npm - mobbdev - Versions diffs - 0.0.145 → 0.0.152 - Mend

mobbdev 0.0.145 → 0.0.152

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +1642 -1512
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -32,661 +32,174 @@ import fs4 from "node:fs";
 import path7 from "node:path";
 // src/constants.ts
-import path from "node:path";
+import path2 from "node:path";
 import { fileURLToPath } from "node:url";
 import chalk from "chalk";
 import Debug from "debug";
 import * as dotenv from "dotenv";
-import { z } from "zod";
-var debug = Debug("mobbdev:constants");
-var __dirname = path.dirname(fileURLToPath(import.meta.url));
-dotenv.config({ path: path.join(__dirname, "../.env") });
-var ScmTypes = {
-  Github: "GitHub",
-  Gitlab: "GitLab",
-  AzureDevOps: "Ado"
-};
-var SCANNERS = {
-  Checkmarx: "checkmarx",
-  Codeql: "codeql",
-  Fortify: "fortify",
-  Snyk: "snyk",
-  Sonarqube: "sonarqube"
-};
-var SupportedScannersZ = z.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
-var envVariablesSchema = z.object({
-  WEB_APP_URL: z.string(),
-  API_URL: z.string(),
-  HASURA_ACCESS_KEY: z.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z.string()
-}).required();
-var envVariables = envVariablesSchema.parse(process.env);
-debug("config %o", envVariables);
-var mobbAscii = `
-                                   ..
-                             ..........
-                        .................
-               ...........................
-              ..............................
-             ................................
-             ..................................
-            ....................................
-            .....................................
-            .............................................
-          .................................................
-     ...............................       .................
-  ..................................           ............
-..................    .............            ..........
-......... ........      .........             ......
-  ...............                          ....
-         .... ..
-                                      . ...
-                              ..............
-                       ......................
-                   ...........................
-               ................................
-           ......................................
-                ...............................
-                       .................
-`;
-var PROJECT_DEFAULT_NAME = "My first project";
-var WEB_APP_URL = envVariables.WEB_APP_URL;
-var API_URL = envVariables.API_URL;
-var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
-var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
-var errorMessages = {
-  missingCxProjectName: `project name ${chalk.bold(
-    "(--cx-project-name)"
-  )} is needed if you're using checkmarx`,
-  missingUrl: `url ${chalk.bold(
-    "(--url)"
-  )} is needed if you're adding an SCM token`,
-  invalidScmType: `SCM type ${chalk.bold(
-    "(--scm-type)"
-  )} is invalid, please use one of: ${Object.values(ScmTypes).join(", ")}`,
-  missingToken: `SCM token ${chalk.bold(
-    "(--token)"
-  )} is needed if you're adding an SCM token`
-};
-var progressMassages = {
-  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
-  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
-  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
+import { z as z10 } from "zod";
+// src/features/analysis/scm/shared/src/types.ts
+var scmCloudUrl = {
+  GitLab: "https://gitlab.com",
+  GitHub: "https://github.com",
+  Ado: "https://dev.azure.com",
+  Bitbucket: "https://bitbucket.org"
 };
-var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 20;
+var ScmType = /* @__PURE__ */ ((ScmType2) => {
+  ScmType2["GitHub"] = "GitHub";
+  ScmType2["GitLab"] = "GitLab";
+  ScmType2["Ado"] = "Ado";
+  ScmType2["Bitbucket"] = "Bitbucket";
+  return ScmType2;
+})(ScmType || {});
-// src/features/analysis/index.ts
-import crypto from "node:crypto";
-import fs3 from "node:fs";
-import os from "node:os";
-import path6 from "node:path";
-import { pipeline } from "node:stream/promises";
+// src/features/analysis/scm/ado/constants.ts
+var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
-// src/generates/client_generates.ts
-var MeDocument = `
-    query Me {
-  me {
-    id
-    email
-    scmConfigs {
-      id
-      orgId
-      refreshToken
-      scmType
-      scmUrl
-      scmUsername
-      token
-      tokenLastUpdate
-      userId
-      scmOrg
-      isTokenAvailable
+// src/features/analysis/scm/ado/utils.ts
+import querystring3 from "node:querystring";
+import * as api from "azure-devops-node-api";
+import { z as z9 } from "zod";
+// src/features/analysis/scm/env.ts
+import { z } from "zod";
+var EnvVariablesZod = z.object({
+  GITLAB_API_TOKEN: z.string().optional(),
+  BROKERED_HOSTS: z.string().toLowerCase().transform(
+    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
+  ).default(""),
+  GITHUB_API_TOKEN: z.string().optional(),
+  GIT_PROXY_HOST: z.string().default("http://tinyproxy:8888")
+});
+var { GITLAB_API_TOKEN, BROKERED_HOSTS, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+// src/features/analysis/scm/scm.ts
+import { z as z7 } from "zod";
+// src/features/analysis/scm/bitbucket/bitbucket.ts
+import querystring from "node:querystring";
+import bitbucketPkg from "bitbucket";
+import * as bitbucketPkgNode from "bitbucket";
+import { z as z3 } from "zod";
+// src/features/analysis/scm/shared/src/urlParser/urlParser.ts
+import { z as z2 } from "zod";
+function detectAdoUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const hostnameParts = hostname.split(".");
+  const adoCloudHostname = new URL(scmCloudUrl.Ado).hostname;
+  const prefixPath = pathname.at(0)?.toLowerCase() === ADO_PREFIX_PATH ? ADO_PREFIX_PATH : "";
+  const normilizedPath = prefixPath ? pathname.slice(1) : pathname;
+  if (hostnameParts.length === 3 && hostnameParts[1] === "visualstudio" && hostnameParts[2] === "com") {
+    if (normilizedPath.length === 2 && normilizedPath[0] === "_git") {
+      const [_git, projectName] = normilizedPath;
+      const [organization] = hostnameParts;
+      return {
+        scmType: "Ado" /* Ado */,
+        organization,
+        // project has single repo - repoName === projectName
+        projectName: z2.string().parse(projectName),
+        repoName: projectName,
+        prefixPath
+      };
+    }
+    if (normilizedPath.length === 3 && normilizedPath[1] === "_git") {
+      const [projectName, _git, repoName] = normilizedPath;
+      const [organization] = hostnameParts;
+      return {
+        scmType: "Ado" /* Ado */,
+        organization,
+        projectName: z2.string().parse(projectName),
+        repoName,
+        prefixPath
+      };
     }
   }
-}
-    `;
-var GetOrgAndProjectIdDocument = `
-    query getOrgAndProjectId($filters: organization_to_organization_role_bool_exp, $limit: Int) {
-  organization_to_organization_role(
-    where: $filters
-    order_by: {organization: {createdOn: desc}}
-    limit: $limit
-  ) {
-    organization {
-      id
-      projects(order_by: {updatedAt: desc}) {
-        id
-        name
+  if (hostname === adoCloudHostname || scmType === "Ado" /* Ado */) {
+    if (normilizedPath[normilizedPath.length - 2] === "_git") {
+      if (normilizedPath.length === 3) {
+        const [organization, _git, repoName] = normilizedPath;
+        return {
+          scmType: "Ado" /* Ado */,
+          organization,
+          // project has only one repo - repoName === projectName
+          projectName: z2.string().parse(repoName),
+          repoName,
+          prefixPath
+        };
+      }
+      if (normilizedPath.length === 4) {
+        const [organization, projectName, _git, repoName] = normilizedPath;
+        return {
+          scmType: "Ado" /* Ado */,
+          organization,
+          projectName: z2.string().parse(projectName),
+          repoName,
+          prefixPath
+        };
       }
     }
   }
+  return null;
 }
-    `;
-var GetEncryptedApiTokenDocument = `
-    query GetEncryptedApiToken($loginId: uuid!) {
-  cli_login_by_pk(id: $loginId) {
-    encryptedApiToken
-  }
-}
-    `;
-var FixReportStateDocument = `
-    query FixReportState($id: uuid!) {
-  fixReport_by_pk(id: $id) {
-    state
+function detectGithubUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const githubHostname = new URL(scmCloudUrl.GitHub).hostname;
+  if (hostname === githubHostname || scmType === "GitHub" /* GitHub */) {
+    if (pathname.length === 2) {
+      return {
+        scmType: "GitHub" /* GitHub */,
+        organization: pathname[0],
+        repoName: pathname[1]
+      };
+    }
   }
+  return null;
 }
-    `;
-var GetVulnerabilityReportPathsDocument = `
-    query GetVulnerabilityReportPaths($vulnerabilityReportId: uuid!) {
-  vulnerability_report_path(
-    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
-  ) {
-    path
+function detectGitlabUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const gitlabHostname = new URL(scmCloudUrl.GitLab).hostname;
+  if (hostname === gitlabHostname || scmType === "GitLab" /* GitLab */) {
+    if (pathname.length >= 2) {
+      return {
+        scmType: "GitLab" /* GitLab */,
+        organization: pathname[0],
+        repoName: pathname[pathname.length - 1]
+      };
+    }
   }
+  return null;
 }
-    `;
-var GetAnalysisDocument = `
-    subscription getAnalysis($analysisId: uuid!) {
-  analysis: fixReport_by_pk(id: $analysisId) {
-    id
-    state
+function detectBitbucketUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const bitbucketHostname = new URL(scmCloudUrl.Bitbucket).hostname;
+  if (hostname === bitbucketHostname || scmType === "Bitbucket" /* Bitbucket */) {
+    if (pathname.length === 2) {
+      return {
+        scmType: "Bitbucket" /* Bitbucket */,
+        organization: pathname[0],
+        repoName: pathname[1]
+      };
+    }
   }
+  return null;
 }
-    `;
-var GetAnalsyisDocument = `
-    query getAnalsyis($analysisId: uuid!) {
-  analysis: fixReport_by_pk(id: $analysisId) {
-    id
-    state
-    repo {
-      commitSha
-      pullRequest
-    }
-    vulnerabilityReportId
-    vulnerabilityReport {
-      projectId
-      project {
-        organizationId
-      }
-      file {
-        signedFile {
-          url
-        }
-      }
+var getRepoUrlFunctionMap = {
+  ["GitLab" /* GitLab */]: detectGitlabUrl,
+  ["GitHub" /* GitHub */]: detectGithubUrl,
+  ["Ado" /* Ado */]: detectAdoUrl,
+  ["Bitbucket" /* Bitbucket */]: detectBitbucketUrl
+};
+function getRepoInfo(args) {
+  for (const detectUrl of Object.values(getRepoUrlFunctionMap)) {
+    const detectUrlRes = detectUrl(args);
+    if (detectUrlRes) {
+      return detectUrlRes;
     }
   }
+  return null;
 }
-    `;
-var GetFixesDocument = `
-    query getFixes($filters: fix_bool_exp!) {
-  fixes: fix(where: $filters) {
-    issueType
-    id
-    patchAndQuestions {
-      __typename
-      ... on FixData {
-        patch
-      }
-    }
-  }
-}
-    `;
-var GetVulByNodesMetadataDocument = `
-    query getVulByNodesMetadata($filters: [vulnerability_report_issue_code_node_bool_exp!], $vulnerabilityReportId: uuid!) {
-  vulnerabilityReportIssueCodeNodes: vulnerability_report_issue_code_node(
-    order_by: {index: desc}
-    where: {_or: $filters, vulnerabilityReportIssue: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}}}
-  ) {
-    vulnerabilityReportIssueId
-    path
-    startLine
-    vulnerabilityReportIssue {
-      issueType
-      fixId
-    }
-  }
-  fixablePrVuls: vulnerability_report_issue_aggregate(
-    where: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
-  ) {
-    aggregate {
-      count
-    }
-  }
-  nonFixablePrVuls: vulnerability_report_issue_aggregate(
-    where: {fixId: {_is_null: true}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
-  ) {
-    aggregate {
-      count
-    }
-  }
-  totalScanVulnerabilities: vulnerability_report_issue_aggregate(
-    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
-  ) {
-    aggregate {
-      count
-    }
-  }
-}
-    `;
-var UpdateScmTokenDocument = `
-    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $refreshToken: String) {
-  updateScmToken(
-    scmType: $scmType
-    url: $url
-    token: $token
-    org: $org
-    refreshToken: $refreshToken
-  ) {
-    __typename
-    ... on ScmAccessTokenUpdateSuccess {
-      token
-    }
-    ... on InvalidScmTypeError {
-      status
-      error
-    }
-    ... on BadScmCredentials {
-      status
-      error
-    }
-  }
-}
-    `;
-var UploadS3BucketInfoDocument = `
-    mutation uploadS3BucketInfo($fileName: String!) {
-  uploadS3BucketInfo(fileName: $fileName) {
-    status
-    error
-    reportUploadInfo: uploadInfo {
-      url
-      fixReportId
-      uploadFieldsJSON
-      uploadKey
-    }
-    repoUploadInfo {
-      url
-      fixReportId
-      uploadFieldsJSON
-      uploadKey
-    }
-  }
-}
-    `;
-var DigestVulnerabilityReportDocument = `
-    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $projectId: String!, $scanSource: String!) {
-  digestVulnerabilityReport(
-    fixReportId: $fixReportId
-    vulnerabilityReportFileName: $vulnerabilityReportFileName
-    projectId: $projectId
-    scanSource: $scanSource
-  ) {
-    __typename
-    ... on VulnerabilityReport {
-      vulnerabilityReportId
-      fixReportId
-    }
-    ... on RabbitSendError {
-      status
-      error
-    }
-    ... on ReportValidationError {
