mobbdev 1.0.106 → 1.0.108

package/dist/index.mjs

@@ -540,6 +540,9 @@ var FixDetailsFragmentDoc = `
       vulnerability_report_issue_tag_value
     }
   }
+  sharedState {
+    id
+  }
   patchAndQuestions {
     __typename
     ... on FixData {
@@ -1062,19 +1065,33 @@ var AutoPrAnalysisDocument = `
 var GetLatestReportByRepoUrlDocument = `
     query GetLatestReportByRepoUrl($repoUrl: String!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!) {
   fixReport(
-    where: {repo: {originalUrl: {_eq: $repoUrl}}}
+    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Finished}}]}
     order_by: {createdOn: desc}
     limit: 1
   ) {
     ...FixReportSummaryFields
   }
+  expiredReport: fixReport(
+    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Expired}}]}
+    order_by: {createdOn: desc}
+    limit: 1
+  ) {
+    id
+    expirationOn
+  }
 }
     ${FixReportSummaryFieldsFragmentDoc}`;
 var GetReportFixesDocument = `
     query GetReportFixes($reportId: uuid!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!) {
-  fixReport(where: {id: {_eq: $reportId}}) {
+  fixReport(where: {_and: [{id: {_eq: $reportId}}, {state: {_eq: Finished}}]}) {
     ...FixReportSummaryFields
   }
+  expiredReport: fixReport(
+    where: {_and: [{id: {_eq: $reportId}}, {state: {_eq: Expired}}]}
+  ) {
+    id
+    expirationOn
+  }
 }
     ${FixReportSummaryFieldsFragmentDoc}`;
 var defaultWrapper = (action, _operationName, _operationType, _variables) => action();
@@ -4430,9 +4447,15 @@ import { z as z15 } from "zod";
 var EnvVariablesZod = z15.object({
   GITLAB_API_TOKEN: z15.string().optional(),
   GITHUB_API_TOKEN: z15.string().optional(),
-  GIT_PROXY_HOST: z15.string().optional().default("http://tinyproxy:8888")
+  GIT_PROXY_HOST: z15.string().optional().default("http://tinyproxy:8888"),
+  MAX_UPLOAD_FILE_SIZE_MB: z15.coerce.number().gt(0).default(5)
 });
-var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+var {
+  GITLAB_API_TOKEN,
+  GITHUB_API_TOKEN,
+  GIT_PROXY_HOST,
+  MAX_UPLOAD_FILE_SIZE_MB
+} = EnvVariablesZod.parse(process.env);
 
 // src/features/analysis/scm/ado/validation.ts
 import { z as z16 } from "zod";
@@ -5062,6 +5085,18 @@ import { setTimeout as setTimeout2 } from "timers/promises";
 import * as path2 from "path";
 import { simpleGit } from "simple-git";
 
+// src/mcp/core/configs.ts
+var MCP_DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
+var MCP_API_KEY_HEADER_NAME = "x-mobb-key";
+var MCP_LOGIN_MAX_WAIT = 10 * 60 * 1e3;
+var MCP_LOGIN_CHECK_DELAY = 1 * 1e3;
+var MCP_VUL_REPORT_DIGEST_TIMEOUT_MS = 5 * 60 * 1e3;
+var MCP_MAX_FILE_SIZE = MAX_UPLOAD_FILE_SIZE_MB * 1024 * 1024;
+var MCP_PERIODIC_CHECK_INTERVAL = 15 * 60 * 1e3;
+var MCP_DEFAULT_MAX_FILES_TO_SCAN = 10;
+var MCP_REPORT_ID_EXPIRATION_MS = 2 * 60 * 60 * 1e3;
+var MCP_TOOLS_BROWSER_COOLDOWN_MS = 24 * 60 * 60 * 1e3;
+
 // src/features/analysis/scm/FileUtils.ts
 import fs2 from "fs";
 import { isBinary } from "istextorbinary";
@@ -5069,6 +5104,9 @@ import path from "path";
 var EXCLUDED_FILE_PATTERNS = [
   // ... (copy the full array from FilePacking.ts)
   ".json",
+  ".snap",
+  ".env.vault",
+  ".env",
   ".yaml",
   ".yml",
   ".toml",
@@ -5220,16 +5258,24 @@ var FileUtils = class {
   }
   static shouldPackFile(filepath, maxFileSize = 1024 * 1024 * 5) {
     const absoluteFilepath = path.resolve(filepath);
-    if (this.isExcludedFileType(filepath)) return false;
-    if (!fs2.existsSync(absoluteFilepath)) return false;
-    if (fs2.lstatSync(absoluteFilepath).size > maxFileSize) return false;
+    if (this.isExcludedFileType(filepath)) {
+      return false;
+    }
+    if (!fs2.existsSync(absoluteFilepath)) {
+      return false;
+    }
+    if (fs2.lstatSync(absoluteFilepath).size > maxFileSize) {
+      return false;
+    }
     let data;
     try {
       data = fs2.readFileSync(absoluteFilepath);
     } catch {
       return false;
     }
-    if (isBinary(null, data)) return false;
+    if (isBinary(null, data)) {
+      return false;
+    }
     return true;
   }
   static getAllFiles(dir, rootDir) {
@@ -5239,7 +5285,7 @@ var FileUtils = class {
     if (relativeDepth > 20) {
       return [];
     }
-    if (results.length > 1e5) {
+    if (results.length > 1e3) {
       return [];
     }
     try {
@@ -5270,10 +5316,14 @@ var FileUtils = class {
     }
     return results;
   }
-  static getLastChangedFiles(dir, maxFileSize = 1024 * 1024 * 5, count = 10) {
+  static getLastChangedFiles({
+    dir,
+    maxFileSize,
+    maxFiles = MCP_DEFAULT_MAX_FILES_TO_SCAN
+  }) {
     if (!fs2.existsSync(dir) || !fs2.lstatSync(dir).isDirectory()) return [];
     const files = this.getAllFiles(dir);
-    return files.filter((file) => this.shouldPackFile(file.fullPath, maxFileSize)).sort((a, b) => b.time - a.time).slice(0, count).map((file) => file.relativePath);
+    return files.filter((file) => this.shouldPackFile(file.fullPath, maxFileSize)).sort((a, b) => b.time - a.time).slice(0, maxFiles).map((file) => file.relativePath);
   }
 };
 
