to),
+      path: z9.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -4265,30 +4224,30 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 // src/features/analysis/graphql/types.ts
-import { z as z11 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z11.object({
-  vulnerabilityReportIssueId: z11.string(),
-  path: z11.string(),
-  startLine: z11.number(),
-  vulnerabilityReportIssue: z11.object({
-    fixId: z11.string()
+import { z as z10 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z10.object({
+  vulnerabilityReportIssueId: z10.string(),
+  path: z10.string(),
+  startLine: z10.number(),
+  vulnerabilityReportIssue: z10.object({
+    fixId: z10.string()
   })
 });
-var GetVulByNodesMetadataZ = z11.object({
-  vulnerabilityReportIssueCodeNodes: z11.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+var GetVulByNodesMetadataZ = z10.object({
+  vulnerabilityReportIssueCodeNodes: z10.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z10.object({
+    aggregate: z10.object({
+      count: z10.number()
     })
   }),
-  fixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  fixablePrVuls: z10.object({
+    aggregate: z10.object({
+      count: z10.number()
     })
   }),
-  totalScanVulnerabilities: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  totalScanVulnerabilities: z10.object({
+    aggregate: z10.object({
+      count: z10.number()
     })
   })
 });
@@ -4345,12 +4304,17 @@ var GQLClient = class {
     }
     return true;
   }
-  async getOrgAndProjectId(projectName) {
-    const getOrgAndProjectIdResult = await this._clientSdk.getOrgAndProjectId();
-    const org = getOrgAndProjectIdResult?.users?.at(0)?.userOrganizationsAndUserOrganizationRoles?.at(0)?.organization;
-    if (!org?.id) {
+  async getOrgAndProjectId(params = {}) {
+    const { projectName, userDefinedOrganizationId } = params;
+    const getOrgAndProjectIdResult = await this._clientSdk.getOrgAndProjectId({
+      filters: userDefinedOrganizationId ? { organizationId: { _eq: userDefinedOrganizationId } } : {},
+      limit: 1
+    });
+    const [organizationToOrganizationRole] = getOrgAndProjectIdResult.organization_to_organization_role;
+    if (!organizationToOrganizationRole) {
       throw new Error("Organization not found");
     }
+    const { organization: org } = organizationToOrganizationRole;
     const project = projectName ? org?.projects.find((project2) => project2.name === projectName) ?? null : org?.projects[0];
     if (!project?.id) {
       throw new Error("Project not found");
@@ -4383,13 +4347,12 @@ var GQLClient = class {
     }
   }
   async updateScmToken(args) {
-    const { scmType, url, token, org, username, refreshToken } = args;
+    const { scmType, url, token, org, refreshToken } = args;
     const updateScmTokenResult = await this._clientSdk.updateScmToken({
       scmType,
       url,
       token,
       org,
-      username,
       refreshToken
     });
     return updateScmTokenResult;
@@ -4919,7 +4882,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
 // src/features/analysis/upload-file.ts
 import Debug11 from "debug";
-import fetch2, { File, fileFrom, FormData } from "node-fetch";
+import fetch3, { File, fileFrom, FormData } from "node-fetch";
 var debug10 = Debug11("mobbdev:upload-file");
 async function uploadFile({
   file,
@@ -4944,7 +4907,7 @@ async function uploadFile({
     debug10("upload file from buffer");
     form.append("file", new File([file], "file"));
   }
-  const response = await fetch2(url, {
+  const response = await fetch3(url, {
     method: "POST",
     body: form
   });
@@ -4975,7 +4938,7 @@ async function downloadRepo({
   debug11("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path6.join(dirname, "repo.zip");
   debug11("download URL: %s auth headers: %o", downloadUrl, authHeaders);
-  const response = await fetch3(downloadUrl, {
+  const response = await fetch4(downloadUrl, {
     method: "GET",
     headers: {
       ...authHeaders
@@ -5077,7 +5040,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     cxProjectName,
