mobbdev 0.0.148 → 0.0.155

package/dist/index.mjs

@@ -32,663 +32,174 @@ import fs4 from "node:fs";
 import path7 from "node:path";
 
 // src/constants.ts
-import path from "node:path";
+import path2 from "node:path";
 import { fileURLToPath } from "node:url";
 import chalk from "chalk";
 import Debug from "debug";
 import * as dotenv from "dotenv";
-import { z } from "zod";
-var debug = Debug("mobbdev:constants");
-var __dirname = path.dirname(fileURLToPath(import.meta.url));
-dotenv.config({ path: path.join(__dirname, "../.env") });
-var ScmTypes = {
-  Github: "GitHub",
-  Gitlab: "GitLab",
-  AzureDevOps: "Ado"
-};
-var SCANNERS = {
-  Checkmarx: "checkmarx",
-  Codeql: "codeql",
-  Fortify: "fortify",
-  Snyk: "snyk",
-  Sonarqube: "sonarqube"
-};
-var SupportedScannersZ = z.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
-var envVariablesSchema = z.object({
-  WEB_APP_URL: z.string(),
-  API_URL: z.string(),
-  HASURA_ACCESS_KEY: z.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z.string()
-}).required();
-var envVariables = envVariablesSchema.parse(process.env);
-debug("config %o", envVariables);
-var mobbAscii = `
-                                   ..                       
-                             ..........                     
-                        .................                   
-               ...........................                  
-              ..............................                
-             ................................               
-             ..................................             
-            ....................................            
-            .....................................           
-            .............................................   
-          ................................................. 
-     ...............................       .................
-  ..................................           ............ 
-..................    .............            ..........   
-......... ........      .........             ......        
-  ...............                          ....             
-         .... ..                                            
-                                                            
-                                      . ...                 
-                              ..............                
-                       ......................               
-                   ...........................              
-               ................................             
-           ......................................           
-                ...............................             
-                       .................                    
-`;
-var PROJECT_DEFAULT_NAME = "My first project";
-var WEB_APP_URL = envVariables.WEB_APP_URL;
-var API_URL = envVariables.API_URL;
-var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
-var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
-var errorMessages = {
-  missingCxProjectName: `project name ${chalk.bold(
-    "(--cx-project-name)"
-  )} is needed if you're using checkmarx`,
-  missingUrl: `url ${chalk.bold(
-    "(--url)"
-  )} is needed if you're adding an SCM token`,
-  invalidScmType: `SCM type ${chalk.bold(
-    "(--scm-type)"
-  )} is invalid, please use one of: ${Object.values(ScmTypes).join(", ")}`,
-  missingToken: `SCM token ${chalk.bold(
-    "(--token)"
-  )} is needed if you're adding an SCM token`
-};
-var progressMassages = {
-  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
-  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
-  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
+import { z as z10 } from "zod";
+
+// src/features/analysis/scm/shared/src/types.ts
+var scmCloudUrl = {
+  GitLab: "https://gitlab.com",
+  GitHub: "https://github.com",
+  Ado: "https://dev.azure.com",
+  Bitbucket: "https://bitbucket.org"
 };
-var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 20;
+var ScmType = /* @__PURE__ */ ((ScmType2) => {
+  ScmType2["GitHub"] = "GitHub";
+  ScmType2["GitLab"] = "GitLab";
+  ScmType2["Ado"] = "Ado";
+  ScmType2["Bitbucket"] = "Bitbucket";
+  return ScmType2;
+})(ScmType || {});
 
-// src/features/analysis/index.ts
-import crypto from "node:crypto";
-import fs3 from "node:fs";
-import os from "node:os";
-import path6 from "node:path";
-import { pipeline } from "node:stream/promises";
+// src/features/analysis/scm/ado/constants.ts
+var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
 
-// src/generates/client_generates.ts
-var MeDocument = `
-    query Me {
-  me {
-    id
-    email
-    scmConfigs {
-      id
-      orgId
-      refreshToken
-      scmType
-      scmUrl
-      scmUsername
-      token
-      tokenLastUpdate
-      userId
-      scmOrg
-      isTokenAvailable
+// src/features/analysis/scm/ado/utils.ts
+import querystring3 from "node:querystring";
+import * as api from "azure-devops-node-api";
+import { z as z9 } from "zod";
+
+// src/features/analysis/scm/env.ts
+import { z } from "zod";
+var EnvVariablesZod = z.object({
+  GITLAB_API_TOKEN: z.string().optional(),
+  BROKERED_HOSTS: z.string().toLowerCase().transform(
+    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
+  ).default(""),
+  GITHUB_API_TOKEN: z.string().optional(),
+  GIT_PROXY_HOST: z.string().default("http://tinyproxy:8888")
+});
+var { GITLAB_API_TOKEN, BROKERED_HOSTS, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+
+// src/features/analysis/scm/scm.ts
+import { z as z7 } from "zod";
+
+// src/features/analysis/scm/bitbucket/bitbucket.ts
+import querystring from "node:querystring";
+import bitbucketPkg from "bitbucket";
+import * as bitbucketPkgNode from "bitbucket";
+import { z as z3 } from "zod";
+
+// src/features/analysis/scm/shared/src/urlParser/urlParser.ts
+import { z as z2 } from "zod";
+function detectAdoUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const hostnameParts = hostname.split(".");
+  const adoCloudHostname = new URL(scmCloudUrl.Ado).hostname;
+  const prefixPath = pathname.at(0)?.toLowerCase() === ADO_PREFIX_PATH ? ADO_PREFIX_PATH : "";
+  const normilizedPath = prefixPath ? pathname.slice(1) : pathname;
+  if (hostnameParts.length === 3 && hostnameParts[1] === "visualstudio" && hostnameParts[2] === "com") {
+    if (normilizedPath.length === 2 && normilizedPath[0] === "_git") {
+      const [_git, projectName] = normilizedPath;
+      const [organization] = hostnameParts;
+      return {
+        scmType: "Ado" /* Ado */,
+        organization,
+        // project has single repo - repoName === projectName
+        projectName: z2.string().parse(projectName),
+        repoName: projectName,
+        prefixPath
+      };
+    }
+    if (normilizedPath.length === 3 && normilizedPath[1] === "_git") {
+      const [projectName, _git, repoName] = normilizedPath;
+      const [organization] = hostnameParts;
+      return {
+        scmType: "Ado" /* Ado */,
+        organization,
+        projectName: z2.string().parse(projectName),
+        repoName,
+        prefixPath
+      };
     }
   }
-}
-    `;
-var GetOrgAndProjectIdDocument = `
-    query getOrgAndProjectId($filters: organization_to_organization_role_bool_exp, $limit: Int) {
-  organization_to_organization_role(
-    where: $filters
-    order_by: {organization: {createdOn: desc}}
-    limit: $limit
-  ) {
-    organization {
-      id
-      projects(order_by: {updatedAt: desc}) {
-        id
-        name
+  if (hostname === adoCloudHostname || scmType === "Ado" /* Ado */) {
+    if (normilizedPath[normilizedPath.length - 2] === "_git") {
+      if (normilizedPath.length === 3) {
+        const [organization, _git, repoName] = normilizedPath;
+        return {
+          scmType: "Ado" /* Ado */,
+          organization,
+          // project has only one repo - repoName === projectName
+          projectName: z2.string().parse(repoName),
+          repoName,
+          prefixPath
+        };
+      }
+      if (normilizedPath.length === 4) {
+        const [organization, projectName, _git, repoName] = normilizedPath;
+        return {
+          scmType: "Ado" /* Ado */,
+          organization,
+          projectName: z2.string().parse(projectName),
+          repoName,
+          prefixPath
+        };
       }
     }
   }
+  return null;
 }
-    `;
-var GetEncryptedApiTokenDocument = `
-    query GetEncryptedApiToken($loginId: uuid!) {
-  cli_login_by_pk(id: $loginId) {
-    encryptedApiToken
-  }
-}
-    `;
-var FixReportStateDocument = `
-    query FixReportState($id: uuid!) {
-  fixReport_by_pk(id: $id) {
-    state
+function detectGithubUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const githubHostname = new URL(scmCloudUrl.GitHub).hostname;
+  if (hostname === githubHostname || scmType === "GitHub" /* GitHub */) {
+    if (pathname.length === 2) {
+      return {
+        scmType: "GitHub" /* GitHub */,
+        organization: pathname[0],
+        repoName: pathname[1]
+      };
+    }
   }
+  return null;
 }
-    `;
-var GetVulnerabilityReportPathsDocument = `
-    query GetVulnerabilityReportPaths($vulnerabilityReportId: uuid!) {
-  vulnerability_report_path(
-    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
-  ) {
-    path
+function detectGitlabUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const gitlabHostname = new URL(scmCloudUrl.GitLab).hostname;
+  if (hostname === gitlabHostname || scmType === "GitLab" /* GitLab */) {
+    if (pathname.length >= 2) {
+      return {
+        scmType: "GitLab" /* GitLab */,
+        organization: pathname[0],
+        repoName: pathname[pathname.length - 1]
+      };
+    }
   }
+  return null;
 }
-    `;
-var GetAnalysisDocument = `
-    subscription getAnalysis($analysisId: uuid!) {
-  analysis: fixReport_by_pk(id: $analysisId) {
-    id
-    state
+function detectBitbucketUrl(args) {
+  const { pathname, hostname, scmType } = args;
+  const bitbucketHostname = new URL(scmCloudUrl.Bitbucket).hostname;
+  if (hostname === bitbucketHostname || scmType === "Bitbucket" /* Bitbucket */) {
+    if (pathname.length === 2) {
+      return {
+        scmType: "Bitbucket" /* Bitbucket */,
+        organization: pathname[0],
+        repoName: pathname[1]
+      };
+    }
   }
+  return null;
 }
-    `;
-var GetAnalsyisDocument = `
-    query getAnalsyis($analysisId: uuid!) {
-  analysis: fixReport_by_pk(id: $analysisId) {
-    id
-    state
-    repo {
-      commitSha
-      pullRequest
-    }
-    vulnerabilityReportId
-    vulnerabilityReport {
-      projectId
-      project {
-        organizationId
-      }
-      file {
-        signedFile {
-          url
-        }
-      }
+var getRepoUrlFunctionMap = {
+  ["GitLab" /* GitLab */]: detectGitlabUrl,
+  ["GitHub" /* GitHub */]: detectGithubUrl,
+  ["Ado" /* Ado */]: detectAdoUrl,
+  ["Bitbucket" /* Bitbucket */]: detectBitbucketUrl
+};
+function getRepoInfo(args) {
+  for (const detectUrl of Object.values(getRepoUrlFunctionMap)) {
+    const detectUrlRes = detectUrl(args);
+    if (detectUrlRes) {
+      return detectUrlRes;
     }
   }
+  return null;
 }
-    `;
-var GetFixesDocument = `
-    query getFixes($filters: fix_bool_exp!) {
-  fixes: fix(where: $filters) {
-    issueType
-    id
-    patchAndQuestions {
-      __typename
-      ... on FixData {
-        patch
-      }
-    }
-  }
-}
-    `;
-var GetVulByNodesMetadataDocument = `
-    query getVulByNodesMetadata($filters: [vulnerability_report_issue_code_node_bool_exp!], $vulnerabilityReportId: uuid!) {
-  vulnerabilityReportIssueCodeNodes: vulnerability_report_issue_code_node(
-    order_by: {index: desc}
-    where: {_or: $filters, vulnerabilityReportIssue: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}}}
-  ) {
-    vulnerabilityReportIssueId
-    path
-    startLine
-    vulnerabilityReportIssue {
-      issueType
-      fixId
-    }
-  }
-  fixablePrVuls: vulnerability_report_issue_aggregate(
-    where: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
-  ) {
-    aggregate {
-      count
-    }
-  }
-  nonFixablePrVuls: vulnerability_report_issue_aggregate(
-    where: {fixId: {_is_null: true}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
-  ) {
-    aggregate {
-      count
-    }
-  }
-  totalScanVulnerabilities: vulnerability_report_issue_aggregate(
-    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
-  ) {
-    aggregate {
-      count
-    }
-  }
-}
-    `;
-var UpdateScmTokenDocument = `
-    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $refreshToken: String) {
-  updateScmToken(
-    scmType: $scmType
-    url: $url
-    token: $token
-    org: $org
-    refreshToken: $refreshToken
-  ) {
-    __typename
-    ... on ScmAccessTokenUpdateSuccess {
-      token
-    }
-    ... on InvalidScmTypeError {
-      status
-      error
-    }
-    ... on BadScmCredentials {
-      status
-      error
-    }
-  }
-}
-    `;
-var UploadS3BucketInfoDocument = `
-    mutation uploadS3BucketInfo($fileName: String!) {
-  uploadS3BucketInfo(fileName: $fileName) {
-    status
-    error
-    reportUploadInfo: uploadInfo {
-      url
-      fixReportId
-      uploadFieldsJSON
-      uploadKey
-    }
-    repoUploadInfo {
-      url
-      fixReportId
-      uploadFieldsJSON
-      uploadKey
-    }
-  }
-}
-    `;
-var DigestVulnerabilityReportDocument = `
-    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $projectId: String!, $scanSource: String!) {
-  digestVulnerabilityReport(
-    fixReportId: $fixReportId
-    vulnerabilityReportFileName: $vulnerabilityReportFileName
-    projectId: $projectId
-    scanSource: $scanSource
-  ) {
-    __typename
-    ... on VulnerabilityReport {
-      vulnerabilityReportId
-      fixReportId
-    }
-    ... on RabbitSendError {
-      status
-      error
-    }