@@ -5322,7 +5372,10 @@ var GitService = class {
         gitRoot,
         this.repositoryPath
       );
-      const files = status.files.map((file) => {
+      const deletedFiles = status.files.filter((file) => file.index === "D" || file.working_dir === "D").map((file) => file.path);
+      const files = status.files.filter((file) => {
+        return !(file.index === "D" || file.working_dir === "D");
+      }).map((file) => {
         const gitRelativePath = file.path;
         if (relativePathFromGitRoot === "") {
           return gitRelativePath;
@@ -5339,11 +5392,13 @@ var GitService = class {
         fileCount: files.length,
         files: files.slice(0, 10),
         // Log first 10 files to avoid spam
+        deletedFileCount: deletedFiles.length,
+        deletedFiles: deletedFiles.slice(0, 10),
         gitRoot,
         workingDir: this.repositoryPath,
         relativePathFromGitRoot
       });
-      return { files, status };
+      return { files, deletedFiles, status };
     } catch (error) {
       const errorMessage = `Failed to get git status: ${error.message}`;
       this.log(errorMessage, "error", { error });
@@ -5468,11 +5523,13 @@ var GitService = class {
     }
   }
   /**
-   * Gets the 10 most recently changed files based on commit history
+   * Gets the maxFiles most recently changed files based on commit history
    */
-  async getRecentlyChangedFiles() {
+  async getRecentlyChangedFiles({
+    maxFiles = MCP_DEFAULT_MAX_FILES_TO_SCAN
+  }) {
     this.log(
-      "Getting the 10 most recently changed files from commit history",
+      `Getting the ${maxFiles} most recently changed files from commit history`,
       "debug"
     );
     try {
@@ -5485,19 +5542,18 @@ var GitService = class {
       const files = [];
       let commitsProcessed = 0;
       const logResult = await this.git.log({
-        maxCount: 100,
-        // Get last 100 commits - should be enough to find 10 unique files
+        maxCount: maxFiles * 5,
+        // 5 times the max files to scan to ensure we find enough files
         format: {
           hash: "%H",
           date: "%ai",
           message: "%s",
           //the field name author_name can't follow the naming convention as we are using the git log command
-          // eslint-disable-next-line @typescript-eslint/naming-convention
           author_name: "%an"
         }
       });
       for (const commit of logResult.all) {
-        if (files.length >= 10) {
+        if (files.length >= maxFiles) {
           break;
         }
         commitsProcessed++;
@@ -5509,7 +5565,7 @@ var GitService = class {
           ]);
           const commitFiles = filesOutput.split("\n").filter((file) => file.trim() !== "");
           for (const file of commitFiles) {
-            if (files.length >= 10) {
+            if (files.length >= maxFiles) {
               break;
             }
             const gitRelativePath = file.trim();
@@ -5527,7 +5583,7 @@ var GitService = class {
               );
             }
             this.log(`Considering file: ${adjustedPath}`, "debug");
-            if (!fileSet.has(adjustedPath) && FileUtils.shouldPackFile(path2.join(gitRoot, gitRelativePath))) {
+            if (!fileSet.has(adjustedPath) && FileUtils.shouldPackFile(path2.join(gitRoot, gitRelativePath)) && !adjustedPath.startsWith("..")) {
               fileSet.add(adjustedPath);
               files.push(adjustedPath);
             }
@@ -5542,8 +5598,8 @@ var GitService = class {
         fileCount: files.length,
         commitsProcessed,
         totalCommitsAvailable: logResult.all.length,
-        files: files.slice(0, 10),
-        // Log the files (should be all of them since we limit to 10)
+        files: files.slice(0, maxFiles),
+        // Log the files (should be all of them since we limit to maxFiles)
         gitRoot,
         workingDir: this.repositoryPath,
         relativePathFromGitRoot
@@ -10046,8 +10102,8 @@ async function forkSnyk(args, { display }) {
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
   debug15("get snyk report start %s %s", reportPath, repoRoot);
-  const config5 = await forkSnyk(["config"], { display: false });
-  const { message: configMessage } = config5;
+  const config4 = await forkSnyk(["config"], { display: false });
+  const { message: configMessage } = config4;
   if (!configMessage.includes("api: ")) {
     const snykLoginSpinner = createSpinner3().start();
     if (!skipPrompts) {
@@ -10059,7 +10115,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug15("no token in the config %s", config5);
+    debug15("no token in the config %s", config4);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -11222,7 +11278,8 @@ var Logger = class {
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       level: logEntry.level,
       message: logEntry.message,
-      data: logEntry.data
+      data: logEntry.data,
+      version: packageJson.version
     };
     const controller = new AbortController();
     const timeoutId = setTimeout(() => {
@@ -11275,11 +11332,7 @@ import { GraphQLClient as GraphQLClient2 } from "graphql-request";
 import open4 from "open";
 import { v4 as uuidv42 } from "uuid";
 
