mobbdev 0.0.84 → 0.0.86

package/dist/index.mjs

@@ -173,7 +173,6 @@ var CliError = class extends Error {
 };
 
 // src/features/analysis/index.ts
-import { Octokit as Octokit3 } from "@octokit/core";
 import chalk4 from "chalk";
 import Configstore from "configstore";
 import Debug10 from "debug";
@@ -476,6 +475,17 @@ var GET_FIX = gql2`
     }
   }
 `;
+var GET_FIXES = gql2`
+  query getFixes($filters: fix_bool_exp!) {
+    fixes: fix(where: $filters) {
+      issueType
+      id
+      patchAndQuestions {
+        patch
+      }
+    }
+  }
+`;
 var GET_VUL_BY_NODES_METADATA = gql2`
   query getVulByNodesMetadata(
     $filters: [vulnerability_report_issue_code_node_bool_exp!]
@@ -486,6 +496,7 @@ var GET_VUL_BY_NODES_METADATA = gql2`
       where: {
         _or: $filters
         vulnerabilityReportIssue: {
+          fixId: { _is_null: false }
           vulnerabilityReportId: { _eq: $vulnerabilityReportId }
         }
       }
@@ -498,6 +509,35 @@ var GET_VUL_BY_NODES_METADATA = gql2`
         fixId
       }
     }
+    fixablePrVuls: vulnerability_report_issue_aggregate(
+      where: {
+        fixId: { _is_null: false }
+        vulnerabilityReportId: { _eq: $vulnerabilityReportId }
+        codeNodes: { _or: $filters }
+      }
+    ) {
+      aggregate {
+        count
+      }
+    }
+    nonFixablePrVuls: vulnerability_report_issue_aggregate(
+      where: {
+        fixId: { _is_null: true }
+        vulnerabilityReportId: { _eq: $vulnerabilityReportId }
+        codeNodes: { _or: $filters }
+      }
+    ) {
+      aggregate {
+        count
+      }
+    }
+    totalScanVulnerabilities: vulnerability_report_issue_aggregate(
+      where: { vulnerabilityReportId: { _eq: $vulnerabilityReportId } }
+    ) {
+      aggregate {
+        count
+      }
+    }
   }
 `;
 
@@ -711,15 +751,17 @@ var GetAnalysisQueryZ = z2.object({
     })
   })
 });
-var GetFixQueryZ = z2.object({
-  fix_by_pk: z2.object({
-    issueType: z2.string(),
-    id: z2.string(),
-    patchAndQuestions: z2.object({
-      patch: z2.string()
-    })
+var FixDataZ = z2.object({
+  issueType: z2.string(),
+  id: z2.string(),
+  patchAndQuestions: z2.object({
+    patch: z2.string()
   })
 });
+var GetFixQueryZ = z2.object({
+  fix_by_pk: FixDataZ
+});
+var GetFixesQueryZ = z2.object({ fixes: z2.array(FixDataZ) });
 var VulnerabilityReportIssueCodeNodeZ = z2.object({
   vulnerabilityReportIssueId: z2.string(),
   path: z2.string(),
@@ -729,7 +771,22 @@ var VulnerabilityReportIssueCodeNodeZ = z2.object({
   })
 });
 var GetVulByNodesMetadataZ = z2.object({
-  vulnerabilityReportIssueCodeNodes: z2.array(VulnerabilityReportIssueCodeNodeZ)
+  vulnerabilityReportIssueCodeNodes: z2.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z2.object({
+    aggregate: z2.object({
+      count: z2.number()
+    })
+  }),
+  fixablePrVuls: z2.object({
+    aggregate: z2.object({
+      count: z2.number()
+    })
+  }),
+  totalScanVulnerabilities: z2.object({
+    aggregate: z2.object({
+      count: z2.number()
+    })
+  })
 });
 