-    ... on ReportValidationError {
-      status
-      error
-    }
-    ... on ReferenceNotFoundError {
-      status
-      error
-    }
-  }
-}
-    `;
-var SubmitVulnerabilityReportDocument = `
-    mutation SubmitVulnerabilityReport($fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $scanSource: String!, $sha: String, $experimentalEnabled: Boolean, $vulnerabilityReportFileName: String, $pullRequest: Int) {
-  submitVulnerabilityReport(
-    fixReportId: $fixReportId
-    repoUrl: $repoUrl
-    reference: $reference
-    sha: $sha
-    experimentalEnabled: $experimentalEnabled
-    pullRequest: $pullRequest
-    projectId: $projectId
-    vulnerabilityReportFileName: $vulnerabilityReportFileName
-    scanSource: $scanSource
-  ) {
-    __typename
-    ... on VulnerabilityReport {
-      vulnerabilityReportId
-      fixReportId
-    }
-  }
-}
-    `;
-var CreateCommunityUserDocument = `
-    mutation CreateCommunityUser {
-  initOrganizationAndProject {
-    __typename
-    ... on InitOrganizationAndProjectGoodResponse {
-      projectId
-      userId
-      organizationId
-    }
-    ... on UserAlreadyInProjectError {
-      error
-      status
-    }
-  }
-}
-    `;
-var CreateCliLoginDocument = `
-    mutation CreateCliLogin($publicKey: String!) {
-  insert_cli_login_one(object: {publicKey: $publicKey}) {
-    id
-  }
-}
-    `;
-var PerformCliLoginDocument = `
-    mutation performCliLogin($loginId: String!) {
-  performCliLogin(loginId: $loginId) {
-    status
-  }
-}
-    `;
-var CreateProjectDocument = `
-    mutation CreateProject($organizationId: String!, $projectName: String!) {
-  createProject(organizationId: $organizationId, projectName: $projectName) {
-    projectId
-  }
-}
-    `;
-var defaultWrapper = (action, _operationName, _operationType, _variables) => action();
-function getSdk(client, withWrapper = defaultWrapper) {
-  return {
-    Me(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(MeDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "Me", "query", variables);
-    },
-    getOrgAndProjectId(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetOrgAndProjectIdDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getOrgAndProjectId", "query", variables);
-    },
-    GetEncryptedApiToken(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetEncryptedApiTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetEncryptedApiToken", "query", variables);
-    },
-    FixReportState(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(FixReportStateDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "FixReportState", "query", variables);
-    },
-    GetVulnerabilityReportPaths(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetVulnerabilityReportPathsDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetVulnerabilityReportPaths", "query", variables);
-    },
-    getAnalysis(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalysisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalysis", "subscription", variables);
-    },
-    getAnalsyis(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalsyisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalsyis", "query", variables);
-    },
-    getFixes(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetFixesDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getFixes", "query", variables);
-    },
-    getVulByNodesMetadata(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(GetVulByNodesMetadataDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getVulByNodesMetadata", "query", variables);
-    },
-    updateScmToken(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(UpdateScmTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "updateScmToken", "mutation", variables);
-    },
-    uploadS3BucketInfo(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(UploadS3BucketInfoDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "uploadS3BucketInfo", "mutation", variables);
-    },
-    DigestVulnerabilityReport(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(DigestVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "DigestVulnerabilityReport", "mutation", variables);
-    },
-    SubmitVulnerabilityReport(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(SubmitVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "SubmitVulnerabilityReport", "mutation", variables);
-    },
-    CreateCommunityUser(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(CreateCommunityUserDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCommunityUser", "mutation", variables);
-    },
-    CreateCliLogin(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(CreateCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCliLogin", "mutation", variables);
-    },
-    performCliLogin(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(PerformCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "performCliLogin", "mutation", variables);
-    },
-    CreateProject(variables, requestHeaders) {
-      return withWrapper((wrappedRequestHeaders) => client.request(CreateProjectDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateProject", "mutation", variables);
-    }
-  };
-}
-
-// src/utils/index.ts
-var utils_exports = {};
-__export(utils_exports, {
-  CliError: () => CliError,
-  Spinner: () => Spinner,
-  getDirName: () => getDirName,
-  getTopLevelDirName: () => getTopLevelDirName,
-  keypress: () => keypress,
-  sleep: () => sleep
-});
-
-// src/utils/dirname.ts
-import path2 from "node:path";
-import { fileURLToPath as fileURLToPath2 } from "node:url";
-function getDirName() {
-  return path2.dirname(fileURLToPath2(import.meta.url));
-}
-function getTopLevelDirName(fullPath) {
-  return path2.parse(fullPath).name;
-}
-
-// src/utils/keypress.ts
-import readline from "node:readline";
-async function keypress() {
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  return new Promise((resolve) => {
-    rl.question("", (answer) => {
-      rl.close();
-      process.stderr.moveCursor(0, -1);
-      process.stderr.clearLine(1);
-      resolve(answer);
-    });
-  });
-}
-
-// src/utils/spinner.ts
-import {
-  createSpinner as _createSpinner
-} from "nanospinner";
-var mockSpinner = {
-  success: () => mockSpinner,
-  error: () => mockSpinner,
-  warn: () => mockSpinner,
-  stop: () => mockSpinner,
-  start: () => mockSpinner,
-  update: () => mockSpinner,
-  reset: () => mockSpinner,
-  clear: () => mockSpinner,
-  spin: () => mockSpinner
-};
-function Spinner({ ci = false } = {}) {
-  return {
-    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
-  };
-}
-
-// src/utils/index.ts
-var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
-var CliError = class extends Error {
-};
-
-// src/features/analysis/index.ts
-import chalk4 from "chalk";
-import Configstore from "configstore";
-import Debug12 from "debug";
-import extract from "extract-zip";
-import fetch4 from "node-fetch";
-import open2 from "open";
-import semver from "semver";
-import tmp2 from "tmp";
-import { z as z12 } from "zod";
-
-// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-import Debug4 from "debug";
-
-// src/features/analysis/scm/types.ts
-var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
-  ReferenceType2["BRANCH"] = "BRANCH";
-  ReferenceType2["COMMIT"] = "COMMIT";
-  ReferenceType2["TAG"] = "TAG";
-  return ReferenceType2;
-})(ReferenceType || {});
-var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
-  ScmLibScmType2["GITHUB"] = "GITHUB";
-  ScmLibScmType2["GITLAB"] = "GITLAB";
-  ScmLibScmType2["ADO"] = "ADO";
-  ScmLibScmType2["BITBUCKET"] = "BITBUCKET";
-  return ScmLibScmType2;
-})(ScmLibScmType || {});
-var scmCloudUrl = {
-  GitLab: "https://gitlab.com",
-  GitHub: "https://github.com",
-  Ado: "https://dev.azure.com",
-  Bitbucket: "https://bitbucket.org"
-};
-var ScmType = /* @__PURE__ */ ((ScmType2) => {
-  ScmType2["GitHub"] = "GitHub";
-  ScmType2["GitLab"] = "GitLab";
-  ScmType2["Ado"] = "Ado";
-  ScmType2["Bitbucket"] = "Bitbucket";
-  return ScmType2;
-})(ScmType || {});
-
-// src/features/analysis/scm/ado/constants.ts
-var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
-
-// src/features/analysis/scm/ado/utils.ts
-import querystring3 from "node:querystring";
-import * as api from "azure-devops-node-api";
-import { z as z9 } from "zod";
-
-// src/features/analysis/scm/env.ts
-import { z as z2 } from "zod";
-var EnvVariablesZod = z2.object({
-  GITLAB_API_TOKEN: z2.string().optional(),
-  BROKERED_HOSTS: z2.string().toLowerCase().transform(
-    (x) => x.split(",").map((url) => url.trim(), []).filter(Boolean)
-  ).default(""),
-  GITHUB_API_TOKEN: z2.string().optional(),
-  GIT_PROXY_HOST: z2.string().default("http://tinyproxy:8888")
-});
-var { GITLAB_API_TOKEN, BROKERED_HOSTS, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
-
-// src/features/analysis/scm/scm.ts
-import { z as z7 } from "zod";
-
-// src/features/analysis/scm/bitbucket/bitbucket.ts
-import querystring from "node:querystring";
-import bitbucketPkg from "bitbucket";
-import * as bitbucketPkgNode from "bitbucket";
-import { z as z3 } from "zod";
-
-// src/features/analysis/scm/urlParser.ts
-function detectAdoUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const hostnameParts = hostname.split(".");
-  const adoHostname = new URL(scmCloudUrl.Ado).hostname;
-  if (hostnameParts.length === 3 && hostnameParts[1] === "visualstudio" && hostnameParts[2] === "com") {
-    if (pathname.length === 2 && pathname[0] === "_git") {
-      return {
-        organization: hostnameParts[0],
-        projectName: pathname[1],
-        repoName: pathname[1]
-      };
-    }
-    if (pathname.length === 3 && pathname[1] === "_git") {
-      return {
-        organization: hostnameParts[0],
-        projectName: pathname[0],
-        repoName: pathname[2]
-      };
-    }
-  }
-  if (hostname === adoHostname || scmType === "Ado" /* Ado */) {
-    if (pathname[pathname.length - 2] === "_git") {
-      if (pathname.length === 3) {
-        return {
-          organization: pathname[0],
-          projectName: pathname[2],
-          repoName: pathname[2]
-        };
-      }
-      if (pathname.length > 3) {
-        return {
-          organization: pathname[pathname.length - 4],
-          projectName: pathname[pathname.length - 3],
-          repoName: pathname[pathname.length - 1]
-        };
-      }
-    }
-  }
-  return null;
-}
-function detectGithubUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const githubHostname = new URL(scmCloudUrl.GitHub).hostname;
-  if (hostname === githubHostname || scmType === "GitHub" /* GitHub */) {
-    if (pathname.length === 2) {
-      return {
-        organization: pathname[0],
-        projectName: void 0,
-        repoName: pathname[1]
-      };
-    }
-  }
-  return null;
-}
-function detectGitlabUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const gitlabHostname = new URL(scmCloudUrl.GitLab).hostname;
-  if (hostname === gitlabHostname || scmType === "GitLab" /* GitLab */) {
-    if (pathname.length >= 2) {
-      return {
-        organization: pathname[0],
-        projectName: void 0,
-        repoName: pathname[pathname.length - 1]
-      };
-    }
-  }
-  return null;
-}
-function detectBitbucketUrl(args) {
-  const { pathname, hostname, scmType } = args;
-  const bitbucketHostname = new URL(scmCloudUrl.Bitbucket).hostname;
-  if (hostname === bitbucketHostname || scmType === "Bitbucket" /* Bitbucket */) {
-    if (pathname.length === 2) {
-      return {
-        organization: pathname[0],
-        projectName: void 0,
-        repoName: pathname[1]
-      };
-    }
-  }
-  return null;
-}
-var getRepoUrlFunctionMap = {
-  ["GitLab" /* GitLab */]: detectGitlabUrl,
-  ["GitHub" /* GitHub */]: detectGithubUrl,
-  ["Ado" /* Ado */]: detectAdoUrl,
-  ["Bitbucket" /* Bitbucket */]: detectBitbucketUrl
-};
-function getRepoInfo(args) {
-  for (const detectUrl of Object.values(getRepoUrlFunctionMap)) {
-    const detectUrlRes = detectUrl(args);
-    if (detectUrlRes) {
-      return detectUrlRes;
-    }
-  }
-  return null;
-}
-var NAME_REGEX = /[a-z0-9\-_.+]+/i;
 var parseScmURL = (scmURL, scmType) => {
   try {
     const url = new URL(scmURL);
@@ -701,41 +212,55 @@ var parseScmURL = (scmURL, scmType) => {
     });
     if (!repo)
       return null;
-    const { organization, repoName, projectName } = repo;
+    const { organization, repoName } = repo;
     if (!organization || !repoName)
       return null;
     if (!organization.match(NAME_REGEX) || !repoName.match(NAME_REGEX))
-      return null;
-    return {
-      hostname,
-      organization,
-      projectPath,
-      repoName,
-      projectName,
-      protocol: url.protocol,
-      pathElements: projectPath.split("/")
-    };
-  } catch (e) {
-    return null;
-  }
-};
-var sanityRepoURL = (scmURL) => {
-  try {
-    const url = new URL(scmURL);
-    const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
-    const pathParts = projectPath.split("/");
-    if (pathParts.length < 2)
-      return false;
-    if (pathParts.length > 4)
-      return false;
-    if (pathParts.some((part) => !part.match(NAME_REGEX)))
-      return false;
-    return true;
+      return null;
+    const res = {
+      hostname,
+      organization,
+      projectPath,
+      repoName,
+      protocol: url.protocol,
+      pathElements: projectPath.split("/")
+    };
+    if (repo.scmType === "Ado" /* Ado */) {
+      return {
+        projectName: repo.projectName,
+        prefixPath: repo.prefixPath,
+        scmType: repo.scmType,
+        ...res
+      };
+    }
+    return {
+      scmType: repo.scmType,
+      ...res
+    };
   } catch (e) {
     return null;
   }
 };
 
+// src/features/analysis/scm/shared/src/index.ts
+var NAME_REGEX = /[a-z0-9\-_.+]+/i;
+var ADO_PREFIX_PATH = "tfs";
+