-// src/mcp/constants.ts
-var DEFAULT_API_URL2 = "https://api.mobb.ai/v1/graphql";
-var API_KEY_HEADER_NAME2 = "x-mobb-key";
-
-// src/mcp/tools/fixVulnerabilities/errors/VulnerabilityFixErrors.ts
+// src/mcp/core/Errors.ts
 var ApiConnectionError = class extends Error {
   constructor(message = "Failed to connect to the API") {
     super(message);
@@ -11342,20 +11395,17 @@ var FailedToGetApiTokenError = class extends Error {
 };
 
 // src/mcp/services/McpGQLClient.ts
-var LOGIN_MAX_WAIT2 = 10 * 1e3;
-var LOGIN_CHECK_DELAY2 = 1 * 1e3;
-var config4 = new Configstore3(packageJson.name, { apiToken: "" });
-var BROWSER_COOLDOWN_MS = 5e3;
-var lastBrowserOpenTime = 0;
+var mobbConfigStore = new Configstore3(packageJson.name, { apiToken: "" });
 var McpGQLClient = class {
   constructor(args) {
     __publicField(this, "client");
     __publicField(this, "clientSdk");
     __publicField(this, "_auth");
     this._auth = args;
-    const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL2;
+    const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
+    logDebug("creating graphql client", { API_URL: API_URL2, args });
     this.client = new GraphQLClient2(API_URL2, {
-      headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME2]: args.apiKey || "" } : {
+      headers: args.type === "apiKey" ? { [MCP_API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
       requestMiddleware: (request) => {
@@ -11373,10 +11423,10 @@ var McpGQLClient = class {
   }
   getErrorContext() {
     return {
-      endpoint: process.env["API_URL"] || DEFAULT_API_URL2,
+      endpoint: process.env["API_URL"] || MCP_DEFAULT_API_URL,
       apiKey: this._auth.type === "apiKey" ? this._auth.apiKey : "",
       headers: {
-        [API_KEY_HEADER_NAME2]: this._auth.type === "apiKey" ? "[REDACTED]" : "undefined",
+        [MCP_API_KEY_HEADER_NAME]: this._auth.type === "apiKey" ? "[REDACTED]" : "undefined",
         "x-hasura-request-id": "[DYNAMIC]"
       }
     };
@@ -11385,11 +11435,13 @@ var McpGQLClient = class {
     try {
       logDebug("GraphQL: Calling Me query for connection verification");
       const result = await this.clientSdk.Me();
-      logInfo("GraphQL: Me query successful", { result });
+      logDebug("GraphQL: Me query successful", { result });
       return true;
     } catch (e) {
-      if (e?.toString().includes("FetchError")) {
-        logError("verify connection failed %o", e);
+      const error = e;
+      logDebug(`verify connection failed ${error.toString()}`);
+      if (error?.toString().includes("FetchError")) {
+        logError("verify connection failed", { error });
         return false;
       }
     }
@@ -11561,7 +11613,7 @@ var McpGQLClient = class {
     try {
       const res = await this.clientSdk.CreateCliLogin(variables, {
         // We may have outdated API key in the config storage. Avoid using it for the login request.
-        [API_KEY_HEADER_NAME2]: ""
+        [MCP_API_KEY_HEADER_NAME]: ""
       });
       const loginId = res.insert_cli_login_one?.id || "";
       if (!loginId) {
@@ -11578,7 +11630,7 @@ var McpGQLClient = class {
     try {
       const res = await this.clientSdk.GetEncryptedApiToken(variables, {
         // We may have outdated API key in the config storage. Avoid using it for the login request.
-        [API_KEY_HEADER_NAME2]: ""
+        [MCP_API_KEY_HEADER_NAME]: ""
       });
       return res?.cli_login_by_pk?.encryptedApiToken || null;
     } catch (e) {
@@ -11606,7 +11658,10 @@ var McpGQLClient = class {
         result: res,
         reportCount: res.fixReport?.length || 0
       });
-      return res.fixReport?.[0] || null;
+      return {
+        fixReport: res.fixReport?.[0] || null,
