mobbdev 0.0.36 → 0.0.38

package/dist/index.mjs

@@ -0,0 +1,2380 @@
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __publicField = (obj, key, value) => {
+  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
+
+// src/index.ts
+import { hideBin } from "yargs/helpers";
+
+// src/args/yargs.ts
+import chalk7 from "chalk";
+import yargs from "yargs/yargs";
+
+// src/args/commands/analyze.ts
+import fs4 from "node:fs";
+
+// src/constants.ts
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import Debug from "debug";
+import * as dotenv from "dotenv";
+import { z } from "zod";
+var debug = Debug("mobbdev:constants");
+var __dirname = path.dirname(fileURLToPath(import.meta.url));
+dotenv.config({ path: path.join(__dirname, "../.env") });
+var SCANNERS = {
+  Checkmarx: "checkmarx",
+  Codeql: "codeql",
+  Fortify: "fortify",
+  Snyk: "snyk"
+};
+var envVariablesSchema = z.object({
+  WEB_LOGIN_URL: z.string(),
+  WEB_APP_URL: z.string(),
+  API_URL: z.string()
+}).required();
+var envVariables = envVariablesSchema.parse(process.env);
+debug("config %o", envVariables);
+var mobbAscii = `
+                                   ..                       
+                             ..........                     
+                        .................                   
+               ...........................                  
+              ..............................                
+             ................................               
+             ..................................             
+            ....................................            
+            .....................................           
+            .............................................   
+          ................................................. 
+     ...............................       .................
+  ..................................           ............ 
+..................    .............            ..........   
+......... ........      .........             ......        
+  ...............                          ....             
+         .... ..                                            
+                                                            
+                                      . ...                 
+                              ..............                
+                       ......................               
+                   ...........................              
+               ................................             
+           ......................................           
+                ...............................             
+                       .................                    
+`;
+var WEB_LOGIN_URL = envVariables.WEB_LOGIN_URL;
+var WEB_APP_URL = envVariables.WEB_APP_URL;
+var API_URL = envVariables.API_URL;
+
+// src/features/analysis/index.ts
+import crypto from "node:crypto";
+import fs3 from "node:fs";
+import os2 from "node:os";
+import path5 from "node:path";
+import { pipeline } from "node:stream/promises";
+
+// src/utils/index.ts
+var utils_exports = {};
+__export(utils_exports, {
+  CliError: () => CliError,
+  Spinner: () => Spinner,
+  getDirName: () => getDirName,
+  keypress: () => keypress,
+  sleep: () => sleep
+});
+
+// src/utils/dirname.ts
+import path2 from "node:path";
+import { fileURLToPath as fileURLToPath2 } from "node:url";
+function getDirName() {
+  return path2.dirname(fileURLToPath2(import.meta.url));
+}
+
+// src/utils/keypress.ts
+import readline from "node:readline";
+async function keypress() {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question("", (answer) => {
+      rl.close();
+      process.stderr.moveCursor(0, -1);
+      process.stderr.clearLine(1);
+      resolve(answer);
+    });
+  });
+}
+
+// src/utils/spinner.ts
+import {
+  createSpinner as _createSpinner
+} from "nanospinner";
+var mockSpinner = {
+  success: () => mockSpinner,
+  error: () => mockSpinner,
+  warn: () => mockSpinner,
+  stop: () => mockSpinner,
+  start: () => mockSpinner,
+  update: () => mockSpinner,
+  reset: () => mockSpinner,
+  clear: () => mockSpinner,
+  spin: () => mockSpinner
+};
+function Spinner({ ci = false } = {}) {
+  return {
+    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
+  };
+}
+
+// src/utils/index.ts
+var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
+var CliError = class extends Error {
+};
+
+// src/features/analysis/index.ts
+import chalk2 from "chalk";
+import Configstore from "configstore";
+import Debug7 from "debug";
+import extract from "extract-zip";
+import fetch3 from "node-fetch";
+import open2 from "open";
+import semver from "semver";
+import tmp from "tmp";
+
+// src/features/analysis/git.ts
+import Debug2 from "debug";
+import { simpleGit } from "simple-git";
+var debug2 = Debug2("mobbdev:git");
+async function getGitInfo(srcDirPath) {
+  debug2("getting git info for %s", srcDirPath);
+  const git = simpleGit({
+    baseDir: srcDirPath,
+    maxConcurrentProcesses: 1,
+    trimmed: true
+  });
+  let repoUrl = "";
+  let hash = "";
+  let reference = "";
+  try {
+    repoUrl = (await git.getConfig("remote.origin.url")).value || "";
+    hash = await git.revparse(["HEAD"]) || "";
+    reference = await git.revparse(["--abbrev-ref", "HEAD"]) || "";
+  } catch (e) {
+    if (e instanceof Error) {
+      debug2("failed to run git %o", e);
+      if (e.message.includes(" spawn ")) {
+        debug2("git cli not installed");
+      } else if (e.message.includes(" not a git repository ")) {
+        debug2("folder is not a git repo");
+      } else {
+        throw e;
+      }
+    }
+    throw e;
+  }
+  if (repoUrl.endsWith(".git")) {
+    repoUrl = repoUrl.slice(0, -".git".length);
+  }
+  if (repoUrl.startsWith("git@github.com:")) {
+    repoUrl = repoUrl.replace("git@github.com:", "https://github.com/");
+  }
+  return {
+    repoUrl,
+    hash,
+    reference
+  };
+}
+
+// src/features/analysis/graphql/gql.ts
+import Debug3 from "debug";
+import { GraphQLClient } from "graphql-request";
+
+// src/features/analysis/graphql/mutations.ts
+import { gql } from "graphql-request";
+var UPLOAD_S3_BUCKET_INFO = gql`
+  mutation uploadS3BucketInfo($fileName: String!) {
+    uploadS3BucketInfo(fileName: $fileName) {
+      status
+      error
+      reportUploadInfo: uploadInfo {
+        url
+        fixReportId
+        uploadFieldsJSON
+        uploadKey
+      }
+      repoUploadInfo {
+        url
+        fixReportId
+        uploadFieldsJSON
+        uploadKey
+      }
+    }
+  }
+`;
+var SUBMIT_VULNERABILITY_REPORT = gql`
+  mutation SubmitVulnerabilityReport(
+    $vulnerabilityReportFileName: String!
+    $fixReportId: String!
+    $repoUrl: String!
+    $reference: String!
+    $projectId: String!
+    $sha: String
+  ) {
+    submitVulnerabilityReport(
+      fixReportId: $fixReportId
+      repoUrl: $repoUrl
+      reference: $reference
+      sha: $sha
+      vulnerabilityReportFileName: $vulnerabilityReportFileName
+      projectId: $projectId
+    ) {
+      __typename
+    }
+  }
+`;
+var CREATE_COMMUNITY_USER = gql`
+  mutation CreateCommunityUser {
+    initOrganizationAndProject {
+      userId
+      projectId
+      organizationId
+    }
+  }
+`;
+var CREATE_CLI_LOGIN = gql`
+  mutation CreateCliLogin($publicKey: String!) {
+    insert_cli_login_one(object: { publicKey: $publicKey }) {
+      id
+    }
+  }
+`;
+var PERFORM_CLI_LOGIN = gql`
+  mutation performCliLogin($loginId: String!) {
+    performCliLogin(loginId: $loginId) {
+      status
+    }
+  }
+`;
+
+// src/features/analysis/graphql/queries.ts
+import { gql as gql2 } from "graphql-request";
+var ME = gql2`
+  query Me {
+    me {
+      id
+      email
+      githubToken
+      gitlabToken
+    }
+  }
+`;
+var GET_ORG_AND_PROJECT_ID = gql2`
+  query getOrgAndProjectId {
+    users: user {
+      userOrganizationsAndUserOrganizationRoles {
+        organization {
+          id
+          projects(order_by: { updatedAt: desc }) {
+            id
+          }
+        }
+      }
+    }
+  }
+`;
+var GET_ENCRYPTED_API_TOKEN = gql2`
+  query GetEncryptedApiToken($loginId: uuid!) {
+    cli_login_by_pk(id: $loginId) {
+      encryptedApiToken
+    }
+  }
+`;
+
+// src/features/analysis/graphql/types.ts
+import { z as z2 } from "zod";
+var UploadFieldsZ = z2.object({
+  bucket: z2.string(),
+  "X-Amz-Algorithm": z2.string(),
+  "X-Amz-Credential": z2.string(),
+  "X-Amz-Date": z2.string(),
+  Policy: z2.string(),
+  "X-Amz-Signature": z2.string()
+});
+var ReportUploadInfoZ = z2.object({
+  url: z2.string(),
+  fixReportId: z2.string(),
+  uploadFieldsJSON: z2.string().transform((str, ctx) => {
+    try {
+      return JSON.parse(str);
+    } catch (e) {
+      ctx.addIssue({ code: "custom", message: "Invalid JSON" });
+      return z2.NEVER;
+    }
+  }),
+  uploadKey: z2.string()
+}).transform(({ uploadFieldsJSON, ...input }) => ({
+  ...input,
+  uploadFields: uploadFieldsJSON
+}));
+var UploadS3BucketInfoZ = z2.object({
+  uploadS3BucketInfo: z2.object({
+    status: z2.string(),
+    error: z2.string().nullish(),
+    reportUploadInfo: ReportUploadInfoZ,
+    repoUploadInfo: ReportUploadInfoZ
+  })
+});
+var GetOrgAndProjectIdQueryZ = z2.object({
+  users: z2.array(
+    z2.object({
+      userOrganizationsAndUserOrganizationRoles: z2.array(
+        z2.object({
+          organization: z2.object({
+            id: z2.string(),
+            projects: z2.array(
+              z2.object({
+                id: z2.string()
+              })
+            ).nonempty()
+          })
+        })
+      ).nonempty()
+    })
+  ).nonempty()
+});
+var CreateCliLoginZ = z2.object({
+  insert_cli_login_one: z2.object({
+    id: z2.string()
+  })
+});
+var GetEncryptedApiTokenZ = z2.object({
+  cli_login_by_pk: z2.object({
+    encryptedApiToken: z2.string().nullable()
+  })
+});
+
+// src/features/analysis/graphql/gql.ts
+var debug3 = Debug3("mobbdev:gql");
+var API_KEY_HEADER_NAME = "x-mobb-key";
+var GQLClient = class {
+  constructor(args) {
+    __publicField(this, "_client");
+    const { apiKey } = args;
+    debug3(`init with apiKey ${apiKey}`);
+    this._client = new GraphQLClient(API_URL, {
+      headers: { [API_KEY_HEADER_NAME]: apiKey || "" }
+    });
+  }
+  async getUserInfo() {
+    const { me } = await this._client.request(ME);
+    return me;
+  }
+  async createCliLogin(variables) {
+    const res = CreateCliLoginZ.parse(
+      await this._client.request(
+        CREATE_CLI_LOGIN,
+        variables,
+        {
+          // We may have outdated API key in the config storage. Avoid using it for the login request.
