mobbdev 0.0.83 → 0.0.85

package/dist/index.mjs

@@ -94,8 +94,8 @@ var errorMessages = {
   missingCxProjectName: `project name ${chalk.bold(
     "(--cx-project-name)"
   )} is needed if you're using checkmarx`,
-  missingScmType: `SCM type ${chalk.bold(
-    "(--scm-type)"
+  missingUrl: `url ${chalk.bold(
+    "(--url)"
   )} is needed if you're adding an SCM token`,
   invalidScmType: `SCM type ${chalk.bold(
     "(--scm-type)"
@@ -173,7 +173,6 @@ var CliError = class extends Error {
 };
 
 // src/features/analysis/index.ts
-import { Octokit as Octokit3 } from "@octokit/core";
 import chalk4 from "chalk";
 import Configstore from "configstore";
 import Debug10 from "debug";
@@ -237,23 +236,33 @@ import { v4 as uuidv4 } from "uuid";
 import { gql } from "graphql-request";
 var UPDATE_SCM_TOKEN = gql`
   mutation updateScmToken(
-    $type: ScmType!
+    $scmType: String!
+    $url: String!
     $token: String!
     $org: String
     $username: String
     $refreshToken: String
   ) {
     updateScmToken(
-      type: $type
+      scmType: $scmType
+      url: $url
       token: $token
       org: $org
       username: $username
       refreshToken: $refreshToken
     ) {
-      id
-      adoAccessToken
-      gitlabAccessToken
-      gitHubAccessToken
+      __typename
+      ... on ScmAccessTokenUpdateSuccess {
+        token
+      }
+      ... on InvalidScmTypeError {
+        status
+        error
+      }
+      ... on BadScmCredentials {
+        status
+        error
+      }
     }
   }
 `;
@@ -368,10 +377,20 @@ var ME = gql2`
     me {
       id
       email
-      githubToken
-      gitlabToken
-      adoToken
-      adoOrg
+      scmConfigs {
+        id
+        isBroker
+        orgId
+        refreshToken
+        scmType
+        scmUrl
+        scmUsername
+        token
+        tokenLastUpdate
+        userId
+        scmOrg
+        isTokenAvailable
+      }
     }
   }
 `;
@@ -456,6 +475,17 @@ var GET_FIX = gql2`
     }
   }
 `;
+var GET_FIXES = gql2`
+  query getFixes($filters: fix_bool_exp!) {
+    fixes: fix(where: $filters) {
+      issueType
+      id
+      patchAndQuestions {
+        patch
+      }
+    }
+  }
+`;
 var GET_VUL_BY_NODES_METADATA = gql2`
   query getVulByNodesMetadata(
     $filters: [vulnerability_report_issue_code_node_bool_exp!]
@@ -466,6 +496,7 @@ var GET_VUL_BY_NODES_METADATA = gql2`
       where: {
         _or: $filters
         vulnerabilityReportIssue: {
+          fixId: { _is_null: false }
           vulnerabilityReportId: { _eq: $vulnerabilityReportId }
         }
       }
@@ -478,6 +509,35 @@ var GET_VUL_BY_NODES_METADATA = gql2`
         fixId
       }
     }
+    fixablePrVuls: vulnerability_report_issue_aggregate(
+      where: {
+        fixId: { _is_null: false }
+        vulnerabilityReportId: { _eq: $vulnerabilityReportId }
+        codeNodes: { _or: $filters }
+      }
+    ) {
+      aggregate {
+        count
+      }
+    }
+    nonFixablePrVuls: vulnerability_report_issue_aggregate(
+      where: {
+        fixId: { _is_null: true }
+        vulnerabilityReportId: { _eq: $vulnerabilityReportId }
+        codeNodes: { _or: $filters }
+      }
+    ) {
+      aggregate {
+        count
+      }
+    }
+    totalScanVulnerabilities: vulnerability_report_issue_aggregate(
+      where: { vulnerabilityReportId: { _eq: $vulnerabilityReportId } }
+    ) {
+      aggregate {
+        count
+      }
+    }
   }
 `;
 
@@ -565,10 +625,7 @@ function subscribe(query, variables, callback, wsClientOptions) {
 import { z as z2 } from "zod";
 var UpdateScmTokenZ = z2.object({
   updateScmToken: z2.object({
-    id: z2.string(),
-    gitHubAccessToken: z2.string().nullable(),
-    gitlabAccessToken: z2.string().nullable(),
-    adoAccessToken: z2.string().nullable()
+    token: z2.string()
   })
 });
 var UploadFieldsZ = z2.object({
@@ -694,15 +751,17 @@ var GetAnalysisQueryZ = z2.object({
     })
   })
 });
-var GetFixQueryZ = z2.object({
-  fix_by_pk: z2.object({
-    issueType: z2.string(),
-    id: z2.string(),
-    patchAndQuestions: z2.object({
-      patch: z2.string()
-    })
+var FixDataZ = z2.object({
+  issueType: z2.string(),
+  id: z2.string(),
+  patchAndQuestions: z2.object({
+    patch: z2.string()
   })
 });
+var GetFixQueryZ = z2.object({
+  fix_by_pk: FixDataZ
+});
+var GetFixesQueryZ = z2.object({ fixes: z2.array(FixDataZ) });
 var VulnerabilityReportIssueCodeNodeZ = z2.object({
   vulnerabilityReportIssueId: z2.string(),
   path: z2.string(),
@@ -712,7 +771,22 @@ var VulnerabilityReportIssueCodeNodeZ = z2.object({
   })
 });
 var GetVulByNodesMetadataZ = z2.object({
-  vulnerabilityReportIssueCodeNodes: z2.array(VulnerabilityReportIssueCodeNodeZ)
+  vulnerabilityReportIssueCodeNodes: z2.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z2.object({
+    aggregate: z2.object({
+      count: z2.number()
+    })
+  }),
+  fixablePrVuls: z2.object({
+    aggregate: z2.object({
+      count: z2.number()
+    })
+  }),
+  totalScanVulnerabilities: z2.object({
+    aggregate: z2.object({
+      count: z2.number()
+    })
+  })
 });
 