+        expiredReport: res.expiredReport?.[0] || null
+      };
     } catch (e) {
       logError("GraphQL: GetLatestReportByRepoUrl failed", {
         error: e,
@@ -11655,7 +11710,8 @@ var McpGQLClient = class {
       }
       return {
         fixes: res.fixReport?.[0]?.fixes || [],
-        totalCount: res.fixReport?.[0]?.filteredFixesCount?.aggregate?.count || 0
+        totalCount: res.fixReport?.[0]?.filteredFixesCount?.aggregate?.count || 0,
+        expiredReport: res.expiredReport?.[0] || null
       };
     } catch (e) {
       logError("GraphQL: GetReportFixes failed", {
@@ -11667,30 +11723,39 @@ var McpGQLClient = class {
     }
   }
 };
-async function openBrowser(url) {
-  const now = Date.now();
-  if (!process.env["TEST"] && now - lastBrowserOpenTime < BROWSER_COOLDOWN_MS) {
-    logDebug(`browser cooldown active, skipping open for ${url}`);
-    return;
+async function openBrowser(url, isToolsCall) {
+  if (isToolsCall) {
+    const now = Date.now();
+    const lastBrowserOpenTime = mobbConfigStore.get("lastBrowserOpenTime") || 0;
+    if (now - lastBrowserOpenTime < MCP_TOOLS_BROWSER_COOLDOWN_MS) {
+      logDebug(`browser cooldown active, skipping open for ${url}`);
+      return;
+    }
   }
   logDebug(`opening browser url ${url}`);
   await open4(url);
-  lastBrowserOpenTime = now;
+  mobbConfigStore.set("lastBrowserOpenTime", Date.now());
 }
-async function getMcpGQLClient() {
-  logDebug("getting config", { apiToken: config4.get("apiToken") });
+async function getMcpGQLClient({
+  isToolsCall = false
+} = {}) {
+  logDebug("getting config", { apiToken: mobbConfigStore.get("apiToken") });
   const inGqlClient = new McpGQLClient({
-    apiKey: config4.get("apiToken") || process.env["API_KEY"] || "",
+    apiKey: process.env["MOBB_API_KEY"] || process.env["API_KEY"] || // fallback for backward compatibility
+    mobbConfigStore.get("apiToken") || "",
     type: "apiKey"
   });
   const isConnected = await inGqlClient.verifyConnection();
+  logDebug("isConnected", { isConnected });
   if (!isConnected) {
     throw new ApiConnectionError("Error: failed to connect to Mobb API");
   }
+  logDebug("verifying token");
   const userVerify = await inGqlClient.verifyToken();
   if (userVerify) {
     return inGqlClient;
   }
+  logDebug("verifying token failed");
   const { publicKey, privateKey } = crypto2.generateKeyPairSync("rsa", {
     modulusLength: 2048
   });
@@ -11705,10 +11770,10 @@ async function getMcpGQLClient() {
   const webLoginUrl2 = `${WEB_APP_URL}/cli-login`;
   const browserUrl = `${webLoginUrl2}/${loginId}?hostname=${os2.hostname()}`;
   logDebug(`opening browser url ${browserUrl}`);
-  await openBrowser(browserUrl);
+  await openBrowser(browserUrl, isToolsCall);
   logDebug(`waiting for login to complete`);
   let newApiToken = null;
-  for (let i = 0; i < LOGIN_MAX_WAIT2 / LOGIN_CHECK_DELAY2; i++) {
+  for (let i = 0; i < MCP_LOGIN_MAX_WAIT / MCP_LOGIN_CHECK_DELAY; i++) {
     const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
       loginId
     });
@@ -11718,7 +11783,7 @@ async function getMcpGQLClient() {
       logDebug("API token decrypted");
       break;
     }
-    await sleep(LOGIN_CHECK_DELAY2);
+    await sleep(MCP_LOGIN_CHECK_DELAY);
   }
   if (!newApiToken) {
     throw new FailedToGetApiTokenError(
@@ -11729,7 +11794,7 @@ async function getMcpGQLClient() {
   const loginSuccess = await newGqlClient.verifyToken();
   if (loginSuccess) {
     logDebug(`set api token ${newApiToken}`);
-    config4.set("apiToken", newApiToken);
+    mobbConfigStore.set("apiToken", newApiToken);
   } else {
     throw new AuthenticationError("Invalid API token");
   }
@@ -11772,14 +11837,14 @@ var ToolRegistry = class {
 