 // src/features/analysis/graphql/gql.ts
@@ -844,7 +901,6 @@ var GQLClient = class {
     const filters = hunks.map((hunk) => {
       const filter = {
         path: { _eq: hunk.path },
-        vulnerabilityReportIssue: { fixId: { _is_null: false } },
         _or: hunk.ranges.map(({ endLine, startLine }) => ({
           startLine: { _gte: startLine, _lte: endLine },
           endLine: { _gte: startLine, _lte: endLine }
@@ -868,10 +924,20 @@ var GQLClient = class {
         [vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]: vulnerabilityReportIssueCodeNode
       };
     }, {});
+    const nonFixablePrVuls = parsedGetVulByNodesMetadataRes.nonFixablePrVuls.aggregate.count;
+    const fixablePrVuls = parsedGetVulByNodesMetadataRes.fixablePrVuls.aggregate.count;
+    const totalScanVulnerabilities = parsedGetVulByNodesMetadataRes.totalScanVulnerabilities.aggregate.count;
+    const vulnerabilitiesOutsidePr = totalScanVulnerabilities - nonFixablePrVuls - fixablePrVuls;
+    const totalPrVulnerabilities = nonFixablePrVuls + fixablePrVuls;
     return {
       vulnerabilityReportIssueCodeNodes: Object.values(
         uniqueVulByNodesMetadata
-      )
+      ),
+      nonFixablePrVuls,
+      fixablePrVuls,
+      totalScanVulnerabilities,
+      vulnerabilitiesOutsidePr,
+      totalPrVulnerabilities
     };
   }
   async digestVulnerabilityReport({
@@ -977,9 +1043,19 @@ var GQLClient = class {
     );
     return GetFixQueryZ.parse(res);
   }
+  async getFixes(fixIds) {
+    const res = await this._client.request(
+      GET_FIXES,
+      {
+        filters: { id: { _in: fixIds } }
+      }
+    );
+    return GetFixesQueryZ.parse(res);
+  }
 };
 
 // src/features/analysis/handle_finished_analysis.ts
+import { Octokit as Octokit3 } from "@octokit/core";
 import Debug4 from "debug";
 import parseDiff from "parse-diff";
 import { z as z9 } from "zod";
@@ -1009,7 +1085,7 @@ import { Octokit } from "octokit";
 import { z as z3 } from "zod";
 
 // src/features/analysis/scm/urlParser.ts
-function getRepoInfo(pathname, hostname) {
+function getRepoInfo(pathname, hostname, scmType) {
   const hostnameParts = hostname.split(".");
   if (hostnameParts.length === 3 && hostnameParts[1] === "visualstudio" && hostnameParts[2] === "com") {
     if (pathname.length === 2 && pathname[0] === "_git") {
@@ -1027,7 +1103,7 @@ function getRepoInfo(pathname, hostname) {
       };
     }
   }
-  if (hostname === "dev.azure.com") {
+  if (hostname === "dev.azure.com" || scmType === "Ado" /* Ado */) {
     if (pathname.length === 3 && pathname[1] === "_git") {
       return {
         organization: pathname[0],
@@ -1043,7 +1119,7 @@ function getRepoInfo(pathname, hostname) {
       };
     }
   }
-  if (hostname === "github.com") {
+  if (hostname === "github.com" || scmType === "GitHub" /* GitHub */) {
     if (pathname.length === 2) {
       return {
         organization: pathname[0],
@@ -1052,7 +1128,7 @@ function getRepoInfo(pathname, hostname) {
       };
     }
   }
-  if (hostname === "gitlab.com") {
+  if (hostname === "gitlab.com" || scmType === "GitLab" /* GitLab */) {
     if (pathname.length >= 2) {
       return {
         organization: pathname[0],
@@ -1064,12 +1140,12 @@ function getRepoInfo(pathname, hostname) {
   return null;
 }
 var NAME_REGEX = /[a-z0-9\-_.+]+/i;
-var parseScmURL = (scmURL) => {
+var parseScmURL = (scmURL, scmType) => {
   try {
     const url = new URL(scmURL);
     const hostname = url.hostname.toLowerCase();
     const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
-    const repo = getRepoInfo(projectPath.split("/"), hostname);
+    const repo = getRepoInfo(projectPath.split("/"), hostname, scmType);
     if (!repo)
       return null;
     const { organization, repoName, projectName } = repo;
@@ -1089,6 +1165,22 @@ var parseScmURL = (scmURL) => {
     return null;
   }
 };
+var sanityRepoURL = (scmURL) => {
+  try {
+    const url = new URL(scmURL);
+    const projectPath = url.pathname.substring(1).replace(/.git$/i, "");
+    const pathParts = projectPath.split("/");
+    if (pathParts.length < 2)
+      return false;
+    if (pathParts.length > 4)
+      return false;
+    if (pathParts.some((part) => !part.match(NAME_REGEX)))
+      return false;
+    return true;
+  } catch (e) {
+    return null;
+  }
+};
 
 // src/features/analysis/scm/github/github.ts
 function removeTrailingSlash(str) {
@@ -1369,7 +1461,7 @@ async function getCommit({
 }
 function parseGithubOwnerAndRepo(gitHubUrl) {
   gitHubUrl = removeTrailingSlash(gitHubUrl);
-  const parsingResult = parseScmURL(gitHubUrl);
+  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
   if (!parsingResult || parsingResult.hostname !== "github.com") {
     throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
   }
@@ -1527,6 +1619,9 @@ var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_i
 var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
 var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
 var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
+var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
 var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
 var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
 