 // src/features/analysis/graphql/gql.ts
@@ -803,9 +877,10 @@ var GQLClient = class {
     }
   }
   async updateScmToken(args) {
-    const { type: type2, token, org, username, refreshToken } = args;
+    const { scmType, url, token, org, username, refreshToken } = args;
     const updateScmTokenResult = await this._client.request(UPDATE_SCM_TOKEN, {
-      type: type2,
+      scmType,
+      url,
       token,
       org,
       username,
@@ -826,7 +901,6 @@ var GQLClient = class {
     const filters = hunks.map((hunk) => {
       const filter = {
         path: { _eq: hunk.path },
-        vulnerabilityReportIssue: { fixId: { _is_null: false } },
         _or: hunk.ranges.map(({ endLine, startLine }) => ({
           startLine: { _gte: startLine, _lte: endLine },
           endLine: { _gte: startLine, _lte: endLine }
@@ -850,10 +924,20 @@ var GQLClient = class {
         [vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]: vulnerabilityReportIssueCodeNode
       };
     }, {});
+    const nonFixablePrVuls = parsedGetVulByNodesMetadataRes.nonFixablePrVuls.aggregate.count;
+    const fixablePrVuls = parsedGetVulByNodesMetadataRes.fixablePrVuls.aggregate.count;
+    const totalScanVulnerabilities = parsedGetVulByNodesMetadataRes.totalScanVulnerabilities.aggregate.count;
+    const vulnerabilitiesOutsidePr = totalScanVulnerabilities - nonFixablePrVuls - fixablePrVuls;
+    const totalPrVulnerabilities = nonFixablePrVuls + fixablePrVuls;
     return {
       vulnerabilityReportIssueCodeNodes: Object.values(
         uniqueVulByNodesMetadata
-      )
+      ),
+      nonFixablePrVuls,
+      fixablePrVuls,
+      totalScanVulnerabilities,
+      vulnerabilitiesOutsidePr,
+      totalPrVulnerabilities
     };
   }
   async digestVulnerabilityReport({
@@ -959,9 +1043,19 @@ var GQLClient = class {
     );
     return GetFixQueryZ.parse(res);
   }
+  async getFixes(fixIds) {
+    const res = await this._client.request(
+      GET_FIXES,
+      {
+        filters: { id: { _in: fixIds } }
+      }
+    );
+    return GetFixesQueryZ.parse(res);
+  }
 };
 
 // src/features/analysis/handle_finished_analysis.ts
+import { Octokit as Octokit3 } from "@octokit/core";
 import Debug4 from "debug";
 import parseDiff from "parse-diff";
 import { z as z9 } from "zod";
@@ -1402,9 +1496,9 @@ async function getGithubBlameRanges({ ref, gitHubUrl, path: path9 }, options) {
   return res.repository.object.blame.ranges.map((range) => ({
     startingLine: range.startingLine,
     endingLine: range.endingLine,
-    email: range.commit.author.user.email,
-    name: range.commit.author.user.name,
-    login: range.commit.author.user.login
+    email: range.commit.author.user?.email || "",
+    name: range.commit.author.user?.name || "",
+    login: range.commit.author.user?.login || ""
   }));
 }
 async function createPr({
@@ -1509,6 +1603,9 @@ var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_i
 var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
 var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
 var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
+var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
 var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
 var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
 
@@ -1540,6 +1637,15 @@ function createOrUpdateRepositorySecret(client, params) {
 function getARepositoryPublicKey(client, params) {
   return client.request(GET_A_REPOSITORY_PUBLIC_KEY, params);
 }
+function postGeneralPrComment(client, params) {
+  return client.request(POST_GENERAL_PR_COMMENT, params);
+}
+function getGeneralPrComments(client, params) {
+  return client.request(GET_GENERAL_PR_COMMENTS, params);
+}
+function deleteGeneralPrComment(client, params) {
+  return client.request(DELETE_GENERAL_PR_COMMENT, params);
+}
 
 // src/features/analysis/scm/gitlab.ts
 import querystring from "node:querystring";
@@ -1881,7 +1987,7 @@ var isValidBranchName = async (branchName) => {
 var FixesZ = z6.array(z6.object({ fixId: z6.string(), diff: z6.string() })).nonempty();
 