 // src/mcp/core/McpServer.ts
 var McpServer = class {
-  constructor(config5) {
+  constructor(config4) {
     __publicField(this, "server");
     __publicField(this, "toolRegistry");
     __publicField(this, "isEventHandlersSetup", false);
     this.server = new Server(
       {
-        name: config5.name,
-        version: config5.version
+        name: config4.name,
+        version: config4.version
       },
       {
         capabilities: {
@@ -11790,7 +11855,7 @@ var McpServer = class {
     this.toolRegistry = new ToolRegistry();
     this.setupHandlers();
     this.setupProcessEventHandlers();
-    logInfo("MCP server instance created", config5);
+    logInfo("MCP server instance created", config4);
   }
   setupProcessEventHandlers() {
     if (this.isEventHandlersSetup) {
@@ -11838,16 +11903,10 @@ var McpServer = class {
   }
   async handleListToolsRequest(request) {
     logInfo("Received list_tools request", { params: request.params });
-    logInfo("Environment", {
-      env: process.env
-    });
     logInfo("Request", {
       request: JSON.parse(JSON.stringify(request))
     });
-    logInfo("Server", {
-      server: this.server
-    });
-    void getMcpGQLClient();
+    void getMcpGQLClient({ isToolsCall: true });
     const toolsDefinitions = this.toolRegistry.getAllTools();
     const response = {
       tools: toolsDefinitions.map((tool) => ({
@@ -11867,15 +11926,9 @@ var McpServer = class {
   async handleCallToolRequest(request) {
     const { name, arguments: args } = request.params;
     logInfo(`Received call tool request for ${name}`, { name, args });
-    logInfo("Environment", {
-      env: process.env
-    });
     logInfo("Request", {
       request: JSON.parse(JSON.stringify(request))
     });
-    logInfo("Server", {
-      server: this.server
-    });
     try {
       const tool = this.toolRegistry.getTool(name);
       if (!tool) {
@@ -11938,53 +11991,74 @@ var McpServer = class {
   }
 };
 
-// src/mcp/tools/checkForAvailableFixes/AvailableFixesTool.ts
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
 import { z as z32 } from "zod";
 
 // src/mcp/services/PathValidation.ts
 import fs9 from "fs";
 import path11 from "path";
-var PathValidation = class {
-  /**
-   * Validates a path for MCP usage - combines security and existence checks
-   */
-  async validatePath(inputPath) {
-    logDebug("Validating MCP path", { inputPath });
-    if (inputPath.includes("..")) {
-      const error = `Path contains path traversal patterns: ${inputPath}`;
-      logError(error);
-      return { isValid: false, error };
-    }
-    const normalizedPath = path11.normalize(inputPath);
-    if (normalizedPath.includes("..")) {
-      const error = `Normalized path contains path traversal patterns: ${inputPath}`;
-      logError(error);
-      return { isValid: false, error };
-    }
-    const decodedPath = decodeURIComponent(inputPath);
-    if (decodedPath.includes("..") || decodedPath !== inputPath) {
-      const error = `Path contains encoded traversal attempts: ${inputPath}`;
-      logError(error);
-      return { isValid: false, error };
-    }
-    if (inputPath.includes("\0") || inputPath.includes("\0")) {
-      const error = `Path contains dangerous characters: ${inputPath}`;
+async function validatePath(inputPath) {
+  logDebug("Validating MCP path", { inputPath });
+  if (/^\/[a-zA-Z]:\//.test(inputPath)) {
+    inputPath = inputPath.slice(1);
+  }
+  if (inputPath === "." || inputPath === "./") {
+    if (process.env["WORKSPACE_FOLDER_PATHS"]) {
+      logDebug("Fallback to workspace folder path", {
+        inputPath,
+        workspaceFolderPaths: process.env["WORKSPACE_FOLDER_PATHS"]
+      });
+      return {
+        isValid: true,
+        path: process.env["WORKSPACE_FOLDER_PATHS"]
+      };
+    } else {
+      const error = `"." is not a valid path, please provide a full localpath to the repository`;
       logError(error);
-      return { isValid: false, error };
-    }
-    logDebug("Path validation successful", { inputPath });
-    logDebug("Checking path existence", { inputPath });
-    try {
-      await fs9.promises.access(inputPath);
-      logDebug("Path exists and is accessible", { inputPath });
-      return { isValid: true };
-    } catch (error) {
-      const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
-      logError(errorMessage, { error });
-      return { isValid: false, error: errorMessage };
+      return { isValid: false, error, path: inputPath };
     }
   }
-};
+  if (inputPath.includes("..")) {
+    const error = `Path contains path traversal patterns: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  const normalizedPath = path11.normalize(inputPath);
+  if (normalizedPath.includes("..")) {
+    const error = `Normalized path contains path traversal patterns: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  let decodedPath;
+  try {
+    decodedPath = decodeURIComponent(inputPath);
+  } catch (err) {
+    const error = `Failed to decode path: ${inputPath}`;
+    logError(error, { err });
+    return { isValid: false, error, path: inputPath };
+  }
+  if (decodedPath.includes("..") || decodedPath !== inputPath) {
+    const error = `Path contains encoded traversal attempts: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  if (inputPath.includes("\0") || inputPath.includes("\0")) {
+    const error = `Path contains dangerous characters: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  logDebug("Path validation successful", { inputPath });
+  logDebug("Checking path existence", { inputPath });
+  try {
+    await fs9.promises.access(inputPath);
+    logDebug("Path exists and is accessible", { inputPath });
+    return { isValid: true, path: inputPath };
+  } catch (error) {
+    const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
+    logError(errorMessage, { error });
+    return { isValid: false, error: errorMessage, path: inputPath };
+  }
+}
 