-      status
-      error
-    }
-    ... on ReferenceNotFoundError {
-      status
-      error
-    }
-  }
-}
-    `;
-var SubmitVulnerabilityReportDocument = `
-    mutation SubmitVulnerabilityReport($fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $scanSource: String!, $sha: String, $experimentalEnabled: Boolean, $vulnerabilityReportFileName: String, $pullRequest: Int) {
-  submitVulnerabilityReport(
-    fixReportId: $fixReportId
-    repoUrl: $repoUrl
-    reference: $reference
-    sha: $sha
-    experimentalEnabled: $experimentalEnabled
-    pullRequest: $pullRequest
-    projectId: $projectId
-    vulnerabilityReportFileName: $vulnerabilityReportFileName
-    scanSource: $scanSource
-  ) {
-    __typename
-    ... on VulnerabilityReport {
-      vulnerabilityReportId
-      fixReportId
-    }
-  }
-}
-    `;
-var CreateCommunityUserDocument = `
-    mutation CreateCommunityUser {
-  initOrganizationAndProject {
-    __typename
-    ... on InitOrganizationAndProjectGoodResponse {
-      projectId
-      userId
-      organizationId
-    }
-    ... on UserAlreadyInProjectError {
-      error
-      status
-    }
-  }
-}
-    `;
-var CreateCliLoginDocument = `
-    mutation CreateCliLogin($publicKey: String!) {
-  insert_cli_login_one(object: {publicKey: $publicKey}) {
-    id
-  }
-}
-    `;
-var PerformCliLoginDocument = `
-    mutation performCliLogin($loginId: String!) {
-  performCliLogin(loginId: $loginId) {
-    status
-  }
-}
-    `;
-var CreateProjectDocument = `
-    mutation CreateProject($organizationId: String!, $projectName: String!) {
-  createProject(organizationId: $organizationId, projectName: $projectName) {
-    projectId
-  }
-}
-    `;
-var defaultWrapper = (action, _operationName, _operationType, _variables) => action();
-function getSdk(client, withWrapper = defaultWrapper) {
-  return {
-    Me(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(MeDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "Me", "query", variables);
-    },
-    getOrgAndProjectId(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetOrgAndProjectIdDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getOrgAndProjectId", "query", variables);
-    },
-    GetEncryptedApiToken(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetEncryptedApiTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetEncryptedApiToken", "query", variables);
-    },
-    FixReportState(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(FixReportStateDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "FixReportState", "query", variables);
-    },
-    GetVulnerabilityReportPaths(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetVulnerabilityReportPathsDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetVulnerabilityReportPaths", "query", variables);
-    },
-    getAnalysis(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalysisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalysis", "subscription", variables);
-    },
-    getAnalsyis(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalsyisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalsyis", "query", variables);
-    },
-    getFixes(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetFixesDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getFixes", "query", variables);
-    },
-    getVulByNodesMetadata(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetVulByNodesMetadataDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getVulByNodesMetadata", "query", variables);
-    },
-    updateScmToken(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(UpdateScmTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "updateScmToken", "mutation", variables);
-    },
-    uploadS3BucketInfo(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(UploadS3BucketInfoDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "uploadS3BucketInfo", "mutation", variables);
-    },
-    DigestVulnerabilityReport(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(DigestVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "DigestVulnerabilityReport", "mutation", variables);
-    },
-    SubmitVulnerabilityReport(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(SubmitVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "SubmitVulnerabilityReport", "mutation", variables);
-    },
-    CreateCommunityUser(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(CreateCommunityUserDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCommunityUser", "mutation", variables);
-    },
-    CreateCliLogin(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(CreateCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCliLogin", "mutation", variables);
-    },
-    performCliLogin(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(PerformCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "performCliLogin", "mutation", variables);
-    },
-    CreateProject(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(CreateProjectDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateProject", "mutation", variables);
-    }
-  };
-}
-// src/utils/index.ts
-var utils_exports = {};
-__export(utils_exports, {
-  CliError: () => CliError,
-  Spinner: () => Spinner,
-  getDirName: () => getDirName,
-  getTopLevelDirName: () => getTopLevelDirName,
-  keypress: () => keypress,
-  sleep: () => sleep
-});
-// src/utils/dirname.ts
-import path2 from "node:path";
-import { fileURLToPath as fileURLToPath2 } from "node:url";
-function getDirName() {
-  return path2.dirname(fileURLToPath2(import.meta.url));
-}
-function getTopLevelDirName(fullPath) {
-  return path2.parse(fullPath).name;
-}
-// src/utils/keypress.ts
-import readline from "node:readline";
-async function keypress() {
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  return new Promise((resolve) => {
-    rl.question("", (answer) => {
-      rl.close();
-      process.stderr.moveCursor(0, -1);
-      process.stderr.clearLine(1);
-      resolve(answer);
-    });
-  });
-}
-// src/utils/spinner.ts
-import {
-  createSpinner as _createSpinner
-} from "nanospinner";
-var mockSpinner = {
-  success: () => mockSpinner,
-  error: () => mockSpinner,
-  warn: () => mockSpinner,
-  stop: () => mockSpinner,
-  start: () => mockSpinner,
-  update: () => mockSpinner,
-  reset: () => mockSpinner,
-  clear: () => mockSpinner,
-  spin: () => mockSpinner
-};
-function Spinner({ ci = false } = {}) {
-  return {
-    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
-  };
-}
-// src/utils/index.ts
-var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
-var CliError = class extends Error {
-};
-// src/features/analysis/index.ts
-import chalk4 from "chalk";
-import Configstore from "configstore";
-import Debug12 from "debug";
-import extract from "extract-zip";
-import fetch4 from "node-fetch";
-import open2 from "open";
-import semver from "semver";
-import tmp2 from "tmp";
-import { z as z12 } from "zod";
-// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-import Debug4 from "debug";
-// src/features/analysis/scm/types.ts
-var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
-  ReferenceType2["BRANCH"] = "BRANCH";
-  ReferenceType2["COMMIT"] = "COMMIT";
-  ReferenceType2["TAG"] = "TAG";
-  return ReferenceType2;
-})(ReferenceType || {});
-var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
-  ScmLibScmType2["GITHUB"] = "GITHUB";
-  ScmLibScmType2["GITLAB"] = "GITLAB";
-  ScmLibScmType2["ADO"] = "ADO";
-  ScmLibScmType2["BITBUCKET"] = "BITBUCKET";
-  return ScmLibScmType2;
-})(ScmLibScmType || {});
-var scmCloudUrl = {
-  GitLab: "https://gitlab.com",
-  GitHub: "https://github.com",
-  Ado: "https://dev.azure.com",
-  Bitbucket: "https://bitbucket.org"
-};
-var ScmType = /* @__PURE__ */ ((ScmType2) => {
-  ScmType2["GitHub"] = "GitHub";
-  ScmType2["GitLab"] = "GitLab";
-  ScmType2["Ado"] = "Ado";
-  ScmType2["Bitbucket"] = "Bitbucket";
-  return ScmType2;
-})(ScmType || {});
-// src/features/analysis/scm/ado/constants.ts
-var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
-// src/features/analysis/scm/ado/utils.ts
-import querystring3 from "node:querystring";
-import * as api from "azure-devops-node-api";
-import { z as z9 } from "zod";
-// src/features/analysis/scm/env.ts
-import { z as z2 } from "zod";
-var EnvVariablesZod = z2.object({
-  GITLAB_API_TOKEN: z2.string().optional(),
-  BROKERED_HOSTS: z2.string().toLowerCase().transform(
-    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
-  ).default(""),
-  GITHUB_API_TOKEN: z2.string().optional(),
-  GIT_PROXY_HOST: z2.string().default("http://tinyproxy:8888")
-});
-var { GITLAB_API_TOKEN, BROKERED_HOSTS, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
-// src/features/analysis/scm/scm.ts
-import { z as z7 } from "zod";
-// src/features/analysis/scm/bitbucket/bitbucket.ts
-import querystring from "node:querystring";
-import bitbucketPkg from "bitbucket";
-import * as bitbucketPkgNode from "bitbucket";
-import { z as z3 } from "zod";
-// src/features/analysis/scm/urlParser.ts
-function detectAdoUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const hostnameParts = hostname.split(".");
-  const adoHostname = new URL(scmCloudUrl.Ado).hostname;
-  if (hostnameParts.length === 3 && hostnameParts[1] === "visualstudio" && hostnameParts[2] === "com") {
-    if (pathname.length === 2 && pathname[0] === "_git") {
-      return {
-        organization: hostnameParts[0],
-        projectName: pathname[1],
-        repoName: pathname[1]
-      };
-    }
-    if (pathname.length === 3 && pathname[1] === "_git") {
-      return {
-        organization: hostnameParts[0],
-        projectName: pathname[0],
-        repoName: pathname[2]
-      };
-    }
-  }
-  if (hostname === adoHostname || scmType === "Ado" /* Ado */) {
-    if (pathname.length === 3 && pathname[1] === "_git") {
-      return {
-        organization: pathname[0],
-        projectName: pathname[2],
-        repoName: pathname[2]
-      };
-    }
-    if (pathname.length === 4 && pathname[2] === "_git") {
-      return {
-        organization: pathname[0],
-        projectName: pathname[1],
-        repoName: pathname[3]
-      };
-    }
-  }
-  return null;
-}
-function detectGithubUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const githubHostname = new URL(scmCloudUrl.GitHub).hostname;
-  if (hostname === githubHostname || scmType === "GitHub" /* GitHub */) {
-    if (pathname.length === 2) {
-      return {
-        organization: pathname[0],
-        projectName: void 0,
-        repoName: pathname[1]
-      };
-    }
-  }
-  return null;
-}
-function detectGitlabUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const gitlabHostname = new URL(scmCloudUrl.GitLab).hostname;
-  if (hostname === gitlabHostname || scmType === "GitLab" /* GitLab */) {
-    if (pathname.length >= 2) {
-      return {
-        organization: pathname[0],
-        projectName: void 0,
-        repoName: pathname[pathname.length - 1]
-      };
-    }
-  }
-  return null;
-}
-function detectBitbucketUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const bitbucketHostname = new URL(scmCloudUrl.Bitbucket).hostname;
-  if (hostname === bitbucketHostname || scmType === "Bitbucket" /* Bitbucket */) {
-    if (pathname.length === 2) {
-      return {
-        organization: pathname[0],
-        projectName: void 0,
-        repoName: pathname[1]
-      };
-    }
-  }
-  return null;
-}
-var getRepoUrlFunctionMap = {
-  ["GitLab" /* GitLab */]: detectGitlabUrl,
-  ["GitHub" /* GitHub */]: detectGithubUrl,
-  ["Ado" /* Ado */]: detectAdoUrl,
-  ["Bitbucket" /* Bitbucket */]: detectBitbucketUrl
-};
-function getRepoInfo(args) {
-  for (const detectUrl of Object.values(getRepoUrlFunctionMap)) {
-    const detectUrlRes = detectUrl(args);
-    if (detectUrlRes) {
-      return detectUrlRes;
-    }
-  }
-  return null;
-}
-var NAME_REGEX = /[a-z0-9\-_.+]+/i;
 var parseScmURL = (scmURL, scmType) => {
   try {
     const url = new URL(scmURL);
@@ -699,41 +212,55 @@ var parseScmURL = (scmURL, scmType) => {
     });
     if (!repo)
       return null;
-    const { organization, repoName, projectName } = repo;
+    const { organization, repoName } = repo;
     if (!organization || !repoName)
       return null;
     if (!organization.match(NAME_REGEX) || !repoName.match(NAME_REGEX))
-      return null;
-    return {
-      hostname,
-      organization,
-      projectPath,
-      repoName,
-      projectName,
-      protocol: url.protocol,
-      pathElements: projectPath.split("/")
-    };
-  } catch (e) {
-    return null;
-  }
-};
-var sanityRepoURL = (scmURL) => {
-  try {
-    const url = new URL(scmURL);
-    const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
-    const pathParts = projectPath.split("/");
-    if (pathParts.length < 2)
-      return false;
-    if (pathParts.length > 4)
-      return false;
-    if (pathParts.some((part) => !part.match(NAME_REGEX)))
-      return false;
-    return true;
+      return null;
+    const res = {
+      hostname,
+      organization,
+      projectPath,
+      repoName,
+      protocol: url.protocol,
+      pathElements: projectPath.split("/")
+    };
+    if (repo.scmType === "Ado" /* Ado */) {
+      return {
+        projectName: repo.projectName,
+        prefixPath: repo.prefixPath,
+        scmType: repo.scmType,
+        ...res
+      };
+    }
+    return {
+      scmType: repo.scmType,
+      ...res
+    };
   } catch (e) {
     return null;
   }
 };
+// src/features/analysis/scm/shared/src/index.ts
+var NAME_REGEX = /[a-z0-9\-_.+]+/i;