+          [API_KEY_HEADER_NAME]: ""
+        }
+      )
+    );
+    return res.insert_cli_login_one.id;
+  }
+  async verifyToken() {
+    await this.createCommunityUser();
+    try {
+      await this.getUserInfo();
+    } catch (e) {
+      debug3("verify token failed %o", e);
+      return false;
+    }
+    return true;
+  }
+  async getOrgAndProjectId() {
+    const getOrgAndProjectIdResult = await this._client.request(
+      GET_ORG_AND_PROJECT_ID
+    );
+    const [user] = GetOrgAndProjectIdQueryZ.parse(
+      getOrgAndProjectIdResult
+    ).users;
+    const org = user.userOrganizationsAndUserOrganizationRoles[0].organization;
+    return {
+      organizationId: org.id,
+      projectId: org.projects[0].id
+    };
+  }
+  async getEncryptedApiToken(variables) {
+    const res = await this._client.request(
+      GET_ENCRYPTED_API_TOKEN,
+      variables,
+      {
+        // We may have outdated API key in the config storage. Avoid using it for the login request.
+        [API_KEY_HEADER_NAME]: ""
+      }
+    );
+    return GetEncryptedApiTokenZ.parse(res).cli_login_by_pk.encryptedApiToken;
+  }
+  async createCommunityUser() {
+    try {
+      await this._client.request(CREATE_COMMUNITY_USER);
+    } catch (e) {
+      debug3("create community user failed %o", e);
+    }
+  }
+  async uploadS3BucketInfo() {
+    const uploadS3BucketInfoResult = await this._client.request(UPLOAD_S3_BUCKET_INFO, {
+      fileName: "report.json"
+    });
+    return UploadS3BucketInfoZ.parse(uploadS3BucketInfoResult);
+  }
+  async submitVulnerabilityReport({
+    fixReportId,
+    repoUrl,
+    reference,
+    projectId,
+    sha
+  }) {
+    await this._client.request(SUBMIT_VULNERABILITY_REPORT, {
+      fixReportId,
+      repoUrl,
+      reference,
+      vulnerabilityReportFileName: "report.json",
+      projectId,
+      sha: sha || ""
+    });
+  }
+};
+
+// src/features/analysis/pack.ts
+import fs from "node:fs";
+import path3 from "node:path";
+import AdmZip from "adm-zip";
+import Debug4 from "debug";
+import { globby } from "globby";
+import { isBinary } from "istextorbinary";
+var debug4 = Debug4("mobbdev:pack");
+var MAX_FILE_SIZE = 1024 * 1024 * 5;
+async function pack(srcDirPath) {
+  debug4("pack folder %s", srcDirPath);
+  const filepaths = await globby("**", {
+    gitignore: true,
+    onlyFiles: true,
+    cwd: srcDirPath,
+    followSymbolicLinks: false
+  });
+  debug4("files found %d", filepaths.length);
+  const zip = new AdmZip();
+  debug4("compressing files");
+  for (const filepath of filepaths) {
+    const absFilepath = path3.join(srcDirPath, filepath.toString());
+    if (fs.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
+      debug4("ignoring %s because the size is > 5MB", filepath);
+      continue;
+    }
+    const data = fs.readFileSync(absFilepath);
+    if (isBinary(null, data)) {
+      debug4("ignoring %s because is seems to be a binary file", filepath);
+      continue;
+    }
+    zip.addFile(filepath.toString(), data);
+  }
+  debug4("get zip file buffer");
+  return zip.toBuffer();
+}
+
+// src/features/analysis/prompts.ts
+import inquirer from "inquirer";
+import { createSpinner } from "nanospinner";
+var scannerChoices = [
+  { name: "Snyk", value: SCANNERS.Snyk },
+  { name: "Checkmarx", value: SCANNERS.Checkmarx },
+  { name: "Codeql", value: SCANNERS.Codeql },
+  { name: "Fortify", value: SCANNERS.Fortify }
+];
+async function choseScanner() {
+  const { scanner } = await inquirer.prompt({
+    name: "scanner",
+    message: "Choose a scanner you wish to use to scan your code",
+    type: "list",
+    choices: scannerChoices
+  });
+  return scanner;
+}
+async function scmIntegrationPrompt(scmName) {
+  const answers = await inquirer.prompt({
+    name: "scmConfirm",
+    type: "confirm",
+    message: `It seems we don't have access to the repo, do you want to grant access to your ${scmName} account?`,
+    default: true
+  });
+  return answers.scmConfirm;
+}
+async function mobbAnalysisPrompt() {
+  const spinner = createSpinner().start();
+  spinner.update({ text: "Hit any key to view available fixes" });
+  await keypress();
+  return spinner.success();
+}
+async function snykArticlePrompt() {
+  const { snykArticleConfirm } = await inquirer.prompt({
+    name: "snykArticleConfirm",
+    type: "confirm",
+    message: "Do you want to be taken to the relevant Snyk's online article?",
+    default: true
+  });
+  return snykArticleConfirm;
+}
+
+// src/features/analysis/scm/gitlab.ts
+import querystring from "node:querystring";
+import { Gitlab } from "@gitbeaker/rest";
+import { z as z5 } from "zod";
+
+// src/features/analysis/scm/github.ts
+import { RequestError } from "@octokit/request-error";
+import { Octokit } from "octokit";
+import { z as z3 } from "zod";
+function removeTrailingSlash(str) {
+  return str.trim().replace(/\/+$/, "");
+}
+var EnvVariablesZod = z3.object({
+  GITHUB_API_TOKEN: z3.string().optional()
+});
+var { GITHUB_API_TOKEN } = EnvVariablesZod.parse(process.env);
+var GetBlameDocument = `
+      query GetBlame(
+        $owner: String!
+        $repo: String!
+        $ref: String!
+        $path: String!