     mobbProjectName,
     githubToken: githubActionToken,
-    command
+    command,
+    organizationId: userOrganizationId
   } = params;
   debug11("start %s %s", dirname, repo);
   const { createSpinner: createSpinner4 } = Spinner2({ ci });
@@ -5087,7 +5051,10 @@ async function _scan(params, { skipPrompts = false } = {}) {
     type: "apiKey"
   });
   await handleMobbLogin();
-  const { projectId, organizationId } = await gqlClient.getOrgAndProjectId(mobbProjectName);
+  const { projectId, organizationId } = await gqlClient.getOrgAndProjectId({
+    projectName: mobbProjectName,
+    userDefinedOrganizationId: userOrganizationId
+  });
   const {
     uploadS3BucketInfo: { repoUploadInfo, reportUploadInfo }
   } = await gqlClient.uploadS3BucketInfo();
@@ -5186,7 +5153,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z12.string().parse(repo),
+      repoUrl: z11.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -5438,9 +5405,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z12.object({
-          repo: z12.string().url(),
-          githubActionToken: z12.string()
+        const params2 = z11.object({
+          repo: z11.string().url(),
+          githubActionToken: z11.string()
         }).parse({ repo, githubActionToken });
         const scm2 = await SCMLib.init({
           url: params2.repo,
@@ -5457,7 +5424,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
               analysisId,
               gqlClient,
               scm: scm2,
-              scanner: z12.nativeEnum(SCANNERS).parse(scanner)
+              scanner: z11.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -5518,7 +5485,8 @@ async function analyze({
   ci,
   commitHash,
   srcPath,
-  mobbProjectName
+  mobbProjectName,
+  organizationId
 }, { skipPrompts = false } = {}) {
   !ci && await showWelcomeMessage(skipPrompts);
   await runAnalysis(
@@ -5531,6 +5499,7 @@ async function analyze({
       commitHash,
       mobbProjectName,
       srcPath,
+      organizationId,
       command: "analyze"
     },
     { skipPrompts }
@@ -5541,7 +5510,7 @@ var packageJson2 = JSON.parse(
 );
 var config3 = new Configstore2(packageJson2.name, { apiToken: "" });
 async function addScmToken(addScmTokenOptions) {
-  const { apiKey, token, organization, scmType, url, username, refreshToken } = addScmTokenOptions;
+  const { apiKey, token, organization, scmType, url, refreshToken } = addScmTokenOptions;
   const gqlClient = new GQLClient({
     apiKey: apiKey || config3.get("apiToken"),
     type: "apiKey"
@@ -5554,7 +5523,6 @@ async function addScmToken(addScmTokenOptions) {
     url,
     token,
     org: organization,
-    username,
     refreshToken
   });
 }
@@ -5608,6 +5576,12 @@ var refOption = {
   type: "string",
   demandOption: false
 };
+var organizationIdOptions = {
+  describe: chalk5.bold("Organization id"),
+  alias: "organization-id",
+  type: "string",
+  demandOption: false
+};
 var scannerOptions = {
   alias: "s",
   choices: Object.values(SCANNERS),
@@ -5650,10 +5624,6 @@ var scmOrgOption = {
   describe: chalk5.bold("Organization name in SCM (used in Azure DevOps)"),
   type: "string"
 };
-var scmUsernameOption = {
-  describe: chalk5.bold("Username in SCM (used in GitHub, Bitbucket)"),
-  type: "string"
-};
 var scmRefreshTokenOption = {
   describe: chalk5.bold("SCM refresh token (used in GitLab)"),
   type: "string"
@@ -5667,7 +5637,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z13 } from "zod";
+import { z as z12 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -5684,11 +5654,17 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z13.string({
+var UrlZ = z12.string({
   invalid_type_error: "is not a valid GitHub / GitLab / ADO URL"
 }).refine((data) => !!sanityRepoURL(data), {
   message: "is not a valid GitHub / GitLab / ADO URL"
 });
+function validateOrganizationId(organizationId) {
+  const orgIdValidation = z12.string().uuid().nullish().safeParse(organizationId);
+  if (!orgIdValidation.success) {
+    throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