+var ADO_PREFIX_PATH = "tfs";
+// src/features/analysis/scm/types.ts
+var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
+  ReferenceType2["BRANCH"] = "BRANCH";
+  ReferenceType2["COMMIT"] = "COMMIT";
+  ReferenceType2["TAG"] = "TAG";
+  return ReferenceType2;
+})(ReferenceType || {});
+var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
+  ScmLibScmType2["GITHUB"] = "GITHUB";
+  ScmLibScmType2["GITLAB"] = "GITLAB";
+  ScmLibScmType2["ADO"] = "ADO";
+  ScmLibScmType2["BITBUCKET"] = "BITBUCKET";
+  return ScmLibScmType2;
+})(ScmLibScmType || {});
 // src/features/analysis/scm/utils/get_issue_type.ts
 var getIssueType = (issueType) => {
   switch (issueType) {
@@ -942,6 +469,22 @@ var isUrlHasPath = (url) => {
 function shouldValidateUrl(repoUrl) {
   return repoUrl && isUrlHasPath(repoUrl);
 }
+var sanityRepoURL = (scmURL) => {
+  try {
+    const url = new URL(scmURL);
+    const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
+    const pathParts = projectPath.split("/");
+    if (pathParts.length < 2)
+      return false;
+    if (pathParts.length > 4 && pathParts.at(0) !== ADO_PREFIX_PATH)
+      return false;
+    if (pathParts.some((part) => !part.match(NAME_REGEX)))
+      return false;
+    return true;
+  } catch (e) {
+    return null;
+  }
+};
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var BITBUCKET_HOSTNAME = "bitbucket.org";
@@ -2061,7 +1604,7 @@ initGitlabFetchMock();
 // src/features/analysis/scm/scmSubmit/index.ts
 import fs from "node:fs/promises";
 import parseDiff from "parse-diff";
-import path3 from "path";
+import path from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
 import { z as z6 } from "zod";
@@ -2193,10 +1736,10 @@ function getCloudScmLibTypeFromUrl(url) {
   return void 0;
 }
 var scmCloudHostname = {
-  GitLab: new URL(scmCloudUrl.GitLab).hostname,
-  GitHub: new URL(scmCloudUrl.GitHub).hostname,
-  Ado: new URL(scmCloudUrl.Ado).hostname,
-  Bitbucket: new URL(scmCloudUrl.Bitbucket).hostname
+  ["GitLab" /* GitLab */]: new URL(scmCloudUrl.GitLab).hostname,
+  ["GitHub" /* GitHub */]: new URL(scmCloudUrl.GitHub).hostname,
+  ["Ado" /* Ado */]: new URL(scmCloudUrl.Ado).hostname,
+  ["Bitbucket" /* Bitbucket */]: new URL(scmCloudUrl.Bitbucket).hostname
 };
 var scmLibScmTypeToScmType = {
   ["GITLAB" /* GITLAB */]: "GitLab" /* GitLab */,
@@ -2210,10 +1753,6 @@ var scmTypeToScmLibScmType = {
   ["Ado" /* Ado */]: "ADO" /* ADO */,
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
-function getScmTypeFromScmLibType(scmLibType) {
-  const parsedScmLibType = z7.nativeEnum(ScmLibScmType).parse(scmLibType);
-  return scmLibScmTypeToScmType[parsedScmLibType];
-}
 function getScmLibTypeFromScmType(scmType) {
   const parsedScmType = z7.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
@@ -2269,24 +1808,6 @@ function getScmConfig({
     scmOrg: void 0
   };
 }
-async function scmCanReachRepo({
-  repoUrl,
-  scmType,
-  accessToken,
-  scmOrg
-}) {
-  try {
-    await SCMLib.init({
-      url: repoUrl,
-      accessToken,
-      scmType: getScmLibTypeFromScmType(scmType),
-      scmOrg
-    });
-    return true;
-  } catch (e) {
-    return false;
-  }
-}
 var InvalidRepoUrlError = class extends Error {
   constructor(m) {
     super(m);
@@ -2405,12 +1926,7 @@ var SCMLib = class {
   static async getIsValidBranchName(branchName) {
     return isValidBranchName(branchName);
   }
-  static async init({
-    url,
-    accessToken,
-    scmType,
-    scmOrg
-  }) {
+  static async init({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false } = {}) {
     const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
     try {
       switch (scmType) {
@@ -2443,6 +1959,9 @@ var SCMLib = class {
         );
       }
       console.error(`error validating scm: ${scmType} `, e);
+      if (propagateExceptions) {
+        throw e;
+      }
     }
     return new StubSCMLib(trimmedUrl, void 0, void 0);
   }
@@ -2941,792 +2460,1360 @@ var GithubSCMLib = class extends SCMLib {
   async postGeneralPrComment(params) {
     const { prNumber, body } = params;
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.postGeneralPrComment({
-      issue_number: prNumber,
-      owner,
-      repo,
-      body
-    });
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.postGeneralPrComment({
+      issue_number: prNumber,
+      owner,
+      repo,
+      body
+    });
+  }
+  async getGeneralPrComments(params) {
+    const { prNumber } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getGeneralPrComments({
+      issue_number: prNumber,
+      owner,
+      repo
+    });
+  }
+  async deleteGeneralPrComment({
+    commentId
+  }) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteGeneralPrComment({
+      owner,
+      repo,
+      comment_id: commentId
+    });
+  }
+};
+var StubSCMLib = class extends SCMLib {
+  async createSubmitRequest(_params) {
+    console.error("createSubmitRequest() not implemented");
+    throw new Error("createSubmitRequest() not implemented");
+  }
+  getScmLibType() {
+    console.error("getScmLibType() not implemented");
+    throw new Error("getScmLibType() not implemented");
+  }
+  getAuthHeaders() {
+    console.error("getAuthHeaders() not implemented");
+    throw new Error("getAuthHeaders() not implemented");
+  }
+  getDownloadUrl(_sha) {
+    console.error("getDownloadUrl() not implemented");
+    throw new Error("getDownloadUrl() not implemented");
+  }
+  async getIsRemoteBranch(_branch) {
+    console.error("getIsRemoteBranch() not implemented");
+    throw new Error("getIsRemoteBranch() not implemented");
+  }
+  async validateParams() {
+    console.error("validateParams() not implemented");
+    throw new Error("validateParams() not implemented");
+  }
+  async getRepoList(_scmOrg) {
+    console.error("getRepoList() not implemented");
+    throw new Error("getRepoList() not implemented");
+  }
+  async getBranchList() {
+    console.error("getBranchList() not implemented");
+    throw new Error("getBranchList() not implemented");
+  }
+  async getUsername() {
+    console.error("getUsername() not implemented");
+    throw new Error("getUsername() not implemented");
+  }
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
+    console.error("getSubmitRequestStatus() not implemented");
+    throw new Error("getSubmitRequestStatus() not implemented");
+  }
+  async getUserHasAccessToRepo() {
+    console.error("getUserHasAccessToRepo() not implemented");
+    throw new Error("getUserHasAccessToRepo() not implemented");
+  }
+  async getRepoBlameRanges(_ref, _path) {
+    console.error("getRepoBlameRanges() not implemented");
+    throw new Error("getRepoBlameRanges() not implemented");
+  }
+  async getReferenceData(_ref) {
+    console.error("getReferenceData() not implemented");
+    throw new Error("getReferenceData() not implemented");
+  }
+  async getRepoDefaultBranch() {
+    console.error("getRepoDefaultBranch() not implemented");
+    throw new Error("getRepoDefaultBranch() not implemented");
+  }
+  async getPrUrl(_prNumber) {
+    console.error("getPr() not implemented");
+    throw new Error("getPr() not implemented");
+  }
+  _getUsernameForAuthUrl() {
+    throw new Error("Method not implemented.");
+  }
+};
+function getUserAndPassword(token) {
+  const [username, password] = token.split(":");
+  const safePasswordAndUsername = z7.object({ username: z7.string(), password: z7.string() }).parse({ username, password });
+  return {
+    username: safePasswordAndUsername.username,
+    password: safePasswordAndUsername.password
+  };
+}
+function createBitbucketSdk(token) {
+  if (!token) {
+    return getBitbucketSdk({ authType: "public" });
+  }
+  if (token.includes(":")) {
+    const { password, username } = getUserAndPassword(token);
+    return getBitbucketSdk({
+      authType: "basic",
+      username,
+      password
+    });
+  }
+  return getBitbucketSdk({ authType: "token", token });
+}
+var BitbucketSCMLib = class extends SCMLib {
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
+    __publicField(this, "bitbucketSdk");
+    const bitbucketSdk = createBitbucketSdk(accessToken);
+    this.bitbucketSdk = bitbucketSdk;
+  }
+  getAuthData() {
+    const authType = this.bitbucketSdk.getAuthType();
+    switch (authType) {
+      case "basic": {
+        this._validateAccessToken();
+        const { username, password } = getUserAndPassword(this.accessToken);
+        return { username, password, authType };
+      }
+      case "token": {
+        return { authType, token: z7.string().parse(this.accessToken) };
+      }
+      case "public":
+        return { authType };
+    }
+  }
+  async createSubmitRequest(params) {
+    this._validateAccessTokenAndUrl();
+    const pullRequestRes = await this.bitbucketSdk.createPullRequest({
+      ...params,
+      repoUrl: this.url
+    });
+    return String(z7.number().parse(pullRequestRes.id));
+  }
+  async validateParams() {
+    return validateBitbucketParams({
+      bitbucketClient: this.bitbucketSdk,
+      url: this.url
+    });
+  }
+  async getRepoList(scmOrg) {
+    this._validateAccessToken();
+    return this.bitbucketSdk.getRepos({
+      workspaceSlug: scmOrg
+    });
+  }
+  async getBranchList() {
+    this._validateAccessTokenAndUrl();
+    return this.bitbucketSdk.getBranchList({
+      repoUrl: this.url
+    });
+  }
+  getScmLibType() {
+    return "BITBUCKET" /* BITBUCKET */;
+  }
+  getAuthHeaders() {
+    const authType = this.bitbucketSdk.getAuthType();
+    switch (authType) {
+      case "public":
+        return {};
+      case "token":
+        return { authorization: `Bearer ${this.accessToken}` };
+      case "basic": {
+        this._validateAccessToken();
+        const { username, password } = getUserAndPassword(this.accessToken);
+        return {
+          authorization: `Basic ${Buffer.from(
+            username + ":" + password
+          ).toString("base64")}`
+        };
+      }
+    }
+  }
+  async getDownloadUrl(sha) {
+    this._validateUrl();
+    return this.bitbucketSdk.getDownloadUrl({ url: this.url, sha });
+  }
+  async _getUsernameForAuthUrl() {
+    this._validateAccessTokenAndUrl();
+    const user = await this.bitbucketSdk.getUser();
+    if (!user.username) {
+      throw new Error("no username found");
+    }
+    return user.username;
   }
-  async getGeneralPrComments(params) {
-    const { prNumber } = params;
+  async getIsRemoteBranch(branch) {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getGeneralPrComments({
-      issue_number: prNumber,
-      owner,
-      repo
-    });
+    try {
+      const res = await this.bitbucketSdk.getBranch({
+        branchName: branch,
+        repoUrl: this.url
+      });
+      return res.name === branch;
+    } catch (e) {
+      return false;
+    }
   }
-  async deleteGeneralPrComment({
-    commentId
-  }) {
+  async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteGeneralPrComment({
-      owner,
-      repo,
-      comment_id: commentId
-    });
+    return this.bitbucketSdk.getIsUserCollaborator({ repoUrl: this.url });
   }
-};
-var StubSCMLib = class extends SCMLib {
-  async createSubmitRequest(_params) {
-    console.error("createSubmitRequest() not implemented");
-    throw new Error("createSubmitRequest() not implemented");
+  async getUsername() {
+    this._validateAccessToken();
+    const res = await this.bitbucketSdk.getUser();
+    return z7.string().parse(res.username);
   }
-  getScmLibType() {
-    console.error("getScmLibType() not implemented");
-    throw new Error("getScmLibType() not implemented");
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
+    this._validateAccessTokenAndUrl();
+    const pullRequestRes = await this.bitbucketSdk.getPullRequest({
+      prNumber: Number(_scmSubmitRequestId),
+      url: this.url
+    });
+    switch (pullRequestRes.state) {
+      case "OPEN":
+        return "open";
+      case "MERGED":
+        return "merged";
+      case "DECLINED":
+        return "closed";
+      default:
+        throw new Error(`unknown state ${pullRequestRes.state} `);
+    }
   }
-  getAuthHeaders() {
-    console.error("getAuthHeaders() not implemented");
-    throw new Error("getAuthHeaders() not implemented");
+  async getRepoBlameRanges(_ref, _path) {
+    return [];
   }
-  getDownloadUrl(_sha) {
-    console.error("getDownloadUrl() not implemented");
-    throw new Error("getDownloadUrl() not implemented");
+  async getReferenceData(ref) {
+    this._validateUrl();
+    return this.bitbucketSdk.getReferenceData({ url: this.url, ref });
   }
-  async getIsRemoteBranch(_branch) {
-    console.error("getIsRemoteBranch() not implemented");
-    throw new Error("getIsRemoteBranch() not implemented");
+  async getRepoDefaultBranch() {
+    this._validateUrl();
+    const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
+    return z7.string().parse(repoRes.mainbranch?.name);
   }
-  async validateParams() {
-    console.error("validateParams() not implemented");
-    throw new Error("validateParams() not implemented");
+  getPrUrl(prNumber) {
+    this._validateUrl();
+    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    return Promise.resolve(
+      `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
+    );
   }
-  async getRepoList(_scmOrg) {
-    console.error("getRepoList() not implemented");
-    throw new Error("getRepoList() not implemented");
+  async refreshToken(params) {
+    const getBitbucketTokenResponse = await getBitbucketToken({
+      authType: "refresh_token",
+      ...params
+    });