+      ) {
+        repository(name: $repo, owner: $owner) {
+          # branch name
+          object(expression: $ref) {
+            # cast Target to a Commit
+            ... on Commit {
+              # full repo-relative path to blame file
+              blame(path: $path) {
+                ranges {
+                  commit {
+                    author {
+                      user {
+                        name
+                        login
+                      }
+                    }
+                    authoredDate
+                  }
+                  startingLine
+                  endingLine
+                  age
+                }
+              }
+            }
+            
+          }
+        }
+      }
+    `;
+var githubUrlRegex = /^http[s]?:\/\/[^/\s]+\/([^/.\s]+\/[^/.\s]+)(\.git)?(\/)?$/i;
+function getOktoKit(options) {
+  const token = options?.githubAuthToken ?? GITHUB_API_TOKEN ?? "";
+  return new Octokit({ auth: token });
+}
+async function githubValidateParams(url, accessToken) {
+  try {
+    const oktoKit = getOktoKit({ githubAuthToken: accessToken });
+    if (accessToken) {
+      await oktoKit.rest.users.getAuthenticated();
+    }
+    if (url) {
+      const { owner, repo } = parseOwnerAndRepo(url);
+      await oktoKit.rest.repos.get({ repo, owner });
+    }
+  } catch (e) {
+    const error = e;
+    const code = error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    if (code === 401 || code === 403) {
+      throw new InvalidAccessTokenError(`invalid github access token`);
+    }
+    if (code === 404) {
+      throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
+    }
+    throw e;
+  }
+}
+async function getGithubUsername(accessToken) {
+  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
+  const res = await oktoKit.rest.users.getAuthenticated();
+  return res.data.login;
+}
+async function getGithubIsUserCollaborator(username, accessToken, repoUrl) {
+  try {
+    const { owner, repo } = parseOwnerAndRepo(repoUrl);
+    const oktoKit = getOktoKit({ githubAuthToken: accessToken });
+    const res = await oktoKit.rest.repos.checkCollaborator({
+      owner,
+      repo,
+      username
+    });
+    if (res.status === 204) {
+      return true;
+    }
+  } catch (e) {
+    return false;
+  }
+  return false;
+}
+async function getGithubPullRequestStatus(accessToken, repoUrl, prNumber) {
+  const { owner, repo } = parseOwnerAndRepo(repoUrl);
+  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
+  const res = await oktoKit.rest.pulls.get({
+    owner,
+    repo,
+    pull_number: prNumber
+  });
+  if (res.data.merged) {
+    return "merged";
+  }
+  if (res.data.draft) {
+    return "draft";
+  }
+  return res.data.state;
+}
+async function getGithubIsRemoteBranch(accessToken, repoUrl, branch) {
+  const { owner, repo } = parseOwnerAndRepo(repoUrl);
+  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
+  try {
+    const res = await oktoKit.rest.repos.getBranch({
+      owner,
+      repo,
+      branch
+    });
+    return branch === res.data.name;
+  } catch (e) {
+    return false;
+  }
+}
+async function getGithubRepoList(accessToken) {
+  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
+  try {
+    const githubRepos = await getRepos(oktoKit);
+    return githubRepos.map(
+      (repo) => {
+        const repoLanguages = [];
+        if (repo.language) {
+          repoLanguages.push(repo.language);
+        }
+        return {
+          repoName: repo.name,
+          repoUrl: repo.html_url,
+          repoOwner: repo.owner.login,
+          repoLanguages,
+          repoIsPublic: !repo.private,
+          repoUpdatedAt: repo.updated_at
+        };
+      }
+    );
+  } catch (e) {
+    if (e instanceof RequestError && e.status === 401) {
+      return [];
+    }
+    if (e instanceof RequestError && e.status === 404) {
+      return [];
+    }
+    throw e;
+  }
+}
+async function getGithubBranchList(accessToken, repoUrl) {
+  const { owner, repo } = parseOwnerAndRepo(repoUrl);
+  const oktoKit = getOktoKit({ githubAuthToken: accessToken });
+  const res = await oktoKit.rest.repos.listBranches({
+    owner,
+    repo,
+    per_page: 1e3,
+    page: 1
+  });
+  return res.data.map((branch) => branch.name);
+}
+async function createPullRequest(options) {
+  const { owner, repo } = parseOwnerAndRepo(options.repoUrl);
+  const oktoKit = getOktoKit({ githubAuthToken: options.accessToken });
+  const res = await oktoKit.rest.pulls.create({
+    owner,
+    repo,
+    title: options.title,
+    body: options.body,
+    head: options.sourceBranchName,
+    base: options.targetBranchName,
+    draft: false,
+    maintainer_can_modify: true
+  });
+  return res.data.number;
+}
+async function getRepos(oktoKit) {
+  const res = await oktoKit.request("GET /user/repos?sort=updated", {
+    headers: {
+      "X-GitHub-Api-Version": "2022-11-28",
+      per_page: 100
+    }
+  });
+  return res.data;
+}
+async function getGithubRepoDefaultBranch(repoUrl, options) {
+  const oktoKit = getOktoKit(options);
+  const { owner, repo } = parseOwnerAndRepo(repoUrl);
+  return (await oktoKit.rest.repos.get({ repo, owner })).data.default_branch;
+}
+async function getGithubReferenceData({ ref, gitHubUrl }, options) {
+  const { owner, repo } = parseOwnerAndRepo(gitHubUrl);
+  let res;
+  try {
+    const oktoKit = getOktoKit(options);
+    res = await Promise.any([
+      getBranch({ owner, repo, branch: ref }, oktoKit).then((result) => ({
+        date: result.data.commit.commit.committer?.date ? new Date(result.data.commit.commit.committer?.date) : void 0,
+        type: "BRANCH" /* BRANCH */,
+        sha: result.data.commit.sha
+      })),
+      getCommit({ commitSha: ref, repo, owner }, oktoKit).then((commit) => ({
+        date: new Date(commit.data.committer.date),
+        type: "COMMIT" /* COMMIT */,
+        sha: commit.data.sha
+      })),
+      getTagDate({ owner, repo, tag: ref }, oktoKit).then((data) => ({
+        date: new Date(data.date),
+        type: "TAG" /* TAG */,
+        sha: data.sha
+      }))
+    ]);
+    return res;
+  } catch (e) {
+    if (e instanceof AggregateError) {
+      throw new RefNotFoundError(`ref: ${ref} does not exist`);
+    }
+    throw e;
+  }
+}
+async function getBranch({ branch, owner, repo }, oktoKit) {
+  return oktoKit.rest.repos.getBranch({
+    branch,
+    owner,
+    repo
+  });
+}
+async function getTagDate({ tag, owner, repo }, oktoKit) {
+  const refResponse = await oktoKit.rest.git.getRef({
+    ref: `tags/${tag}`,
+    owner,
+    repo
+  });
+  const tagSha = refResponse.data.object.sha;
+  if (refResponse.data.object.type === "commit") {
+    const res2 = await oktoKit.rest.git.getCommit({
+      commit_sha: tagSha,
+      owner,
+      repo
+    });
+    return {
+      date: res2.data.committer.date,
+      sha: res2.data.sha
+    };
+  }
+  const res = await oktoKit.rest.git.getTag({
+    tag_sha: tagSha,
+    owner,
+    repo
+  });
+  return {
+    date: res.data.tagger.date,
+    sha: res.data.sha
+  };
+}
+async function getCommit({
+  commitSha,
+  owner,
+  repo
+}, oktoKit) {
+  return oktoKit.rest.git.getCommit({
+    repo,
+    owner,
+    commit_sha: commitSha
+  });
+}
+function parseOwnerAndRepo(gitHubUrl) {
+  gitHubUrl = removeTrailingSlash(gitHubUrl);
+  if (!githubUrlRegex.test(gitHubUrl)) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  }
+  const groups = gitHubUrl.split(githubUrlRegex).filter((res) => res);
+  const ownerAndRepo = groups[0]?.split("/");
+  const owner = ownerAndRepo?.at(0);
+  const repo = ownerAndRepo?.at(1);
+  if (!owner || !repo) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  }
+  return { owner, repo };
+}
+async function queryGithubGraphql(query, variables, options) {
+  const token = options?.githubAuthToken ?? GITHUB_API_TOKEN ?? "";
+  const parameters = variables ?? {};
+  const authorizationHeader = {
+    headers: {
+      authorization: `bearer ${token}`
+    }
+  };
+  try {
+    const oktoKit = getOktoKit(options);
+    const res = await oktoKit.graphql(query, {
+      ...parameters,
+      ...authorizationHeader
+    });
+    return res;
+  } catch (e) {
+    if (e instanceof RequestError) {
+      return null;
+    }
+    throw e;
+  }
+}
+async function getGithubBlameRanges({ ref, gitHubUrl, path: path7 }, options) {
+  const { owner, repo } = parseOwnerAndRepo(gitHubUrl);
+  const variables = {
+    owner,
+    repo,
+    path: path7,
+    ref
+  };
+  const res = await queryGithubGraphql(
+    GetBlameDocument,
+    variables,
+    options
+  );
+  if (!res?.repository?.object?.blame?.ranges) {
+    return [];
+  }
+  return res.repository.object.blame.ranges.map((range) => ({
+    startingLine: range.startingLine,
+    endingLine: range.endingLine,
+    email: range.commit.author.user.email,
+    name: range.commit.author.user.name,
+    login: range.commit.author.user.login
+  }));
+}
+
+// src/features/analysis/scm/scmSubmit.ts
+import fs2 from "node:fs/promises";
+import os from "os";
+import path4 from "path";
+import { simpleGit as simpleGit2 } from "simple-git";
+import { z as z4 } from "zod";
+var isValidBranchName = async (branchName) => {
+  const git = simpleGit2();
+  try {
+    const res = await git.raw(["check-ref-format", "--branch", branchName]);
+    if (res) {
+      return true;
+    }