 // src/features/analysis/scm/scm.ts
-function getScmLibTypeFromUrl(url) {
+function getCloudScmLibTypeFromUrl(url) {
   if (!url) {
     return void 0;
   }
@@ -1898,19 +2004,92 @@ function getScmLibTypeFromUrl(url) {
   }
   return void 0;
 }
+function getScmTypeFromScmLibType(scmLibType) {
+  if (scmLibType === "GITLAB" /* GITLAB */) {
+    return "GitLab" /* GitLab */;
+  }
+  if (scmLibType === "GITHUB" /* GITHUB */) {
+    return "GitHub" /* GitHub */;
+  }
+  if (scmLibType === "ADO" /* ADO */) {
+    return "Ado" /* Ado */;
+  }
+  throw new Error(`unknown scm lib type: ${scmLibType}`);
+}
+function getScmLibTypeFromScmType(scmType) {
+  if (scmType === "GitLab" /* GitLab */) {
+    return "GITLAB" /* GITLAB */;
+  }
+  if (scmType === "GitHub" /* GitHub */) {
+    return "GITHUB" /* GITHUB */;
+  }
+  if (scmType === "Ado" /* Ado */) {
+    return "ADO" /* ADO */;
+  }
+  throw new Error(`unknown scm type: ${scmType}`);
+}
+function getScmConfig({
+  url,
+  scmConfigs,
+  includeOrgTokens = true
+}) {
+  const filteredScmConfigs = scmConfigs.filter((scm) => {
+    const urlObject = new URL(url);
+    const configUrl = new URL(scm.scmUrl);
+    return (
+      //if we the user does an ADO oauth flow then the token is saved for dev.azure.com but
+      //sometimes the user uses the url dev.azure.com and sometimes the url visualstudio.com
+      //so we need to check both
+      (urlObject.hostname === configUrl.hostname || urlObject.hostname.endsWith(".visualstudio.com") && configUrl.hostname === "dev.azure.com") && urlObject.protocol === configUrl.protocol && urlObject.port === configUrl.port
+    );
+  });
+  const scmOrgConfig = filteredScmConfigs.find((scm) => scm.orgId && scm.token);
+  if (scmOrgConfig && includeOrgTokens) {
+    return {
+      id: scmOrgConfig.id,
+      accessToken: scmOrgConfig.token || void 0,
+      scmLibType: getScmLibTypeFromScmType(scmOrgConfig.scmType),
+      scmOrg: scmOrgConfig.scmOrg || void 0
+    };
+  }
+  const scmUserConfig = filteredScmConfigs.find(
+    (scm) => scm.userId && scm.token
+  );
+  if (scmUserConfig) {
+    return {
+      id: scmUserConfig.id,
+      accessToken: scmUserConfig.token || void 0,
+      scmLibType: getScmLibTypeFromScmType(scmUserConfig.scmType),
+      scmOrg: scmUserConfig.scmOrg || void 0
+    };
+  }
+  const type2 = getCloudScmLibTypeFromUrl(url);
+  if (type2) {
+    return {
+      id: void 0,
+      accessToken: void 0,
+      scmLibType: type2,
+      scmOrg: void 0
+    };
+  }
+  return {
+    id: void 0,
+    accessToken: void 0,
+    scmLibType: void 0,
+    scmOrg: void 0
+  };
+}
 async function scmCanReachRepo({
   repoUrl,
-  githubToken,
-  gitlabToken,
-  adoToken,
+  scmType,
+  accessToken,
   scmOrg
 }) {
   try {
-    const scmLibType = getScmLibTypeFromUrl(repoUrl);
     await SCMLib.init({
       url: repoUrl,
-      accessToken: scmLibType === "GITHUB" /* GITHUB */ ? githubToken : scmLibType === "GITLAB" /* GITLAB */ ? gitlabToken : scmLibType === "ADO" /* ADO */ ? adoToken : "",
-      scmType: scmLibType,
+      accessToken,
+      scmType: getScmLibTypeFromScmType(scmType),
       scmOrg
     });
     return true;
@@ -1961,7 +2140,7 @@ var SCMLib = class {
     if (!this.accessToken) {
       return trimmedUrl;
     }
-    const scmLibType = getScmLibTypeFromUrl(trimmedUrl);
+    const scmLibType = this.getScmLibType();
     if (scmLibType === "ADO" /* ADO */) {
       return `https://${this.accessToken}@${trimmedUrl.toLowerCase().replace("https://", "")}`;
     }
@@ -2088,6 +2267,9 @@ var AdoSCMLib = class extends SCMLib {
       repoUrl: this.url
     });
   }
+  getScmLibType() {
+    return "ADO" /* ADO */;
+  }
   getAuthHeaders() {
     if (this.accessToken) {
       if (getAdoTokenType(this.accessToken) === "OAUTH" /* OAUTH */) {
@@ -2191,6 +2373,15 @@ var AdoSCMLib = class extends SCMLib {
   getPr() {
     throw new Error("Method not implemented.");
   }
+  postGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
+  getGeneralPrComments() {
+    throw new Error("Method not implemented.");
+  }
+  deleteGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
 };
 var GitlabSCMLib = class extends SCMLib {
   async createSubmitRequest(targetBranchName, sourceBranchName, title, body) {
@@ -2249,6 +2440,9 @@ var GitlabSCMLib = class extends SCMLib {
       repoUrl: this.url
     });
   }
+  getScmLibType() {
+    return "GITLAB" /* GITLAB */;
+  }
   getAuthHeaders() {
     if (this?.accessToken?.startsWith("glpat-")) {
       return {
@@ -2362,6 +2556,15 @@ var GitlabSCMLib = class extends SCMLib {
   getPr() {
     throw new Error("Method not implemented.");
   }
+  postGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
+  getGeneralPrComments() {
+    throw new Error("Method not implemented.");
+  }
+  deleteGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
 };
 var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
@@ -2512,6 +2715,9 @@ var GithubSCMLib = class extends SCMLib {
     }
     return getGithubBranchList(this.accessToken, this.url);
   }
+  getScmLibType() {
+    return "GITHUB" /* GITHUB */;
+  }
   getAuthHeaders() {
     if (this.accessToken) {
       return { authorization: `Bearer ${this.accessToken}` };
@@ -2627,12 +2833,58 @@ var GithubSCMLib = class extends SCMLib {
       pull_number: prNumber
     });
   }
+  async postGeneralPrComment(params, auth) {
+    const { prNumber, body } = params;
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await postGeneralPrComment(oktoKit, {
+      issue_number: prNumber,
+      owner,
+      repo,
+      body
+    });
+  }
+  async getGeneralPrComments(params, auth) {
+    const { prNumber } = params;
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await getGeneralPrComments(oktoKit, {
+      issue_number: prNumber,
+      owner,
+      repo
+    });
+  }
+  async deleteGeneralPrComment({ commentId }, auth) {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return deleteGeneralPrComment(oktoKit, {
+      owner,
+      repo,
+      comment_id: commentId
+    });
+  }
 };
 var StubSCMLib = class extends SCMLib {
   async createSubmitRequest(_targetBranchName, _sourceBranchName, _title, _body) {
     console.error("createSubmitRequest() not implemented");
     throw new Error("createSubmitRequest() not implemented");
   }
+  getScmLibType() {
+    console.error("getScmLibType() not implemented");
+    throw new Error("getScmLibType() not implemented");
+  }
   getAuthHeaders() {
     console.error("getAuthHeaders() not implemented");
     throw new Error("getAuthHeaders() not implemented");
@@ -2709,6 +2961,15 @@ var StubSCMLib = class extends SCMLib {
     console.error("getPr() not implemented");
     throw new Error("getPr() not implemented");
   }
+  postGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
+  getGeneralPrComments() {
+    throw new Error("Method not implemented.");
+  }
+  deleteGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
 };
 