+    return {
+      accessToken: getBitbucketTokenResponse.access_token,
+      refreshToken: getBitbucketTokenResponse.refresh_token
+    };
   }
-  async getBranchList() {
-    console.error("getBranchList() not implemented");
-    throw new Error("getBranchList() not implemented");
+};
+// src/features/analysis/scm/ado/validation.ts
+import { z as z8 } from "zod";
+var ValidPullRequestStatusZ = z8.union([
+  z8.literal(1 /* Active */),
+  z8.literal(2 /* Abandoned */),
+  z8.literal(3 /* Completed */)
+]);
+var AdoAuthResultZ = z8.object({
+  access_token: z8.string().min(1),
+  token_type: z8.string().min(1),
+  refresh_token: z8.string().min(1)
+});
+var profileZ = z8.object({
+  displayName: z8.string(),
+  publicAlias: z8.string().min(1),
+  emailAddress: z8.string(),
+  coreRevision: z8.number(),
+  timeStamp: z8.string(),
+  id: z8.string(),
+  revision: z8.number()
+});
+var accountsZ = z8.object({
+  count: z8.number(),
+  value: z8.array(
+    z8.object({
+      accountId: z8.string(),
+      accountUri: z8.string(),
+      accountName: z8.string()
+    })
+  )
+});
+// src/features/analysis/scm/ado/utils.ts
+function _getPublicAdoClient({
+  orgName,
+  origin: origin2
+}) {
+  const orgUrl = `${origin2}/${orgName}`;
+  const authHandler = api.getPersonalAccessTokenHandler("");
+  authHandler.canHandleAuthentication = () => false;
+  authHandler.prepareRequest = (_options) => {
+    return;
+  };
+  const connection = new api.WebApi(orgUrl, authHandler);
+  return connection;
+}
+function removeTrailingSlash2(str) {
+  return str.trim().replace(/\/+$/, "");
+}
+function parseAdoOwnerAndRepo(adoUrl) {
+  adoUrl = removeTrailingSlash2(adoUrl);
+  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
+  if (!parsingResult || parsingResult.scmType !== "Ado" /* Ado */) {
+    throw new InvalidUrlPatternError(`
+      : ${adoUrl}`);
   }
-  async getUsername() {
-    console.error("getUsername() not implemented");
-    throw new Error("getUsername() not implemented");
+  const {
+    organization,
+    repoName,
+    projectName,
+    projectPath,
+    pathElements,
+    hostname,
+    protocol
+  } = parsingResult;
+  return {
+    owner: decodeURI(organization),
+    repo: decodeURI(repoName),
+    projectName: projectName ? decodeURI(projectName) : void 0,
+    projectPath,
+    pathElements,
+    prefixPath: parsingResult.prefixPath,
+    origin: `${protocol}//${hostname}`
+  };
+}
+async function getAdoConnectData({
+  url,
+  tokenOrg,
+  adoTokenInfo
+}) {
+  if (url) {
+    const urlObject = new URL(url);
+    if (tokenOrg && (urlObject.origin === url || `${urlObject.origin}/tfs` === url)) {
+      return {
+        origin: url,
+        org: tokenOrg
+      };
+    }
+    const { owner, origin: origin2, prefixPath } = parseAdoOwnerAndRepo(url);
+    return {
+      org: owner,
+      origin: prefixPath ? `${origin2}/${prefixPath}` : origin2
+    };
   }
-  async getSubmitRequestStatus(_scmSubmitRequestId) {
-    console.error("getSubmitRequestStatus() not implemented");
-    throw new Error("getSubmitRequestStatus() not implemented");
+  if (!tokenOrg) {
+    if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
+      const [org] = await _getOrgsForOauthToken({
+        oauthToken: adoTokenInfo.accessToken
+      });
+      return {
+        org: z9.string().parse(org),
+        origin: DEFUALT_ADO_ORIGIN
+      };
+    }
+    throw new InvalidRepoUrlError("ADO URL is null");
   }
-  async getUserHasAccessToRepo() {
-    console.error("getUserHasAccessToRepo() not implemented");
-    throw new Error("getUserHasAccessToRepo() not implemented");
+  return {
+    org: tokenOrg,
+    origin: DEFUALT_ADO_ORIGIN
+  };
+}
+function isAdoOnCloud(url) {
+  const urlObj = new URL(url);
+  return urlObj.origin.toLowerCase() === DEFUALT_ADO_ORIGIN || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com");
+}
+async function getAdoApiClient(params) {
+  const { origin: origin2 = DEFUALT_ADO_ORIGIN, orgName } = params;
+  if (params.tokenType === "NONE" /* NONE */ || // note: move to public client if the token is not associated with the PAT org
+  // we're only doing it the ado on the cloud
+  params.tokenType === "PAT" /* PAT */ && params.patTokenOrg !== orgName && isAdoOnCloud(origin2)) {
+    return _getPublicAdoClient({ orgName, origin: origin2 });
   }
-  async getRepoBlameRanges(_ref, _path) {
-    console.error("getRepoBlameRanges() not implemented");
-    throw new Error("getRepoBlameRanges() not implemented");
+  const orgUrl = `${origin2}/${orgName}`;
+  if (params.tokenType === "OAUTH" /* OAUTH */) {
+    if (isAdoOnCloud(origin2)) {
+      throw new Error(
+        `Oauth token is not supported for ADO on prem - ${origin2} `
+      );
+    }
+    const connection2 = new api.WebApi(
+      orgUrl,
+      api.getBearerHandler(params.accessToken),
+      {}
+    );
+    return connection2;
   }
-  async getReferenceData(_ref) {
-    console.error("getReferenceData() not implemented");
-    throw new Error("getReferenceData() not implemented");
+  const authHandler = api.getPersonalAccessTokenHandler(params.accessToken);
+  const isBroker = BROKERED_HOSTS.includes(new URL(orgUrl).origin);
+  const connection = new api.WebApi(
+    orgUrl,
+    authHandler,
+    isBroker ? {
+      proxy: {
+        proxyUrl: GIT_PROXY_HOST
+      },
+      ignoreSslError: true
+    } : void 0
+  );
+  return connection;
+}
+function getAdoTokenInfo(token) {
+  if (!token) {
+    return { type: "NONE" /* NONE */ };
   }
-  async getRepoDefaultBranch() {
-    console.error("getRepoDefaultBranch() not implemented");
-    throw new Error("getRepoDefaultBranch() not implemented");
+  if (token.includes(".")) {
+    return { type: "OAUTH" /* OAUTH */, accessToken: token };
   }
-  async getPrUrl(_prNumber) {
-    console.error("getPr() not implemented");
-    throw new Error("getPr() not implemented");
+  return { type: "PAT" /* PAT */, accessToken: token };
+}
+async function getAdoClientParams(params) {
+  const { url, accessToken, tokenOrg } = params;
+  const adoTokenInfo = getAdoTokenInfo(accessToken);
+  const { org, origin: origin2 } = await getAdoConnectData({
+    url,
+    tokenOrg,
+    adoTokenInfo
+  });
+  switch (adoTokenInfo.type) {
+    case "NONE" /* NONE */:
+      return {
+        tokenType: "NONE" /* NONE */,
+        origin: origin2,
+        orgName: org.toLowerCase()
+      };
+    case "OAUTH" /* OAUTH */: {
+      return {
+        tokenType: "OAUTH" /* OAUTH */,
+        accessToken: adoTokenInfo.accessToken,
+        origin: origin2,
+        orgName: org.toLowerCase()
+      };
+    }
+    case "PAT" /* PAT */: {
+      return {
+        tokenType: "PAT" /* PAT */,
+        accessToken: adoTokenInfo.accessToken,
+        patTokenOrg: z9.string().parse(tokenOrg).toLowerCase(),
+        origin: origin2,
+        orgName: org.toLowerCase()
+      };
+    }
   }
-  _getUsernameForAuthUrl() {
-    throw new Error("Method not implemented.");
+}
+async function adoValidateParams({
+  url,
+  accessToken,
+  tokenOrg
+}) {
+  try {
+    const api2 = await getAdoApiClient(
+      await getAdoClientParams({ url, accessToken, tokenOrg })
+    );
+    await api2.connect();
+  } catch (e) {
+    console.log("adoValidateParams error", e);
+    const error = e;
+    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
+      throw new InvalidAccessTokenError(`invalid ADO access token`);
+    }
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
+      throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
+    }
+    throw e;
   }
-};
-function getUserAndPassword(token) {
-  const [username, password] = token.split(":");
-  const safePasswordAndUsername = z7.object({ username: z7.string(), password: z7.string() }).parse({ username, password });
+}
+async function _getOrgsForOauthToken({
+  oauthToken
+}) {
+  const profileRes = await fetch(
+    "https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=6.0",
+    {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${oauthToken}`
+      }
+    }
+  );
+  const profileJson = await profileRes.json();
+  const profile = profileZ.parse(profileJson);
+  const accountsRes = await fetch(
+    `https://app.vssps.visualstudio.com/_apis/accounts?memberId=${profile.publicAlias}&api-version=6.0`,
+    {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${oauthToken}`
+      }
+    }
+  );
+  const accountsJson = await accountsRes.json();
+  const accounts = accountsZ.parse(accountsJson);
+  const orgs = accounts.value.map((account) => account.accountName).filter((value, index, array) => array.indexOf(value) === index);
+  return orgs;
+}
+// src/features/analysis/scm/ado/ado.ts
+async function getAdoSdk(params) {
+  const api2 = await getAdoApiClient(params);
   return {
-    username: safePasswordAndUsername.username,
-    password: safePasswordAndUsername.password
+    async getAdoIsUserCollaborator({ repoUrl }) {
+      try {
+        const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+        const git = await api2.getGitApi();
+        const branches = await git.getBranches(repo, projectName);
+        if (!branches || branches.length === 0) {
+          throw new InvalidRepoUrlError("no branches");
+        }
+        return true;
+      } catch (e) {
+        return false;
+      }
+    },
+    async getAdoPullRequestStatus({
+      repoUrl,
+      prNumber
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const res = await git.getPullRequest(repo, prNumber, projectName);
+      const parsedPullRequestStatus = ValidPullRequestStatusZ.safeParse(
+        res.status
+      );
+      if (!parsedPullRequestStatus.success) {
+        throw new Error("bad pr status for ADO");
+      }
+      return parsedPullRequestStatus.data;
+    },
+    async getAdoIsRemoteBranch({
+      repoUrl,
+      branch
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      try {
+        const branchStatus = await git.getBranch(repo, branch, projectName);
+        if (!branchStatus || !branchStatus.commit) {
+          throw new InvalidRepoUrlError("no branch status");
+        }
+        return branchStatus.name === branch;
+      } catch (e) {
+        return false;
+      }
+    },
+    async getAdoPrUrl({ url, prNumber }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(url);
+      const git = await api2.getGitApi();
+      const getRepositoryRes = await git.getRepository(
+        decodeURI(repo),
+        projectName ? decodeURI(projectName) : void 0
+      );
+      return `${getRepositoryRes.webUrl}/pullrequest/${prNumber}`;
+    },
+    getAdoDownloadUrl({
+      repoUrl,
+      branch
+    }) {
+      const { owner, repo, projectName, prefixPath } = parseAdoOwnerAndRepo(repoUrl);
+      const url = new URL(repoUrl);
+      const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
+      const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
+      const path9 = [
+        prefixPath,
+        owner,
+        projectName,
+        "_apis",
+        "git",
+        "repositories",
+        repo,
+        "items",
+        "items"
+      ].filter(Boolean).join("/");
+      return new URL(`${path9}?${params2}`, origin2).toString();
+    },
+    async getAdoBranchList({ repoUrl }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      try {
+        const res = await git.getBranches(repo, projectName);
+        res.sort((a, b) => {
+          if (!a.commit?.committer?.date || !b.commit?.committer?.date) {
+            return 0;
+          }
+          return b.commit?.committer?.date.getTime() - a.commit?.committer?.date.getTime();
+        });
+        return res.reduce((acc, branch) => {
+          if (!branch.name) {
+            return acc;
+          }
+          acc.push(branch.name);
+          return acc;
+        }, []);
+      } catch (e) {
+        return [];
+      }
+    },
+    async createAdoPullRequest(options) {
+      const { repoUrl, sourceBranchName, targetBranchName, title, body } = options;
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const res = await git.createPullRequest(
+        {
+          sourceRefName: `refs/heads/${sourceBranchName}`,
+          targetRefName: `refs/heads/${targetBranchName}`,
+          title,
+          description: body
+        },
+        repo,
+        projectName
+      );
+      return res.pullRequestId;
+    },
+    async getAdoRepoDefaultBranch({
+      repoUrl
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const getRepositoryRes = await git.getRepository(
+        decodeURI(repo),
+        projectName ? decodeURI(projectName) : void 0
+      );
+      if (!getRepositoryRes?.defaultBranch) {
+        throw new InvalidRepoUrlError("no default branch");
+      }
+      return getRepositoryRes.defaultBranch.replace("refs/heads/", "");
+    },
+    // todo: refactor this function
+    async getAdoReferenceData({
+      ref,
+      repoUrl
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      if (!projectName) {
+        throw new InvalidUrlPatternError("no project name");
+      }
+      const git = await api2.getGitApi();
+      const results = await Promise.allSettled([
+        (async () => {
+          const res = await git.getBranch(repo, ref, projectName);
+          if (!res.commit || !res.commit.commitId) {
+            throw new InvalidRepoUrlError("no commit on branch");
+          }
+          return {
+            sha: res.commit.commitId,
+            type: "BRANCH" /* BRANCH */,
+            date: res.commit.committer?.date || /* @__PURE__ */ new Date()
+          };
+        })(),