+    return false;
+  } catch (e) {
+    return false;
+  }
+};
+var SubmitFixesMessageZ = z4.object({
+  submitFixRequestId: z4.string().uuid(),
+  fixes: z4.array(
+    z4.object({
+      fixId: z4.string().uuid(),
+      diff: z4.string()
+    })
+  ),
+  branchName: z4.string(),
+  commitHash: z4.string(),
+  targetBranch: z4.string(),
+  repoUrl: z4.string()
+});
+var FixResponseArrayZ = z4.array(
+  z4.object({
+    fixId: z4.string().uuid()
+  })
+);
+var SubmitFixesResponseMessageZ = z4.object({
+  submitFixRequestId: z4.string().uuid(),
+  submitBranches: z4.array(
+    z4.object({
+      branchName: z4.string(),
+      fixes: FixResponseArrayZ
+    })
+  ),
+  error: z4.object({
+    type: z4.enum([
+      "InitialRepoAccessError",
+      "PushBranchError",
+      "UnknownError"
+    ]),
+    info: z4.object({
+      message: z4.string(),
+      pushBranchName: z4.string().optional()
+    })
+  }).optional()
+});
+
+// src/features/analysis/scm/scm.ts
+function getScmLibTypeFromUrl(url) {
+  if (!url) {
+    return void 0;
+  }
+  if (url.toLowerCase().startsWith("https://gitlab.com/")) {
+    return "GITLAB" /* GITLAB */;
+  }
+  if (url.toLowerCase().startsWith("https://github.com/")) {
+    return "GITHUB" /* GITHUB */;
+  }
+  return void 0;
+}
+async function scmCanReachRepo({
+  repoUrl,
+  githubToken,
+  gitlabToken
+}) {
+  try {
+    const scmLibType = getScmLibTypeFromUrl(repoUrl);
+    await SCMLib.init({
+      url: repoUrl,
+      accessToken: scmLibType === "GITHUB" /* GITHUB */ ? githubToken : scmLibType === "GITLAB" /* GITLAB */ ? gitlabToken : "",
+      scmType: scmLibType
+    });
+    return true;
+  } catch (e) {
+    return false;
+  }
+}
+var InvalidRepoUrlError = class extends Error {
+  constructor(m) {
+    super(m);
+  }
+};
+var InvalidAccessTokenError = class extends Error {
+  constructor(m) {
+    super(m);
+  }
+};
+var InvalidUrlPatternError = class extends Error {
+  constructor(m) {
+    super(m);
+  }
+};
+var RefNotFoundError = class extends Error {
+  constructor(m) {
+    super(m);
+  }
+};
+var RepoNoTokenAccessError = class extends Error {
+  constructor(m) {
+    super(m);
+  }
+};
+var SCMLib = class {
+  constructor(url, accessToken) {
+    __publicField(this, "url");
+    __publicField(this, "accessToken");
+    this.accessToken = accessToken;
+    this.url = url;
+  }
+  async getUrlWithCredentials() {
+    if (!this.url) {
+      console.error("no url for getUrlWithCredentials()");
+      throw new Error("no url");
+    }
+    const trimmedUrl = this.url.trim().replace(/\/$/, "");
+    if (!this.accessToken) {
+      return trimmedUrl;
+    }
+    const username = await this._getUsernameForAuthUrl();
+    const is_http = trimmedUrl.toLowerCase().startsWith("http://");
+    const is_https = trimmedUrl.toLowerCase().startsWith("https://");
+    if (is_http) {
+      return `http://${username}:${this.accessToken}@${trimmedUrl.toLowerCase().replace("http://", "")}`;
+    } else if (is_https) {
+      return `https://${username}:${this.accessToken}@${trimmedUrl.toLowerCase().replace("https://", "")}`;
+    } else {
+      console.error(`invalid scm url ${trimmedUrl}`);
+      throw new Error(`invalid scm url ${trimmedUrl}`);
+    }
+  }
+  getAccessToken() {
+    return this.accessToken || "";
+  }
+  getUrl() {
+    return this.url;
+  }
+  getName() {
+    if (!this.url) {
+      return "";
+    }
+    return this.url.split("/").at(-1) || "";
+  }
+  static async getIsValidBranchName(branchName) {
+    return isValidBranchName(branchName);
+  }
+  static async init({
+    url,
+    accessToken,
+    scmType
+  }) {
+    let trimmedUrl = void 0;
+    if (url) {
+      trimmedUrl = url.trim().replace(/\/$/, "");
+    }
+    try {
+      if ("GITHUB" /* GITHUB */ === scmType) {
+        const scm = new GithubSCMLib(trimmedUrl, accessToken);
+        await scm.validateParams();
+        return scm;
+      }
+      if ("GITLAB" /* GITLAB */ === scmType) {
+        const scm = new GitlabSCMLib(trimmedUrl, accessToken);
+        await scm.validateParams();
+        return scm;
+      }
+    } catch (e) {
+      if (e instanceof InvalidRepoUrlError && url) {
+        throw new RepoNoTokenAccessError("no access to repo");
+      }
+    }
+    return new StubSCMLib(trimmedUrl);
+  }
+};
+var GitlabSCMLib = class extends SCMLib {
+  async createSubmitRequest(targetBranchName, sourceBranchName, title, body) {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    return String(
+      await createMergeRequest({
+        title,
+        body,
+        targetBranchName,
+        sourceBranchName,
+        repoUrl: this.url,
+        accessToken: this.accessToken
+      })
+    );
+  }
+  async validateParams() {
+    return gitlabValidateParams({
+      url: this.url,
+      accessToken: this.accessToken
+    });
+  }
+  async getRepoList() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+    return getGitlabRepoList(this.accessToken);
+  }
+  async getBranchList() {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    return getGitlabBranchList({
+      accessToken: this.accessToken,
+      repoUrl: this.url
+    });
+  }
+  getAuthHeaders() {
+    if (this?.accessToken?.startsWith("glpat-")) {
+      return {
+        "Private-Token": this.accessToken
+      };
+    } else {
+      return { authorization: `Bearer ${this.accessToken}` };
+    }
+  }
+  getDownloadUrl(sha) {
+    const repoName = this.url?.split("/")[-1];
+    return `${this.url}/-/archive/${sha}/${repoName}-${sha}.zip`;
+  }
+  async _getUsernameForAuthUrl() {
+    if (this?.accessToken?.startsWith("glpat-")) {
+      return this.getUsername();
+    } else {
+      return "oauth2";
+    }
+  }
+  async getIsRemoteBranch(branch) {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    return getGitlabIsRemoteBranch({
+      accessToken: this.accessToken,
+      repoUrl: this.url,
+      branch
+    });
+  }
+  async getUserHasAccessToRepo() {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    const username = await this.getUsername();
+    return getGitlabIsUserCollaborator({
+      username,
+      accessToken: this.accessToken,
+      repoUrl: this.url
+    });
+  }
+  async getUsername() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+    return getGitlabUsername(this.accessToken);
+  }
+  async getSubmitRequestStatus(scmSubmitRequestId) {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    const state = await getGitlabMergeRequestStatus({
+      accessToken: this.accessToken,
+      repoUrl: this.url,
+      mrNumber: Number(scmSubmitRequestId)
+    });
+    switch (state) {
+      case "merged" /* merged */:
+        return "MERGED" /* MERGED */;
+      case "opened" /* opened */:
+        return "OPEN" /* OPEN */;
+      case "closed" /* closed */:
+        return "CLOSED" /* CLOSED */;
+      default:
+        throw new Error(`unknown state ${state}`);
+    }
+  }
+  async getRepoBlameRanges(ref, path7) {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    return await getGitlabBlameRanges(
+      { ref, path: path7, gitlabUrl: this.url },
+      {
+        gitlabAuthToken: this.accessToken
+      }
+    );
+  }
+  async getReferenceData(ref) {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    return await getGitlabReferenceData(
+      { ref, gitlabUrl: this.url },
+      {
+        gitlabAuthToken: this.accessToken
+      }
+    );
+  }
+  async getRepoDefaultBranch() {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    return await getGitlabRepoDefaultBranch(this.url, {
+      gitlabAuthToken: this.accessToken
+    });
+  }
+};
+var GithubSCMLib = class extends SCMLib {
+  async createSubmitRequest(targetBranchName, sourceBranchName, title, body) {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    return String(
+      await createPullRequest({
+        title,
+        body,
+        targetBranchName,
+        sourceBranchName,
+        repoUrl: this.url,
+        accessToken: this.accessToken
+      })
+    );
+  }
+  async validateParams() {
+    return githubValidateParams(this.url, this.accessToken);
+  }
+  async getRepoList() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+    return getGithubRepoList(this.accessToken);
+  }
+  async getBranchList() {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    return getGithubBranchList(this.accessToken, this.url);
+  }
+  getAuthHeaders() {
+    if (this.accessToken) {
+      return { authorization: `Bearer ${this.accessToken}` };
+    }
+    return {};
+  }
+  getDownloadUrl(sha) {
+    return `${this.url}/zipball/${sha}`;
+  }
+  async _getUsernameForAuthUrl() {
+    return this.getUsername();
+  }
+  async getIsRemoteBranch(branch) {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    return getGithubIsRemoteBranch(this.accessToken, this.url, branch);
+  }
+  async getUserHasAccessToRepo() {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    const username = await this.getUsername();
+    return getGithubIsUserCollaborator(username, this.accessToken, this.url);
+  }
+  async getUsername() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+    return getGithubUsername(this.accessToken);
+  }
+  async getSubmitRequestStatus(scmSubmitRequestId) {
+    if (!this.accessToken || !this.url) {
+      console.error("no access token or no url");
+      throw new Error("no access token or no url");