 // src/mcp/tools/base/BaseTool.ts
 import { z as z31 } from "zod";
@@ -11998,7 +12072,6 @@ var BaseTool = class {
     };
   }
   async execute(args) {
-    logInfo(`Executing tool: ${this.name}`, { args });
     logInfo(`Authenticating tool: ${this.name}`, { args });
     const mcpGqlClient = await getMcpGQLClient();
     const userInfo = await mcpGqlClient.getUserInfo();
@@ -12053,7 +12126,8 @@ var applyFixesPrompt = ({
   totalCount,
   nextOffset,
   shownCount,
-  currentTool
+  currentTool,
+  offset = 0
 }) => {
   if (fixes.length === 0) {
     return noFixesReturnedForParameters;
@@ -12111,7 +12185,7 @@ If you cannot apply a patch:
 
 ${fixList.map(
     (fix, index) => `
-## Fix ${index + 1}: ${fix.vulnerabilityType}
+## Fix ${offset + index + 1}: ${fix.vulnerabilityType}
 
 **\u{1F3AF} Target:** Apply this patch to fix a ${fix.vulnerabilityType.toLowerCase()} vulnerability
 
@@ -12164,7 +12238,7 @@ We were unable to find a previous vulnerability report for this repository. This
 
 ### \u{1F3AF} Recommended Actions
 1. **Run a new security scan** to analyze your codebase
-   - Use the \`fix_vulnerabilities\` tool to start a fresh scan
+   - Use the \`scan_and_fix_vulnerabilities\` tool to start a fresh scan
    - This will analyze your current code for security issues
 
 2. **Verify repository access**
@@ -12178,6 +12252,27 @@ We were unable to find a previous vulnerability report for this repository. This
 For assistance, please:
 - Visit our documentation at https://docs.mobb.ai
 - Contact support at support@mobb.ai`;
+var expiredReportPrompt = ({
+  lastReportDate
+}) => `\u{1F50D} **MOBB SECURITY SCAN STATUS**
+
+## Out-of-Date Vulnerability Report
+
+Your most recent vulnerability report for this repository **expired on ${lastReportDate}** and is no longer available for fetching automated fixes.
+
+### \u{1F4CB} Why Did This Happen?
+- Reports are automatically purged after a retention period for security and storage optimisation.
+- No new scans have been run since the last report expired.
+
+### \u{1F3AF} Recommended Actions
+1. **Run a fresh security scan** to generate an up-to-date vulnerability report.
+   - Use the \`scan_and_fix_vulnerabilities\` tool.
+2. **Verify repository access** if scans fail to run or the repository has moved.
+3. **Review your CI/CD pipeline** to ensure regular scans are triggered.
+
+For more help:
+- Documentation: https://docs.mobb.ai
+- Support: support@mobb.ai`;
 var noFixesAvailablePrompt = `There are no fixes available for this repository at this time.
 `;
 var fixesFoundPrompt = ({
@@ -12225,20 +12320,49 @@ ${applyFixesPrompt({
     hasMore,
     nextOffset: 0,
     shownCount: fixReport.fixes.length,
-    currentTool: "check_for_available_fixes"
+    currentTool: "fetch_available_fixes",
+    offset
   })}`;
 };
-var noFixesFoundPrompt = `\u{1F50D} **MOBB SECURITY SCAN COMPLETED** 
+var nextStepsPrompt = ({ scannedFiles }) => `
+### \u{1F4C1} Scanned Files
+${scannedFiles.map((file) => `- ${file}`).join("\n")}
+
+### Extend the scan scope
+
+To scan a larger number of files, include the additional parameter:
+
+- **maxFiles**: <number_of_files_to_scan>
+
+This will scan up to the specified number of recently changed files.
+
+### \u{1F504} Running a Fresh Scan
+
+To perform a **rescan** of your repository (fetching a brand-new vulnerability report and updated fixes), include the additional parameter:
+
+- **rescan**: true
+
+This will start a new analysis, discard any cached results.
+
+\u26A0\uFE0F *Note:* A full rescan may take longer to complete than simply fetching additional fixes because your repository is re-uploaded and re-analyzed from scratch.
+
+`;
+var noFixesFoundPrompt = ({
+  scannedFiles
+}) => `\u{1F50D} **MOBB SECURITY SCAN COMPLETED** 
 