@@ -1558,10 +1653,20 @@ function createOrUpdateRepositorySecret(client, params) {
 function getARepositoryPublicKey(client, params) {
   return client.request(GET_A_REPOSITORY_PUBLIC_KEY, params);
 }
+function postGeneralPrComment(client, params) {
+  return client.request(POST_GENERAL_PR_COMMENT, params);
+}
+function getGeneralPrComments(client, params) {
+  return client.request(GET_GENERAL_PR_COMMENTS, params);
+}
+function deleteGeneralPrComment(client, params) {
+  return client.request(DELETE_GENERAL_PR_COMMENT, params);
+}
 
 // src/features/analysis/scm/gitlab.ts
 import querystring from "node:querystring";
 import { Gitlab } from "@gitbeaker/rest";
+import { ProxyAgent } from "undici";
 import { z as z4 } from "zod";
 function removeTrailingSlash2(str) {
   return str.trim().replace(/\/+$/, "");
@@ -1572,17 +1677,19 @@ var EnvVariablesZod2 = z4.object({
 var { GITLAB_API_TOKEN } = EnvVariablesZod2.parse(process.env);
 function getGitBeaker(options) {
   const token = options?.gitlabAuthToken ?? GITLAB_API_TOKEN ?? "";
+  const url = options.url;
+  const host = url ? new URL(url).origin : "https://gitlab.com";
   if (token?.startsWith("glpat-") || token === "") {
-    return new Gitlab({ token });
+    return new Gitlab({ token, host });
   }
-  return new Gitlab({ oauthToken: token });
+  return new Gitlab({ oauthToken: token, host });
 }
 async function gitlabValidateParams({
   url,
   accessToken
 }) {
   try {
-    const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+    const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
     if (accessToken) {
       await api2.Users.showCurrentUser();
     }
@@ -1603,8 +1710,8 @@ async function gitlabValidateParams({
     throw e;
   }
 }
-async function getGitlabUsername(accessToken) {
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+async function getGitlabUsername(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
   const res = await api2.Users.showCurrentUser();
   return res.username;
 }
@@ -1615,7 +1722,7 @@ async function getGitlabIsUserCollaborator({
 }) {
   try {
     const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-    const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+    const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
     const res = await api2.Projects.show(projectPath);
     const members = await api2.ProjectMembers.all(res.id, {
       includeInherited: true
@@ -1631,7 +1738,7 @@ async function getGitlabMergeRequestStatus({
   mrNumber
 }) {
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   const res = await api2.MergeRequests.show(projectPath, mrNumber);
   switch (res.state) {
     case "merged" /* merged */:
@@ -1648,7 +1755,7 @@ async function getGitlabIsRemoteBranch({
   branch
 }) {
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   try {
     const res = await api2.Branches.show(projectPath, branch);
     return res.name === branch;
@@ -1656,8 +1763,8 @@ async function getGitlabIsRemoteBranch({
     return false;
   }
 }
-async function getGitlabRepoList(accessToken) {
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+async function getGitlabRepoList(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
   const res = await api2.Projects.all({
     membership: true,
     //TODO: a bug in the sorting mechanism of this api call
@@ -1690,7 +1797,7 @@ async function getGitlabBranchList({
   repoUrl
 }) {
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: accessToken });
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
   try {
     const res = await api2.Branches.all(projectPath, {
       perPage: 100,
@@ -1705,7 +1812,10 @@ async function getGitlabBranchList({
 }
 async function createMergeRequest(options) {
   const { projectPath } = parseGitlabOwnerAndRepo(options.repoUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: options.accessToken });
+  const api2 = getGitBeaker({
+    url: options.repoUrl,
+    gitlabAuthToken: options.accessToken
+  });
   const res = await api2.MergeRequests.create(
     projectPath,
     options.sourceBranchName,
@@ -1718,7 +1828,10 @@ async function createMergeRequest(options) {
   return res.iid;
 }
 async function getGitlabRepoDefaultBranch(repoUrl, options) {
-  const api2 = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const api2 = getGitBeaker({
+    url: repoUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
   const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
   const project = await api2.Projects.show(projectPath);
   if (!project.default_branch) {
@@ -1728,7 +1841,10 @@ async function getGitlabRepoDefaultBranch(repoUrl, options) {
 }
 async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
   const results = await Promise.allSettled([
     (async () => {
       const res = await api2.Branches.show(projectPath, ref);
@@ -1769,8 +1885,8 @@ async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
 }
 function parseGitlabOwnerAndRepo(gitlabUrl) {
   gitlabUrl = removeTrailingSlash2(gitlabUrl);
-  const parsingResult = parseScmURL(gitlabUrl);
-  if (!parsingResult || parsingResult.hostname !== "gitlab.com") {
+  const parsingResult = parseScmURL(gitlabUrl, "GitLab" /* GitLab */);
+  if (!parsingResult || !parsingResult.repoName) {
     throw new InvalidUrlPatternError(`invalid gitlab repo Url ${gitlabUrl}`);
   }
   const { organization, repoName, projectPath } = parsingResult;
@@ -1778,7 +1894,10 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
 }
 async function getGitlabBlameRanges({ ref, gitlabUrl, path: path9 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({ gitlabAuthToken: options?.gitlabAuthToken });
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
   const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path9, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
@@ -1801,6 +1920,24 @@ var GitlabAuthResultZ = z4.object({
   token_type: z4.string(),
   refresh_token: z4.string()
 });
+function initGitlabFetchMock() {
+  const globalFetch = global.fetch;
+  function myFetch(input, init) {
+    const stack = new Error().stack;
+    const parts = stack?.split("at ");
+    if (parts?.length && parts?.length >= 3 && parts[2]?.startsWith("defaultRequestHandler (") && parts[2]?.includes("/@gitbeaker/rest/dist/index.js") && (/^https?:\/\/[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}\//i.test(
+      input?.url
+    ) || "GITLAB_INTERNAL_DEV_HOST" in process.env && process.env["GITLAB_INTERNAL_DEV_HOST"] && input?.url?.startsWith(process.env["GITLAB_INTERNAL_DEV_HOST"]))) {
+      const dispatcher = new ProxyAgent(
+        process.env["GIT_PROXY_HOST"] || "http://tinyproxy:8888"
+      );
+      return globalFetch(input, { dispatcher });
+    }
+    return globalFetch(input, init);
+  }
+  global.fetch = myFetch;
+}
+initGitlabFetchMock();
 