 // src/features/analysis/scm/ado.ts
@@ -3160,7 +3421,7 @@ var AdoAuthResultZ = z8.object({
 });
 
 // src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://svgshare.com/i/12DK.svg";
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
 var COMMIT_FIX_SVG = `https://app.mobb.ai/gh-action/commit-button.svg`;
 
 // src/features/analysis/scm/utils/get_issue_type.ts
@@ -3275,6 +3536,13 @@ function getCommitUrl(params) {
   })}/commit?${searchParams.toString()}`;
 }
 
+// src/features/analysis/utils/by_key.ts
+function keyBy(array, keyBy2) {
+  return array.reduce((acc, item) => {
+    return { ...acc, [item[keyBy2]]: item };
+  }, {});
+}
+
 // src/features/analysis/utils/calculate_ranges.ts
 function calculateRanges(integers) {
   if (integers.length === 0) {
@@ -3302,7 +3570,10 @@ function calculateRanges(integers) {
 
 // src/features/analysis/handle_finished_analysis.ts
 var debug4 = Debug4("mobbdev:handle-finished-analysis");
+var contactUsMarkdown = `For specific requests [contact us](https://mobb.ai/contact) and we'll do the most to answer your need quickly.`;
 var commitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
+var MobbIconMarkdown = `![image](${MOBB_ICON_IMG})`;
+var noVulnerabilitiesFoundTitle = `# ${MobbIconMarkdown} No security issues were found \u2705`;
 function scannerToFriendlyString(scanner) {
   switch (scanner) {
     case "checkmarx":
@@ -3315,7 +3586,7 @@ function scannerToFriendlyString(scanner) {
       return "Snyk";
   }
 }
-async function getFixesFromDiff(params) {
+async function getRelevantVulenrabilitiesFromDiff(params) {
   const { gqlClient, diff, vulnerabilityReportId } = params;
   const parsedDiff = parseDiff(diff);
   const fileHunks = parsedDiff.map((file) => {
@@ -3338,13 +3609,45 @@ async function getFixesFromDiff(params) {
     vulnerabilityReportId
   });
 }
+async function getFixesData(params) {
+  const { gqlClient, fixesId } = params;
+  const { fixes } = await gqlClient.getFixes(fixesId);
+  return keyBy(fixes, "id");
+}
+function buildAnalysisSummaryComment(params) {
+  const { prVulenrabilities: fixesFromDiff, fixesById } = params;
+  const { vulnerabilityReportIssueCodeNodes, fixablePrVuls } = fixesFromDiff;
+  const title = `# ${MobbIconMarkdown} ${fixablePrVuls} ${fixablePrVuls === 1 ? "fix is" : "fixes are"} ready to be committed`;
+  const summary = Object.entries(
+    // count every issue type
+    vulnerabilityReportIssueCodeNodes.reduce(
+      (result, vulnerabilityReportIssueCodeNode) => {
+        const { vulnerabilityReportIssue } = vulnerabilityReportIssueCodeNode;
+        const fix = fixesById[vulnerabilityReportIssue.fixId];
+        if (!fix) {
+          throw new Error(`fix ${vulnerabilityReportIssue.fixId} not found`);
+        }
+        const issueType = getIssueType(fix.issueType);
+        const vulnerabilityReportIssueCount = (result[issueType] || 0) + 1;
+        return {
+          ...result,
+          [issueType]: vulnerabilityReportIssueCount
+        };
+      },
+      {}
+    )
+  ).map(([issueType, issueTypeCount]) => `**${issueType}** - ${issueTypeCount}`);
+  return `${title}
+${summary.join("\n")}`;
+}
 async function handleFinishedAnalysis({
   analysisId,
   scm: _scm,
   gqlClient,
-  githubActionOctokit,
+  githubActionToken,
   scanner
 }) {
+  const githubActionOctokit = new Octokit3({ auth: githubActionToken });
   if (_scm instanceof GithubSCMLib === false) {
     return;
   }
@@ -3358,17 +3661,59 @@ async function handleFinishedAnalysis({
   } = getAnalysis.analysis;
   const { commitSha, pullRequest } = getAnalysis.analysis.repo;
   const diff = await scm.getPrDiff({ pull_number: pullRequest });
-  const { vulnerabilityReportIssueCodeNodes } = await getFixesFromDiff({
+  const prVulenrabilities = await getRelevantVulenrabilitiesFromDiff({
     diff,
     gqlClient,
     vulnerabilityReportId: getAnalysis.analysis.vulnerabilityReportId
   });
-  const comments = await scm.getPrComments(
-    { pull_number: pullRequest },
-    githubActionOctokit
+  const { vulnerabilityReportIssueCodeNodes } = prVulenrabilities;
+  const fixesId = vulnerabilityReportIssueCodeNodes.map(
+    ({ vulnerabilityReportIssue: { fixId } }) => fixId
   );
-  await Promise.all(
-    comments.data.filter((comment) => {
+  const fixesById = await getFixesData({ fixesId, gqlClient });
+  const [comments, generalPrComments] = await Promise.all([
+    scm.getPrComments({ pull_number: pullRequest }, githubActionOctokit),
+    scm.getGeneralPrComments(
+      { prNumber: pullRequest },
+      { authToken: githubActionToken }
+    )
+  ]);
+  async function postAnalysisSummary() {
+    if (Object.values(fixesById).length === 0) {
+      return;
+    }
+    const analysisSummaryComment = buildAnalysisSummaryComment({
+      fixesById,
+      prVulenrabilities
+    });
+    await scm.postGeneralPrComment(
+      {
+        body: analysisSummaryComment,
+        prNumber: pullRequest
+      },
+      { authToken: githubActionToken }
+    );
+  }
+  function deleteAllPreviousGeneralPrComments() {
+    return generalPrComments.data.filter((comment) => {
+      if (!comment.body) {
+        return false;
+      }
+      return comment.body.includes(MOBB_ICON_IMG);
+    }).map((comment) => {
+      try {
+        return scm.deleteGeneralPrComment(
+          { commentId: comment.id },
+          { authToken: githubActionToken }
+        );
+      } catch (e) {
+        debug4("delete comment failed %s", e);
+        return Promise.resolve();
+      }
+    });
+  }
+  function deleteAllPreviousComments() {
+    return comments.data.filter((comment) => {
       return comment.body.includes(MOBB_ICON_IMG);
     }).map((comment) => {
       try {
@@ -3380,70 +3725,154 @@ async function handleFinishedAnalysis({
         debug4("delete comment failed %s", e);
         return Promise.resolve();
       }
-    })
-  );
-  return Promise.all(
-    vulnerabilityReportIssueCodeNodes.map(
-      async (vulnerabilityReportIssueCodeNodes2) => {