+        (async () => {
+          const res = await git.getCommits(
+            repo,
+            {
+              fromCommitId: ref,
+              toCommitId: ref,
+              $top: 1
+            },
+            projectName
+          );
+          const commit = res[0];
+          if (!commit || !commit.commitId) {
+            throw new Error("no commit");
+          }
+          return {
+            sha: commit.commitId,
+            type: "COMMIT" /* COMMIT */,
+            date: commit.committer?.date || /* @__PURE__ */ new Date()
+          };
+        })(),
+        (async () => {
+          const res = await git.getRefs(repo, projectName, `tags/${ref}`);
+          if (!res[0] || !res[0].objectId) {
+            throw new Error("no tag ref");
+          }
+          let objectId = res[0].objectId;
+          try {
+            const tag = await git.getAnnotatedTag(projectName, repo, objectId);
+            if (tag.taggedObject?.objectId) {
+              objectId = tag.taggedObject.objectId;
+            }
+          } catch (e) {
+          }
+          const commitRes2 = await git.getCommits(
+            repo,
+            {
+              fromCommitId: objectId,
+              toCommitId: objectId,
+              $top: 1
+            },
+            projectName
+          );
+          const commit = commitRes2[0];
+          if (!commit) {
+            throw new Error("no commit");
+          }
+          return {
+            sha: objectId,
+            type: "TAG" /* TAG */,
+            date: commit.committer?.date || /* @__PURE__ */ new Date()
+          };
+        })()
+      ]);
+      const [branchRes, commitRes, tagRes] = results;
+      if (tagRes.status === "fulfilled") {
+        return tagRes.value;
+      }
+      if (branchRes.status === "fulfilled") {
+        return branchRes.value;
+      }
+      if (commitRes.status === "fulfilled") {
+        return commitRes.value;
+      }
+      throw new RefNotFoundError(`ref: ${ref} does not exist`);
+    },
+    getAdoBlameRanges() {
+      return [];
+    }
   };
 }
-function createBitbucketSdk(token) {
-  if (!token) {
-    return getBitbucketSdk({ authType: "public" });
+async function getAdoRepoList({
+  orgName,
+  tokenOrg,
+  accessToken
+}) {
+  let orgs = [];
+  const adoTokenInfo = getAdoTokenInfo(accessToken);
+  if (adoTokenInfo.type === "NONE" /* NONE */) {
+    return [];
   }
-  if (token.includes(":")) {
-    const { password, username } = getUserAndPassword(token);
-    return getBitbucketSdk({
-      authType: "basic",
-      username,
-      password
-    });
+  if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
+    orgs = await _getOrgsForOauthToken({ oauthToken: accessToken });
   }
-  return getBitbucketSdk({ authType: "token", token });
+  if (orgs.length === 0 && !orgName) {
+    throw new Error(`no orgs for ADO`);
+  } else if (orgs.length === 0 && orgName) {
+    orgs = [orgName];
+  }
+  const repos = (await Promise.allSettled(
+    orgs.map(async (org) => {
+      const orgApi = await getAdoApiClient({
+        ...await getAdoClientParams({
+          accessToken,
+          tokenOrg: tokenOrg || org,
+          url: void 0
+        }),
+        orgName: org
+      });
+      const gitOrg = await orgApi.getGitApi();
+      const orgRepos = await gitOrg.getRepositories();
+      const repoInfoList = (await Promise.allSettled(
+        orgRepos.map(async (repo) => {
+          if (!repo.name || !repo.remoteUrl || !repo.defaultBranch) {
+            throw new InvalidRepoUrlError("bad repo");
+          }
+          const branch = await gitOrg.getBranch(
+            repo.name,
+            repo.defaultBranch.replace(/^refs\/heads\//, ""),
+            repo.project?.name
+          );
+          return {
+            repoName: repo.name,
+            repoUrl: repo.remoteUrl.replace(
+              /^[hH][tT][tT][pP][sS]:\/\/[^/]+@/,
+              "https://"
+            ),
+            repoOwner: org,
+            repoIsPublic: repo.project?.visibility === 2 /* Public */,
+            repoLanguages: [],
+            repoUpdatedAt: branch.commit?.committer?.date?.toDateString() || repo.project?.lastUpdateTime?.toDateString() || (/* @__PURE__ */ new Date()).toDateString()
+          };
+        })
+      )).reduce((acc, res) => {
+        if (res.status === "fulfilled") {
+          acc.push(res.value);
+        }
+        return acc;
+      }, []);
+      return repoInfoList;
+    })
+  )).reduce((acc, res) => {
+    if (res.status === "fulfilled") {
+      return acc.concat(res.value);
+    }
+    return acc;
+  }, []);
+  return repos;
 }
-var BitbucketSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-    __publicField(this, "bitbucketSdk");
-    const bitbucketSdk = createBitbucketSdk(accessToken);
-    this.bitbucketSdk = bitbucketSdk;
+// src/features/analysis/scm/constants.ts
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+// src/constants.ts
+var debug = Debug("mobbdev:constants");
+var __dirname = path2.dirname(fileURLToPath(import.meta.url));
+dotenv.config({ path: path2.join(__dirname, "../.env") });
+var scmFriendlyText = {
+  ["Ado" /* Ado */]: "Azure DevOps",
+  ["Bitbucket" /* Bitbucket */]: "Bitbucket",
+  ["GitHub" /* GitHub */]: "GitGub",
+  ["GitLab" /* GitLab */]: "GitLab"
+};
+var SCANNERS = {
+  Checkmarx: "checkmarx",
+  Codeql: "codeql",
+  Fortify: "fortify",
+  Snyk: "snyk",
+  Sonarqube: "sonarqube"
+};
+var SupportedScannersZ = z10.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
+var envVariablesSchema = z10.object({
+  WEB_APP_URL: z10.string(),
+  API_URL: z10.string(),
+  HASURA_ACCESS_KEY: z10.string(),
+  LOCAL_GRAPHQL_ENDPOINT: z10.string()
+}).required();
+var envVariables = envVariablesSchema.parse(process.env);
+debug("config %o", envVariables);
+var mobbAscii = `
+                                   ..
+                             ..........
+                        .................
+               ...........................
+              ..............................
+             ................................
+             ..................................
+            ....................................
+            .....................................
+            .............................................
+          .................................................
+     ...............................       .................
+  ..................................           ............
+..................    .............            ..........
+......... ........      .........             ......
+  ...............                          ....
+         .... ..
+                                      . ...
+                              ..............
+                       ......................
+                   ...........................
+               ................................
+           ......................................
+                ...............................
+                       .................
+`;
+var PROJECT_DEFAULT_NAME = "My first project";
+var WEB_APP_URL = envVariables.WEB_APP_URL;
+var API_URL = envVariables.API_URL;
+var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
+var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
+var errorMessages = {
+  missingCxProjectName: `project name ${chalk.bold(
+    "(--cx-project-name)"
+  )} is needed if you're using checkmarx`,
+  missingUrl: `url ${chalk.bold(
+    "(--url)"
+  )} is needed if you're adding an SCM token`,
+  invalidScmType: `SCM type ${chalk.bold(
+    "(--scm-type)"
+  )} is invalid, please use one of: ${Object.values(ScmType).join(", ")}`,
+  missingToken: `SCM token ${chalk.bold(
+    "(--token)"
+  )} is needed if you're adding an SCM token`
+};
+var progressMassages = {
+  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
+  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
+  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
+};
+var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 20;
+// src/features/analysis/index.ts
+import crypto from "node:crypto";
+import fs3 from "node:fs";
+import os from "node:os";
+import path6 from "node:path";
+import { pipeline } from "node:stream/promises";
+// src/generates/client_generates.ts
+var MeDocument = `
+    query Me {
+  me {
+    id
+    email
+    scmConfigs {
+      id
+      orgId
+      refreshToken
+      scmType
+      scmUrl
+      scmUsername
+      token
+      tokenLastUpdate
+      userId
+      scmOrg
+      isTokenAvailable
+    }
   }
-  getAuthData() {
-    const authType = this.bitbucketSdk.getAuthType();
-    switch (authType) {
-      case "basic": {
-        this._validateAccessToken();
-        const { username, password } = getUserAndPassword(this.accessToken);
-        return { username, password, authType };
-      }
-      case "token": {
-        return { authType, token: z7.string().parse(this.accessToken) };
+}
+    `;
+var GetOrgAndProjectIdDocument = `
+    query getOrgAndProjectId($filters: organization_to_organization_role_bool_exp, $limit: Int) {
+  organization_to_organization_role(
+    where: $filters
+    order_by: {organization: {createdOn: desc}}
+    limit: $limit
+  ) {
+    organization {
+      id
+      projects(order_by: {updatedAt: desc}) {
+        id
+        name
       }
-      case "public":
-        return { authType };
     }
   }
-  async createSubmitRequest(params) {
-    this._validateAccessTokenAndUrl();
-    const pullRequestRes = await this.bitbucketSdk.createPullRequest({
-      ...params,
-      repoUrl: this.url
-    });
-    return String(z7.number().parse(pullRequestRes.id));
-  }
-  async validateParams() {
-    return validateBitbucketParams({
-      bitbucketClient: this.bitbucketSdk,
-      url: this.url
-    });
+}
+    `;
+var GetEncryptedApiTokenDocument = `
+    query GetEncryptedApiToken($loginId: uuid!) {
+  cli_login_by_pk(id: $loginId) {
+    encryptedApiToken
   }
-  async getRepoList(scmOrg) {
-    this._validateAccessToken();
-    return this.bitbucketSdk.getRepos({
-      workspaceSlug: scmOrg
-    });
+}
+    `;
+var FixReportStateDocument = `
+    query FixReportState($id: uuid!) {
+  fixReport_by_pk(id: $id) {
+    state
   }
-  async getBranchList() {
-    this._validateAccessTokenAndUrl();
-    return this.bitbucketSdk.getBranchList({
-      repoUrl: this.url
-    });
+}
+    `;
+var GetVulnerabilityReportPathsDocument = `
+    query GetVulnerabilityReportPaths($vulnerabilityReportId: uuid!) {
+  vulnerability_report_path(
+    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
+  ) {
+    path
   }
-  getScmLibType() {
-    return "BITBUCKET" /* BITBUCKET */;
+}
+    `;
+var GetAnalysisDocument = `
+    subscription getAnalysis($analysisId: uuid!) {
+  analysis: fixReport_by_pk(id: $analysisId) {
+    id
+    state
   }
-  getAuthHeaders() {
-    const authType = this.bitbucketSdk.getAuthType();
-    switch (authType) {
-      case "public":
-        return {};
-      case "token":
-        return { authorization: `Bearer ${this.accessToken}` };
-      case "basic": {
-        this._validateAccessToken();
-        const { username, password } = getUserAndPassword(this.accessToken);
-        return {
-          authorization: `Basic ${Buffer.from(
-            username + ":" + password
-          ).toString("base64")}`
-        };
+}
+    `;
+var GetAnalsyisDocument = `
+    query getAnalsyis($analysisId: uuid!) {
+  analysis: fixReport_by_pk(id: $analysisId) {
+    id
+    state
+    repo {
+      commitSha
+      pullRequest
+    }
+    vulnerabilityReportId
+    vulnerabilityReport {
+      projectId
+      project {
+        organizationId
+      }
+      file {
+        signedFile {
+          url
+        }
       }
     }
   }
-  async getDownloadUrl(sha) {
-    this._validateUrl();
-    return this.bitbucketSdk.getDownloadUrl({ url: this.url, sha });
-  }
-  async _getUsernameForAuthUrl() {
-    this._validateAccessTokenAndUrl();
-    const user = await this.bitbucketSdk.getUser();
-    if (!user.username) {
-      throw new Error("no username found");
+}
+    `;
+var GetFixesDocument = `
+    query getFixes($filters: fix_bool_exp!) {
+  fixes: fix(where: $filters) {
+    issueType
+    id
+    patchAndQuestions {
+      __typename
+      ... on FixData {
+        patch
+      }
     }
-    return user.username;
   }
-  async getIsRemoteBranch(branch) {
-    this._validateAccessTokenAndUrl();
-    try {
-      const res = await this.bitbucketSdk.getBranch({
-        branchName: branch,
-        repoUrl: this.url
-      });
-      return res.name === branch;
-    } catch (e) {
-      return false;
+}
+    `;
+var GetVulByNodesMetadataDocument = `
+    query getVulByNodesMetadata($filters: [vulnerability_report_issue_code_node_bool_exp!], $vulnerabilityReportId: uuid!) {
+  vulnerabilityReportIssueCodeNodes: vulnerability_report_issue_code_node(
+    order_by: {index: desc}
+    where: {_or: $filters, vulnerabilityReportIssue: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}}}
+  ) {
+    vulnerabilityReportIssueId
+    path
+    startLine
+    vulnerabilityReportIssue {
+      issueType
+      fixId
     }
   }
-  async getUserHasAccessToRepo() {
-    this._validateAccessTokenAndUrl();
-    return this.bitbucketSdk.getIsUserCollaborator({ repoUrl: this.url });
-  }
-  async getUsername() {
-    this._validateAccessToken();
-    const res = await this.bitbucketSdk.getUser();
-    return z7.string().parse(res.username);
-  }
-  async getSubmitRequestStatus(_scmSubmitRequestId) {