 // src/features/analysis/scm/scmSubmit/index.ts
 import fs from "node:fs/promises";
@@ -1904,7 +2041,7 @@ function getCloudScmLibTypeFromUrl(url) {
     return void 0;
   }
   const urlObject = new URL(url);
-  const hostname = urlObject.hostname;
+  const hostname = urlObject.hostname.toLowerCase();
   if (hostname === "gitlab.com") {
     return "GITLAB" /* GITLAB */;
   }
@@ -1952,7 +2089,7 @@ function getScmConfig({
       //if we the user does an ADO oauth flow then the token is saved for dev.azure.com but
       //sometimes the user uses the url dev.azure.com and sometimes the url visualstudio.com
       //so we need to check both
-      (urlObject.hostname === configUrl.hostname || urlObject.hostname.endsWith(".visualstudio.com") && configUrl.hostname === "dev.azure.com") && urlObject.protocol === configUrl.protocol && urlObject.port === configUrl.port
+      (urlObject.hostname.toLowerCase() === configUrl.hostname.toLowerCase() || urlObject.hostname.toLowerCase().endsWith(".visualstudio.com") && configUrl.hostname.toLowerCase() === "dev.azure.com") && urlObject.protocol === configUrl.protocol && urlObject.port === configUrl.port
     );
   });
   const scmOrgConfig = filteredScmConfigs.find((scm) => scm.orgId && scm.token);
@@ -2285,6 +2422,15 @@ var AdoSCMLib = class extends SCMLib {
   getPr() {
     throw new Error("Method not implemented.");
   }
+  postGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
+  getGeneralPrComments() {
+    throw new Error("Method not implemented.");
+  }
+  deleteGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
 };
 var GitlabSCMLib = class extends SCMLib {
   async createSubmitRequest(targetBranchName, sourceBranchName, title, body) {
@@ -2331,7 +2477,7 @@ var GitlabSCMLib = class extends SCMLib {
       console.error("no access token");
       throw new Error("no access token");
     }
-    return getGitlabRepoList(this.accessToken);
+    return getGitlabRepoList(this.url, this.accessToken);
   }
   async getBranchList() {
     if (!this.accessToken || !this.url) {
@@ -2394,7 +2540,7 @@ var GitlabSCMLib = class extends SCMLib {
       console.error("no access token");
       throw new Error("no access token");
     }
-    return getGitlabUsername(this.accessToken);
+    return getGitlabUsername(this.url, this.accessToken);
   }
   async getSubmitRequestStatus(scmSubmitRequestId) {
     if (!this.accessToken || !this.url) {
@@ -2425,6 +2571,7 @@ var GitlabSCMLib = class extends SCMLib {
     return await getGitlabBlameRanges(
       { ref, path: path9, gitlabUrl: this.url },
       {
+        url: this.url,
         gitlabAuthToken: this.accessToken
       }
     );
@@ -2437,6 +2584,7 @@ var GitlabSCMLib = class extends SCMLib {
     return await getGitlabReferenceData(
       { ref, gitlabUrl: this.url },
       {
+        url: this.url,
         gitlabAuthToken: this.accessToken
       }
     );
@@ -2447,6 +2595,7 @@ var GitlabSCMLib = class extends SCMLib {
       throw new Error("no url");
     }
     return await getGitlabRepoDefaultBranch(this.url, {
+      url: this.url,
       gitlabAuthToken: this.accessToken
     });
   }
@@ -2459,6 +2608,15 @@ var GitlabSCMLib = class extends SCMLib {
   getPr() {
     throw new Error("Method not implemented.");
   }
+  postGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
+  getGeneralPrComments() {
+    throw new Error("Method not implemented.");
+  }
+  deleteGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
 };
 var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
@@ -2727,6 +2885,48 @@ var GithubSCMLib = class extends SCMLib {
       pull_number: prNumber
     });
   }
+  async postGeneralPrComment(params, auth) {
+    const { prNumber, body } = params;
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await postGeneralPrComment(oktoKit, {
+      issue_number: prNumber,
+      owner,
+      repo,
+      body
+    });
+  }
+  async getGeneralPrComments(params, auth) {
+    const { prNumber } = params;
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await getGeneralPrComments(oktoKit, {
+      issue_number: prNumber,
+      owner,
+      repo
+    });
+  }
+  async deleteGeneralPrComment({ commentId }, auth) {
+    if (!this.url) {
+      console.error("no url");
+      throw new Error("no url");
+    }
+    const oktoKit = auth ? new Octokit2({ auth: auth.authToken }) : this.oktokit;
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return deleteGeneralPrComment(oktoKit, {
+      owner,
+      repo,
+      comment_id: commentId
+    });
+  }
 };
 var StubSCMLib = class extends SCMLib {
   async createSubmitRequest(_targetBranchName, _sourceBranchName, _title, _body) {
@@ -2813,6 +3013,15 @@ var StubSCMLib = class extends SCMLib {
     console.error("getPr() not implemented");
     throw new Error("getPr() not implemented");
   }
+  postGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
+  getGeneralPrComments() {
+    throw new Error("Method not implemented.");
+  }
+  deleteGeneralPrComment() {
+    throw new Error("Method not implemented.");
+  }
 };
 