-        const { path: path9, startLine, vulnerabilityReportIssue } = vulnerabilityReportIssueCodeNodes2;
-        const { fixId } = vulnerabilityReportIssue;
-        const { fix_by_pk } = await gqlClient.getFix(fixId);
-        const {
-          patchAndQuestions: { patch }
-        } = fix_by_pk;
-        const commentRes = await scm.postPrComment(
-          {
-            body: "empty",
-            pull_number: pullRequest,
-            commit_id: commitSha,
-            path: path9,
-            line: startLine
-          },
-          githubActionOctokit
-        );
-        const commentId = commentRes.data.id;
-        const commitUrl = getCommitUrl({
-          appBaseUrl: WEB_APP_URL,
-          fixId: fix_by_pk.id,
-          projectId,
-          analysisId,
-          organizationId,
-          redirectUrl: commentRes.data.html_url,
-          commentId
-        });
-        const fixUrl = getFixUrlWithRedirect({
-          appBaseUrl: WEB_APP_URL,
-          fixId: fix_by_pk.id,
-          projectId,
-          analysisId,
-          organizationId,
-          redirectUrl: commentRes.data.html_url,
-          commentId
-        });
-        const scanerString = scannerToFriendlyString(scanner);
-        const issueType = getIssueType(fix_by_pk.issueType);
-        const title = `# ![image](${MOBB_ICON_IMG}) ${issueType} fix is ready`;
-        const subTitle = `### Apply the following code change to fix ${issueType} issue detected by ${scanerString}:`;
-        const diff2 = `\`\`\`diff
+    });
+  }
+  await Promise.all([
+    ...deleteAllPreviousComments(),
+    ...deleteAllPreviousGeneralPrComments()
+  ]);
+  async function postFixComment(vulnerabilityReportIssueCodeNode) {
+    const {
+      path: path9,
+      startLine,
+      vulnerabilityReportIssue: { fixId }
+    } = vulnerabilityReportIssueCodeNode;
+    const fix = fixesById[fixId];
+    if (!fix) {
+      throw new Error(`fix ${fixId} not found`);
+    }
+    const {
+      patchAndQuestions: { patch }
+    } = fix;
+    const commentRes = await scm.postPrComment(
+      {
+        body: "empty",
+        pull_number: pullRequest,
+        commit_id: commitSha,
+        path: path9,
+        line: startLine
+      },
+      githubActionOctokit
+    );
+    const commentId = commentRes.data.id;
+    const commitUrl = getCommitUrl({
+      appBaseUrl: WEB_APP_URL,
+      fixId,
+      projectId,
+      analysisId,
+      organizationId,
+      redirectUrl: commentRes.data.html_url,
+      commentId
+    });
+    const fixUrl = getFixUrlWithRedirect({
+      appBaseUrl: WEB_APP_URL,
+      fixId,
+      projectId,
+      analysisId,
+      organizationId,
+      redirectUrl: commentRes.data.html_url,
+      commentId
+    });
+    const scanerString = scannerToFriendlyString(scanner);
+    const issueType = getIssueType(fix.issueType);
+    const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
+    const subTitle = `### Apply the following code change to fix ${issueType} issue detected by **${scanerString}**:`;
+    const diff2 = `\`\`\`diff
 ${patch} 
 \`\`\``;
-        const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
-        await scm.updatePrComment(
-          {
-            body: `${title}
+    const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
+    await scm.updatePrComment(
+      {
+        body: `${title}
 ${subTitle}
 ${diff2}
 ${commitFixButton(
-              commitUrl
-            )}
+          commitUrl
+        )}
 ${fixPageLink}`,
-            comment_id: commentId
-          },
-          githubActionOctokit
-        );
-      }
-    )
-  );
+        comment_id: commentId
+      },
+      githubActionOctokit
+    );
+  }
+  async function postAnalysisInsightComment() {
+    const scanerString = scannerToFriendlyString(scanner);
+    const {
+      totalPrVulnerabilities,
+      vulnerabilitiesOutsidePr,
+      fixablePrVuls,
+      nonFixablePrVuls
+    } = prVulenrabilities;
+    debug4({
+      fixablePrVuls,
+      nonFixablePrVuls,
+      vulnerabilitiesOutsidePr,
+      totalPrVulnerabilities
+    });
+    if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr === 0) {
+      const body = `Awesome! No vulnerabilities were found  by **${scanerString}**`;
+      const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
+${body}`;
+      await scm.postGeneralPrComment(
+        {
+          body: noVulsFoundComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+    if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr > 0) {
+      const body = `Awesome! No vulnerabilities were found by **${scanerString}** in the changes made as part of this PR.`;
+      const body2 = `Please notice there are issues in this repo that are unrelated to this PR.`;
+      const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
+${body}
+${body2}`;
+      await scm.postGeneralPrComment(
+        {
+          body: noVulsFoundComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+    if (fixablePrVuls === 0 && nonFixablePrVuls > 0) {
+      const title = `# ${MobbIconMarkdown} We couldn't fix the issues detected by **${scanerString}**`;
+      const body = `Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.`;
+      const noFixableVulsComment = `${title}
+${body}
+${contactUsMarkdown}`;
+      await scm.postGeneralPrComment(
+        {
+          body: noFixableVulsComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+    if (fixablePrVuls < nonFixablePrVuls && fixablePrVuls > 0) {
+      const title = `# ${MobbIconMarkdown} We couldn't fix some of the issues detected by **${scanerString}**`;
+      const body = "Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.";
+      const fixableVulsComment = `${title}
+${body}
+${contactUsMarkdown}`;
+      await scm.postGeneralPrComment(
+        {
+          body: fixableVulsComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+  }
+  await Promise.all([
+    ...prVulenrabilities.vulnerabilityReportIssueCodeNodes.map(postFixComment),
+    postAnalysisInsightComment(),
+    postAnalysisSummary()
+  ]);
 }
 