-    this._validateAccessTokenAndUrl();
-    const pullRequestRes = await this.bitbucketSdk.getPullRequest({
-      prNumber: Number(_scmSubmitRequestId),
-      url: this.url
-    });
-    switch (pullRequestRes.state) {
-      case "OPEN":
-        return "open";
-      case "MERGED":
-        return "merged";
-      case "DECLINED":
-        return "closed";
-      default:
-        throw new Error(`unknown state ${pullRequestRes.state} `);
+  fixablePrVuls: vulnerability_report_issue_aggregate(
+    where: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
+  ) {
+    aggregate {
+      count
     }
   }
-  async getRepoBlameRanges(_ref, _path) {
-    return [];
-  }
-  async getReferenceData(ref) {
-    this._validateUrl();
-    return this.bitbucketSdk.getReferenceData({ url: this.url, ref });
-  }
-  async getRepoDefaultBranch() {
-    this._validateUrl();
-    const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z7.string().parse(repoRes.mainbranch?.name);
-  }
-  getPrUrl(prNumber) {
-    this._validateUrl();
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
-    return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
-    );
-  }
-  async refreshToken(params) {
-    const getBitbucketTokenResponse = await getBitbucketToken({
-      authType: "refresh_token",
-      ...params
-    });
-    return {
-      accessToken: getBitbucketTokenResponse.access_token,
-      refreshToken: getBitbucketTokenResponse.refresh_token
-    };
+  nonFixablePrVuls: vulnerability_report_issue_aggregate(
+    where: {fixId: {_is_null: true}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
+  ) {
+    aggregate {
+      count
+    }
+  }
+  totalScanVulnerabilities: vulnerability_report_issue_aggregate(
+    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
+  ) {
+    aggregate {
+      count
+    }
   }
-};
-// src/features/analysis/scm/ado/validation.ts
-import { z as z8 } from "zod";
-var ValidPullRequestStatusZ = z8.union([
-  z8.literal(1 /* Active */),
-  z8.literal(2 /* Abandoned */),
-  z8.literal(3 /* Completed */)
-]);
-var AdoAuthResultZ = z8.object({
-  access_token: z8.string().min(1),
-  token_type: z8.string().min(1),
-  refresh_token: z8.string().min(1)
-});
-var profileZ = z8.object({
-  displayName: z8.string(),
-  publicAlias: z8.string().min(1),
-  emailAddress: z8.string(),
-  coreRevision: z8.number(),
-  timeStamp: z8.string(),
-  id: z8.string(),
-  revision: z8.number()
-});
-var accountsZ = z8.object({
-  count: z8.number(),
-  value: z8.array(
-    z8.object({
-      accountId: z8.string(),
-      accountUri: z8.string(),
-      accountName: z8.string()
-    })
-  )
-});
-// src/features/analysis/scm/ado/utils.ts
-function _getPublicAdoClient({
-  orgName,
-  origin: origin2
-}) {
-  const orgUrl = `${origin2}/${orgName}`;
-  const authHandler = api.getPersonalAccessTokenHandler("");
-  authHandler.canHandleAuthentication = () => false;
-  authHandler.prepareRequest = (_options) => {
-    return;
-  };
-  const connection = new api.WebApi(orgUrl, authHandler);
-  return connection;
-}
-function removeTrailingSlash2(str) {
-  return str.trim().replace(/\/+$/, "");
 }
-function parseAdoOwnerAndRepo(adoUrl) {
-  adoUrl = removeTrailingSlash2(adoUrl);
-  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
-  if (!parsingResult) {
-    throw new InvalidUrlPatternError(`
-      : ${adoUrl}`);
+    `;
+var UpdateScmTokenDocument = `
+    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $refreshToken: String) {
+  updateScmToken(
+    scmType: $scmType
+    url: $url
+    token: $token
+    org: $org
+    refreshToken: $refreshToken
+  ) {
+    __typename
+    ... on ScmAccessTokenUpdateSuccess {
+      token
+    }
+    ... on InvalidScmTypeError {
+      status
+      error
+    }
+    ... on BadScmCredentials {
+      status
+      error
+    }
   }
-  const {
-    organization,
-    repoName,
-    projectName,
-    projectPath,
-    pathElements,
-    hostname,
-    protocol
-  } = parsingResult;
-  return {
-    owner: decodeURI(organization),
-    repo: decodeURI(repoName),
-    projectName: projectName ? decodeURI(projectName) : void 0,
-    projectPath,
-    pathElements,
-    origin: `${protocol}//${hostname}`
-  };
 }
-async function getAdoConnectData({
-  url,
-  tokenOrg,
-  adoTokenInfo
-}) {
-  if (url && new URL(url).origin !== url) {
-    const { owner, origin: origin2 } = parseAdoOwnerAndRepo(url);
-    return {
-      org: owner,
-      origin: origin2
-    };
+    `;
+var UploadS3BucketInfoDocument = `
+    mutation uploadS3BucketInfo($fileName: String!) {
+  uploadS3BucketInfo(fileName: $fileName) {
+    status
+    error
+    reportUploadInfo: uploadInfo {
+      url
+      fixReportId
+      uploadFieldsJSON
+      uploadKey
+    }
+    repoUploadInfo {
+      url
+      fixReportId
+      uploadFieldsJSON
+      uploadKey
+    }
   }
-  if (!tokenOrg) {
-    if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
-      const [org] = await _getOrgsForOauthToken({
-        oauthToken: adoTokenInfo.accessToken
-      });
-      return {
-        org: z9.string().parse(org),
-        origin: DEFUALT_ADO_ORIGIN
-      };
+}
+    `;
+var DigestVulnerabilityReportDocument = `
+    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $projectId: String!, $scanSource: String!) {
+  digestVulnerabilityReport(
+    fixReportId: $fixReportId
+    vulnerabilityReportFileName: $vulnerabilityReportFileName
+    projectId: $projectId
+    scanSource: $scanSource
+  ) {
+    __typename
+    ... on VulnerabilityReport {
+      vulnerabilityReportId
+      fixReportId
+    }
+    ... on RabbitSendError {
+      status
+      error
+    }
+    ... on ReportValidationError {
+      status
+      error
+    }
+    ... on ReferenceNotFoundError {
+      status
+      error
     }
-    throw new InvalidRepoUrlError("ADO URL is null");
   }
-  return {
-    org: tokenOrg,
-    origin: DEFUALT_ADO_ORIGIN
-  };
 }
-async function getAdoApiClient(params) {
-  const { origin: origin2 = DEFUALT_ADO_ORIGIN, orgName } = params;
-  if (params.tokenType === "NONE" /* NONE */ || // move to public client if the token is not associated with the PAT org
-  params.tokenType === "PAT" /* PAT */ && params.patTokenOrg !== orgName) {
-    return _getPublicAdoClient({ orgName, origin: origin2 });
+    `;
+var SubmitVulnerabilityReportDocument = `
+    mutation SubmitVulnerabilityReport($fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $scanSource: String!, $sha: String, $experimentalEnabled: Boolean, $vulnerabilityReportFileName: String, $pullRequest: Int) {
+  submitVulnerabilityReport(
+    fixReportId: $fixReportId
+    repoUrl: $repoUrl
+    reference: $reference
+    sha: $sha
+    experimentalEnabled: $experimentalEnabled
+    pullRequest: $pullRequest
+    projectId: $projectId
+    vulnerabilityReportFileName: $vulnerabilityReportFileName
+    scanSource: $scanSource
+  ) {
+    __typename
+    ... on VulnerabilityReport {
+      vulnerabilityReportId
+      fixReportId
+    }
   }
-  const orgUrl = `${origin2}/${orgName}`;
-  if (params.tokenType === "OAUTH" /* OAUTH */) {
-    if (origin2 !== DEFUALT_ADO_ORIGIN) {
-      throw new Error(
-        `Oauth token is not supported for ADO on prem - ${origin2} `
-      );
+}
+    `;
+var CreateCommunityUserDocument = `
+    mutation CreateCommunityUser {
+  initOrganizationAndProject {
+    __typename
+    ... on InitOrganizationAndProjectGoodResponse {
+      projectId
+      userId
+      organizationId
+    }
+    ... on UserAlreadyInProjectError {
+      error
+      status
     }
-    const connection2 = new api.WebApi(
-      orgUrl,
-      api.getBearerHandler(params.accessToken),
-      {}
-    );
-    return connection2;
   }
-  const authHandler = api.getPersonalAccessTokenHandler(params.accessToken);
-  const isBroker = BROKERED_HOSTS.includes(new URL(orgUrl).origin);
-  const connection = new api.WebApi(
-    orgUrl,
-    authHandler,
-    isBroker ? {
-      proxy: {
-        proxyUrl: GIT_PROXY_HOST
-      },
-      ignoreSslError: true
-    } : void 0
-  );
-  return connection;
 }
-function getAdoTokenInfo(token) {
-  if (!token) {
-    return { type: "NONE" /* NONE */ };
+    `;
+var CreateCliLoginDocument = `
+    mutation CreateCliLogin($publicKey: String!) {
+  insert_cli_login_one(object: {publicKey: $publicKey}) {
+    id
   }
-  if (token.includes(".")) {
-    return { type: "OAUTH" /* OAUTH */, accessToken: token };
+}
+    `;
+var PerformCliLoginDocument = `
+    mutation performCliLogin($loginId: String!) {
+  performCliLogin(loginId: $loginId) {
+    status
   }
-  return { type: "PAT" /* PAT */, accessToken: token };
 }
-async function getAdoClientParams(params) {
-  const { url, accessToken, tokenOrg } = params;
-  const adoTokenInfo = getAdoTokenInfo(accessToken);
-  const { org, origin: origin2 } = await getAdoConnectData({
-    url,
-    tokenOrg,
-    adoTokenInfo
-  });
-  switch (adoTokenInfo.type) {
-    case "NONE" /* NONE */:
-      return {
-        tokenType: "NONE" /* NONE */,
-        origin: origin2,
-        orgName: org.toLowerCase()
-      };
-    case "OAUTH" /* OAUTH */: {
-      return {
-        tokenType: "OAUTH" /* OAUTH */,
-        accessToken: adoTokenInfo.accessToken,
-        origin: origin2,
-        orgName: org.toLowerCase()
-      };
-    }
-    case "PAT" /* PAT */: {
-      return {
-        tokenType: "PAT" /* PAT */,
-        accessToken: adoTokenInfo.accessToken,
-        patTokenOrg: z9.string().parse(tokenOrg).toLowerCase(),
-        origin: origin2,
-        orgName: org.toLowerCase()
-      };
-    }
+    `;
+var CreateProjectDocument = `
+    mutation CreateProject($organizationId: String!, $projectName: String!) {
+  createProject(organizationId: $organizationId, projectName: $projectName) {
+    projectId
   }
 }
-async function adoValidateParams({
-  url,
-  accessToken,
-  tokenOrg
-}) {
-  try {
-    const api2 = await getAdoApiClient(
-      await getAdoClientParams({ url, accessToken, tokenOrg })
-    );
-    await api2.connect();
-  } catch (e) {
-    console.log("adoValidateParams error", e);
-    const error = e;
-    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description = error.description || `${e}`;
-    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
-      throw new InvalidAccessTokenError(`invalid ADO access token`);
+    `;
+var ValidateRepoUrlDocument = `
+    query validateRepoUrl($repoUrl: String!) {
+  validateRepoUrl(repoUrl: $repoUrl) {
+    __typename
+    ... on RepoValidationSuccess {
+      status
+      defaultBranch
+      defaultBranchLastModified
+      defaultBranchSha
+      scmType
     }
-    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
-      throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
+    ... on RepoUnreachableError {
+      status
+      error
+      scmType
+    }
+    ... on BadScmCredentials {
+      status
+      error
+      scmType
     }
-    throw e;
   }
 }
-async function _getOrgsForOauthToken({
-  oauthToken
-}) {
-  const profileRes = await fetch(
-    "https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=6.0",
-    {
-      method: "GET",
-      headers: {
-        Authorization: `Bearer ${oauthToken}`
-      }
+    `;
+var GitReferenceDocument = `
+    query gitReference($repoUrl: String!, $reference: String!) {
+  gitReference(repoUrl: $repoUrl, reference: $reference) {
+    __typename
+    ... on GitReferenceData {
+      status
+      sha
+      date
     }
-  );
-  const profileJson = await profileRes.json();
-  const profile = profileZ.parse(profileJson);
-  const accountsRes = await fetch(
-    `https://app.vssps.visualstudio.com/_apis/accounts?memberId=${profile.publicAlias}&api-version=6.0`,
-    {
-      method: "GET",
-      headers: {
-        Authorization: `Bearer ${oauthToken}`
-      }
+    ... on ReferenceNotFoundError {
+      status
+      error
     }
-  );
-  const accountsJson = await accountsRes.json();
-  const accounts = accountsZ.parse(accountsJson);
-  const orgs = accounts.value.map((account) => account.accountName).filter((value, index, array) => array.indexOf(value) === index);
-  return orgs;
+  }
 }
-// src/features/analysis/scm/ado/ado.ts
-async function getAdoSdk(params) {
-  const api2 = await getAdoApiClient(params);
+    `;
+var defaultWrapper = (action, _operationName, _operationType, _variables) => action();
+function getSdk(client, withWrapper = defaultWrapper) {
   return {
-    async getAdoIsUserCollaborator({ repoUrl }) {
-      try {
-        const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-        const git = await api2.getGitApi();
-        const branches = await git.getBranches(repo, projectName);
-        if (!branches || branches.length === 0) {
-          throw new InvalidRepoUrlError("no branches");
-        }
-        return true;
-      } catch (e) {
-        return false;
-      }
+    Me(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(MeDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "Me", "query", variables);
     },
-    async getAdoPullRequestStatus({
-      repoUrl,
-      prNumber
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      const res = await git.getPullRequest(repo, prNumber, projectName);
-      const parsedPullRequestStatus = ValidPullRequestStatusZ.safeParse(
-        res.status
-      );
-      if (!parsedPullRequestStatus.success) {
-        throw new Error("bad pr status for ADO");
-      }
-      return parsedPullRequestStatus.data;