 // src/features/analysis/scm/ado.ts
@@ -3071,7 +3280,9 @@ function getAdoDownloadUrl({
   branch
 }) {
   const { owner, repo, projectName } = parseAdoOwnerAndRepo(repoUrl);
-  return `https://dev.azure.com/${owner}/${projectName}/_apis/git/repositories/${repo}/items/items?path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
+  const url = new URL(repoUrl);
+  const origin = url.origin.toLowerCase().endsWith(".visualstudio.com") ? "https://dev.azure.com" : url.origin.toLowerCase();
+  return `${origin}/${owner}/${projectName}/_apis/git/repositories/${repo}/items/items?path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
 }
 async function getAdoBranchList({
   accessToken,
@@ -3241,7 +3452,7 @@ async function getAdoReferenceData({
 }
 function parseAdoOwnerAndRepo(adoUrl) {
   adoUrl = removeTrailingSlash3(adoUrl);
-  const parsingResult = parseScmURL(adoUrl);
+  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
   if (!parsingResult || parsingResult.hostname !== "dev.azure.com" && !parsingResult.hostname.endsWith(".visualstudio.com")) {
     throw new InvalidUrlPatternError(`invalid ADO repo URL: ${adoUrl}`);
   }
@@ -3264,7 +3475,7 @@ var AdoAuthResultZ = z8.object({
 });
 
 // src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://svgshare.com/i/12DK.svg";
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
 var COMMIT_FIX_SVG = `https://app.mobb.ai/gh-action/commit-button.svg`;
 
 // src/features/analysis/scm/utils/get_issue_type.ts
@@ -3379,6 +3590,13 @@ function getCommitUrl(params) {
   })}/commit?${searchParams.toString()}`;
 }
 
+// src/features/analysis/utils/by_key.ts
+function keyBy(array, keyBy2) {
+  return array.reduce((acc, item) => {
+    return { ...acc, [item[keyBy2]]: item };
+  }, {});
+}
+
 // src/features/analysis/utils/calculate_ranges.ts
 function calculateRanges(integers) {
   if (integers.length === 0) {
@@ -3406,7 +3624,10 @@ function calculateRanges(integers) {
 