 // src/features/analysis/pack.ts
@@ -3913,11 +4342,8 @@ async function runAnalysis(params, options) {
     tmpObj.removeCallback();
   }
 }
-function _getTokenAndUrlForScmType({
-  scmLibType,
-  githubToken,
-  gitlabToken,
-  adoToken
+function _getUrlForScmType({
+  scmLibType
 }) {
   const githubAuthUrl = `${WEB_APP_URL}/github-auth`;
   const gitlabAuthUrl = `${WEB_APP_URL}/gitlab-auth`;
@@ -3925,22 +4351,18 @@ function _getTokenAndUrlForScmType({
   switch (scmLibType) {
     case "GITHUB" /* GITHUB */:
       return {
-        token: githubToken,
         authUrl: githubAuthUrl
       };
     case "GITLAB" /* GITLAB */:
       return {
-        token: gitlabToken,
         authUrl: gitlabAuthUrl
       };
     case "ADO" /* ADO */:
       return {
-        token: adoToken,
         authUrl: adoAuthUrl
       };
     default:
       return {
-        token: void 0,
         authUrl: void 0
       };
   }
@@ -3983,35 +4405,34 @@ async function _scan(params, { skipPrompts = false } = {}) {
     throw new Error("repo is required in case srcPath is not provided");
   }
   const userInfo = await gqlClient.getUserInfo();
-  const { githubToken, gitlabToken, adoToken, adoOrg } = userInfo;
+  const tokenInfo = getScmConfig({
+    url: repo,
+    scmConfigs: userInfo.scmConfigs,
+    includeOrgTokens: false
+  });
   const isRepoAvailable = await scmCanReachRepo({
     repoUrl: repo,
-    githubToken,
-    gitlabToken,
-    adoToken,
-    scmOrg: adoOrg
+    accessToken: tokenInfo.accessToken,
+    scmOrg: tokenInfo.scmOrg,
+    scmType: getScmTypeFromScmLibType(tokenInfo.scmLibType)
   });
-  const scmLibType = getScmLibTypeFromUrl(repo);
-  const { authUrl: scmAuthUrl, token } = _getTokenAndUrlForScmType({
-    scmLibType,
-    githubToken,
-    gitlabToken,
-    adoToken
+  const cloudScmLibType = getCloudScmLibTypeFromUrl(repo);
+  const { authUrl: scmAuthUrl } = _getUrlForScmType({
+    scmLibType: cloudScmLibType
   });
-  let myToken = token;
+  let myToken = tokenInfo.accessToken;
   if (!isRepoAvailable) {
-    if (ci || !scmLibType || !scmAuthUrl) {
+    if (ci || !cloudScmLibType || !scmAuthUrl) {
       const errorMessage = scmAuthUrl ? `Cannot access repo ${repo}` : `Cannot access repo ${repo} with the provided token, please visit ${scmAuthUrl} to refresh your source control management system token`;
       throw new Error(errorMessage);
     }
-    if (scmLibType && scmAuthUrl) {
-      myToken = await handleScmIntegration(token, scmLibType, scmAuthUrl) || "";
+    if (cloudScmLibType && scmAuthUrl) {
+      myToken = await handleScmIntegration(tokenInfo.accessToken, scmAuthUrl, repo) || "";
       const isRepoAvailable2 = await scmCanReachRepo({
         repoUrl: repo,
-        githubToken: myToken,
-        gitlabToken: myToken,
-        adoToken: myToken,
-        scmOrg: adoOrg
+        accessToken: myToken,
+        scmOrg: tokenInfo.scmOrg,
+        scmType: getScmTypeFromScmLibType(tokenInfo.scmLibType)
       });
       if (!isRepoAvailable2) {
         throw new Error(
@@ -4022,9 +4443,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
   }
   const scm = await SCMLib.init({
     url: repo,
-    accessToken: token,
-    scmType: scmLibType,
-    scmOrg: adoOrg
+    accessToken: myToken,
+    scmOrg: tokenInfo.scmOrg,
+    scmType: tokenInfo.scmLibType
   });
   const reference = ref ?? await scm.getRepoDefaultBranch();
   const { sha } = await scm.getReferenceData(reference);
@@ -4066,7 +4487,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         analysisId,