+// src/features/analysis/scm/types.ts
+var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
+  ReferenceType2["BRANCH"] = "BRANCH";
+  ReferenceType2["COMMIT"] = "COMMIT";
+  ReferenceType2["TAG"] = "TAG";
+  return ReferenceType2;
+})(ReferenceType || {});
+var ScmLibScmType = /* @__PURE__ */ ((ScmLibScmType2) => {
+  ScmLibScmType2["GITHUB"] = "GITHUB";
+  ScmLibScmType2["GITLAB"] = "GITLAB";
+  ScmLibScmType2["ADO"] = "ADO";
+  ScmLibScmType2["BITBUCKET"] = "BITBUCKET";
+  return ScmLibScmType2;
+})(ScmLibScmType || {});
+
 // src/features/analysis/scm/utils/get_issue_type.ts
 var getIssueType = (issueType) => {
   switch (issueType) {
@@ -861,6 +386,8 @@ var getIssueType = (issueType) => {
       return "Value Never Read";
     case "VALUE_SHADOWING" /* ValueShadowing */:
       return "Value Shadowing";
+    case "ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */:
+      return "Erroneous String Compare";
     default: {
       return issueType ? issueType.replaceAll("_", " ") : "Other";
     }
@@ -944,6 +471,22 @@ var isUrlHasPath = (url) => {
 function shouldValidateUrl(repoUrl) {
   return repoUrl && isUrlHasPath(repoUrl);
 }
+var sanityRepoURL = (scmURL) => {
+  try {
+    const url = new URL(scmURL);
+    const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
+    const pathParts = projectPath.split("/");
+    if (pathParts.length < 2)
+      return false;
+    if (pathParts.length > 4 && pathParts.at(0) !== ADO_PREFIX_PATH)
+      return false;
+    if (pathParts.some((part) => !part.match(NAME_REGEX)))
+      return false;
+    return true;
+  } catch (e) {
+    return null;
+  }
+};
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var BITBUCKET_HOSTNAME = "bitbucket.org";
@@ -2063,7 +1606,7 @@ initGitlabFetchMock();
 // src/features/analysis/scm/scmSubmit/index.ts
 import fs from "node:fs/promises";
 import parseDiff from "parse-diff";
-import path3 from "path";
+import path from "path";
 import { simpleGit } from "simple-git";
 import tmp from "tmp";
 import { z as z6 } from "zod";
@@ -2195,10 +1738,10 @@ function getCloudScmLibTypeFromUrl(url) {
   return void 0;
 }
 var scmCloudHostname = {
-  GitLab: new URL(scmCloudUrl.GitLab).hostname,
-  GitHub: new URL(scmCloudUrl.GitHub).hostname,
-  Ado: new URL(scmCloudUrl.Ado).hostname,
-  Bitbucket: new URL(scmCloudUrl.Bitbucket).hostname
+  ["GitLab" /* GitLab */]: new URL(scmCloudUrl.GitLab).hostname,
+  ["GitHub" /* GitHub */]: new URL(scmCloudUrl.GitHub).hostname,
+  ["Ado" /* Ado */]: new URL(scmCloudUrl.Ado).hostname,
+  ["Bitbucket" /* Bitbucket */]: new URL(scmCloudUrl.Bitbucket).hostname
 };
 var scmLibScmTypeToScmType = {
   ["GITLAB" /* GITLAB */]: "GitLab" /* GitLab */,
@@ -2212,10 +1755,6 @@ var scmTypeToScmLibScmType = {
   ["Ado" /* Ado */]: "ADO" /* ADO */,
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
-function getScmTypeFromScmLibType(scmLibType) {
-  const parsedScmLibType = z7.nativeEnum(ScmLibScmType).parse(scmLibType);
-  return scmLibScmTypeToScmType[parsedScmLibType];
-}
 function getScmLibTypeFromScmType(scmType) {
   const parsedScmType = z7.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
@@ -2271,24 +1810,6 @@ function getScmConfig({
     scmOrg: void 0
   };
 }
-async function scmCanReachRepo({
-  repoUrl,
-  scmType,
-  accessToken,
-  scmOrg
-}) {
-  try {
-    await SCMLib.init({
-      url: repoUrl,
-      accessToken,
-      scmType: getScmLibTypeFromScmType(scmType),
-      scmOrg
-    });
-    return true;
-  } catch (e) {
-    return false;
-  }
-}
 var InvalidRepoUrlError = class extends Error {
   constructor(m) {
     super(m);
@@ -2407,12 +1928,7 @@ var SCMLib = class {
   static async getIsValidBranchName(branchName) {
     return isValidBranchName(branchName);
   }
-  static async init({
-    url,
-    accessToken,
-    scmType,
-    scmOrg
-  }) {
+  static async init({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false } = {}) {
     const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
     try {
       switch (scmType) {
@@ -2428,6 +1944,7 @@ var SCMLib = class {
         }
         case "ADO" /* ADO */: {
           const scm = new AdoSCMLib(trimmedUrl, accessToken, scmOrg);
+          await scm.getAdoSdk();
           await scm.validateParams();
           return scm;
         }
@@ -2445,6 +1962,9 @@ var SCMLib = class {
         );
       }
       console.error(`error validating scm: ${scmType} `, e);
+      if (propagateExceptions) {
+        throw e;
+      }
     }
     return new StubSCMLib(trimmedUrl, void 0, void 0);
   }
@@ -2943,792 +2463,1360 @@ var GithubSCMLib = class extends SCMLib {
   async postGeneralPrComment(params) {
     const { prNumber, body } = params;
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.postGeneralPrComment({
-      issue_number: prNumber,
-      owner,
-      repo,
-      body
-    });
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.postGeneralPrComment({
+      issue_number: prNumber,
+      owner,
+      repo,
+      body
+    });
+  }
+  async getGeneralPrComments(params) {
+    const { prNumber } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getGeneralPrComments({
+      issue_number: prNumber,
+      owner,
+      repo
+    });
+  }
+  async deleteGeneralPrComment({
+    commentId
+  }) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteGeneralPrComment({
+      owner,
+      repo,
+      comment_id: commentId
+    });
+  }
+};
+var StubSCMLib = class extends SCMLib {
+  async createSubmitRequest(_params) {
+    console.error("createSubmitRequest() not implemented");
+    throw new Error("createSubmitRequest() not implemented");
+  }
+  getScmLibType() {
+    console.error("getScmLibType() not implemented");
+    throw new Error("getScmLibType() not implemented");
+  }
+  getAuthHeaders() {
+    console.error("getAuthHeaders() not implemented");
+    throw new Error("getAuthHeaders() not implemented");
+  }
+  getDownloadUrl(_sha) {
+    console.error("getDownloadUrl() not implemented");
+    throw new Error("getDownloadUrl() not implemented");
+  }
+  async getIsRemoteBranch(_branch) {
+    console.error("getIsRemoteBranch() not implemented");
+    throw new Error("getIsRemoteBranch() not implemented");
+  }
+  async validateParams() {
+    console.error("validateParams() not implemented");
+    throw new Error("validateParams() not implemented");
+  }
+  async getRepoList(_scmOrg) {
+    console.error("getRepoList() not implemented");
+    throw new Error("getRepoList() not implemented");
+  }
+  async getBranchList() {
+    console.error("getBranchList() not implemented");
+    throw new Error("getBranchList() not implemented");
+  }
+  async getUsername() {
+    console.error("getUsername() not implemented");
+    throw new Error("getUsername() not implemented");
+  }
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
+    console.error("getSubmitRequestStatus() not implemented");
+    throw new Error("getSubmitRequestStatus() not implemented");
+  }
+  async getUserHasAccessToRepo() {
+    console.error("getUserHasAccessToRepo() not implemented");
+    throw new Error("getUserHasAccessToRepo() not implemented");
+  }
+  async getRepoBlameRanges(_ref, _path) {
+    console.error("getRepoBlameRanges() not implemented");
+    throw new Error("getRepoBlameRanges() not implemented");
+  }
+  async getReferenceData(_ref) {
+    console.error("getReferenceData() not implemented");
+    throw new Error("getReferenceData() not implemented");
+  }
+  async getRepoDefaultBranch() {
+    console.error("getRepoDefaultBranch() not implemented");
+    throw new Error("getRepoDefaultBranch() not implemented");
+  }
+  async getPrUrl(_prNumber) {
+    console.error("getPr() not implemented");
+    throw new Error("getPr() not implemented");
+  }
+  _getUsernameForAuthUrl() {
+    throw new Error("Method not implemented.");
+  }
+};
+function getUserAndPassword(token) {
+  const [username, password] = token.split(":");
+  const safePasswordAndUsername = z7.object({ username: z7.string(), password: z7.string() }).parse({ username, password });
+  return {
+    username: safePasswordAndUsername.username,
+    password: safePasswordAndUsername.password
+  };
+}
+function createBitbucketSdk(token) {
+  if (!token) {
+    return getBitbucketSdk({ authType: "public" });
+  }
+  if (token.includes(":")) {
+    const { password, username } = getUserAndPassword(token);
+    return getBitbucketSdk({
+      authType: "basic",
+      username,
+      password
+    });
+  }
+  return getBitbucketSdk({ authType: "token", token });
+}
+var BitbucketSCMLib = class extends SCMLib {
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
+    __publicField(this, "bitbucketSdk");
+    const bitbucketSdk = createBitbucketSdk(accessToken);
+    this.bitbucketSdk = bitbucketSdk;
+  }
+  getAuthData() {
+    const authType = this.bitbucketSdk.getAuthType();
+    switch (authType) {
+      case "basic": {
+        this._validateAccessToken();
+        const { username, password } = getUserAndPassword(this.accessToken);
+        return { username, password, authType };
+      }
+      case "token": {
+        return { authType, token: z7.string().parse(this.accessToken) };
+      }
+      case "public":
+        return { authType };
+    }
+  }
+  async createSubmitRequest(params) {
+    this._validateAccessTokenAndUrl();
+    const pullRequestRes = await this.bitbucketSdk.createPullRequest({
+      ...params,
+      repoUrl: this.url
+    });
+    return String(z7.number().parse(pullRequestRes.id));
+  }
+  async validateParams() {
+    return validateBitbucketParams({
+      bitbucketClient: this.bitbucketSdk,
+      url: this.url
+    });
+  }
+  async getRepoList(scmOrg) {
+    this._validateAccessToken();
+    return this.bitbucketSdk.getRepos({
+      workspaceSlug: scmOrg
+    });
+  }
+  async getBranchList() {
+    this._validateAccessTokenAndUrl();
+    return this.bitbucketSdk.getBranchList({
+      repoUrl: this.url
+    });
+  }
+  getScmLibType() {
+    return "BITBUCKET" /* BITBUCKET */;
+  }
+  getAuthHeaders() {
+    const authType = this.bitbucketSdk.getAuthType();
+    switch (authType) {
+      case "public":
+        return {};
+      case "token":
+        return { authorization: `Bearer ${this.accessToken}` };
+      case "basic": {
+        this._validateAccessToken();
+        const { username, password } = getUserAndPassword(this.accessToken);
+        return {
+          authorization: `Basic ${Buffer.from(
+            username + ":" + password
+          ).toString("base64")}`
+        };
+      }
+    }
+  }
+  async getDownloadUrl(sha) {
+    this._validateUrl();
+    return this.bitbucketSdk.getDownloadUrl({ url: this.url, sha });
+  }
+  async _getUsernameForAuthUrl() {
+    this._validateAccessTokenAndUrl();
+    const user = await this.bitbucketSdk.getUser();
+    if (!user.username) {
+      throw new Error("no username found");
+    }
+    return user.username;
   }
-  async getGeneralPrComments(params) {
-    const { prNumber } = params;
+  async getIsRemoteBranch(branch) {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getGeneralPrComments({
-      issue_number: prNumber,
-      owner,
-      repo
-    });
+    try {
+      const res = await this.bitbucketSdk.getBranch({
+        branchName: branch,
+        repoUrl: this.url
+      });
+      return res.name === branch;
+    } catch (e) {
+      return false;
+    }
   }
-  async deleteGeneralPrComment({
-    commentId
-  }) {
+  async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteGeneralPrComment({
-      owner,
-      repo,
-      comment_id: commentId
-    });
+    return this.bitbucketSdk.getIsUserCollaborator({ repoUrl: this.url });
   }
-};
-var StubSCMLib = class extends SCMLib {
-  async createSubmitRequest(_params) {
-    console.error("createSubmitRequest() not implemented");
-    throw new Error("createSubmitRequest() not implemented");
+  async getUsername() {
+    this._validateAccessToken();
+    const res = await this.bitbucketSdk.getUser();
+    return z7.string().parse(res.username);
   }
-  getScmLibType() {
-    console.error("getScmLibType() not implemented");
-    throw new Error("getScmLibType() not implemented");
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
+    this._validateAccessTokenAndUrl();
+    const pullRequestRes = await this.bitbucketSdk.getPullRequest({
+      prNumber: Number(_scmSubmitRequestId),
+      url: this.url
+    });
+    switch (pullRequestRes.state) {
+      case "OPEN":
+        return "open";
+      case "MERGED":
+        return "merged";
+      case "DECLINED":
+        return "closed";
+      default:
+        throw new Error(`unknown state ${pullRequestRes.state} `);
+    }
   }
-  getAuthHeaders() {
-    console.error("getAuthHeaders() not implemented");
-    throw new Error("getAuthHeaders() not implemented");
+  async getRepoBlameRanges(_ref, _path) {
+    return [];
   }
-  getDownloadUrl(_sha) {
-    console.error("getDownloadUrl() not implemented");
-    throw new Error("getDownloadUrl() not implemented");
+  async getReferenceData(ref) {
+    this._validateUrl();
+    return this.bitbucketSdk.getReferenceData({ url: this.url, ref });
   }
-  async getIsRemoteBranch(_branch) {
-    console.error("getIsRemoteBranch() not implemented");
-    throw new Error("getIsRemoteBranch() not implemented");
+  async getRepoDefaultBranch() {
+    this._validateUrl();
+    const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
+    return z7.string().parse(repoRes.mainbranch?.name);
   }
-  async validateParams() {
-    console.error("validateParams() not implemented");
-    throw new Error("validateParams() not implemented");
+  getPrUrl(prNumber) {
+    this._validateUrl();
+    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    return Promise.resolve(