 // src/features/analysis/handle_finished_analysis.ts
 var debug4 = Debug4("mobbdev:handle-finished-analysis");
+var contactUsMarkdown = `For specific requests [contact us](https://mobb.ai/contact) and we'll do the most to answer your need quickly.`;
 var commitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
+var MobbIconMarkdown = `![image](${MOBB_ICON_IMG})`;
+var noVulnerabilitiesFoundTitle = `# ${MobbIconMarkdown} No security issues were found \u2705`;
 function scannerToFriendlyString(scanner) {
   switch (scanner) {
     case "checkmarx":
@@ -3419,7 +3640,7 @@ function scannerToFriendlyString(scanner) {
       return "Snyk";
   }
 }
-async function getFixesFromDiff(params) {
+async function getRelevantVulenrabilitiesFromDiff(params) {
   const { gqlClient, diff, vulnerabilityReportId } = params;
   const parsedDiff = parseDiff(diff);
   const fileHunks = parsedDiff.map((file) => {
@@ -3442,13 +3663,45 @@ async function getFixesFromDiff(params) {
     vulnerabilityReportId
   });
 }
+async function getFixesData(params) {
+  const { gqlClient, fixesId } = params;
+  const { fixes } = await gqlClient.getFixes(fixesId);
+  return keyBy(fixes, "id");
+}
+function buildAnalysisSummaryComment(params) {
+  const { prVulenrabilities: fixesFromDiff, fixesById } = params;
+  const { vulnerabilityReportIssueCodeNodes, fixablePrVuls } = fixesFromDiff;
+  const title = `# ${MobbIconMarkdown} ${fixablePrVuls} ${fixablePrVuls === 1 ? "fix is" : "fixes are"} ready to be committed`;
+  const summary = Object.entries(
+    // count every issue type
+    vulnerabilityReportIssueCodeNodes.reduce(
+      (result, vulnerabilityReportIssueCodeNode) => {
+        const { vulnerabilityReportIssue } = vulnerabilityReportIssueCodeNode;
+        const fix = fixesById[vulnerabilityReportIssue.fixId];
+        if (!fix) {
+          throw new Error(`fix ${vulnerabilityReportIssue.fixId} not found`);
+        }
+        const issueType = getIssueType(fix.issueType);
+        const vulnerabilityReportIssueCount = (result[issueType] || 0) + 1;
+        return {
+          ...result,
+          [issueType]: vulnerabilityReportIssueCount
+        };
+      },
+      {}
+    )
+  ).map(([issueType, issueTypeCount]) => `**${issueType}** - ${issueTypeCount}`);
+  return `${title}
+${summary.join("\n")}`;
+}
 async function handleFinishedAnalysis({
   analysisId,
   scm: _scm,
   gqlClient,
-  githubActionOctokit,
+  githubActionToken,
   scanner
 }) {
+  const githubActionOctokit = new Octokit3({ auth: githubActionToken });
   if (_scm instanceof GithubSCMLib === false) {
     return;
   }
@@ -3462,17 +3715,59 @@ async function handleFinishedAnalysis({
   } = getAnalysis.analysis;
   const { commitSha, pullRequest } = getAnalysis.analysis.repo;
   const diff = await scm.getPrDiff({ pull_number: pullRequest });
-  const { vulnerabilityReportIssueCodeNodes } = await getFixesFromDiff({
+  const prVulenrabilities = await getRelevantVulenrabilitiesFromDiff({
     diff,
     gqlClient,
     vulnerabilityReportId: getAnalysis.analysis.vulnerabilityReportId
   });
-  const comments = await scm.getPrComments(
-    { pull_number: pullRequest },
-    githubActionOctokit
+  const { vulnerabilityReportIssueCodeNodes } = prVulenrabilities;
+  const fixesId = vulnerabilityReportIssueCodeNodes.map(
+    ({ vulnerabilityReportIssue: { fixId } }) => fixId
   );
-  await Promise.all(
-    comments.data.filter((comment) => {
+  const fixesById = await getFixesData({ fixesId, gqlClient });
+  const [comments, generalPrComments] = await Promise.all([
+    scm.getPrComments({ pull_number: pullRequest }, githubActionOctokit),
+    scm.getGeneralPrComments(
+      { prNumber: pullRequest },
+      { authToken: githubActionToken }
+    )
+  ]);
+  async function postAnalysisSummary() {
+    if (Object.values(fixesById).length === 0) {
+      return;
+    }
+    const analysisSummaryComment = buildAnalysisSummaryComment({
+      fixesById,
+      prVulenrabilities
+    });
+    await scm.postGeneralPrComment(
+      {
+        body: analysisSummaryComment,
+        prNumber: pullRequest
+      },
+      { authToken: githubActionToken }
+    );
+  }
+  function deleteAllPreviousGeneralPrComments() {
+    return generalPrComments.data.filter((comment) => {
+      if (!comment.body) {
+        return false;
+      }
+      return comment.body.includes(MOBB_ICON_IMG);
+    }).map((comment) => {
+      try {
+        return scm.deleteGeneralPrComment(
+          { commentId: comment.id },
+          { authToken: githubActionToken }
+        );
+      } catch (e) {
+        debug4("delete comment failed %s", e);
+        return Promise.resolve();
+      }
+    });
+  }
+  function deleteAllPreviousComments() {
+    return comments.data.filter((comment) => {
       return comment.body.includes(MOBB_ICON_IMG);
     }).map((comment) => {
       try {
@@ -3484,70 +3779,154 @@ async function handleFinishedAnalysis({
         debug4("delete comment failed %s", e);
         return Promise.resolve();
       }
-    })
-  );
-  return Promise.all(
-    vulnerabilityReportIssueCodeNodes.map(
-      async (vulnerabilityReportIssueCodeNodes2) => {
-        const { path: path9, startLine, vulnerabilityReportIssue } = vulnerabilityReportIssueCodeNodes2;
-        const { fixId } = vulnerabilityReportIssue;
-        const { fix_by_pk } = await gqlClient.getFix(fixId);
-        const {
-          patchAndQuestions: { patch }
-        } = fix_by_pk;
-        const commentRes = await scm.postPrComment(
-          {
-            body: "empty",
-            pull_number: pullRequest,
-            commit_id: commitSha,
-            path: path9,