+    }
+    const state = await getGithubPullRequestStatus(
+      this.accessToken,
+      this.url,
+      Number(scmSubmitRequestId)
+    );
+    if (state === "merged") {
+      return "MERGED" /* MERGED */;
+    }
+    if (state === "open") {
+      return "OPEN" /* OPEN */;
+    }
+    if (state === "draft") {
+      return "DRAFT" /* DRAFT */;
+    }
+    if (state === "closed") {
+      return "CLOSED" /* CLOSED */;
+    }
+    throw new Error(`unknown state ${state}`);
+  }
+  async getRepoBlameRanges(ref, path7) {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    return await getGithubBlameRanges(
+      { ref, path: path7, gitHubUrl: this.url },
+      {
+        githubAuthToken: this.accessToken
+      }
+    );
+  }
+  async getReferenceData(ref) {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    return await getGithubReferenceData(
+      { ref, gitHubUrl: this.url },
+      {
+        githubAuthToken: this.accessToken
+      }
+    );
+  }
+  async getRepoDefaultBranch() {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    return await getGithubRepoDefaultBranch(this.url, {
+      githubAuthToken: this.accessToken
+    });
+  }
+};
+var StubSCMLib = class extends SCMLib {
+  async createSubmitRequest(_targetBranchName, _sourceBranchName, _title, _body) {
+    console.error("createSubmitRequest() not implemented");
+    throw new Error("createSubmitRequest() not implemented");
+  }
+  getAuthHeaders() {
+    console.error("getAuthHeaders() not implemented");
+    throw new Error("getAuthHeaders() not implemented");
+  }
+  getDownloadUrl(_sha) {
+    console.error("getDownloadUrl() not implemented");
+    throw new Error("getDownloadUrl() not implemented");
+  }
+  async _getUsernameForAuthUrl() {
+    console.error("_getUsernameForAuthUrl() not implemented");
+    throw new Error("_getUsernameForAuthUrl() not implemented");
+  }
+  async getIsRemoteBranch(_branch) {
+    console.error("getIsRemoteBranch() not implemented");
+    throw new Error("getIsRemoteBranch() not implemented");
+  }
+  async validateParams() {
+    console.error("validateParams() not implemented");
+    throw new Error("validateParams() not implemented");
+  }
+  async getRepoList() {
+    console.error("getBranchList() not implemented");
+    throw new Error("getBranchList() not implemented");
+  }
+  async getBranchList() {
+    console.error("getBranchList() not implemented");
+    throw new Error("getBranchList() not implemented");
+  }
+  async getUsername() {
+    console.error("getUsername() not implemented");
+    throw new Error("getUsername() not implemented");
+  }
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
+    console.error("getSubmitRequestStatus() not implemented");
+    throw new Error("getSubmitRequestStatus() not implemented");
+  }
+  async getUserHasAccessToRepo() {
+    console.error("getUserHasAccessToRepo() not implemented");
+    throw new Error("getUserHasAccessToRepo() not implemented");
+  }
+  async getRepoBlameRanges(_ref, _path) {
+    console.error("getRepoBlameRanges() not implemented");
+    throw new Error("getRepoBlameRanges() not implemented");
+  }
+  async getReferenceData(_ref) {
+    console.error("getReferenceData() not implemented");
+    throw new Error("getReferenceData() not implemented");
+  }
+  async getRepoDefaultBranch() {
+    console.error("getRepoDefaultBranch() not implemented");
+    throw new Error("getRepoDefaultBranch() not implemented");
+  }
+};
+
+// src/features/analysis/scm/gitlab.ts
+function removeTrailingSlash2(str) {
+  return str.trim().replace(/\/+$/, "");
+}
+var EnvVariablesZod2 = z5.object({
+  GITLAB_API_TOKEN: z5.string().optional()
+});
+var { GITLAB_API_TOKEN } = EnvVariablesZod2.parse(process.env);
+var gitlabUrlRegex = /^http[s]?:\/\/[^/\s]+\/(([^/.\s]+[/])+)([^/.\s]+)(\.git)?(\/)?$/i;
+function getGitBeaker(options) {
+  const token = options?.gitlabAuthToken ?? GITLAB_API_TOKEN ?? "";
+  if (token?.startsWith("glpat-") || token === "") {
+    return new Gitlab({ token });
+  }
+  return new Gitlab({ oauthToken: token });
+}
+async function gitlabValidateParams({
+  url,
+  accessToken
+}) {
+  try {
+    const api = getGitBeaker({ gitlabAuthToken: accessToken });
+    if (accessToken) {
+      await api.Users.showCurrentUser();
+    }
+    if (url) {
+      const { projectPath } = parseOwnerAndRepo2(url);
+      await api.Projects.show(projectPath);
+    }
+  } catch (e) {
+    const error = e;
+    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
+      throw new InvalidAccessTokenError(`invalid gitlab access token`);
+    }
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
+      throw new InvalidRepoUrlError(`invalid gitlab repo Url ${url}`);
+    }
+    throw e;
+  }
+}
+async function getGitlabUsername(accessToken) {
+  const api = getGitBeaker({ gitlabAuthToken: accessToken });
+  const res = await api.Users.showCurrentUser();
+  return res.username;
+}
+async function getGitlabIsUserCollaborator({
+  username,
+  accessToken,
+  repoUrl
+}) {
+  try {
+    const { projectPath } = parseOwnerAndRepo2(repoUrl);
+    const api = getGitBeaker({ gitlabAuthToken: accessToken });
+    const res = await api.Projects.show(projectPath);
+    const members = await api.ProjectMembers.all(res.id, {
+      includeInherited: true
+    });
+    return !!members.find((member) => member.username === username);
+  } catch (e) {
+    return false;
+  }
+}
+async function getGitlabMergeRequestStatus({
+  accessToken,
+  repoUrl,
+  mrNumber
+}) {
+  const { projectPath } = parseOwnerAndRepo2(repoUrl);
+  const api = getGitBeaker({ gitlabAuthToken: accessToken });
+  const res = await api.MergeRequests.show(projectPath, mrNumber);
+  switch (res.state) {
+    case "merged" /* merged */:
+    case "opened" /* opened */:
+    case "closed" /* closed */:
+      return res.state;
+    default:
+      throw new Error(`unknown merge request state ${res.state}`);
+  }
+}
+async function getGitlabIsRemoteBranch({
+  accessToken,
+  repoUrl,
+  branch
+}) {
+  const { projectPath } = parseOwnerAndRepo2(repoUrl);
+  const api = getGitBeaker({ gitlabAuthToken: accessToken });
+  try {
+    const res = await api.Branches.show(projectPath, branch);
+    return res.name === branch;
+  } catch (e) {
+    return false;
+  }
+}
+async function getGitlabRepoList(accessToken) {
+  const api = getGitBeaker({ gitlabAuthToken: accessToken });
+  const res = await api.Projects.all({
+    membership: true,
+    //TODO: a bug in the sorting mechanism of this api call
+    //disallows us to sort by updated_at in descending order
+    //so we have to sort by updated_at in ascending order.
+    //We can wait for the bug to be fixed or call the api
+    //directly with fetch()
+    sort: "asc",
+    orderBy: "updated_at",
+    pagination: "keyset",
+    perPage: 100
+  });
+  return Promise.all(
+    res.map(async (project) => {
+      const proj = await api.Projects.show(project.id);
+      const owner = proj.owner.name;
+      const repoLanguages = await api.Projects.showLanguages(project.id);
+      return {
+        repoName: project.path,
+        repoUrl: project.web_url,
+        repoOwner: owner,
+        repoLanguages: Object.keys(repoLanguages),
+        repoIsPublic: project.visibility === "public",
+        repoUpdatedAt: project.last_activity_at
+      };
+    })
+  );
+}
+async function getGitlabBranchList({
+  accessToken,
+  repoUrl
+}) {
+  const { projectPath } = parseOwnerAndRepo2(repoUrl);
+  const api = getGitBeaker({ gitlabAuthToken: accessToken });
+  try {
+    const res = await api.Branches.all(projectPath, {
+      perPage: 100,
+      pagination: "keyset",
+      orderBy: "updated_at",
+      sort: "dec"
+    });
+    return res.map((branch) => branch.name);
+  } catch (e) {
+    return [];
+  }
+}
+async function createMergeRequest(options) {
+  const { projectPath } = parseOwnerAndRepo2(options.repoUrl);
+  const api = getGitBeaker({ gitlabAuthToken: options.accessToken });
+  const res = await api.MergeRequests.create(
+    projectPath,
+    options.sourceBranchName,
+    options.targetBranchName,
+    options.title,
+    {
+      description: options.body
+    }
+  );
+  return res.iid;
+}
+async function getGitlabRepoDefaultBranch(repoUrl, options) {
+  const api = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const { projectPath } = parseOwnerAndRepo2(repoUrl);
+  const project = await api.Projects.show(projectPath);
+  if (!project.default_branch) {
+    throw new Error("no default branch");
+  }
+  return project.default_branch;
+}
+async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
+  const { projectPath } = parseOwnerAndRepo2(gitlabUrl);
+  const api = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const results = await Promise.allSettled([
+    (async () => {
+      const res = await api.Branches.show(projectPath, ref);
+      return {
+        sha: res.commit.id,
+        type: "BRANCH" /* BRANCH */,
+        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
+      };
+    })(),
+    (async () => {
+      const res = await api.Commits.show(projectPath, ref);
+      return {
+        sha: res.id,
+        type: "COMMIT" /* COMMIT */,
+        date: res.committed_date ? new Date(res.committed_date) : void 0
+      };
+    })(),
+    (async () => {
+      const res = await api.Tags.show(projectPath, ref);