+      `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
+    );
   }
-  async getRepoList(_scmOrg) {
-    console.error("getRepoList() not implemented");
-    throw new Error("getRepoList() not implemented");
+  async refreshToken(params) {
+    const getBitbucketTokenResponse = await getBitbucketToken({
+      authType: "refresh_token",
+      ...params
+    });
+    return {
+      accessToken: getBitbucketTokenResponse.access_token,
+      refreshToken: getBitbucketTokenResponse.refresh_token
+    };
   }
-  async getBranchList() {
-    console.error("getBranchList() not implemented");
-    throw new Error("getBranchList() not implemented");
+};
+
+// src/features/analysis/scm/ado/validation.ts
+import { z as z8 } from "zod";
+var ValidPullRequestStatusZ = z8.union([
+  z8.literal(1 /* Active */),
+  z8.literal(2 /* Abandoned */),
+  z8.literal(3 /* Completed */)
+]);
+var AdoAuthResultZ = z8.object({
+  access_token: z8.string().min(1),
+  token_type: z8.string().min(1),
+  refresh_token: z8.string().min(1)
+});
+var profileZ = z8.object({
+  displayName: z8.string(),
+  publicAlias: z8.string().min(1),
+  emailAddress: z8.string(),
+  coreRevision: z8.number(),
+  timeStamp: z8.string(),
+  id: z8.string(),
+  revision: z8.number()
+});
+var accountsZ = z8.object({
+  count: z8.number(),
+  value: z8.array(
+    z8.object({
+      accountId: z8.string(),
+      accountUri: z8.string(),
+      accountName: z8.string()
+    })
+  )
+});
+
+// src/features/analysis/scm/ado/utils.ts
+function _getPublicAdoClient({
+  orgName,
+  origin: origin2
+}) {
+  const orgUrl = `${origin2}/${orgName}`;
+  const authHandler = api.getPersonalAccessTokenHandler("");
+  authHandler.canHandleAuthentication = () => false;
+  authHandler.prepareRequest = (_options) => {
+    return;
+  };
+  const connection = new api.WebApi(orgUrl, authHandler);
+  return connection;
+}
+function removeTrailingSlash2(str) {
+  return str.trim().replace(/\/+$/, "");
+}
+function parseAdoOwnerAndRepo(adoUrl) {
+  adoUrl = removeTrailingSlash2(adoUrl);
+  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
+  if (!parsingResult || parsingResult.scmType !== "Ado" /* Ado */) {
+    throw new InvalidUrlPatternError(`
+      : ${adoUrl}`);
   }
-  async getUsername() {
-    console.error("getUsername() not implemented");
-    throw new Error("getUsername() not implemented");
+  const {
+    organization,
+    repoName,
+    projectName,
+    projectPath,
+    pathElements,
+    hostname,
+    protocol
+  } = parsingResult;
+  return {
+    owner: decodeURI(organization),
+    repo: decodeURI(repoName),
+    projectName: projectName ? decodeURI(projectName) : void 0,
+    projectPath,
+    pathElements,
+    prefixPath: parsingResult.prefixPath,
+    origin: `${protocol}//${hostname}`
+  };
+}
+async function getAdoConnectData({
+  url,
+  tokenOrg,
+  adoTokenInfo
+}) {
+  if (url) {
+    const urlObject = new URL(url);
+    if (tokenOrg && (urlObject.origin === url || `${urlObject.origin}/tfs` === url)) {
+      return {
+        origin: url,
+        org: tokenOrg
+      };
+    }
+    const { owner, origin: origin2, prefixPath } = parseAdoOwnerAndRepo(url);
+    return {
+      org: owner,
+      origin: prefixPath ? `${origin2}/${prefixPath}` : origin2
+    };
   }
-  async getSubmitRequestStatus(_scmSubmitRequestId) {
-    console.error("getSubmitRequestStatus() not implemented");
-    throw new Error("getSubmitRequestStatus() not implemented");
+  if (!tokenOrg) {
+    if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
+      const [org] = await _getOrgsForOauthToken({
+        oauthToken: adoTokenInfo.accessToken
+      });
+      return {
+        org: z9.string().parse(org),
+        origin: DEFUALT_ADO_ORIGIN
+      };
+    }
+    throw new InvalidRepoUrlError("ADO URL is null");
   }
-  async getUserHasAccessToRepo() {
-    console.error("getUserHasAccessToRepo() not implemented");
-    throw new Error("getUserHasAccessToRepo() not implemented");
+  return {
+    org: tokenOrg,
+    origin: DEFUALT_ADO_ORIGIN
+  };
+}
+function isAdoOnCloud(url) {
+  const urlObj = new URL(url);
+  return urlObj.origin.toLowerCase() === DEFUALT_ADO_ORIGIN || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com");
+}
+async function getAdoApiClient(params) {
+  const { origin: origin2 = DEFUALT_ADO_ORIGIN, orgName } = params;
+  if (params.tokenType === "NONE" /* NONE */ || // note: move to public client if the token is not associated with the PAT org
+  // we're only doing it the ado on the cloud
+  params.tokenType === "PAT" /* PAT */ && params.patTokenOrg !== orgName && isAdoOnCloud(origin2)) {
+    return _getPublicAdoClient({ orgName, origin: origin2 });
   }
-  async getRepoBlameRanges(_ref, _path) {
-    console.error("getRepoBlameRanges() not implemented");
-    throw new Error("getRepoBlameRanges() not implemented");
+  const orgUrl = `${origin2}/${orgName}`;
+  if (params.tokenType === "OAUTH" /* OAUTH */) {
+    if (!isAdoOnCloud(origin2)) {
+      throw new Error(
+        `Oauth token is not supported for ADO on prem - ${origin2} `
+      );
+    }
+    const connection2 = new api.WebApi(
+      orgUrl,
+      api.getBearerHandler(params.accessToken),
+      {}
+    );
+    return connection2;
   }
-  async getReferenceData(_ref) {
-    console.error("getReferenceData() not implemented");
-    throw new Error("getReferenceData() not implemented");
+  const authHandler = api.getPersonalAccessTokenHandler(params.accessToken);
+  const isBroker = BROKERED_HOSTS.includes(new URL(orgUrl).origin);
+  const connection = new api.WebApi(
+    orgUrl,
+    authHandler,
+    isBroker ? {
+      proxy: {
+        proxyUrl: GIT_PROXY_HOST
+      },
+      ignoreSslError: true
+    } : void 0
+  );
+  return connection;
+}
+function getAdoTokenInfo(token) {
+  if (!token) {
+    return { type: "NONE" /* NONE */ };
   }
-  async getRepoDefaultBranch() {
-    console.error("getRepoDefaultBranch() not implemented");
-    throw new Error("getRepoDefaultBranch() not implemented");
+  if (token.includes(".")) {
+    return { type: "OAUTH" /* OAUTH */, accessToken: token };
   }
-  async getPrUrl(_prNumber) {
-    console.error("getPr() not implemented");
-    throw new Error("getPr() not implemented");
+  return { type: "PAT" /* PAT */, accessToken: token };
+}
+async function getAdoClientParams(params) {
+  const { url, accessToken, tokenOrg } = params;
+  const adoTokenInfo = getAdoTokenInfo(accessToken);
+  const { org, origin: origin2 } = await getAdoConnectData({
+    url,
+    tokenOrg,
+    adoTokenInfo
+  });
+  switch (adoTokenInfo.type) {
+    case "NONE" /* NONE */:
+      return {
+        tokenType: "NONE" /* NONE */,
+        origin: origin2,
+        orgName: org.toLowerCase()
+      };
+    case "OAUTH" /* OAUTH */: {
+      return {
+        tokenType: "OAUTH" /* OAUTH */,
+        accessToken: adoTokenInfo.accessToken,
+        origin: origin2,
+        orgName: org.toLowerCase()
+      };
+    }
+    case "PAT" /* PAT */: {
+      return {
+        tokenType: "PAT" /* PAT */,
+        accessToken: adoTokenInfo.accessToken,
+        patTokenOrg: z9.string().parse(tokenOrg).toLowerCase(),
+        origin: origin2,
+        orgName: org.toLowerCase()
+      };
+    }
   }
-  _getUsernameForAuthUrl() {
-    throw new Error("Method not implemented.");
+}
+async function adoValidateParams({
+  url,
+  accessToken,
+  tokenOrg
+}) {
+  try {
+    const api2 = await getAdoApiClient(
+      await getAdoClientParams({ url, accessToken, tokenOrg })
+    );
+    await api2.connect();
+  } catch (e) {
+    console.log("adoValidateParams error", e);
+    const error = e;
+    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
+      throw new InvalidAccessTokenError(`invalid ADO access token`);
+    }
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
+      throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
+    }
+    throw e;
   }
-};
-function getUserAndPassword(token) {
-  const [username, password] = token.split(":");
-  const safePasswordAndUsername = z7.object({ username: z7.string(), password: z7.string() }).parse({ username, password });
+}
+async function _getOrgsForOauthToken({
+  oauthToken
+}) {
+  const profileRes = await fetch(
+    "https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=6.0",
+    {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${oauthToken}`
+      }
+    }
+  );
+  const profileJson = await profileRes.json();
+  const profile = profileZ.parse(profileJson);
+  const accountsRes = await fetch(
+    `https://app.vssps.visualstudio.com/_apis/accounts?memberId=${profile.publicAlias}&api-version=6.0`,
+    {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${oauthToken}`
+      }
+    }
+  );
+  const accountsJson = await accountsRes.json();
+  const accounts = accountsZ.parse(accountsJson);
+  const orgs = accounts.value.map((account) => account.accountName).filter((value, index, array) => array.indexOf(value) === index);
+  return orgs;
+}
+
+// src/features/analysis/scm/ado/ado.ts
+async function getAdoSdk(params) {
+  const api2 = await getAdoApiClient(params);
   return {
-    username: safePasswordAndUsername.username,
-    password: safePasswordAndUsername.password
+    async getAdoIsUserCollaborator({ repoUrl }) {
+      try {
+        const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+        const git = await api2.getGitApi();
+        const branches = await git.getBranches(repo, projectName);
+        if (!branches || branches.length === 0) {
+          throw new InvalidRepoUrlError("no branches");
+        }
+        return true;
+      } catch (e) {
+        return false;
+      }
+    },
+    async getAdoPullRequestStatus({
+      repoUrl,
+      prNumber
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const res = await git.getPullRequest(repo, prNumber, projectName);
+      const parsedPullRequestStatus = ValidPullRequestStatusZ.safeParse(
+        res.status
+      );
+      if (!parsedPullRequestStatus.success) {
+        throw new Error("bad pr status for ADO");
+      }
+      return parsedPullRequestStatus.data;
+    },
+    async getAdoIsRemoteBranch({
+      repoUrl,
+      branch
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      try {
+        const branchStatus = await git.getBranch(repo, branch, projectName);
+        if (!branchStatus || !branchStatus.commit) {
+          throw new InvalidRepoUrlError("no branch status");
+        }
+        return branchStatus.name === branch;
+      } catch (e) {
+        return false;
+      }
+    },
+    async getAdoPrUrl({ url, prNumber }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(url);
+      const git = await api2.getGitApi();
+      const getRepositoryRes = await git.getRepository(
+        decodeURI(repo),
+        projectName ? decodeURI(projectName) : void 0
+      );
+      return `${getRepositoryRes.webUrl}/pullrequest/${prNumber}`;
+    },
+    getAdoDownloadUrl({
+      repoUrl,
+      branch
+    }) {
+      const { owner, repo, projectName, prefixPath } = parseAdoOwnerAndRepo(repoUrl);
+      const url = new URL(repoUrl);
+      const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
+      const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
+      const path9 = [
+        prefixPath,
+        owner,
+        projectName,
+        "_apis",
+        "git",
+        "repositories",
+        repo,
+        "items",
+        "items"
+      ].filter(Boolean).join("/");
+      return new URL(`${path9}?${params2}`, origin2).toString();
+    },
+    async getAdoBranchList({ repoUrl }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      try {
+        const res = await git.getBranches(repo, projectName);
+        res.sort((a, b) => {
+          if (!a.commit?.committer?.date || !b.commit?.committer?.date) {
+            return 0;
+          }
+          return b.commit?.committer?.date.getTime() - a.commit?.committer?.date.getTime();
+        });
+        return res.reduce((acc, branch) => {
+          if (!branch.name) {
+            return acc;
+          }
+          acc.push(branch.name);
+          return acc;
+        }, []);
+      } catch (e) {
+        return [];
+      }
+    },
+    async createAdoPullRequest(options) {
+      const { repoUrl, sourceBranchName, targetBranchName, title, body } = options;
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const res = await git.createPullRequest(
+        {
+          sourceRefName: `refs/heads/${sourceBranchName}`,
+          targetRefName: `refs/heads/${targetBranchName}`,
+          title,
+          description: body
+        },
+        repo,
+        projectName
+      );
+      return res.pullRequestId;
+    },
+    async getAdoRepoDefaultBranch({
+      repoUrl
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      const git = await api2.getGitApi();
+      const getRepositoryRes = await git.getRepository(
+        decodeURI(repo),
+        projectName ? decodeURI(projectName) : void 0
+      );
+      if (!getRepositoryRes?.defaultBranch) {
+        throw new InvalidRepoUrlError("no default branch");
+      }
+      return getRepositoryRes.defaultBranch.replace("refs/heads/", "");
+    },
+    // todo: refactor this function
+    async getAdoReferenceData({
+      ref,
+      repoUrl
+    }) {
+      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
+      if (!projectName) {
+        throw new InvalidUrlPatternError("no project name");
+      }
+      const git = await api2.getGitApi();
+      const results = await Promise.allSettled([
+        (async () => {
+          const res = await git.getBranch(repo, ref, projectName);
+          if (!res.commit || !res.commit.commitId) {
+            throw new InvalidRepoUrlError("no commit on branch");
+          }
+          return {