         gqlClient,
         scm,
-        githubActionOctokit: new Octokit3({ auth: githubActionToken }),
+        githubActionToken: z10.string().parse(githubActionToken),
         scanner: z10.nativeEnum(SCANNERS).parse(scanner)
       })
     );
@@ -4196,8 +4617,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
       throw new CliError2();
     }
   }
-  async function handleScmIntegration(oldToken, scmLibType2, scmAuthUrl2) {
-    const scmName = scmLibType2 === "GITHUB" /* GITHUB */ ? "Github" : scmLibType2 === "GITLAB" /* GITLAB */ ? "Gitlab" : scmLibType2 === "ADO" /* ADO */ ? "Azure DevOps" : "";
+  async function handleScmIntegration(oldToken, scmAuthUrl2, repoUrl) {
+    const scmLibType = getCloudScmLibTypeFromUrl(repoUrl);
+    const scmName = scmLibType === "GITHUB" /* GITHUB */ ? "Github" : scmLibType === "GITLAB" /* GITLAB */ ? "Gitlab" : scmLibType === "ADO" /* ADO */ ? "Azure DevOps" : "";
     const addScmIntegration = skipPrompts ? true : await scmIntegrationPrompt(scmName);
     const scmSpinner = createSpinner4(
       `\u{1F517} Waiting for ${scmName} integration...`
@@ -4211,14 +4633,15 @@ async function _scan(params, { skipPrompts = false } = {}) {
     );
     await open2(scmAuthUrl2);
     for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
-      const { githubToken: githubToken2, gitlabToken: gitlabToken2 } = await gqlClient.getUserInfo();
-      if (scmLibType2 === "GITHUB" /* GITHUB */ && githubToken2 !== oldToken) {
-        scmSpinner.success({ text: "\u{1F517} Github integration successful!" });
-        return githubToken2;
-      }
-      if (scmLibType2 === "GITLAB" /* GITLAB */ && gitlabToken2 !== oldToken) {
-        scmSpinner.success({ text: "\u{1F517} Gitlab integration successful!" });
-        return gitlabToken2;
+      const userInfo2 = await gqlClient.getUserInfo();
+      const tokenInfo2 = getScmConfig({
+        url: repoUrl,
+        scmConfigs: userInfo2.scmConfigs,
+        includeOrgTokens: false
+      });
+      if (tokenInfo2.accessToken && tokenInfo2.accessToken !== oldToken) {
+        scmSpinner.success({ text: `\u{1F517} ${scmName} integration successful!` });
+        return tokenInfo2.accessToken;
       }
       scmSpinner.spin();
       await sleep(LOGIN_CHECK_DELAY);
@@ -4373,12 +4796,16 @@ var packageJson2 = JSON.parse(
 );
 var config3 = new Configstore2(packageJson2.name, { apiToken: "" });
 async function addScmToken(addScmTokenOptions) {
-  const { apiKey, token, organization, scm, username, refreshToken } = addScmTokenOptions;
+  const { apiKey, token, organization, scmType, url, username, refreshToken } = addScmTokenOptions;
   const gqlClient = new GQLClient({
     apiKey: apiKey || config3.get("apiToken")
   });
+  if (!scmType) {
+    throw new CliError(errorMessages.invalidScmType);
+  }
   await gqlClient.updateScmToken({
-    type: scm,
+    scmType,
+    url,
     token,
     org: organization,
     username,
@@ -4462,9 +4889,16 @@ var commitHashOption = {
   type: "string"
 };
 var scmTypeOption = {
+  demandOption: true,
   describe: chalk5.bold("SCM type (GitHub, GitLab, Ado)"),
   type: "string"
 };
+var urlOption = {
+  describe: chalk5.bold(
+    "URL of the repository (used in GitHub, GitLab, Azure DevOps)"
+  ),
+  type: "string"
+};
 var scmOrgOption = {
   describe: chalk5.bold("Organization name in SCM (used in Azure DevOps)"),
   type: "string"
@@ -4651,29 +5085,32 @@ async function scanHandler(args) {
 