-            line: startLine
-          },
-          githubActionOctokit
-        );
-        const commentId = commentRes.data.id;
-        const commitUrl = getCommitUrl({
-          appBaseUrl: WEB_APP_URL,
-          fixId: fix_by_pk.id,
-          projectId,
-          analysisId,
-          organizationId,
-          redirectUrl: commentRes.data.html_url,
-          commentId
-        });
-        const fixUrl = getFixUrlWithRedirect({
-          appBaseUrl: WEB_APP_URL,
-          fixId: fix_by_pk.id,
-          projectId,
-          analysisId,
-          organizationId,
-          redirectUrl: commentRes.data.html_url,
-          commentId
-        });
-        const scanerString = scannerToFriendlyString(scanner);
-        const issueType = getIssueType(fix_by_pk.issueType);
-        const title = `# ![image](${MOBB_ICON_IMG}) ${issueType} fix is ready`;
-        const subTitle = `### Apply the following code change to fix ${issueType} issue detected by ${scanerString}:`;
-        const diff2 = `\`\`\`diff
+    });
+  }
+  await Promise.all([
+    ...deleteAllPreviousComments(),
+    ...deleteAllPreviousGeneralPrComments()
+  ]);
+  async function postFixComment(vulnerabilityReportIssueCodeNode) {
+    const {
+      path: path9,
+      startLine,
+      vulnerabilityReportIssue: { fixId }
+    } = vulnerabilityReportIssueCodeNode;
+    const fix = fixesById[fixId];
+    if (!fix) {
+      throw new Error(`fix ${fixId} not found`);
+    }
+    const {
+      patchAndQuestions: { patch }
+    } = fix;
+    const commentRes = await scm.postPrComment(
+      {
+        body: "empty",
+        pull_number: pullRequest,
+        commit_id: commitSha,
+        path: path9,
+        line: startLine
+      },
+      githubActionOctokit
+    );
+    const commentId = commentRes.data.id;
+    const commitUrl = getCommitUrl({
+      appBaseUrl: WEB_APP_URL,
+      fixId,
+      projectId,
+      analysisId,
+      organizationId,
+      redirectUrl: commentRes.data.html_url,
+      commentId
+    });
+    const fixUrl = getFixUrlWithRedirect({
+      appBaseUrl: WEB_APP_URL,
+      fixId,
+      projectId,
+      analysisId,
+      organizationId,
+      redirectUrl: commentRes.data.html_url,
+      commentId
+    });
+    const scanerString = scannerToFriendlyString(scanner);
+    const issueType = getIssueType(fix.issueType);
+    const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
+    const subTitle = `### Apply the following code change to fix ${issueType} issue detected by **${scanerString}**:`;
+    const diff2 = `\`\`\`diff
 ${patch} 
 \`\`\``;
-        const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
-        await scm.updatePrComment(
-          {
-            body: `${title}
+    const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
+    await scm.updatePrComment(
+      {
+        body: `${title}
 ${subTitle}
 ${diff2}
 ${commitFixButton(
-              commitUrl
-            )}
+          commitUrl
+        )}
 ${fixPageLink}`,
-            comment_id: commentId
-          },
-          githubActionOctokit
-        );
-      }
-    )
-  );
+        comment_id: commentId
+      },
+      githubActionOctokit
+    );
+  }
+  async function postAnalysisInsightComment() {
+    const scanerString = scannerToFriendlyString(scanner);
+    const {
+      totalPrVulnerabilities,
+      vulnerabilitiesOutsidePr,
+      fixablePrVuls,
+      nonFixablePrVuls
+    } = prVulenrabilities;
+    debug4({
+      fixablePrVuls,
+      nonFixablePrVuls,
+      vulnerabilitiesOutsidePr,
+      totalPrVulnerabilities
+    });
+    if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr === 0) {
+      const body = `Awesome! No vulnerabilities were found  by **${scanerString}**`;
+      const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
+${body}`;
+      await scm.postGeneralPrComment(
+        {
+          body: noVulsFoundComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+    if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr > 0) {
+      const body = `Awesome! No vulnerabilities were found by **${scanerString}** in the changes made as part of this PR.`;
+      const body2 = `Please notice there are issues in this repo that are unrelated to this PR.`;
+      const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
+${body}
+${body2}`;
+      await scm.postGeneralPrComment(
+        {
+          body: noVulsFoundComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+    if (fixablePrVuls === 0 && nonFixablePrVuls > 0) {
+      const title = `# ${MobbIconMarkdown} We couldn't fix the issues detected by **${scanerString}**`;
+      const body = `Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.`;
+      const noFixableVulsComment = `${title}
+${body}
+${contactUsMarkdown}`;
+      await scm.postGeneralPrComment(
+        {
+          body: noFixableVulsComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+    if (fixablePrVuls < nonFixablePrVuls && fixablePrVuls > 0) {
+      const title = `# ${MobbIconMarkdown} We couldn't fix some of the issues detected by **${scanerString}**`;
+      const body = "Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.";
+      const fixableVulsComment = `${title}
+${body}
+${contactUsMarkdown}`;
+      await scm.postGeneralPrComment(
+        {
+          body: fixableVulsComment,
+          prNumber: pullRequest
+        },
+        { authToken: githubActionToken }
+      );
+      return;
+    }
+  }
+  await Promise.all([
+    ...prVulenrabilities.vulnerabilityReportIssueCodeNodes.map(postFixComment),
+    postAnalysisInsightComment(),
+    postAnalysisSummary()
+  ]);
 }
 