+            sha: res.commit.commitId,
+            type: "BRANCH" /* BRANCH */,
+            date: res.commit.committer?.date || /* @__PURE__ */ new Date()
+          };
+        })(),
+        (async () => {
+          const res = await git.getCommits(
+            repo,
+            {
+              fromCommitId: ref,
+              toCommitId: ref,
+              $top: 1
+            },
+            projectName
+          );
+          const commit = res[0];
+          if (!commit || !commit.commitId) {
+            throw new Error("no commit");
+          }
+          return {
+            sha: commit.commitId,
+            type: "COMMIT" /* COMMIT */,
+            date: commit.committer?.date || /* @__PURE__ */ new Date()
+          };
+        })(),
+        (async () => {
+          const res = await git.getRefs(repo, projectName, `tags/${ref}`);
+          if (!res[0] || !res[0].objectId) {
+            throw new Error("no tag ref");
+          }
+          let objectId = res[0].objectId;
+          try {
+            const tag = await git.getAnnotatedTag(projectName, repo, objectId);
+            if (tag.taggedObject?.objectId) {
+              objectId = tag.taggedObject.objectId;
+            }
+          } catch (e) {
+          }
+          const commitRes2 = await git.getCommits(
+            repo,
+            {
+              fromCommitId: objectId,
+              toCommitId: objectId,
+              $top: 1
+            },
+            projectName
+          );
+          const commit = commitRes2[0];
+          if (!commit) {
+            throw new Error("no commit");
+          }
+          return {
+            sha: objectId,
+            type: "TAG" /* TAG */,
+            date: commit.committer?.date || /* @__PURE__ */ new Date()
+          };
+        })()
+      ]);
+      const [branchRes, commitRes, tagRes] = results;
+      if (tagRes.status === "fulfilled") {
+        return tagRes.value;
+      }
+      if (branchRes.status === "fulfilled") {
+        return branchRes.value;
+      }
+      if (commitRes.status === "fulfilled") {
+        return commitRes.value;
+      }
+      throw new RefNotFoundError(`ref: ${ref} does not exist`);
+    },
+    getAdoBlameRanges() {
+      return [];
+    }
   };
 }
-function createBitbucketSdk(token) {
-  if (!token) {
-    return getBitbucketSdk({ authType: "public" });
+async function getAdoRepoList({
+  orgName,
+  tokenOrg,
+  accessToken
+}) {
+  let orgs = [];
+  const adoTokenInfo = getAdoTokenInfo(accessToken);
+  if (adoTokenInfo.type === "NONE" /* NONE */) {
+    return [];
   }
-  if (token.includes(":")) {
-    const { password, username } = getUserAndPassword(token);
-    return getBitbucketSdk({
-      authType: "basic",
-      username,
-      password
-    });
+  if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
+    orgs = await _getOrgsForOauthToken({ oauthToken: accessToken });
   }
-  return getBitbucketSdk({ authType: "token", token });
+  if (orgs.length === 0 && !orgName) {
+    throw new Error(`no orgs for ADO`);
+  } else if (orgs.length === 0 && orgName) {
+    orgs = [orgName];
+  }
+  const repos = (await Promise.allSettled(
+    orgs.map(async (org) => {
+      const orgApi = await getAdoApiClient({
+        ...await getAdoClientParams({
+          accessToken,
+          tokenOrg: tokenOrg || org,
+          url: void 0
+        }),
+        orgName: org
+      });
+      const gitOrg = await orgApi.getGitApi();
+      const orgRepos = await gitOrg.getRepositories();
+      const repoInfoList = (await Promise.allSettled(
+        orgRepos.map(async (repo) => {
+          if (!repo.name || !repo.remoteUrl || !repo.defaultBranch) {
+            throw new InvalidRepoUrlError("bad repo");
+          }
+          const branch = await gitOrg.getBranch(
+            repo.name,
+            repo.defaultBranch.replace(/^refs\/heads\//, ""),
+            repo.project?.name
+          );
+          return {
+            repoName: repo.name,
+            repoUrl: repo.remoteUrl.replace(
+              /^[hH][tT][tT][pP][sS]:\/\/[^/]+@/,
+              "https://"
+            ),
+            repoOwner: org,
+            repoIsPublic: repo.project?.visibility === 2 /* Public */,
+            repoLanguages: [],
+            repoUpdatedAt: branch.commit?.committer?.date?.toDateString() || repo.project?.lastUpdateTime?.toDateString() || (/* @__PURE__ */ new Date()).toDateString()
+          };
+        })
+      )).reduce((acc, res) => {
+        if (res.status === "fulfilled") {
+          acc.push(res.value);
+        }
+        return acc;
+      }, []);
+      return repoInfoList;
+    })
+  )).reduce((acc, res) => {
+    if (res.status === "fulfilled") {
+      return acc.concat(res.value);
+    }
+    return acc;
+  }, []);
+  return repos;
 }
-var BitbucketSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-    __publicField(this, "bitbucketSdk");
-    const bitbucketSdk = createBitbucketSdk(accessToken);
-    this.bitbucketSdk = bitbucketSdk;
+
+// src/features/analysis/scm/constants.ts
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+
+// src/constants.ts
+var debug = Debug("mobbdev:constants");
+var __dirname = path2.dirname(fileURLToPath(import.meta.url));
+dotenv.config({ path: path2.join(__dirname, "../.env") });
+var scmFriendlyText = {
+  ["Ado" /* Ado */]: "Azure DevOps",
+  ["Bitbucket" /* Bitbucket */]: "Bitbucket",
+  ["GitHub" /* GitHub */]: "GitGub",
+  ["GitLab" /* GitLab */]: "GitLab"
+};
+var SCANNERS = {
+  Checkmarx: "checkmarx",
+  Codeql: "codeql",
+  Fortify: "fortify",
+  Snyk: "snyk",
+  Sonarqube: "sonarqube"
+};
+var SupportedScannersZ = z10.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
+var envVariablesSchema = z10.object({
+  WEB_APP_URL: z10.string(),
+  API_URL: z10.string(),
+  HASURA_ACCESS_KEY: z10.string(),
+  LOCAL_GRAPHQL_ENDPOINT: z10.string()
+}).required();
+var envVariables = envVariablesSchema.parse(process.env);
+debug("config %o", envVariables);
+var mobbAscii = `
+                                   ..                       
+                             ..........                     
+                        .................                   
+               ...........................                  
+              ..............................                
+             ................................               
+             ..................................             
+            ....................................            
+            .....................................           
+            .............................................   
+          ................................................. 
+     ...............................       .................
+  ..................................           ............ 
+..................    .............            ..........   
+......... ........      .........             ......        
+  ...............                          ....             
+         .... ..                                            
+                                                            
+                                      . ...                 
+                              ..............                
+                       ......................               
+                   ...........................              
+               ................................             
+           ......................................           
+                ...............................             
+                       .................                    
+`;
+var PROJECT_DEFAULT_NAME = "My first project";
+var WEB_APP_URL = envVariables.WEB_APP_URL;
+var API_URL = envVariables.API_URL;
+var HASURA_ACCESS_KEY = envVariables.HASURA_ACCESS_KEY;
+var LOCAL_GRAPHQL_ENDPOINT = envVariables.LOCAL_GRAPHQL_ENDPOINT;
+var errorMessages = {
+  missingCxProjectName: `project name ${chalk.bold(
+    "(--cx-project-name)"
+  )} is needed if you're using checkmarx`,
+  missingUrl: `url ${chalk.bold(
+    "(--url)"
+  )} is needed if you're adding an SCM token`,
+  invalidScmType: `SCM type ${chalk.bold(
+    "(--scm-type)"
+  )} is invalid, please use one of: ${Object.values(ScmType).join(", ")}`,
+  missingToken: `SCM token ${chalk.bold(
+    "(--token)"
+  )} is needed if you're adding an SCM token`
+};
+var progressMassages = {
+  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
+  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
+  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
+};
+var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 20;
+
+// src/features/analysis/index.ts
+import crypto from "node:crypto";
+import fs3 from "node:fs";
+import os from "node:os";
+import path6 from "node:path";
+import { pipeline } from "node:stream/promises";
+
+// src/generates/client_generates.ts
+var MeDocument = `
+    query Me {
+  me {
+    id
+    email
+    scmConfigs {
+      id
+      orgId
+      refreshToken
+      scmType
+      scmUrl
+      scmUsername
+      token
+      tokenLastUpdate
+      userId
+      scmOrg
+      isTokenAvailable
+    }
   }
-  getAuthData() {
-    const authType = this.bitbucketSdk.getAuthType();
-    switch (authType) {
-      case "basic": {
-        this._validateAccessToken();
-        const { username, password } = getUserAndPassword(this.accessToken);
-        return { username, password, authType };
-      }
-      case "token": {
-        return { authType, token: z7.string().parse(this.accessToken) };
+}
+    `;
+var GetOrgAndProjectIdDocument = `
+    query getOrgAndProjectId($filters: organization_to_organization_role_bool_exp, $limit: Int) {
+  organization_to_organization_role(
+    where: $filters
+    order_by: {organization: {createdOn: desc}}
+    limit: $limit
+  ) {
+    organization {
+      id
+      projects(order_by: {updatedAt: desc}) {
+        id
+        name
       }
-      case "public":
-        return { authType };
     }
   }
-  async createSubmitRequest(params) {
-    this._validateAccessTokenAndUrl();
-    const pullRequestRes = await this.bitbucketSdk.createPullRequest({
-      ...params,
-      repoUrl: this.url
-    });
-    return String(z7.number().parse(pullRequestRes.id));
-  }
-  async validateParams() {
-    return validateBitbucketParams({
-      bitbucketClient: this.bitbucketSdk,
-      url: this.url
-    });
+}
+    `;
+var GetEncryptedApiTokenDocument = `
+    query GetEncryptedApiToken($loginId: uuid!) {
+  cli_login_by_pk(id: $loginId) {
+    encryptedApiToken
   }
-  async getRepoList(scmOrg) {
-    this._validateAccessToken();
-    return this.bitbucketSdk.getRepos({
-      workspaceSlug: scmOrg
-    });
+}
+    `;
+var FixReportStateDocument = `
+    query FixReportState($id: uuid!) {
+  fixReport_by_pk(id: $id) {
+    state
   }
-  async getBranchList() {
-    this._validateAccessTokenAndUrl();
-    return this.bitbucketSdk.getBranchList({
-      repoUrl: this.url
-    });
+}
+    `;
+var GetVulnerabilityReportPathsDocument = `
+    query GetVulnerabilityReportPaths($vulnerabilityReportId: uuid!) {
+  vulnerability_report_path(
+    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
+  ) {
+    path
   }
-  getScmLibType() {
-    return "BITBUCKET" /* BITBUCKET */;
+}
+    `;
+var GetAnalysisDocument = `
+    subscription getAnalysis($analysisId: uuid!) {
+  analysis: fixReport_by_pk(id: $analysisId) {
+    id
+    state
   }
-  getAuthHeaders() {
-    const authType = this.bitbucketSdk.getAuthType();
-    switch (authType) {
-      case "public":
-        return {};
-      case "token":
-        return { authorization: `Bearer ${this.accessToken}` };
-      case "basic": {
-        this._validateAccessToken();
-        const { username, password } = getUserAndPassword(this.accessToken);
-        return {
-          authorization: `Basic ${Buffer.from(
-            username + ":" + password
-          ).toString("base64")}`
-        };
+}
+    `;
+var GetAnalsyisDocument = `
+    query getAnalsyis($analysisId: uuid!) {
+  analysis: fixReport_by_pk(id: $analysisId) {
+    id
+    state
+    repo {
+      commitSha
+      pullRequest
+    }
+    vulnerabilityReportId
+    vulnerabilityReport {
+      projectId
+      project {
+        organizationId
+      }
+      file {
+        signedFile {
+          url
+        }
       }
     }
   }
-  async getDownloadUrl(sha) {
-    this._validateUrl();
-    return this.bitbucketSdk.getDownloadUrl({ url: this.url, sha });
-  }
-  async _getUsernameForAuthUrl() {
-    this._validateAccessTokenAndUrl();
-    const user = await this.bitbucketSdk.getUser();
-    if (!user.username) {
-      throw new Error("no username found");
+}
+    `;
+var GetFixesDocument = `
+    query getFixes($filters: fix_bool_exp!) {
+  fixes: fix(where: $filters) {
+    issueType
+    id
+    patchAndQuestions {
+      __typename
+      ... on FixData {
+        patch
+      }
     }
-    return user.username;
   }
-  async getIsRemoteBranch(branch) {
-    this._validateAccessTokenAndUrl();
-    try {
-      const res = await this.bitbucketSdk.getBranch({
-        branchName: branch,
-        repoUrl: this.url
-      });
-      return res.name === branch;
-    } catch (e) {
-      return false;
+}
+    `;
+var GetVulByNodesMetadataDocument = `
+    query getVulByNodesMetadata($filters: [vulnerability_report_issue_code_node_bool_exp!], $vulnerabilityReportId: uuid!) {
+  vulnerabilityReportIssueCodeNodes: vulnerability_report_issue_code_node(
+    order_by: {index: desc}
+    where: {_or: $filters, vulnerabilityReportIssue: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}}}
+  ) {
+    vulnerabilityReportIssueId
+    path
+    startLine
+    vulnerabilityReportIssue {
+      issueType
+      fixId
     }
   }
-  async getUserHasAccessToRepo() {