 Mobb security scan completed successfully but found no automated fixes available at this time.
+
+${nextStepsPrompt({ scannedFiles })}
 `;
 var fixesPrompt = ({
   fixes,
   totalCount,
-  offset
+  offset,
+  scannedFiles
 }) => {
   if (totalCount === 0) {
-    return noFixesFoundPrompt;
+    return noFixesFoundPrompt({ scannedFiles });
   }
   const shownCount = fixes.length;
   const nextOffset = offset + shownCount;
@@ -12251,28 +12375,491 @@ ${applyFixesPrompt({
     hasMore,
     nextOffset,
     shownCount,
-    currentTool: "fix_vulnerabilities"
+    currentTool: "scan_and_fix_vulnerabilities",
+    offset
   })}
 
-### \u{1F504} Running a Fresh Scan
+${nextStepsPrompt({ scannedFiles })}
+`;
+};
+var noFreshFixesPrompt = `No fresh fixes available for this repository at this time.
+`;
+var initialScanInProgressPrompt = `Initial scan in progress. Call the tool again in 1 minute to check for available fixes.`;
+var freshFixesPrompt = ({ fixes }) => {
+  return `Here are the fresh fixes to the vulnerabilities discovered by Mobb MCP
 
-To perform a **rescan** of your repository (fetching a brand-new vulnerability report and updated fixes), include the additional parameter:
+${applyFixesPrompt({
+    fixes,
+    totalCount: fixes.length,
+    hasMore: false,
+    nextOffset: 0,
+    shownCount: fixes.length,
+    currentTool: "fetch_available_fixes",
+    offset: 0
+  })}
+`;
+};
 
-- **isRescan**: true
+// src/mcp/services/GetLocalFiles.ts
+import fs10 from "fs/promises";
+import nodePath from "path";
+var getLocalFiles = async ({
+  path: path13,
+  maxFileSize = 1024 * 1024 * 5,
+  maxFiles
+}) => {
+  const resolvedRepoPath = await fs10.realpath(path13);
+  const gitService = new GitService(resolvedRepoPath, log);
+  const gitValidation = await gitService.validateRepository();
+  let files = [];
+  if (!gitValidation.isValid) {
+    logDebug(
+      "Git repository validation failed, using all files in the repository",
+      {
+        path: path13
+      }
+    );
+    files = FileUtils.getLastChangedFiles({
+      dir: path13,
+      maxFileSize,
+      maxFiles
+    });
+    logDebug("Found files in the repository", {
+      files,
+      fileCount: files.length
+    });
+  } else {
+    logDebug("maxFiles", {
+      maxFiles
+    });
+    const gitResult = await gitService.getChangedFiles();
+    files = gitResult.files;
+    if (files.length === 0 || maxFiles) {
+      const recentResult = await gitService.getRecentlyChangedFiles({
+        maxFiles
+      });
+      files = recentResult.files;
+      logDebug(
+        "No changes found, using recently changed files from git history",
+        {
+          files,
+          fileCount: files.length,
+          commitsChecked: recentResult.commitCount
+        }
+      );
+    } else {
+      logDebug("Found changed files in the git repository", {
+        files,
+        fileCount: files.length
+      });
+    }
+  }
+  files = files.filter(
+    (file) => FileUtils.shouldPackFile(
+      nodePath.resolve(resolvedRepoPath, file),
+      maxFileSize
+    )
+  );
+  const filesWithStats = await Promise.all(
+    files.map(async (file) => {
+      const absoluteFilePath = nodePath.resolve(resolvedRepoPath, file);
+      const relativePath = nodePath.relative(resolvedRepoPath, absoluteFilePath);
+      let fileStat;
+      try {
+        fileStat = await fs10.stat(absoluteFilePath);
+      } catch (e) {
+        logDebug("File not found", {
+          file
+        });
+      }
+      return {
+        filename: nodePath.basename(absoluteFilePath),
+        relativePath,
+        fullPath: absoluteFilePath,
+        lastEdited: fileStat?.mtime.getTime() ?? 0
+      };
+    })
+  );
+  return filesWithStats.filter((file) => file.lastEdited > 0);
+};
 