+  }
+}
 function validateRepoUrl(args) {
   const repoSafeParseResult = UrlZ.safeParse(args.repo);
   const { success } = repoSafeParseResult;
@@ -5738,7 +5714,7 @@ function analyzeBuilder(yargs2) {
     alias: "commit-hash",
     describe: chalk7.bold("Hash of the commit"),
     type: "string"
-  }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).example(
+  }).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("org", organizationIdOptions).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).example(
     "$0 analyze -r https://github.com/WebGoat/WebGoat -f <your_vulirabitliy_report_path>",
     "analyze an existing repository"
   ).help();
@@ -5748,6 +5724,7 @@ function validateAnalyzeOptions(argv) {
     throw new CliError(`
 Can't access ${chalk7.bold(argv.f)}`);
   }
+  validateOrganizationId(argv.organizationId);
   if (!argv.srcPath && !argv.repo) {
     throw new CliError("You must supply either --src-path or --repo");
   }
@@ -5816,13 +5793,14 @@ async function reviewHandler(args) {
 // src/args/commands/scan.ts
 function scanBuilder(args) {
-  return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("scanner", scannerOptions).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("cx-project-name", projectNameOption).example(
+  return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("scanner", scannerOptions).option("org", organizationIdOptions).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("cx-project-name", projectNameOption).example(
     "$0 scan -r https://github.com/WebGoat/WebGoat",
     "Scan an existing repository"
   ).help();
 }
 function validateScanOptions(argv) {
   validateRepoUrl(argv);
+  validateOrganizationId(argv.organizationId);
   argv.scanner === SCANNERS.Checkmarx && validateCheckmarxInstallation();
   if (argv.scanner === SCANNERS.Checkmarx && !argv.cxProjectName) {
     throw new CliError(errorMessages.missingCxProjectName);
@@ -5839,15 +5817,15 @@ async function scanHandler(args) {
 }
 // src/args/commands/token.ts
-import { z as z14 } from "zod";
+import { z as z13 } from "zod";
 function addScmTokenBuilder(args) {
-  return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("username", scmUsernameOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
+  return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
     "$0 add-scm-token --scm-type Ado --url https://dev.azure.com/adoorg/test/_git/repo --token abcdef0123456 --organization myOrg",
     "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
   ).help().demandOption(["url", "token"]);
 }
 function validateAddScmTokenOptions(argv) {
-  if (!z14.nativeEnum(ScmType).safeParse(argv.scmType).success) {
+  if (!z13.nativeEnum(ScmType).safeParse(argv.scmType).success) {
     throw new CliError(
       "\nError: --scm-type must reference a valid SCM type (GitHub, GitLab, Ado, Bitbutcket)"
     );
@@ -5855,25 +5833,17 @@ function validateAddScmTokenOptions(argv) {
   Object.values(scmValidationMap).forEach((validate) => validate(argv));
 }
 var scmValidationMap = {
-  ["GitHub" /* GitHub */]: validateGithub,
+  ["GitHub" /* GitHub */]: () => {
+    return;
+  },
   ["GitLab" /* GitLab */]: () => {
     return;
   },
   ["Ado" /* Ado */]: validateAdo,
-  ["Bitbucket" /* Bitbucket */]: validateBitbucket
-};
-function validateBitbucket(argv) {
-  const urlObj = new URL(argv.url);
-  if (urlObj.hostname.toLowerCase() === scmCloudHostname.Bitbucket && !argv.username) {
-    throw new CliError("\nError: --username flag is required for Bitbucket");
-  }
-}
-function validateGithub(argv) {
-  const urlObj = new URL(argv.url);
-  if (urlObj.hostname.toLowerCase() === scmCloudHostname.GitHub && !argv.username) {
-    throw new CliError("\nError: --username flag is required for GitHub");
+  ["Bitbucket" /* Bitbucket */]: () => {
+    return;
   }
-}
+};
 function validateAdo(argv) {
   const urlObj = new URL(argv.url);
   if ((urlObj.hostname.toLowerCase() === scmCloudHostname.Ado || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com")) && !argv.organization) {