-    this._validateAccessTokenAndUrl();
-    return this.bitbucketSdk.getIsUserCollaborator({ repoUrl: this.url });
-  }
-  async getUsername() {
-    this._validateAccessToken();
-    const res = await this.bitbucketSdk.getUser();
-    return z7.string().parse(res.username);
-  }
-  async getSubmitRequestStatus(_scmSubmitRequestId) {
-    this._validateAccessTokenAndUrl();
-    const pullRequestRes = await this.bitbucketSdk.getPullRequest({
-      prNumber: Number(_scmSubmitRequestId),
-      url: this.url
-    });
-    switch (pullRequestRes.state) {
-      case "OPEN":
-        return "open";
-      case "MERGED":
-        return "merged";
-      case "DECLINED":
-        return "closed";
-      default:
-        throw new Error(`unknown state ${pullRequestRes.state} `);
+  fixablePrVuls: vulnerability_report_issue_aggregate(
+    where: {fixId: {_is_null: false}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
+  ) {
+    aggregate {
+      count
     }
   }
-  async getRepoBlameRanges(_ref, _path) {
-    return [];
-  }
-  async getReferenceData(ref) {
-    this._validateUrl();
-    return this.bitbucketSdk.getReferenceData({ url: this.url, ref });
-  }
-  async getRepoDefaultBranch() {
-    this._validateUrl();
-    const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z7.string().parse(repoRes.mainbranch?.name);
-  }
-  getPrUrl(prNumber) {
-    this._validateUrl();
-    const { repoSlug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
-    return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repoSlug}/pull-requests/${prNumber}`
-    );
-  }
-  async refreshToken(params) {
-    const getBitbucketTokenResponse = await getBitbucketToken({
-      authType: "refresh_token",
-      ...params
-    });
-    return {
-      accessToken: getBitbucketTokenResponse.access_token,
-      refreshToken: getBitbucketTokenResponse.refresh_token
-    };
+  nonFixablePrVuls: vulnerability_report_issue_aggregate(
+    where: {fixId: {_is_null: true}, vulnerabilityReportId: {_eq: $vulnerabilityReportId}, codeNodes: {_or: $filters}}
+  ) {
+    aggregate {
+      count
+    }
+  }
+  totalScanVulnerabilities: vulnerability_report_issue_aggregate(
+    where: {vulnerabilityReportId: {_eq: $vulnerabilityReportId}}
+  ) {
+    aggregate {
+      count
+    }
   }
-};
-
-// src/features/analysis/scm/ado/validation.ts
-import { z as z8 } from "zod";
-var ValidPullRequestStatusZ = z8.union([
-  z8.literal(1 /* Active */),
-  z8.literal(2 /* Abandoned */),
-  z8.literal(3 /* Completed */)
-]);
-var AdoAuthResultZ = z8.object({
-  access_token: z8.string().min(1),
-  token_type: z8.string().min(1),
-  refresh_token: z8.string().min(1)
-});
-var profileZ = z8.object({
-  displayName: z8.string(),
-  publicAlias: z8.string().min(1),
-  emailAddress: z8.string(),
-  coreRevision: z8.number(),
-  timeStamp: z8.string(),
-  id: z8.string(),
-  revision: z8.number()
-});
-var accountsZ = z8.object({
-  count: z8.number(),
-  value: z8.array(
-    z8.object({
-      accountId: z8.string(),
-      accountUri: z8.string(),
-      accountName: z8.string()
-    })
-  )
-});
-
-// src/features/analysis/scm/ado/utils.ts
-function _getPublicAdoClient({
-  orgName,
-  origin: origin2
-}) {
-  const orgUrl = `${origin2}/${orgName}`;
-  const authHandler = api.getPersonalAccessTokenHandler("");
-  authHandler.canHandleAuthentication = () => false;
-  authHandler.prepareRequest = (_options) => {
-    return;
-  };
-  const connection = new api.WebApi(orgUrl, authHandler);
-  return connection;
-}
-function removeTrailingSlash2(str) {
-  return str.trim().replace(/\/+$/, "");
 }
-function parseAdoOwnerAndRepo(adoUrl) {
-  adoUrl = removeTrailingSlash2(adoUrl);
-  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
-  if (!parsingResult) {
-    throw new InvalidUrlPatternError(`
-      : ${adoUrl}`);
+    `;
+var UpdateScmTokenDocument = `
+    mutation updateScmToken($scmType: String!, $url: String!, $token: String!, $org: String, $refreshToken: String) {
+  updateScmToken(
+    scmType: $scmType
+    url: $url
+    token: $token
+    org: $org
+    refreshToken: $refreshToken
+  ) {
+    __typename
+    ... on ScmAccessTokenUpdateSuccess {
+      token
+    }
+    ... on InvalidScmTypeError {
+      status
+      error
+    }
+    ... on BadScmCredentials {
+      status
+      error
+    }
   }
-  const {
-    organization,
-    repoName,
-    projectName,
-    projectPath,
-    pathElements,
-    hostname,
-    protocol
-  } = parsingResult;
-  return {
-    owner: decodeURI(organization),
-    repo: decodeURI(repoName),
-    projectName: projectName ? decodeURI(projectName) : void 0,
-    projectPath,
-    pathElements,
-    origin: `${protocol}//${hostname}`
-  };
 }
-async function getAdoConnectData({
-  url,
-  tokenOrg,
-  adoTokenInfo
-}) {
-  if (url && new URL(url).origin !== url) {
-    const { owner, origin: origin2 } = parseAdoOwnerAndRepo(url);
-    return {
-      org: owner,
-      origin: origin2
-    };
+    `;
+var UploadS3BucketInfoDocument = `
+    mutation uploadS3BucketInfo($fileName: String!) {
+  uploadS3BucketInfo(fileName: $fileName) {
+    status
+    error
+    reportUploadInfo: uploadInfo {
+      url
+      fixReportId
+      uploadFieldsJSON
+      uploadKey
+    }
+    repoUploadInfo {
+      url
+      fixReportId
+      uploadFieldsJSON
+      uploadKey
+    }
   }
-  if (!tokenOrg) {
-    if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
-      const [org] = await _getOrgsForOauthToken({
-        oauthToken: adoTokenInfo.accessToken
-      });
-      return {
-        org: z9.string().parse(org),
-        origin: DEFUALT_ADO_ORIGIN
-      };
+}
+    `;
+var DigestVulnerabilityReportDocument = `
+    mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String!, $fixReportId: String!, $projectId: String!, $scanSource: String!) {
+  digestVulnerabilityReport(
+    fixReportId: $fixReportId
+    vulnerabilityReportFileName: $vulnerabilityReportFileName
+    projectId: $projectId
+    scanSource: $scanSource
+  ) {
+    __typename
+    ... on VulnerabilityReport {
+      vulnerabilityReportId
+      fixReportId
+    }
+    ... on RabbitSendError {
+      status
+      error
+    }
+    ... on ReportValidationError {
+      status
+      error
+    }
+    ... on ReferenceNotFoundError {
+      status
+      error
     }
-    throw new InvalidRepoUrlError("ADO URL is null");
   }
-  return {
-    org: tokenOrg,
-    origin: DEFUALT_ADO_ORIGIN
-  };
 }
-async function getAdoApiClient(params) {
-  const { origin: origin2 = DEFUALT_ADO_ORIGIN, orgName } = params;
-  if (params.tokenType === "NONE" /* NONE */ || // move to public client if the token is not associated with the PAT org
-  params.tokenType === "PAT" /* PAT */ && params.patTokenOrg !== orgName) {
-    return _getPublicAdoClient({ orgName, origin: origin2 });
+    `;
+var SubmitVulnerabilityReportDocument = `
+    mutation SubmitVulnerabilityReport($fixReportId: String!, $repoUrl: String!, $reference: String!, $projectId: String!, $scanSource: String!, $sha: String, $experimentalEnabled: Boolean, $vulnerabilityReportFileName: String, $pullRequest: Int) {
+  submitVulnerabilityReport(
+    fixReportId: $fixReportId
+    repoUrl: $repoUrl
+    reference: $reference
+    sha: $sha
+    experimentalEnabled: $experimentalEnabled
+    pullRequest: $pullRequest
+    projectId: $projectId
+    vulnerabilityReportFileName: $vulnerabilityReportFileName
+    scanSource: $scanSource
+  ) {
+    __typename
+    ... on VulnerabilityReport {
+      vulnerabilityReportId
+      fixReportId
+    }
   }
-  const orgUrl = `${origin2}/${orgName}`;
-  if (params.tokenType === "OAUTH" /* OAUTH */) {
-    if (origin2 !== DEFUALT_ADO_ORIGIN) {
-      throw new Error(
-        `Oauth token is not supported for ADO on prem - ${origin2} `
-      );
+}
+    `;
+var CreateCommunityUserDocument = `
+    mutation CreateCommunityUser {
+  initOrganizationAndProject {
+    __typename
+    ... on InitOrganizationAndProjectGoodResponse {
+      projectId
+      userId
+      organizationId
+    }
+    ... on UserAlreadyInProjectError {
+      error
+      status
     }
-    const connection2 = new api.WebApi(
-      orgUrl,
-      api.getBearerHandler(params.accessToken),
-      {}
-    );
-    return connection2;
   }
-  const authHandler = api.getPersonalAccessTokenHandler(params.accessToken);
-  const isBroker = BROKERED_HOSTS.includes(new URL(orgUrl).origin);
-  const connection = new api.WebApi(
-    orgUrl,
-    authHandler,
-    isBroker ? {
-      proxy: {
-        proxyUrl: GIT_PROXY_HOST
-      },
-      ignoreSslError: true
-    } : void 0
-  );
-  return connection;
 }
-function getAdoTokenInfo(token) {
-  if (!token) {
-    return { type: "NONE" /* NONE */ };
+    `;
+var CreateCliLoginDocument = `
+    mutation CreateCliLogin($publicKey: String!) {
+  insert_cli_login_one(object: {publicKey: $publicKey}) {
+    id
   }
-  if (token.includes(".")) {
-    return { type: "OAUTH" /* OAUTH */, accessToken: token };
+}
+    `;
+var PerformCliLoginDocument = `
+    mutation performCliLogin($loginId: String!) {
+  performCliLogin(loginId: $loginId) {
+    status
   }
-  return { type: "PAT" /* PAT */, accessToken: token };
 }
-async function getAdoClientParams(params) {
-  const { url, accessToken, tokenOrg } = params;
-  const adoTokenInfo = getAdoTokenInfo(accessToken);
-  const { org, origin: origin2 } = await getAdoConnectData({
-    url,
-    tokenOrg,
-    adoTokenInfo
-  });
-  switch (adoTokenInfo.type) {
-    case "NONE" /* NONE */:
-      return {
-        tokenType: "NONE" /* NONE */,
-        origin: origin2,
-        orgName: org.toLowerCase()
-      };
-    case "OAUTH" /* OAUTH */: {
-      return {
-        tokenType: "OAUTH" /* OAUTH */,
-        accessToken: adoTokenInfo.accessToken,
-        origin: origin2,
-        orgName: org.toLowerCase()
-      };
-    }
-    case "PAT" /* PAT */: {
-      return {
-        tokenType: "PAT" /* PAT */,
-        accessToken: adoTokenInfo.accessToken,
-        patTokenOrg: z9.string().parse(tokenOrg).toLowerCase(),
-        origin: origin2,
-        orgName: org.toLowerCase()
-      };
-    }
+    `;
+var CreateProjectDocument = `
+    mutation CreateProject($organizationId: String!, $projectName: String!) {
+  createProject(organizationId: $organizationId, projectName: $projectName) {
+    projectId
   }
 }
-async function adoValidateParams({
-  url,
-  accessToken,
-  tokenOrg
-}) {
-  try {
-    const api2 = await getAdoApiClient(
-      await getAdoClientParams({ url, accessToken, tokenOrg })
-    );
-    await api2.connect();
-  } catch (e) {
-    console.log("adoValidateParams error", e);
-    const error = e;
-    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description = error.description || `${e}`;
-    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
-      throw new InvalidAccessTokenError(`invalid ADO access token`);
+    `;
+var ValidateRepoUrlDocument = `
+    query validateRepoUrl($repoUrl: String!) {
+  validateRepoUrl(repoUrl: $repoUrl) {
+    __typename
+    ... on RepoValidationSuccess {
+      status
+      defaultBranch
+      defaultBranchLastModified
+      defaultBranchSha
+      scmType
     }
-    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
-      throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
+    ... on RepoUnreachableError {
+      status
+      error
+      scmType
+    }
+    ... on BadScmCredentials {
+      status
+      error
+      scmType
     }
-    throw e;
   }
 }
-async function _getOrgsForOauthToken({
-  oauthToken
-}) {
-  const profileRes = await fetch(
-    "https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=6.0",
-    {
-      method: "GET",
-      headers: {
-        Authorization: `Bearer ${oauthToken}`
-      }
+    `;
+var GitReferenceDocument = `
+    query gitReference($repoUrl: String!, $reference: String!) {
+  gitReference(repoUrl: $repoUrl, reference: $reference) {
+    __typename
+    ... on GitReferenceData {
+      status
+      sha
+      date
     }
-  );
-  const profileJson = await profileRes.json();
-  const profile = profileZ.parse(profileJson);
-  const accountsRes = await fetch(
-    `https://app.vssps.visualstudio.com/_apis/accounts?memberId=${profile.publicAlias}&api-version=6.0`,
-    {
-      method: "GET",
-      headers: {
-        Authorization: `Bearer ${oauthToken}`
-      }
+    ... on ReferenceNotFoundError {
+      status
+      error
     }
-  );
-  const accountsJson = await accountsRes.json();
-  const accounts = accountsZ.parse(accountsJson);
-  const orgs = accounts.value.map((account) => account.accountName).filter((value, index, array) => array.indexOf(value) === index);
-  return orgs;
+  }
 }
-
-// src/features/analysis/scm/ado/ado.ts
-async function getAdoSdk(params) {
-  const api2 = await getAdoApiClient(params);
+    `;
+var defaultWrapper = (action, _operationName, _operationType, _variables) => action();
+function getSdk(client, withWrapper = defaultWrapper) {
   return {
-    async getAdoIsUserCollaborator({ repoUrl }) {
-      try {
-        const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-        const git = await api2.getGitApi();
-        const branches = await git.getBranches(repo, projectName);
-        if (!branches || branches.length === 0) {
-          throw new InvalidRepoUrlError("no branches");
-        }
-        return true;
-      } catch (e) {
-        return false;
-      }
+    Me(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(MeDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "Me", "query", variables);
     },
-    async getAdoPullRequestStatus({
-      repoUrl,
-      prNumber
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      const res = await git.getPullRequest(repo, prNumber, projectName);