+      return {
+        sha: res.commit.id,
+        type: "TAG" /* TAG */,
+        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
+      };
+    })()
+  ]);
+  const [branchRes, commitRes, tagRes] = results;
+  if (tagRes.status === "fulfilled") {
+    return tagRes.value;
+  }
+  if (branchRes.status === "fulfilled") {
+    return branchRes.value;
+  }
+  if (commitRes.status === "fulfilled") {
+    return commitRes.value;
+  }
+  throw new RefNotFoundError(`ref: ${ref} does not exist`);
+}
+function parseOwnerAndRepo2(gitlabUrl) {
+  gitlabUrl = removeTrailingSlash2(gitlabUrl);
+  if (!gitlabUrlRegex.test(gitlabUrl)) {
+    throw new InvalidUrlPatternError(`invalid gitlab repo Url ${gitlabUrl}`);
+  }
+  const groups = gitlabUrl.split(gitlabUrlRegex).filter((res) => res);
+  const owner = groups[0]?.split("/")[0];
+  const repo = groups[2];
+  const projectPath = `${groups[0]}${repo}`;
+  return { owner, repo, projectPath };
+}
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path7 }, options) {
+  const { projectPath } = parseOwnerAndRepo2(gitlabUrl);
+  const api = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const resp = await api.RepositoryFiles.allFileBlames(projectPath, path7, ref);
+  let lineNumber = 1;
+  return resp.filter((range) => range.lines).map((range) => {
+    const oldLineNumber = lineNumber;
+    if (!range.lines) {
+      throw new Error("range.lines should not be undefined");
+    }
+    lineNumber += range.lines.length;
+    return {
+      startingLine: oldLineNumber,
+      endingLine: lineNumber - 1,
+      login: range.commit.author_email,
+      email: range.commit.author_email,
+      name: range.commit.author_name
+    };
+  });
+}
+var GitlabAuthResultZ = z5.object({
+  access_token: z5.string(),
+  token_type: z5.string(),
+  refresh_token: z5.string()
+});
+
+// src/features/analysis/snyk.ts
+import cp from "node:child_process";
+import { createRequire } from "node:module";
+import chalk from "chalk";
+import Debug5 from "debug";
+import { createSpinner as createSpinner2 } from "nanospinner";
+import open from "open";
+import * as process2 from "process";
+import supportsColor from "supports-color";
+var { stdout: stdout2 } = supportsColor;
+var debug5 = Debug5("mobbdev:snyk");
+var require2 = createRequire(import.meta.url);
+var SNYK_PATH = require2.resolve("snyk/bin/snyk");
+var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-application-code/snyk-code/getting-started-with-snyk-code/activating-snyk-code-using-the-web-ui/step-1-enabling-the-snyk-code-option";
+debug5("snyk executable path %s", SNYK_PATH);
+async function forkSnyk(args, { display }) {
+  debug5("fork snyk with args %o %s", args, display);
+  return new Promise((resolve, reject) => {
+    const child = cp.fork(SNYK_PATH, args, {
+      stdio: ["inherit", "pipe", "pipe", "ipc"],
+      env: { FORCE_COLOR: stdout2 ? "1" : "0" }
+    });
+    let out = "";
+    const onData = (chunk) => {
+      debug5("chunk received from snyk std %s", chunk);
+      out += chunk;
+    };
+    if (!child || !child?.stdout || !child?.stderr) {
+      debug5("unable to fork snyk");
+      reject(new Error("unable to fork snyk"));
+    }
+    child.stdout?.on("data", onData);
+    child.stderr?.on("data", onData);
+    if (display) {
+      child.stdout?.pipe(process2.stdout);
+      child.stderr?.pipe(process2.stderr);
+    }
+    child.on("exit", () => {
+      debug5("snyk exit");
+      resolve(out);
+    });
+    child.on("error", (err) => {
+      debug5("snyk error %o", err);
+      reject(err);
+    });
+  });
+}
+async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
+  debug5("get snyk report start %s %s", reportPath, repoRoot);
+  const config3 = await forkSnyk(["config"], { display: false });
+  if (!config3.includes("api: ")) {
+    const snykLoginSpinner = createSpinner2().start();
+    if (!skipPrompts) {
+      snykLoginSpinner.update({
+        text: "\u{1F513} Login to Snyk is required, press any key to continue"
+      });
+      await keypress();
+    }
+    snykLoginSpinner.update({
+      text: "\u{1F513} Waiting for Snyk login to complete"
+    });
+    debug5("no token in the config %s", config3);
+    await forkSnyk(["auth"], { display: true });
+    snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
+  }
+  const snykSpinner = createSpinner2("\u{1F50D} Scanning your repo with Snyk ").start();
+  const out = await forkSnyk(
+    ["code", "test", `--sarif-file-output=${reportPath}`, repoRoot],
+    { display: true }
+  );
+  if (out.includes(
+    "Snyk Code is not supported for org: enable in Settings > Snyk Code"
+  )) {
+    debug5("snyk code is not enabled %s", out);
+    snykSpinner.error({ text: "\u{1F50D} Snyk configuration needed" });
+    const answer = await snykArticlePrompt();
+    debug5("answer %s", answer);
+    if (answer) {
+      debug5("opening the browser");
+      await open(SNYK_ARTICLE_URL);
+    }
+    console.log(
+      chalk.bgBlue(
+        "\nPlease enable Snyk Code in your Snyk account and try again."
+      )
+    );
+    return false;
+  }
+  snykSpinner.success({ text: "\u{1F50D} Snyk code scan completed" });
+  return true;
+}
+
+// src/features/analysis/upload-file.ts
+import Debug6 from "debug";
+import fetch2, { File, fileFrom, FormData } from "node-fetch";
+var debug6 = Debug6("mobbdev:upload-file");
+async function uploadFile({
+  file,
+  url,
+  uploadKey,
+  uploadFields
+}) {
+  debug6("upload file start %s", url);
+  debug6("upload fields %o", uploadFields);
+  debug6("upload key %s", uploadKey);
+  const form = new FormData();
+  Object.entries(uploadFields).forEach(([key, value]) => {
+    form.append(key, value);
+  });
+  form.append("key", uploadKey);
+  if (typeof file === "string") {
+    debug6("upload file from path %s", file);
+    form.append("file", await fileFrom(file));
+  } else {
+    debug6("upload file from buffer");
+    form.append("file", new File([file], "file"));
+  }
+  const response = await fetch2(url, {
+    method: "POST",
+    body: form
+  });
+  if (!response.ok) {
+    debug6("error from S3 %s %s", response.body, response.status);
+    throw new Error(`Failed to upload the file: ${response.status}`);
+  }
+  debug6("upload file done");
+}
+
+// src/features/analysis/index.ts
+var { CliError: CliError2, Spinner: Spinner2, keypress: keypress2, getDirName: getDirName2 } = utils_exports;
+var webLoginUrl = `${WEB_APP_URL}/cli-login`;
+var githubAuthUrl = `${WEB_APP_URL}/github-auth`;
+var gitlabAuthUrl = `${WEB_APP_URL}/gitlab-auth`;
+async function downloadRepo({
+  repoUrl,
+  authHeaders,
+  downloadUrl,
+  dirname,
+  ci
+}) {
+  const { createSpinner: createSpinner3 } = Spinner2({ ci });
+  const repoSpinner = createSpinner3("\u{1F4BE} Downloading Repo").start();
+  debug7("download repo %s %s %s", repoUrl, dirname);
+  const zipFilePath = path5.join(dirname, "repo.zip");
+  const response = await fetch3(downloadUrl, {
+    method: "GET",
+    headers: {
+      ...authHeaders
+    }
+  });
+  if (!response.ok) {
+    debug7("SCM zipball request failed %s %s", response.body, response.status);
+    repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
+    throw new Error(`Can't access ${chalk2.bold(repoUrl)}`);
+  }
+  const fileWriterStream = fs3.createWriteStream(zipFilePath);
+  if (!response.body) {
+    throw new Error("Response body is empty");
+  }
+  await pipeline(response.body, fileWriterStream);
+  await extract(zipFilePath, { dir: dirname });
+  const repoRoot = fs3.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
+  if (!repoRoot) {
+    throw new Error("Repo root not found");
+  }
+  debug7("repo root %s", repoRoot);
+  repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
+  return path5.join(dirname, repoRoot);
+}
+var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
+var LOGIN_CHECK_DELAY = 5 * 1e3;
+var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk2.bgBlue(
+  "press any key to continue"
+)};`;
+var tmpObj = tmp.dirSync({
+  unsafeCleanup: true
+});
+var getReportUrl = ({
+  organizationId,
+  projectId,
+  fixReportId
+}) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
+var debug7 = Debug7("mobbdev:index");
+var packageJson = JSON.parse(
+  fs3.readFileSync(path5.join(getDirName2(), "../package.json"), "utf8")
+);
+if (!semver.satisfies(process.version, packageJson.engines.node)) {
+  throw new CliError2(
+    `${packageJson.name} requires node version ${packageJson.engines.node}, but running ${process.version}.`
+  );
+}
+var config2 = new Configstore(packageJson.name, { apiToken: "" });
+debug7("config %o", config2);
+async function runAnalysis(params, options) {
+  try {
+    await _scan(
+      {
+        ...params,
+        dirname: tmpObj.name
+      },
+      options
+    );
+  } finally {
+    tmpObj.removeCallback();
+  }
+}
+async function _scan({
+  dirname,
+  repo,
+  scanFile,
+  apiKey,
+  ci,
+  srcPath,
+  commitHash,
+  ref
+}, { skipPrompts = false } = {}) {
+  debug7("start %s %s", dirname, repo);
+  const { createSpinner: createSpinner3 } = Spinner2({ ci });
+  skipPrompts = skipPrompts || ci;
+  let gqlClient = new GQLClient({
+    apiKey: apiKey || config2.get("apiToken")
+  });
+  await handleMobbLogin();
+  const { projectId, organizationId } = await gqlClient.getOrgAndProjectId();
+  const {