 // src/features/analysis/pack.ts
@@ -4162,7 +4541,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         analysisId,
         gqlClient,
         scm,
-        githubActionOctokit: new Octokit3({ auth: githubActionToken }),
+        githubActionToken: z10.string().parse(githubActionToken),
         scanner: z10.nativeEnum(SCANNERS).parse(scanner)
       })
     );
@@ -4613,7 +4992,7 @@ Example:
 }
 var UrlZ = z11.string({
   invalid_type_error: "is not a valid GitHub / GitLab / ADO URL"
-}).refine((data) => !!parseScmURL(data), {
+}).refine((data) => !!sanityRepoURL(data), {
   message: "is not a valid GitHub / GitLab / ADO URL"
 });
 function validateRepoUrl(args) {
@@ -4778,10 +5157,10 @@ function validateAddScmTokenOptions(argv) {
     );
   }
   const urlObj = new URL(argv.url);
-  if (urlObj.hostname === "github.com" && !argv.username) {
+  if (urlObj.hostname.toLowerCase() === "github.com" && !argv.username) {
     throw new CliError("\nError: --username flag is required for GitHub");
   }
-  if ((urlObj.hostname === "dev.azure.com" || urlObj.hostname.endsWith(".visualstudio.com")) && !argv.organization) {
+  if ((urlObj.hostname.toLowerCase() === "dev.azure.com" || urlObj.hostname.toLowerCase().endsWith(".visualstudio.com")) && !argv.organization) {
     throw new CliError(
       "\nError: --organization flag is required for Azure DevOps"
     );

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "0.0.84",
+  "version": "0.0.86",
   "description": "Automated secure code remediation tool",
   "repository": "https://github.com/mobb-dev/bugsy",
   "main": "dist/index.js",
@@ -58,6 +58,7 @@
     "supports-color": "9.4.0",
     "tar": "6.2.0",
     "tmp": "0.2.1",
+    "undici": "6.7.0",
     "uuid": "9.0.1",
     "ws": "8.10.0",
     "yargs": "17.7.2",