-      const parsedPullRequestStatus = ValidPullRequestStatusZ.safeParse(
-        res.status
-      );
-      if (!parsedPullRequestStatus.success) {
-        throw new Error("bad pr status for ADO");
-      }
-      return parsedPullRequestStatus.data;
+    getOrgAndProjectId(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetOrgAndProjectIdDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getOrgAndProjectId", "query", variables);
     },
-    async getAdoIsRemoteBranch({
-      repoUrl,
-      branch
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      try {
-        const branchStatus = await git.getBranch(repo, branch, projectName);
-        if (!branchStatus || !branchStatus.commit) {
-          throw new InvalidRepoUrlError("no branch status");
-        }
-        return branchStatus.name === branch;
-      } catch (e) {
-        return false;
-      }
+    GetEncryptedApiToken(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetEncryptedApiTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetEncryptedApiToken", "query", variables);
     },
-    async getAdoPrUrl({ url, prNumber }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(url);
-      const git = await api2.getGitApi();
-      const getRepositoryRes = await git.getRepository(
-        decodeURI(repo),
-        projectName ? decodeURI(projectName) : void 0
-      );
-      return `${getRepositoryRes.webUrl}/pullrequest/${prNumber}`;
+    FixReportState(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(FixReportStateDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "FixReportState", "query", variables);
     },
-    getAdoDownloadUrl({
-      repoUrl,
-      branch
-    }) {
-      const { owner, repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const url = new URL(repoUrl);
-      const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
-      return `${origin2}/${owner}/${projectName}/_apis/git/repositories/${repo}/items/items?path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
+    GetVulnerabilityReportPaths(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetVulnerabilityReportPathsDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "GetVulnerabilityReportPaths", "query", variables);
     },
-    async getAdoBranchList({ repoUrl }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      try {
-        const res = await git.getBranches(repo, projectName);
-        res.sort((a, b) => {
-          if (!a.commit?.committer?.date || !b.commit?.committer?.date) {
-            return 0;
-          }
-          return b.commit?.committer?.date.getTime() - a.commit?.committer?.date.getTime();
-        });
-        return res.reduce((acc, branch) => {
-          if (!branch.name) {
-            return acc;
-          }
-          acc.push(branch.name);
-          return acc;
-        }, []);
-      } catch (e) {
-        return [];
-      }
+    getAnalysis(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalysisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalysis", "subscription", variables);
     },
-    async createAdoPullRequest(options) {
-      const { repoUrl, sourceBranchName, targetBranchName, title, body } = options;
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      const res = await git.createPullRequest(
-        {
-          sourceRefName: `refs/heads/${sourceBranchName}`,
-          targetRefName: `refs/heads/${targetBranchName}`,
-          title,
-          description: body
-        },
-        repo,
-        projectName
-      );
-      return res.pullRequestId;
+    getAnalsyis(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetAnalsyisDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getAnalsyis", "query", variables);
     },
-    async getAdoRepoDefaultBranch({
-      repoUrl
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      const git = await api2.getGitApi();
-      const getRepositoryRes = await git.getRepository(
-        decodeURI(repo),
-        projectName ? decodeURI(projectName) : void 0
-      );
-      if (!getRepositoryRes?.defaultBranch) {
-        throw new InvalidRepoUrlError("no default branch");
-      }
-      return getRepositoryRes.defaultBranch.replace("refs/heads/", "");
+    getFixes(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetFixesDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getFixes", "query", variables);
     },
-    // todo: refactor this function
-    async getAdoReferenceData({
-      ref,
-      repoUrl
-    }) {
-      const { repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-      if (!projectName) {
-        throw new InvalidUrlPatternError("no project name");
-      }
-      const git = await api2.getGitApi();
-      const results = await Promise.allSettled([
-        (async () => {
-          const res = await git.getBranch(repo, ref, projectName);
-          if (!res.commit || !res.commit.commitId) {
-            throw new InvalidRepoUrlError("no commit on branch");
-          }
-          return {
-            sha: res.commit.commitId,
-            type: "BRANCH" /* BRANCH */,
-            date: res.commit.committer?.date || /* @__PURE__ */ new Date()
-          };
-        })(),
-        (async () => {
-          const res = await git.getCommits(
-            repo,
-            {
-              fromCommitId: ref,
-              toCommitId: ref,
-              $top: 1
-            },
-            projectName
-          );
-          const commit = res[0];
-          if (!commit || !commit.commitId) {
-            throw new Error("no commit");
-          }
-          return {
-            sha: commit.commitId,
-            type: "COMMIT" /* COMMIT */,
-            date: commit.committer?.date || /* @__PURE__ */ new Date()
-          };
-        })(),
-        (async () => {
-          const res = await git.getRefs(repo, projectName, `tags/${ref}`);
-          if (!res[0] || !res[0].objectId) {
-            throw new Error("no tag ref");
-          }
-          let objectId = res[0].objectId;
-          try {
-            const tag = await git.getAnnotatedTag(projectName, repo, objectId);
-            if (tag.taggedObject?.objectId) {
-              objectId = tag.taggedObject.objectId;
-            }
-          } catch (e) {
-          }
-          const commitRes2 = await git.getCommits(
-            repo,
-            {
-              fromCommitId: objectId,
-              toCommitId: objectId,
-              $top: 1
-            },
-            projectName
-          );
-          const commit = commitRes2[0];
-          if (!commit) {
-            throw new Error("no commit");
-          }
-          return {
-            sha: objectId,
-            type: "TAG" /* TAG */,
-            date: commit.committer?.date || /* @__PURE__ */ new Date()
-          };
-        })()
-      ]);
-      const [branchRes, commitRes, tagRes] = results;
-      if (tagRes.status === "fulfilled") {
-        return tagRes.value;
-      }
-      if (branchRes.status === "fulfilled") {
-        return branchRes.value;
-      }
-      if (commitRes.status === "fulfilled") {
-        return commitRes.value;
-      }
-      throw new RefNotFoundError(`ref: ${ref} does not exist`);
+    getVulByNodesMetadata(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetVulByNodesMetadataDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getVulByNodesMetadata", "query", variables);
+    },
+    updateScmToken(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(UpdateScmTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "updateScmToken", "mutation", variables);
     },
-    getAdoBlameRanges() {
-      return [];
+    uploadS3BucketInfo(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(UploadS3BucketInfoDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "uploadS3BucketInfo", "mutation", variables);
+    },
+    DigestVulnerabilityReport(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(DigestVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "DigestVulnerabilityReport", "mutation", variables);
+    },
+    SubmitVulnerabilityReport(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(SubmitVulnerabilityReportDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "SubmitVulnerabilityReport", "mutation", variables);
+    },
+    CreateCommunityUser(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(CreateCommunityUserDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCommunityUser", "mutation", variables);
+    },
+    CreateCliLogin(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(CreateCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateCliLogin", "mutation", variables);
+    },
+    performCliLogin(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(PerformCliLoginDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "performCliLogin", "mutation", variables);
+    },
+    CreateProject(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(CreateProjectDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "CreateProject", "mutation", variables);
+    },
+    validateRepoUrl(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(ValidateRepoUrlDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "validateRepoUrl", "query", variables);
+    },
+    gitReference(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GitReferenceDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "gitReference", "query", variables);
     }
   };
 }
-async function getAdoRepoList({
-  orgName,
-  tokenOrg,
-  accessToken
-}) {
-  let orgs = [];
-  const adoTokenInfo = getAdoTokenInfo(accessToken);
-  if (adoTokenInfo.type === "NONE" /* NONE */) {
-    return [];
-  }
-  if (adoTokenInfo.type === "OAUTH" /* OAUTH */) {
-    orgs = await _getOrgsForOauthToken({ oauthToken: accessToken });
-  }
-  if (orgs.length === 0 && !orgName) {
-    throw new Error(`no orgs for ADO`);
-  } else if (orgs.length === 0 && orgName) {
-    orgs = [orgName];
-  }
-  const repos = (await Promise.allSettled(
-    orgs.map(async (org) => {
-      const orgApi = await getAdoApiClient({
-        ...await getAdoClientParams({
-          accessToken,
-          tokenOrg: tokenOrg || org,
-          url: void 0
-        }),
-        orgName: org
-      });
-      const gitOrg = await orgApi.getGitApi();
-      const orgRepos = await gitOrg.getRepositories();
-      const repoInfoList = (await Promise.allSettled(
-        orgRepos.map(async (repo) => {
-          if (!repo.name || !repo.remoteUrl || !repo.defaultBranch) {
-            throw new InvalidRepoUrlError("bad repo");
-          }
-          const branch = await gitOrg.getBranch(
-            repo.name,
-            repo.defaultBranch.replace(/^refs\/heads\//, ""),
-            repo.project?.name
-          );
-          return {
-            repoName: repo.name,
-            repoUrl: repo.remoteUrl.replace(
-              /^[hH][tT][tT][pP][sS]:\/\/[^/]+@/,
-              "https://"
-            ),
-            repoOwner: org,
-            repoIsPublic: repo.project?.visibility === 2 /* Public */,
-            repoLanguages: [],
-            repoUpdatedAt: branch.commit?.committer?.date?.toDateString() || repo.project?.lastUpdateTime?.toDateString() || (/* @__PURE__ */ new Date()).toDateString()
-          };
-        })
-      )).reduce((acc, res) => {
-        if (res.status === "fulfilled") {
-          acc.push(res.value);
-        }
-        return acc;
-      }, []);
-      return repoInfoList;
-    })
-  )).reduce((acc, res) => {
-    if (res.status === "fulfilled") {
-      return acc.concat(res.value);
-    }
-    return acc;
-  }, []);
-  return repos;
+
+// src/utils/index.ts
+var utils_exports = {};
+__export(utils_exports, {
+  CliError: () => CliError,
+  Spinner: () => Spinner,
+  getDirName: () => getDirName,
+  getTopLevelDirName: () => getTopLevelDirName,
+  keypress: () => keypress,
+  sleep: () => sleep
+});
+
+// src/utils/dirname.ts
+import path3 from "node:path";
+import { fileURLToPath as fileURLToPath2 } from "node:url";
+function getDirName() {
+  return path3.dirname(fileURLToPath2(import.meta.url));
+}
+function getTopLevelDirName(fullPath) {
+  return path3.parse(fullPath).name;
 }
 
-// src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+// src/utils/keypress.ts
+import readline from "node:readline";
+async function keypress() {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question("", (answer) => {
+      rl.close();
+      process.stderr.moveCursor(0, -1);
+      process.stderr.clearLine(1);
+      resolve(answer);
+    });
+  });
+}
+
+// src/utils/spinner.ts
+import {
+  createSpinner as _createSpinner
+} from "nanospinner";
+var mockSpinner = {
+  success: () => mockSpinner,
+  error: () => mockSpinner,
+  warn: () => mockSpinner,
+  stop: () => mockSpinner,
+  start: () => mockSpinner,
+  update: () => mockSpinner,
+  reset: () => mockSpinner,
+  clear: () => mockSpinner,
+  spin: () => mockSpinner
+};
+function Spinner({ ci = false } = {}) {
+  return {
+    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
+  };
+}
+
+// src/utils/index.ts
+var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
+var CliError = class extends Error {
+};
+
+// src/features/analysis/index.ts
+import chalk4 from "chalk";
+import Configstore from "configstore";
+import Debug12 from "debug";
+import extract from "extract-zip";
+import fetch4 from "node-fetch";
+import open2 from "open";
+import semver from "semver";
+import tmp2 from "tmp";
+import { z as z13 } from "zod";
+
+// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
+import Debug4 from "debug";
 
 // src/features/analysis/add_fix_comments_for_pr/utils.ts
 import Debug3 from "debug";
 import parseDiff2 from "parse-diff";
-import { z as z10 } from "zod";
+import { z as z11 } from "zod";
 