 // src/args/commands/token.ts
 function addScmTokenBuilder(args) {
-  return args.option("scm", scmTypeOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("username", scmUsernameOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
-    "$0 add-scm-token --scm ado --token abcdef0123456 --organization myOrg",
+  return args.option("scm-type", scmTypeOption).option("url", urlOption).option("token", scmTokenOption).option("organization", scmOrgOption).option("username", scmUsernameOption).option("refresh-token", scmRefreshTokenOption).option("api-key", apiKeyOption).example(
+    "$0 add-scm-token --scm-type Ado --url https://dev.azure.com/adoorg/test/_git/repo --token abcdef0123456 --organization myOrg",
     "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
-  ).help().demandOption(["scm", "token"]);
+  ).help().demandOption(["url", "token"]);
 }
 function validateAddScmTokenOptions(argv) {
-  if (!argv.scm) {
-    throw new CliError(errorMessages.missingScmType);
-  }
-  if (!Object.values(ScmTypes).includes(argv.scm)) {
-    throw new CliError(errorMessages.invalidScmType);
+  if (!argv.url) {
+    throw new CliError(errorMessages.missingUrl);
   }
   if (!argv.token) {
     throw new CliError(errorMessages.missingToken);
   }
-  if (argv.scm === ScmTypes.AzureDevOps && !argv.organization) {
+  if ("GitHub" /* GitHub */ !== argv.scmType && "Ado" /* Ado */ !== argv.scmType && "GitLab" /* GitLab */ !== argv.scmType) {
     throw new CliError(
-      "\nError: --organization flag is required for Azure DevOps"
+      "\nError: --scm-type must reference a valid SCM type (GitHub, GitLab, Ado)"
     );
   }
-  if (argv.scm === ScmTypes.Github && !argv.username) {
+  const urlObj = new URL(argv.url);
+  if (urlObj.hostname === "github.com" && !argv.username) {
     throw new CliError("\nError: --username flag is required for GitHub");
   }
+  if ((urlObj.hostname === "dev.azure.com" || urlObj.hostname.endsWith(".visualstudio.com")) && !argv.organization) {
+    throw new CliError(
+      "\nError: --organization flag is required for Azure DevOps"
+    );
+  }
 }
 async function addScmTokenHandler(args) {
   validateAddScmTokenOptions(args);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.83",
+  "version": "0.0.85",
   "description": "Automated secure code remediation tool",
   "repository": "https://github.com/mobb-dev/bugsy",
   "main": "dist/index.js",