+    getOrgAndProjectId(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetOrgAndProjectIdDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getOrgAndProjectId", "query", variables);
     },
-    async getAdoIsRemoteBranch({
-      repoUrl,
-      branch
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      try {
-        const branchStatus = await git.getBranch(repo, branch, projectName);
-        if (!branchStatus || !branchStatus.commit) {
-          throw new InvalidRepoUrlError("no branch status");
-        }
-        return branchStatus.name === branch;
-      } catch (e) {
-        return false;
-      }
+    GetEncryptedApiToken(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetEncryptedApiTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetEncryptedApiToken", "query", variables);
     },
-    async getAdoPrUrl({ url, prNumber }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(url);
-      const git = await api2.getGitApi();
-      const getRepositoryRes = await git.getRepository(
-        decodeURI(repo),
-        projectName ? decodeURI(projectName) : void 0
-      );
-      return `${getRepositoryRes.webUrl}/pullrequest/${prNumber}`;
+    FixReportState(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(FixReportStateDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "FixReportState", "query", variables);
     },
-    getAdoDownloadUrl({
-      repoUrl,
-      branch
-    }) {
-      const { owner, repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const url = new URL(repoUrl);
-      const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
-      return `${origin2}/${owner}/${projectName}/_apis/git/repositories/${repo}/items/items?path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
+    GetVulnerabilityReportPaths(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetVulnerabilityReportPathsDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetVulnerabilityReportPaths", "query", variables);
     },
-    async getAdoBranchList({ repoUrl }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      try {
-        const res = await git.getBranches(repo, projectName);
-        res.sort((a, b) => {
-          if (!a.commit?.committer?.date || !b.commit?.committer?.date) {
-            return 0;
-          }
-          return b.commit?.committer?.date.getTime() - a.commit?.committer?.date.getTime();
-        });
-        return res.reduce((acc, branch) => {
-          if (!branch.name) {
-            return acc;
-          }
-          acc.push(branch.name);
-          return acc;
-        }, []);
-      } catch (e) {
-        return [];
-      }
+    getAnalysis(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalysisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalysis", "subscription", variables);
     },
-    async createAdoPullRequest(options) {
-      const { repoUrl, sourceBranchName, targetBranchName, title, body } = options;
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      const res = await git.createPullRequest(
-        {
-          sourceRefName: `refs/heads/${sourceBranchName}`,
-          targetRefName: `refs/heads/${targetBranchName}`,
-          title,
-          description: body
-        },
-        repo,
-        projectName
-      );
-      return res.pullRequestId;
+    getAnalsyis(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalsyisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalsyis", "query", variables);
     },
-    async getAdoRepoDefaultBranch({
-      repoUrl
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      const getRepositoryRes = await git.getRepository(
-        decodeURI(repo),
-        projectName ? decodeURI(projectName) : void 0
-      );
-      if (!getRepositoryRes?.defaultBranch) {
-        throw new InvalidRepoUrlError("no default branch");
-      }
-      return getRepositoryRes.defaultBranch.replace("refs/heads/", "");
+    getFixes(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetFixesDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getFixes", "query", variables);
     },
-    // todo: refactor this function
-    async getAdoReferenceData({
-      ref,
-      repoUrl
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      if (!projectName) {
-        throw new InvalidUrlPatternError("no project name");
-      }
-      const git = await api2.getGitApi();
-      const results = await Promise.allSettled([
-        (async () => {
-          const res = await git.getBranch(repo, ref, projectName);
-          if (!res.commit || !res.commit.commitId) {
-            throw new InvalidRepoUrlError("no commit on branch");
-          }
-          return {
-            sha: res.commit.commitId,
-            type: "BRANCH" /* BRANCH */,
-            date: res.commit.committer?.date || /* @__PURE__ */ new Date()
-          };
-        })(),
-        (async () => {
-          const res = await git.getCommits(
-            repo,
-            {
-              fromCommitId: ref,
-              toCommitId: ref,
-              $top: 1
-            },
-            projectName
-          );
-          const commit = res[0];
-          if (!commit || !commit.commitId) {
-            throw new Error("no commit");
-          }
-          return {
-            sha: commit.commitId,
-            type: "COMMIT" /* COMMIT */,
-            date: commit.committer?.date || /* @__PURE__ */ new Date()
-          };
-        })(),
-        (async () => {
-          const res = await git.getRefs(repo, projectName, `tags/${ref}`);
-          if (!res[0] || !res[0].objectId) {
-            throw new Error("no tag ref");
-          }
-          let objectId = res[0].objectId;
-          try {
-            const tag = await git.getAnnotatedTag(projectName, repo, objectId);
-            if (tag.taggedObject?.objectId) {
-              objectId = tag.taggedObject.objectId;
-            }
-          } catch (e) {
-          }
-          const commitRes2 = await git.getCommits(
-            repo,
-            {
-              fromCommitId: objectId,
-              toCommitId: objectId,
-              $top: 1
-            },
-            projectName
-          );
-          const commit = commitRes2[0];
-          if (!commit) {
-            throw new Error("no commit");
-          }
-          return {
-            sha: objectId,
-            type: "TAG" /* TAG */,
-            date: commit.committer?.date || /* @__PURE__ */ new Date()
-          };
-        })()
-      ]);
-      const [branchRes, commitRes, tagRes] = results;
-      if (tagRes.status === "fulfilled") {
-        return tagRes.value;
-      }
-      if (branchRes.status === "fulfilled") {
-        return branchRes.value;
-      }
-      if (commitRes.status === "fulfilled") {
-        return commitRes.value;
-      }
-      throw new RefNotFoundError(`ref: ${ref} does not exist`);
+    getVulByNodesMetadata(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetVulByNodesMetadataDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getVulByNodesMetadata", "query", variables);
+    },
+    updateScmToken(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(UpdateScmTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "updateScmToken", "mutation", variables);
     },
-    getAdoBlameRanges() {
-      return [];
+    uploadS3BucketInfo(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(UploadS3BucketInfoDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "uploadS3BucketInfo", "mutation", variables);
+    },
+    DigestVulnerabilityReport(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(DigestVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "DigestVulnerabilityReport", "mutation", variables);
+    },
+    SubmitVulnerabilityReport(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(SubmitVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "SubmitVulnerabilityReport", "mutation", variables);
+    },
+    CreateCommunityUser(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(CreateCommunityUserDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCommunityUser", "mutation", variables);
+    },
+    CreateCliLogin(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(CreateCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCliLogin", "mutation", variables);
+    },
+    performCliLogin(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(PerformCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "performCliLogin", "mutation", variables);
+    },
+    CreateProject(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(CreateProjectDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateProject", "mutation", variables);
+    },
+    validateRepoUrl(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(ValidateRepoUrlDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "validateRepoUrl", "query", variables);
+    },
+    gitReference(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GitReferenceDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "gitReference", "query", variables);
     }
   };
 }
-async function getAdoRepoList({
-  orgName,
-  tokenOrg,
-  accessToken
-}) {
-  let orgs = [];
-  const adoTokenInfo = getAdoTokenInfo(accessToken);
-  if (adoTokenInfo.type === "NONE" /* NONE */) {
-    return [];
-  }
-  if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
-    orgs = await _getOrgsForOauthToken({ oauthToken: accessToken });
-  }
-  if (orgs.length === 0 && !orgName) {
-    throw new Error(`no orgs for ADO`);
-  } else if (orgs.length === 0 && orgName) {
-    orgs = [orgName];
-  }
-  const repos = (await Promise.allSettled(
-    orgs.map(async (org) => {
-      const orgApi = await getAdoApiClient({
-        ...await getAdoClientParams({
-          accessToken,
-          tokenOrg: tokenOrg || org,
-          url: void 0
-        }),
-        orgName: org
-      });
-      const gitOrg = await orgApi.getGitApi();
-      const orgRepos = await gitOrg.getRepositories();
-      const repoInfoList = (await Promise.allSettled(
-        orgRepos.map(async (repo) => {
-          if (!repo.name || !repo.remoteUrl || !repo.defaultBranch) {
-            throw new InvalidRepoUrlError("bad repo");
-          }
-          const branch = await gitOrg.getBranch(
-            repo.name,
-            repo.defaultBranch.replace(/^refs\/heads\//, ""),
-            repo.project?.name
-          );
-          return {
-            repoName: repo.name,
-            repoUrl: repo.remoteUrl.replace(
-              /^[hH][tT][tT][pP][sS]:\/\/[^/]+@/,
-              "https://"
-            ),
-            repoOwner: org,
-            repoIsPublic: repo.project?.visibility === 2 /* Public */,
-            repoLanguages: [],
-            repoUpdatedAt: branch.commit?.committer?.date?.toDateString() || repo.project?.lastUpdateTime?.toDateString() || (/* @__PURE__ */ new Date()).toDateString()
-          };
-        })
-      )).reduce((acc, res) => {
-        if (res.status === "fulfilled") {
-          acc.push(res.value);
-        }
-        return acc;
-      }, []);
-      return repoInfoList;
-    })
-  )).reduce((acc, res) => {
-    if (res.status === "fulfilled") {
-      return acc.concat(res.value);
-    }
-    return acc;
-  }, []);
-  return repos;
+// src/utils/index.ts
+var utils_exports = {};
+__export(utils_exports, {
+  CliError: () => CliError,
+  Spinner: () => Spinner,
+  getDirName: () => getDirName,
+  getTopLevelDirName: () => getTopLevelDirName,
+  keypress: () => keypress,
+  sleep: () => sleep
+});
+// src/utils/dirname.ts
+import path3 from "node:path";
+import { fileURLToPath as fileURLToPath2 } from "node:url";
+function getDirName() {
+  return path3.dirname(fileURLToPath2(import.meta.url));
+}
+function getTopLevelDirName(fullPath) {
+  return path3.parse(fullPath).name;
 }
-// src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+// src/utils/keypress.ts
+import readline from "node:readline";
+async function keypress() {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question("", (answer) => {
+      rl.close();
+      process.stderr.moveCursor(0, -1);
+      process.stderr.clearLine(1);
+      resolve(answer);
+    });
+  });
+}
+// src/utils/spinner.ts
+import {
+  createSpinner as _createSpinner
+} from "nanospinner";
+var mockSpinner = {
+  success: () => mockSpinner,
+  error: () => mockSpinner,
+  warn: () => mockSpinner,
+  stop: () => mockSpinner,
+  start: () => mockSpinner,
+  update: () => mockSpinner,
+  reset: () => mockSpinner,
+  clear: () => mockSpinner,
+  spin: () => mockSpinner
+};
+function Spinner({ ci = false } = {}) {
+  return {
+    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
+  };
+}
+// src/utils/index.ts
+var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
+var CliError = class extends Error {
+};
+// src/features/analysis/index.ts
+import chalk4 from "chalk";
+import Configstore from "configstore";
+import Debug12 from "debug";
+import extract from "extract-zip";
+import fetch4 from "node-fetch";
+import open2 from "open";
+import semver from "semver";
+import tmp2 from "tmp";
+import { z as z13 } from "zod";
+// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
+import Debug4 from "debug";
 // src/features/analysis/add_fix_comments_for_pr/utils.ts
 import Debug3 from "debug";
 import parseDiff2 from "parse-diff";
-import { z as z10 } from "zod";
+import { z as z11 } from "zod";
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -3877,7 +3964,8 @@ async function postFixComment(params) {
     patchAndQuestions: { patch }
   } = fix;
   const commentRes = await scm.postPrComment({
-    body: "empty",
+    body: `# ${MobbIconMarkdown} Your fix is ready!
+Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
     path: path9,
@@ -3957,7 +4045,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z10.string().parse(file.to),
+      path: z11.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -4264,30 +4352,30 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 // src/features/analysis/graphql/types.ts
-import { z as z11 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z11.object({
-  vulnerabilityReportIssueId: z11.string(),
-  path: z11.string(),
-  startLine: z11.number(),
-  vulnerabilityReportIssue: z11.object({
-    fixId: z11.string()
+import { z as z12 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z12.object({
+  vulnerabilityReportIssueId: z12.string(),
+  path: z12.string(),
+  startLine: z12.number(),
+  vulnerabilityReportIssue: z12.object({
+    fixId: z12.string()
   })
 });
-var GetVulByNodesMetadataZ = z11.object({
-  vulnerabilityReportIssueCodeNodes: z11.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+var GetVulByNodesMetadataZ = z12.object({
+  vulnerabilityReportIssueCodeNodes: z12.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z12.object({
+    aggregate: z12.object({
+      count: z12.number()
     })
   }),
-  fixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  fixablePrVuls: z12.object({
+    aggregate: z12.object({
+      count: z12.number()
     })
   }),
-  totalScanVulnerabilities: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  totalScanVulnerabilities: z12.object({
+    aggregate: z12.object({
+      count: z12.number()
     })
   })
 });
@@ -4560,6 +4648,12 @@ var GQLClient = class {
     });
     return res;
   }
+  async validateRepoUrl(args) {
+    return this._clientSdk.validateRepoUrl(args);
+  }
+  async getReferenceData(args) {
+    return this._clientSdk.gitReference(args);
+  }
 };
 // src/features/analysis/pack.ts
@@ -5060,6 +5154,70 @@ function _getUrlForScmType({
       };
   }
 }
+async function getScmTokenInfo(params) {
+  const { gqlClient, repo } = params;
+  const userInfo = await gqlClient.getUserInfo();
+  if (!userInfo) {
+    throw new Error("userInfo is null");
+  }
+  const scmConfigs = getFromArraySafe(userInfo.scmConfigs);
+  return getScmConfig({
+    url: repo,
+    scmConfigs,
+    includeOrgTokens: false
+  });
+}
+async function getReport(params, { skipPrompts }) {
+  const {
+    scanner,
+    repoUrl,
+    gqlClient,
+    sha,
+    dirname,
+    reference,
+    cxProjectName,
+    ci
+  } = params;
+  const tokenInfo = await getScmTokenInfo({ gqlClient, repo: repoUrl });
+  const scm = await SCMLib.init(
+    {
+      url: repoUrl,
+      accessToken: tokenInfo.accessToken,
+      scmOrg: tokenInfo.scmOrg,
+      scmType: tokenInfo.scmLibType
+    },
+    { propagateExceptions: true }
+  );
+  const downloadUrl = await scm.getDownloadUrl(sha);
+  const repositoryRoot = await downloadRepo({
+    repoUrl,
+    dirname,
+    ci,
+    authHeaders: scm.getAuthHeaders(),
+    downloadUrl
+  });
+  const reportPath = path6.join(dirname, "report.json");
+  switch (scanner) {
+    case "snyk":
+      await getSnykReport(reportPath, repositoryRoot, { skipPrompts });
+      break;
+    case "checkmarx":
+      if (!cxProjectName) {
+        throw new Error("cxProjectName is required for checkmarx scanner");
+      }
+      await getCheckmarxReport(
+        {
+          reportPath,
+          repositoryRoot,
+          branch: reference,
+          projectName: cxProjectName
+        },
+        { skipPrompts }
+      );
+      break;
+  }
+  return reportPath;
+}
 async function _scan(params, { skipPrompts = false } = {}) {
   const {
     dirname,
@@ -5103,68 +5261,64 @@ async function _scan(params, { skipPrompts = false } = {}) {
   if (!repo) {
     throw new Error("repo is required in case srcPath is not provided");
   }
-  const userInfo = await gqlClient.getUserInfo();
-  if (!userInfo) {
-    throw new Error("userInfo is null");
-  }
-  const scmConfigs = getFromArraySafe(userInfo.scmConfigs);
-  const tokenInfo = getScmConfig({
-    url: repo,
-    scmConfigs,
-    includeOrgTokens: false
-  });
-  const isRepoAvailable = await scmCanReachRepo({
-    repoUrl: repo,
-    accessToken: tokenInfo.accessToken,
-    scmOrg: tokenInfo.scmOrg,
-    scmType: getScmTypeFromScmLibType(tokenInfo.scmLibType)
-  });
+  const tokenInfo = await getScmTokenInfo({ gqlClient, repo });
+  const validateRes = await gqlClient.validateRepoUrl({ repoUrl: repo });
+  const isRepoAvailable = validateRes.validateRepoUrl?.__typename === "RepoValidationSuccess";
   const cloudScmLibType = getCloudScmLibTypeFromUrl(repo);
   const { authUrl: scmAuthUrl } = _getUrlForScmType({
     scmLibType: cloudScmLibType
   });
-  let myToken = tokenInfo.accessToken;
   if (!isRepoAvailable) {
     if (ci || !cloudScmLibType || !scmAuthUrl) {
       const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
       throw new Error(errorMessage);
     }
     if (cloudScmLibType && scmAuthUrl) {
-      myToken = await handleScmIntegration(tokenInfo.accessToken, scmAuthUrl, repo) || "";
-      const isRepoAvailable2 = await scmCanReachRepo({
-        repoUrl: repo,
-        accessToken: myToken,
-        scmOrg: tokenInfo.scmOrg,
-        scmType: getScmTypeFromScmLibType(tokenInfo.scmLibType)
+      await handleScmIntegration(tokenInfo.accessToken, scmAuthUrl, repo);
+      const repoValidationResponse = await gqlClient.validateRepoUrl({
+        repoUrl: repo
       });
+      const isRepoAvailable2 = repoValidationResponse.validateRepoUrl?.__typename === "RepoValidationSuccess";
       if (!isRepoAvailable2) {
         throw new Error(
-          `Cannot access repo ${repo} with the provided credentials`
+          `Cannot access repo ${repo} with the provided credentials: ${repoValidationResponse.validateRepoUrl?.__typename}`
         );
       }
     }
   }
-  const scm = await SCMLib.init({
-    url: repo,
-    accessToken: myToken,
-    scmOrg: tokenInfo.scmOrg,
-    scmType: tokenInfo.scmLibType
+  const revalidateRes = await gqlClient.validateRepoUrl({ repoUrl: repo });
+  if (revalidateRes.validateRepoUrl?.__typename !== "RepoValidationSuccess") {
+    throw new Error(
+      `could not reach repo ${repo}: ${revalidateRes.validateRepoUrl?.__typename}`
+    );
+  }
+  const reference = ref ?? revalidateRes.validateRepoUrl.defaultBranch;
+  const getReferenceDataRes = await gqlClient.getReferenceData({
+    reference,
+    repoUrl: repo
   });
-  const reference = ref ?? await scm.getRepoDefaultBranch();
-  const { sha } = await scm.getReferenceData(reference);
-  const downloadUrl = await scm.getDownloadUrl(sha);
-  debug11("org id %s", organizationId);
+  if (getReferenceDataRes.gitReference?.__typename !== "GitReferenceData") {
+    throw new Error(
+      `Could not get reference data for ${reference}: ${getReferenceDataRes.gitReference?.__typename}`
+    );
+  }
+  const { sha } = getReferenceDataRes.gitReference;
   debug11("project id %s", projectId);
   debug11("default branch %s", reference);
-  const repositoryRoot = await downloadRepo({
-    repoUrl: repo,
-    dirname,
-    ci,
-    authHeaders: scm.getAuthHeaders(),
-    downloadUrl
-  });
   if (command === "scan") {
-    reportPath = await getReport(SupportedScannersZ.parse(scanner));
+    reportPath = await getReport(
+      {
+        scanner: SupportedScannersZ.parse(scanner),
+        repoUrl: repo,
+        sha,
+        gqlClient,
+        cxProjectName,
+        dirname,
+        reference,
+        ci
+      },
+      { skipPrompts }
+    );
   }
   if (!reportPath) {
     throw new Error("reportPath is null");
@@ -5188,7 +5342,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z12.string().parse(repo),
+      repoUrl: z13.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -5207,29 +5361,6 @@ async function _scan(params, { skipPrompts = false } = {}) {
   });
   await askToOpenAnalysis();
   return reportUploadInfo.fixReportId;
-  async function getReport(scanner2) {
-    const reportPath2 = path6.join(dirname, "report.json");
-    switch (scanner2) {
-      case "snyk":
-        await getSnykReport(reportPath2, repositoryRoot, { skipPrompts });
-        break;
-      case "checkmarx":
-        if (!cxProjectName) {
-          throw new Error("cxProjectName is required for checkmarx scanner");
-        }
-        await getCheckmarxReport(
-          {
-            reportPath: reportPath2,
-            repositoryRoot,
-            branch: reference,
-            projectName: cxProjectName
-          },
-          { skipPrompts }
-        );
-        break;
-    }
-    return reportPath2;
-  }
   async function askToOpenAnalysis() {
     if (!repoUploadInfo || !reportUploadInfo) {
       throw new Error("uploadS3BucketInfo is null");
@@ -5326,14 +5457,14 @@ async function _scan(params, { skipPrompts = false } = {}) {
     );
     await open2(scmAuthUrl2);
     for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
-      const userInfo2 = await gqlClient.getUserInfo();
-      if (!userInfo2) {
+      const userInfo = await gqlClient.getUserInfo();
+      if (!userInfo) {
         throw new CliError2("User info not found");
       }
-      const scmConfigs2 = getFromArraySafe(userInfo2.scmConfigs);
+      const scmConfigs = getFromArraySafe(userInfo.scmConfigs);
       const tokenInfo2 = getScmConfig({
         url: repoUrl,
-        scmConfigs: scmConfigs2,
+        scmConfigs,
         includeOrgTokens: false
       });
       if (tokenInfo2.accessToken && tokenInfo2.accessToken !== oldToken) {
@@ -5440,16 +5571,21 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z12.object({
-          repo: z12.string().url(),
-          githubActionToken: z12.string()
+        const params2 = z13.object({
+          repo: z13.string().url(),
+          githubActionToken: z13.string()
         }).parse({ repo, githubActionToken });
-        const scm2 = await SCMLib.init({
-          url: params2.repo,
-          accessToken: params2.githubActionToken,
-          scmOrg: "",
-          scmType: "GITHUB" /* GITHUB */
-        });
+        const scm = await SCMLib.init(
+          {
+            url: params2.repo,
+            accessToken: params2.githubActionToken,
+            scmOrg: "",
+            scmType: "GITHUB" /* GITHUB */
+          },
+          {
+            propagateExceptions: true
+          }
+        );
         await gqlClient.subscribeToAnalysis({
           subscribeToAnalysisParams: {
             analysisId: reportUploadInfo.fixReportId
@@ -5458,8 +5594,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
             return addFixCommentsForPr({
               analysisId,
               gqlClient,
-              scm: scm2,
-              scanner: z12.nativeEnum(SCANNERS).parse(scanner)
+              scm,
+              scanner: z13.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -5645,12 +5781,12 @@ var commitHashOption = {
 };
 var scmTypeOption = {
   demandOption: true,
-  describe: chalk5.bold("SCM type (GitHub, GitLab, Ado, Bitbucket)"),
-  type: "string"
+  describe: chalk5.bold("SCM type"),
+  choices: Object.values(ScmType)
 };
 var urlOption = {
   describe: chalk5.bold(
-    "URL of the repository (used in GitHub, GitLab, Azure DevOps, Bitbucket)"
+    `URL of the repository (used in ${Object.values(ScmType).join(", ")})`
   ),
   type: "string",
   demandOption: true
@@ -5672,7 +5808,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z13 } from "zod";
+import { z as z14 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -5689,13 +5825,13 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z13.string({
-  invalid_type_error: "is not a valid GitHub / GitLab / ADO URL"
+var UrlZ = z14.string({
+  invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 }).refine((data) => !!sanityRepoURL(data), {
-  message: "is not a valid GitHub / GitLab / ADO URL"
+  message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z13.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z14.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -5852,20 +5988,15 @@ async function scanHandler(args) {
 }
 // src/args/commands/token.ts
-import { z as z14 } from "zod";
 function addScmTokenBuilder(args) {
   return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
     "$0 add-scm-token --scm-type Ado --url https://dev.azure.com/adoorg/test/_git/repo --token abcdef0123456 --organization myOrg",
-    "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
+    `Add your SCM (${Object.values(scmFriendlyText).join(", ")}) token to Mobb to enable automated fixes.`
   ).help().demandOption(["url", "token"]);
 }
-function validateAddScmTokenOptions(argv) {
-  if (!z14.nativeEnum(ScmType).safeParse(argv.scmType).success) {
-    throw new CliError(
-      "\nError: --scm-type must reference a valid SCM type (GitHub, GitLab, Ado, Bitbutcket)"
-    );
-  }
-  Object.values(scmValidationMap).forEach((validate) => validate(argv));
+async function validateAddScmTokenOptions(argv) {
+  const scmType = argv["scm-type"];
+  scmValidationMap[scmType];
 }
 var scmValidationMap = {
   ["GitHub" /* GitHub */]: () => {
@@ -5880,15 +6011,14 @@ var scmValidationMap = {
   }
 };
 function validateAdo(argv) {
-  const urlObj = new URL(argv.url);
-  if ((urlObj.hostname.toLowerCase() === scmCloudHostname.Ado || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com")) && !argv.organization) {
+  if (!argv.organization) {
     throw new CliError(
       "\nError: --organization flag is required for Azure DevOps"
     );
   }
 }
 async function addScmTokenHandler(args) {
-  validateAddScmTokenOptions(args);
+  await validateAddScmTokenOptions(args);
   await addScmToken(args);
 }