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -3960,7 +4048,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z10.string().parse(file.to),
+      path: z11.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -4267,30 +4355,30 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 
 // src/features/analysis/graphql/types.ts
-import { z as z11 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z11.object({
-  vulnerabilityReportIssueId: z11.string(),
-  path: z11.string(),
-  startLine: z11.number(),
-  vulnerabilityReportIssue: z11.object({
-    fixId: z11.string()
+import { z as z12 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z12.object({
+  vulnerabilityReportIssueId: z12.string(),
+  path: z12.string(),
+  startLine: z12.number(),
+  vulnerabilityReportIssue: z12.object({
+    fixId: z12.string()
   })
 });
-var GetVulByNodesMetadataZ = z11.object({
-  vulnerabilityReportIssueCodeNodes: z11.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+var GetVulByNodesMetadataZ = z12.object({
+  vulnerabilityReportIssueCodeNodes: z12.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z12.object({
+    aggregate: z12.object({
+      count: z12.number()
     })
   }),
-  fixablePrVuls: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  fixablePrVuls: z12.object({
+    aggregate: z12.object({
+      count: z12.number()
     })
   }),
-  totalScanVulnerabilities: z11.object({
-    aggregate: z11.object({
-      count: z11.number()
+  totalScanVulnerabilities: z12.object({
+    aggregate: z12.object({
+      count: z12.number()
     })
   })
 });
@@ -4563,6 +4651,12 @@ var GQLClient = class {
     });
     return res;
   }
+  async validateRepoUrl(args) {
+    return this._clientSdk.validateRepoUrl(args);
+  }
+  async getReferenceData(args) {
+    return this._clientSdk.gitReference(args);
+  }
 };
 
 // src/features/analysis/pack.ts
@@ -5063,6 +5157,70 @@ function _getUrlForScmType({
       };
   }
 }
+async function getScmTokenInfo(params) {
+  const { gqlClient, repo } = params;
+  const userInfo = await gqlClient.getUserInfo();
+  if (!userInfo) {
+    throw new Error("userInfo is null");
+  }
+  const scmConfigs = getFromArraySafe(userInfo.scmConfigs);
+  return getScmConfig({
+    url: repo,
+    scmConfigs,
+    includeOrgTokens: false
+  });
+}
+async function getReport(params, { skipPrompts }) {
+  const {
+    scanner,
+    repoUrl,
+    gqlClient,
+    sha,
+    dirname,
+    reference,
+    cxProjectName,
+    ci
+  } = params;
+  const tokenInfo = await getScmTokenInfo({ gqlClient, repo: repoUrl });
+  const scm = await SCMLib.init(
+    {
+      url: repoUrl,
+      accessToken: tokenInfo.accessToken,
+      scmOrg: tokenInfo.scmOrg,
+      scmType: tokenInfo.scmLibType
+    },
+    { propagateExceptions: true }
+  );
+  const downloadUrl = await scm.getDownloadUrl(sha);
+  const repositoryRoot = await downloadRepo({
+    repoUrl,
+    dirname,
+    ci,
+    authHeaders: scm.getAuthHeaders(),
+    downloadUrl
+  });
+  const reportPath = path6.join(dirname, "report.json");
+  switch (scanner) {
+    case "snyk":
+      await getSnykReport(reportPath, repositoryRoot, { skipPrompts });
+      break;
+    case "checkmarx":
+      if (!cxProjectName) {
+        throw new Error("cxProjectName is required for checkmarx scanner");
+      }
+      await getCheckmarxReport(
+        {
+          reportPath,
+          repositoryRoot,
+          branch: reference,
+          projectName: cxProjectName
+        },
+        { skipPrompts }
+      );
+      break;
+  }
+  return reportPath;
+}
 async function _scan(params, { skipPrompts = false } = {}) {
   const {
     dirname,
@@ -5106,68 +5264,64 @@ async function _scan(params, { skipPrompts = false } = {}) {
   if (!repo) {
     throw new Error("repo is required in case srcPath is not provided");
   }
-  const userInfo = await gqlClient.getUserInfo();
-  if (!userInfo) {
-    throw new Error("userInfo is null");
-  }
-  const scmConfigs = getFromArraySafe(userInfo.scmConfigs);
-  const tokenInfo = getScmConfig({
-    url: repo,
-    scmConfigs,
-    includeOrgTokens: false
-  });
-  const isRepoAvailable = await scmCanReachRepo({
-    repoUrl: repo,
-    accessToken: tokenInfo.accessToken,
-    scmOrg: tokenInfo.scmOrg,
-    scmType: getScmTypeFromScmLibType(tokenInfo.scmLibType)
-  });
+  const tokenInfo = await getScmTokenInfo({ gqlClient, repo });
+  const validateRes = await gqlClient.validateRepoUrl({ repoUrl: repo });
+  const isRepoAvailable = validateRes.validateRepoUrl?.__typename === "RepoValidationSuccess";
   const cloudScmLibType = getCloudScmLibTypeFromUrl(repo);
   const { authUrl: scmAuthUrl } = _getUrlForScmType({
     scmLibType: cloudScmLibType
   });
-  let myToken = tokenInfo.accessToken;
   if (!isRepoAvailable) {
     if (ci || !cloudScmLibType || !scmAuthUrl) {
       const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
       throw new Error(errorMessage);
     }
     if (cloudScmLibType && scmAuthUrl) {
-      myToken = await handleScmIntegration(tokenInfo.accessToken, scmAuthUrl, repo) || "";
-      const isRepoAvailable2 = await scmCanReachRepo({
-        repoUrl: repo,
-        accessToken: myToken,
-        scmOrg: tokenInfo.scmOrg,
-        scmType: getScmTypeFromScmLibType(tokenInfo.scmLibType)
+      await handleScmIntegration(tokenInfo.accessToken, scmAuthUrl, repo);
+      const repoValidationResponse = await gqlClient.validateRepoUrl({
+        repoUrl: repo
       });
+      const isRepoAvailable2 = repoValidationResponse.validateRepoUrl?.__typename === "RepoValidationSuccess";
       if (!isRepoAvailable2) {
         throw new Error(
-          `Cannot access repo ${repo} with the provided credentials`
+          `Cannot access repo ${repo} with the provided credentials: ${repoValidationResponse.validateRepoUrl?.__typename}`
         );
       }
     }
   }
-  const scm = await SCMLib.init({
-    url: repo,
-    accessToken: myToken,
-    scmOrg: tokenInfo.scmOrg,
-    scmType: tokenInfo.scmLibType
+  const revalidateRes = await gqlClient.validateRepoUrl({ repoUrl: repo });
+  if (revalidateRes.validateRepoUrl?.__typename !== "RepoValidationSuccess") {
+    throw new Error(
+      `could not reach repo ${repo}: ${revalidateRes.validateRepoUrl?.__typename}`
+    );
+  }
+  const reference = ref ?? revalidateRes.validateRepoUrl.defaultBranch;
+  const getReferenceDataRes = await gqlClient.getReferenceData({
+    reference,
+    repoUrl: repo
   });
-  const reference = ref ?? await scm.getRepoDefaultBranch();
-  const { sha } = await scm.getReferenceData(reference);
-  const downloadUrl = await scm.getDownloadUrl(sha);
-  debug11("org id %s", organizationId);
+  if (getReferenceDataRes.gitReference?.__typename !== "GitReferenceData") {
+    throw new Error(
+      `Could not get reference data for ${reference}: ${getReferenceDataRes.gitReference?.__typename}`
+    );
+  }
+  const { sha } = getReferenceDataRes.gitReference;
   debug11("project id %s", projectId);
   debug11("default branch %s", reference);
-  const repositoryRoot = await downloadRepo({
-    repoUrl: repo,
-    dirname,
-    ci,
-    authHeaders: scm.getAuthHeaders(),
-    downloadUrl
-  });
   if (command === "scan") {
-    reportPath = await getReport(SupportedScannersZ.parse(scanner));
+    reportPath = await getReport(
+      {
+        scanner: SupportedScannersZ.parse(scanner),
+        repoUrl: repo,
+        sha,
+        gqlClient,
+        cxProjectName,
+        dirname,
+        reference,
+        ci
+      },
+      { skipPrompts }
+    );
   }
   if (!reportPath) {
     throw new Error("reportPath is null");
@@ -5191,7 +5345,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z12.string().parse(repo),
+      repoUrl: z13.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -5210,29 +5364,6 @@ async function _scan(params, { skipPrompts = false } = {}) {
   });
   await askToOpenAnalysis();
   return reportUploadInfo.fixReportId;
-  async function getReport(scanner2) {
-    const reportPath2 = path6.join(dirname, "report.json");
-    switch (scanner2) {
-      case "snyk":
-        await getSnykReport(reportPath2, repositoryRoot, { skipPrompts });
-        break;
-      case "checkmarx":
-        if (!cxProjectName) {
-          throw new Error("cxProjectName is required for checkmarx scanner");
-        }
-        await getCheckmarxReport(
-          {
-            reportPath: reportPath2,
-            repositoryRoot,
-            branch: reference,
-            projectName: cxProjectName
-          },
-          { skipPrompts }
-        );
-        break;
-    }
-    return reportPath2;
-  }
   async function askToOpenAnalysis() {
     if (!repoUploadInfo || !reportUploadInfo) {
       throw new Error("uploadS3BucketInfo is null");
@@ -5329,14 +5460,14 @@ async function _scan(params, { skipPrompts = false } = {}) {
     );
     await open2(scmAuthUrl2);
     for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
-      const userInfo2 = await gqlClient.getUserInfo();
-      if (!userInfo2) {
+      const userInfo = await gqlClient.getUserInfo();
+      if (!userInfo) {
         throw new CliError2("User info not found");
       }
-      const scmConfigs2 = getFromArraySafe(userInfo2.scmConfigs);
+      const scmConfigs = getFromArraySafe(userInfo.scmConfigs);
       const tokenInfo2 = getScmConfig({
         url: repoUrl,
-        scmConfigs: scmConfigs2,
+        scmConfigs,
         includeOrgTokens: false
       });
       if (tokenInfo2.accessToken && tokenInfo2.accessToken !== oldToken) {
@@ -5443,16 +5574,21 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z12.object({
-          repo: z12.string().url(),
-          githubActionToken: z12.string()
+        const params2 = z13.object({
+          repo: z13.string().url(),
+          githubActionToken: z13.string()
         }).parse({ repo, githubActionToken });
-        const scm2 = await SCMLib.init({
-          url: params2.repo,
-          accessToken: params2.githubActionToken,
-          scmOrg: "",
-          scmType: "GITHUB" /* GITHUB */
-        });
+        const scm = await SCMLib.init(
+          {
+            url: params2.repo,
+            accessToken: params2.githubActionToken,
+            scmOrg: "",
+            scmType: "GITHUB" /* GITHUB */
+          },
+          {
+            propagateExceptions: true
+          }
+        );
         await gqlClient.subscribeToAnalysis({
           subscribeToAnalysisParams: {
             analysisId: reportUploadInfo.fixReportId
@@ -5461,8 +5597,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
             return addFixCommentsForPr({
               analysisId,
               gqlClient,
-              scm: scm2,
-              scanner: z12.nativeEnum(SCANNERS).parse(scanner)
+              scm,
+              scanner: z13.nativeEnum(SCANNERS).parse(scanner)
             });
           },
           callbackStates: ["Finished" /* Finished */]
@@ -5648,12 +5784,12 @@ var commitHashOption = {
 };
 var scmTypeOption = {
   demandOption: true,
-  describe: chalk5.bold("SCM type (GitHub, GitLab, Ado, Bitbucket)"),
-  type: "string"
+  describe: chalk5.bold("SCM type"),
+  choices: Object.values(ScmType)
 };
 var urlOption = {
   describe: chalk5.bold(
-    "URL of the repository (used in GitHub, GitLab, Azure DevOps, Bitbucket)"
+    `URL of the repository (used in ${Object.values(ScmType).join(", ")})`
   ),
   type: "string",
   demandOption: true
@@ -5675,7 +5811,7 @@ var scmTokenOption = {
 // src/args/validation.ts
 import chalk6 from "chalk";
 import path8 from "path";
-import { z as z13 } from "zod";
+import { z as z14 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -5692,13 +5828,13 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z13.string({
-  invalid_type_error: "is not a valid GitHub / GitLab / ADO URL"
+var UrlZ = z14.string({
+  invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 }).refine((data) => !!sanityRepoURL(data), {
-  message: "is not a valid GitHub / GitLab / ADO URL"
+  message: `is not a valid ${Object.values(ScmType).join(" / ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z13.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z14.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -5855,20 +5991,15 @@ async function scanHandler(args) {
 }
 
 // src/args/commands/token.ts
-import { z as z14 } from "zod";
 function addScmTokenBuilder(args) {
   return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
     "$0 add-scm-token --scm-type Ado --url https://dev.azure.com/adoorg/test/_git/repo --token abcdef0123456 --organization myOrg",
-    "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
+    `Add your SCM (${Object.values(scmFriendlyText).join(", ")}) token to Mobb to enable automated fixes.`
   ).help().demandOption(["url", "token"]);
 }
-function validateAddScmTokenOptions(argv) {
-  if (!z14.nativeEnum(ScmType).safeParse(argv.scmType).success) {
-    throw new CliError(
-      "\nError: --scm-type must reference a valid SCM type (GitHub, GitLab, Ado, Bitbutcket)"
-    );
-  }
-  Object.values(scmValidationMap).forEach((validate) => validate(argv));
+async function validateAddScmTokenOptions(argv) {
+  const scmType = argv["scm-type"];
+  scmValidationMap[scmType];
 }
 var scmValidationMap = {
   ["GitHub" /* GitHub */]: () => {
@@ -5883,15 +6014,14 @@ var scmValidationMap = {
   }
 };
 function validateAdo(argv) {
-  const urlObj = new URL(argv.url);
-  if ((urlObj.hostname.toLowerCase() === scmCloudHostname.Ado || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com")) && !argv.organization) {
+  if (!argv.organization) {
     throw new CliError(
       "\nError: --organization flag is required for Azure DevOps"
     );
   }
 }
 async function addScmTokenHandler(args) {
-  validateAddScmTokenOptions(args);
+  await validateAddScmTokenOptions(args);
   await addScmToken(args);
 }