+    uploadS3BucketInfo: { repoUploadInfo, reportUploadInfo }
+  } = await gqlClient.uploadS3BucketInfo();
+  let reportPath = scanFile;
+  if (srcPath) {
+    return await uploadExistingRepo();
+  }
+  if (!repo) {
+    throw new Error("repo is required in case srcPath is not provided");
+  }
+  const userInfo = await gqlClient.getUserInfo();
+  const { githubToken, gitlabToken } = userInfo;
+  const isRepoAvailable = await scmCanReachRepo({
+    repoUrl: repo,
+    githubToken,
+    gitlabToken
+  });
+  const scmLibType = getScmLibTypeFromUrl(repo);
+  const scmAuthUrl = scmLibType === "GITHUB" /* GITHUB */ ? githubAuthUrl : scmLibType === "GITLAB" /* GITLAB */ ? gitlabAuthUrl : void 0;
+  let token = scmLibType === "GITHUB" /* GITHUB */ ? githubToken : scmLibType === "GITLAB" /* GITLAB */ ? gitlabToken : void 0;
+  if (!isRepoAvailable) {
+    if (ci || !scmLibType || !scmAuthUrl) {
+      const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
+      throw new Error(errorMessage);
+    }
+    if (scmLibType && scmAuthUrl) {
+      token = await handleScmIntegration(token, scmLibType, scmAuthUrl) || "";
+      const isRepoAvailable2 = await scmCanReachRepo({
+        repoUrl: repo,
+        githubToken: token,
+        gitlabToken: token
+      });
+      if (!isRepoAvailable2) {
+        throw new Error(
+          `Cannot access repo ${repo} with the provided credentials`
+        );
+      }
+    }
+  }
+  const scm = await SCMLib.init({
+    url: repo,
+    accessToken: token,
+    scmType: scmLibType
+  });
+  const reference = ref ?? await scm.getRepoDefaultBranch();
+  const { sha } = await scm.getReferenceData(reference);
+  debug7("org id %s", organizationId);
+  debug7("project id %s", projectId);
+  debug7("default branch %s", reference);
+  const repositoryRoot = await downloadRepo({
+    repoUrl: repo,
+    dirname,
+    ci,
+    authHeaders: scm.getAuthHeaders(),
+    downloadUrl: scm.getDownloadUrl(sha)
+  });
+  if (!reportPath) {
+    reportPath = await getReportFromSnyk();
+  }
+  const uploadReportSpinner = createSpinner3("\u{1F4C1} Uploading Report").start();
+  try {
+    await uploadFile({
+      file: reportPath,
+      url: reportUploadInfo.url,
+      uploadFields: reportUploadInfo.uploadFields,
+      uploadKey: reportUploadInfo.uploadKey
+    });
+  } catch (e) {
+    uploadReportSpinner.error({ text: "\u{1F4C1} Report upload failed" });
+    throw e;
+  }
+  uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
+  const mobbSpinner = createSpinner3("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+  try {
+    await gqlClient.submitVulnerabilityReport({
+      fixReportId: reportUploadInfo.fixReportId,
+      repoUrl: repo,
+      reference,
+      projectId
+    });
+  } catch (e) {
+    mobbSpinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
+    throw e;
+  }
+  mobbSpinner.success({
+    text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Generating fixes..."
+  });
+  await askToOpenAnalysis();
+  async function getReportFromSnyk() {
+    const reportPath2 = path5.join(dirname, "report.json");
+    if (!await getSnykReport(reportPath2, repositoryRoot, { skipPrompts })) {
+      debug7("snyk code is not enabled");
+      throw new CliError2("Snyk code is not enabled");
+    }
+    return reportPath2;
+  }
+  async function askToOpenAnalysis() {
+    const reportUrl = getReportUrl({
+      organizationId,
+      projectId,
+      fixReportId: reportUploadInfo.fixReportId
+    });
+    !ci && console.log("You can access the report at: \n");
+    console.log(chalk2.bold(reportUrl));
+    !skipPrompts && await mobbAnalysisPrompt();
+    !ci && open2(reportUrl);
+    !ci && console.log(
+      chalk2.bgBlue("\n\n  My work here is done for now, see you soon! \u{1F575}\uFE0F\u200D\u2642\uFE0F  ")
+    );
+  }
+  async function handleMobbLogin() {
+    if (await gqlClient.verifyToken()) {
+      createSpinner3().start().success({
+        text: "\u{1F513} Logged in to Mobb successfully"
+      });
+      return;
+    } else if (apiKey) {
+      createSpinner3().start().error({
+        text: "\u{1F513} Logged in to Mobb failed - check your api-key"
+      });
+      throw new CliError2();
+    }
+    const loginSpinner = createSpinner3().start();
+    if (!skipPrompts) {
+      loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
+      await keypress2();
+    }
+    loginSpinner.update({
+      text: "\u{1F513} Waiting for Mobb login..."
+    });
+    const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+      modulusLength: 2048
+    });
+    const loginId = await gqlClient.createCliLogin({
+      publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
+    });
+    const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os2.hostname()}`;
+    !ci && console.log(
+      `If the page does not open automatically, kindly access it through ${browserUrl}.`
+    );
+    await open2(browserUrl);
+    let newApiToken = null;
+    for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+      const encryptedApiToken = await gqlClient.getEncryptedApiToken({
+        loginId
+      });
+      loginSpinner.spin();
+      if (encryptedApiToken) {
+        debug7("encrypted API token received %s", encryptedApiToken);
+        newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
+        debug7("API token decrypted");
+        break;
+      }
+      await sleep(LOGIN_CHECK_DELAY);
+    }
+    if (!newApiToken) {
+      loginSpinner.error({
+        text: "Login timeout error"
+      });
+      throw new CliError2();
+    }
+    gqlClient = new GQLClient({ apiKey: newApiToken });
+    if (await gqlClient.verifyToken()) {
+      debug7("set api token %s", newApiToken);
+      config2.set("apiToken", newApiToken);
+      loginSpinner.success({ text: "\u{1F513} Login to Mobb successful!" });
+    } else {
+      loginSpinner.error({
+        text: "Something went wrong, API token is invalid."
+      });
+      throw new CliError2();
+    }
+  }
+  async function handleScmIntegration(oldToken, scmLibType2, scmAuthUrl2) {
+    const scmName = scmLibType2 === "GITHUB" /* GITHUB */ ? "Github" : scmLibType2 === "GITLAB" /* GITLAB */ ? "Gitlab" : "";
+    const addScmIntegration = skipPrompts ? true : await scmIntegrationPrompt(scmName);
+    const scmSpinner = createSpinner3(
+      `\u{1F517} Waiting for ${scmName} integration...`
+    ).start();
+    if (!addScmIntegration) {
+      scmSpinner.error();
+      throw Error(`Could not reach ${scmName} repo`);
+    }
+    console.log(
+      `If the page does not open automatically, kindly access it through ${scmAuthUrl2}.`
+    );
+    await open2(scmAuthUrl2);
+    for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+      const { githubToken: githubToken2, gitlabToken: gitlabToken2 } = await gqlClient.getUserInfo();
+      if (scmLibType2 === "GITHUB" /* GITHUB */ && githubToken2 !== oldToken) {
+        scmSpinner.success({ text: "\u{1F517} Github integration successful!" });
+        return githubToken2;
+      }
+      if (scmLibType2 === "GITLAB" /* GITLAB */ && gitlabToken2 !== oldToken) {
+        scmSpinner.success({ text: "\u{1F517} Gitlab integration successful!" });
+        return gitlabToken2;
+      }
+      scmSpinner.spin();
+      await sleep(LOGIN_CHECK_DELAY);
+    }
+    scmSpinner.error({
+      text: `${scmName} login timeout error`
+    });
+    throw new CliError2(`${scmName} login timeout`);
+  }
+  async function uploadExistingRepo() {
+    if (!srcPath || !reportPath) {
+      throw new Error("src path and reportPath is required");
+    }
+    const gitInfo = await getGitInfo(srcPath);
+    const zippingSpinner = createSpinner3("\u{1F4E6} Zipping repo").start();
+    const zipBuffer = await pack(srcPath);
+    zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
+    const uploadReportSpinner2 = createSpinner3("\u{1F4C1} Uploading Report").start();
+    try {
+      await uploadFile({
+        file: reportPath,
+        url: reportUploadInfo.url,
+        uploadFields: reportUploadInfo.uploadFields,
+        uploadKey: reportUploadInfo.uploadKey
+      });
+    } catch (e) {
+      uploadReportSpinner2.error({ text: "\u{1F4C1} Report upload failed" });
+      throw e;
+    }
+    uploadReportSpinner2.success({
+      text: "\u{1F4C1} Uploading Report successful!"
+    });
+    const uploadRepoSpinner = createSpinner3("\u{1F4C1} Uploading Repo").start();
+    try {
+      await uploadFile({
+        file: zipBuffer,
+        url: repoUploadInfo.url,
+        uploadFields: repoUploadInfo.uploadFields,
+        uploadKey: repoUploadInfo.uploadKey
+      });
+    } catch (e) {
+      uploadRepoSpinner.error({ text: "\u{1F4C1} Repo upload failed" });
+      throw e;
+    }
+    uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
+    const mobbSpinner2 = createSpinner3("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
+    try {
+      await gqlClient.submitVulnerabilityReport({
+        fixReportId: reportUploadInfo.fixReportId,
+        repoUrl: repo || gitInfo.repoUrl,
+        reference: gitInfo.reference,
+        sha: commitHash || gitInfo.hash,
+        projectId
+      });
+    } catch (e) {
+      mobbSpinner2.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
+      throw e;
+    }
+    mobbSpinner2.success({
+      text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Generating fixes..."
+    });
+    await askToOpenAnalysis();
+  }
+}
+
+// src/commands/index.ts
+import chalkAnimation from "chalk-animation";
+async function analyze({ repo, f: scanFile, ref, apiKey, ci, commitHash, srcPath }, { skipPrompts = false } = {}) {
+  !ci && await showWelcomeMessage(skipPrompts);
+  await runAnalysis(
+    {
+      repo,
+      scanFile,
+      ref,
+      apiKey,
+      ci,
+      commitHash,
+      srcPath
+    },
+    { skipPrompts }
+  );
+}
+async function scan(scanOptions, { skipPrompts = false } = {}) {
+  const { scanner, ci } = scanOptions;
+  !ci && await showWelcomeMessage(skipPrompts);
+  const selectedScanner = scanner || await choseScanner();
+  if (selectedScanner !== SCANNERS.Snyk) {
+    throw new CliError(
+      "Vulnerability scanning via Bugsy is available only with Snyk at the moment. Additional scanners will follow soon."
+    );
+  }
+  await runAnalysis(
+    { ...scanOptions, scanner: selectedScanner },
+    { skipPrompts }
+  );
+}
+async function showWelcomeMessage(skipPrompts = false) {
+  console.log(mobbAscii);
+  const welcome = chalkAnimation.rainbow("\n			Welcome to Bugsy\n");
+  skipPrompts ? await sleep(100) : await sleep(2e3);
+  welcome.stop();
+}
+
+// src/args/commands/analyze.ts
+import chalk5 from "chalk";
+
+// src/args/options.ts
+import chalk3 from "chalk";
+var repoOption = {
+  alias: "r",
+  demandOption: true,
+  type: "string",
+  describe: chalk3.bold("Github / GitLab repository URL")
+};
+var yesOption = {
+  alias: "yes",
+  type: "boolean",
+  describe: chalk3.bold("Skip prompts and use default values")
+};
+var refOption = {
+  describe: chalk3.bold("reference of the repository (branch, tag, commit)"),
+  type: "string",
+  demandOption: false
+};
+var ciOption = {
+  describe: chalk3.bold(
+    "Run in CI mode, prompts and browser will not be opened"
+  ),
+  type: "boolean",
+  default: false
+};
+var apiKeyOption = {
+  type: "string",
+  describe: chalk3.bold("Mobb authentication api-key")
+};
+var commitHashOption = {
+  alias: "ch",
+  describe: chalk3.bold("Hash of the commit"),
+  type: "string"
+};
+
+// src/args/validation.ts
+import chalk4 from "chalk";
+import path6 from "path";
+import { z as z6 } from "zod";
+function throwRepoUrlErrorMessage({
+  error,
+  repoUrl,
+  command
+}) {
+  const errorMessage = error.issues[error.issues.length - 1]?.message;
+  const formattedErrorMessage = `
+Error: ${chalk4.bold(
+    repoUrl
+  )} is ${errorMessage}
+Example: 
+	mobbdev ${command} -r ${chalk4.bold(
+    "https://github.com/WebGoat/WebGoat"
+  )}`;
+  throw new CliError(formattedErrorMessage);
+}
+var GIT_REPO_URL_PATTERN = /^https:\/\/(gitlab|github)\.com\/(([^/.\s]+[/])+)([^/.\s]+)(\.git)?(\/)?$/i;
+var UrlZ = z6.string({
+  invalid_type_error: "is not a valid GitHub / GitLab URL"
+}).regex(GIT_REPO_URL_PATTERN, {
+  message: "is not a valid GitHub / GitLab URL"
+});
+function validateRepoUrl(args) {
+  const repoSafeParseResult = UrlZ.safeParse(args.repo);
+  const { success } = repoSafeParseResult;
+  const [command] = args._;
+  if (!command) {
+    throw new CliError("Command not found");
+  }
+  if (!success) {
+    throwRepoUrlErrorMessage({
+      error: repoSafeParseResult.error,
+      repoUrl: args.repo,
+      command
+    });
+  }
+}
+var supportExtensions = [".json", ".xml", ".fpr", ".sarif"];
+function validateReportFileFormat(reportFile) {
+  if (!supportExtensions.includes(path6.extname(reportFile))) {
+    throw new CliError(
+      `
+${chalk4.bold(
+        reportFile
+      )} is not a supported file extension. Supported extensions are: ${chalk4.bold(
+        supportExtensions.join(", ")
+      )}
+`
+    );
+  }
+}
+
+// src/args/commands/analyze.ts
+function analyzeBuilder(yargs2) {
+  return yargs2.option("f", {
+    alias: "scan-file",
+    demandOption: true,
+    type: "string",
+    describe: chalk5.bold(
+      "Select the vulnerability report to analyze (Checkmarx, Snyk, Fortify, CodeQL)"
+    )
+  }).option("repo", repoOption).option("p", {
+    alias: "src-path",
+    describe: chalk5.bold(
+      "Path to the repository folder with the source code"
+    ),
+    type: "string"
+  }).option("ref", refOption).option("ch", {
+    alias: "commit-hash",
+    describe: chalk5.bold("Hash of the commit"),
+    type: "string"
+  }).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("commit-hash", commitHashOption).example(
+    "$0 analyze -r https://github.com/WebGoat/WebGoat -f <your_vulirabitliy_report_path>",
+    "analyze an existing repository"
+  ).help();
+}
+function validateAnalyzeOptions(argv) {
+  if (!fs4.existsSync(argv.f)) {
+    throw new CliError(`
+Can't access ${chalk5.bold(argv.f)}`);
+  }
+  if (!argv.srcPath && !argv.repo) {
+    throw new CliError("You must supply either --src-path or --repo");
+  }
+  if (!argv.srcPath && argv.repo) {
+    validateRepoUrl(argv);
+  }
+  if (argv.ci && !argv.apiKey) {
+    throw new CliError("--ci flag requires --api-key to be provided as well");
+  }
+  validateReportFileFormat(argv.f);
+}
+async function analyzeHandler(args) {
+  validateAnalyzeOptions(args);
+  await analyze(args, { skipPrompts: args.yes });
+}
+
+// src/args/commands/scan.ts
+import chalk6 from "chalk";
+function scanBuilder(args) {
+  return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("s", {
+    alias: "scanner",
+    choices: Object.values(SCANNERS),
+    describe: chalk6.bold("Select the scanner to use")
+  }).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).example(
+    "$0 scan -r https://github.com/WebGoat/WebGoat",
+    "Scan an existing repository"
+  ).help();
+}
+function validateScanOptions(argv) {
+  validateRepoUrl(argv);
+  if (argv.ci && !argv.apiKey) {
+    throw new CliError(
+      "\nError: --ci flag requires --api-key to be provided as well"
+    );
+  }
+}
+async function scanHandler(args) {
+  validateScanOptions(args);
+  await scan(args, { skipPrompts: args.yes });
+}
+
+// src/args/yargs.ts
+var parseArgs = async (args) => {
+  const yargsInstance = yargs(args);
+  return yargsInstance.updateStrings({
+    "Commands:": chalk7.yellow.underline.bold("Commands:"),
+    "Options:": chalk7.yellow.underline.bold("Options:"),
+    "Examples:": chalk7.yellow.underline.bold("Examples:"),
+    "Show help": chalk7.bold("Show help")
+  }).usage(
+    `${chalk7.bold(
+      "\n Bugsy - Trusted, Automatic Vulnerability Fixer \u{1F575}\uFE0F\u200D\u2642\uFE0F\n\n"
+    )} ${chalk7.yellow.underline.bold("Usage:")} 
+  $0 ${chalk7.green(
+      "<command>"
+    )} ${chalk7.dim("[options]")}
+            `
+  ).version(false).command(
+    "scan",
+    chalk7.bold(
+      "Scan your code for vulnerabilities, get automated fixes right away."
+    ),
+    scanBuilder,
+    scanHandler
+  ).command(
+    "analyze",
+    chalk7.bold(
+      "Provide a vulnerability report and relevant code repository, get automated fixes right away."
+    ),
+    analyzeBuilder,
+    analyzeHandler
+  ).example(
+    "$0 scan -r https://github.com/WebGoat/WebGoat",
+    "Scan an existing repository"
+  ).command({
+    command: "*",
+    handler() {
+      yargsInstance.showHelp();
+    }
+  }).strictOptions().help("h").alias("h", "help").epilog(chalk7.bgBlue("Made with \u2764\uFE0F  by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
+};
+
+// src/index.ts
+async function run() {
+  return parseArgs(hideBin(process.argv));
+}
+(async () => {
+  try {
+    await run();
+    process.exit(0);
+  } catch (err) {
+    if (err instanceof CliError) {
+      console.error(err.message);
+      process.exit(1);
+    }
+    console.error(
+      "Something went wrong, please try again or contact support if issue persists."
+    );
+    console.error(err);
+    process.exit(1);
+  }
+})();