-This will start a new analysis, discard any cached results.
+// src/mcp/services/ScanFiles.ts
+import fs11 from "fs";
+import path12 from "path";
+import AdmZip2 from "adm-zip";
+var scanFiles = async (fileList, repositoryPath, gqlClient) => {
+  const repoUploadInfo = await initializeReport(gqlClient);
+  const fixReportId = repoUploadInfo.fixReportId;
+  const zipBuffer = await packFiles(fileList, repositoryPath);
+  await uploadFiles(zipBuffer, repoUploadInfo);
+  const projectId = await getProjectId(gqlClient);
+  await runScan({ fixReportId, projectId, gqlClient });
+  return {
+    fixReportId,
+    projectId
+  };
+};
+var initializeReport = async (gqlClient) => {
+  if (!gqlClient) {
+    throw new GqlClientError();
+  }
+  try {
+    const {
+      uploadS3BucketInfo: { repoUploadInfo }
+    } = await gqlClient.uploadS3BucketInfo();
+    logInfo("Upload info retrieved", { uploadKey: repoUploadInfo?.uploadKey });
+    return repoUploadInfo;
+  } catch (error) {
+    const message = error.message;
+    throw new ReportInitializationError(`Error initializing report: ${message}`);
+  }
+};
+var packFiles = async (fileList, repositoryPath) => {
+  try {
+    logInfo(`FilePacking: packing files from ${repositoryPath}`);
+    const zip = new AdmZip2();
+    let packedFilesCount = 0;
+    const resolvedRepoPath = path12.resolve(repositoryPath);
+    logInfo("FilePacking: compressing files");
+    for (const filepath of fileList) {
+      const absoluteFilepath = path12.join(repositoryPath, filepath);
+      const resolvedFilePath = path12.resolve(absoluteFilepath);
+      if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
+        logInfo(
+          `FilePacking: skipping ${filepath} due to potential path traversal`
+        );
+        continue;
+      }
+      if (!FileUtils.shouldPackFile(absoluteFilepath, MCP_MAX_FILE_SIZE)) {
+        logInfo(
+          `FilePacking: ignoring ${filepath} because it is excluded or invalid`
+        );
+        continue;
+      }
+      let data;
+      try {
+        data = fs11.readFileSync(absoluteFilepath);
+      } catch (fsError) {
+        logInfo(
+          `FilePacking: failed to read ${filepath} from filesystem: ${fsError}`
+        );
+        continue;
+      }
+      zip.addFile(filepath, data);
+      packedFilesCount++;
+    }
+    const zipBuffer = zip.toBuffer();
+    logInfo(
+      `FilePacking: read ${packedFilesCount} source files. total size: ${zipBuffer.length} bytes`
+    );
+    logInfo("Files packed successfully", { fileCount: fileList.length });
+    return zipBuffer;
+  } catch (error) {
+    const message = error.message;
+    throw new FileProcessingError(`Error packing files: ${message}`);
+  }
+};
+var uploadFiles = async (zipBuffer, repoUploadInfo) => {
+  if (!repoUploadInfo) {
+    throw new FileUploadError("Upload info is required");
+  }
+  try {
+    await uploadFile({
+      file: zipBuffer,
+      url: repoUploadInfo.url,
+      uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
+      uploadKey: repoUploadInfo.uploadKey
+    });
+    logInfo("File uploaded successfully");
+  } catch (error) {
+    logError("File upload failed", { error: error.message });
+    throw new FileUploadError(
+      `Failed to upload the file: ${error.message}`
+    );
+  }
+};
+var getProjectId = async (gqlClient) => {
+  if (!gqlClient) {
+    throw new GqlClientError();
+  }
+  const projectId = await gqlClient.getProjectId();
+  logInfo("Project ID retrieved", { projectId });
+  return projectId;
+};
+var runScan = async ({
+  fixReportId,
+  projectId,
+  gqlClient
+}) => {
+  if (!gqlClient) {
+    throw new GqlClientError();
+  }
+  logInfo("Starting scan", { fixReportId, projectId });
+  const submitVulnerabilityReportVariables = {
+    fixReportId,
+    projectId,
+    repoUrl: "",
+    reference: "no-branch",
+    scanSource: "MCP" /* Mcp */
+  };
+  logInfo("Submitting vulnerability report");
+  const submitRes = await gqlClient.submitVulnerabilityReport(
+    submitVulnerabilityReportVariables
+  );
+  if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
+    logError("Vulnerability report submission failed", {
+      response: submitRes
+    });
+    throw new ScanError("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
+  }
+  logInfo("Vulnerability report submitted successfully", {
+    analysisId: submitRes.submitVulnerabilityReport.fixReportId
+  });
+  logInfo("Starting analysis subscription");
+  await gqlClient.subscribeToGetAnalysis({
+    subscribeToAnalysisParams: {
+      analysisId: submitRes.submitVulnerabilityReport.fixReportId
+    },
+    callback: () => {
+    },
+    callbackStates: ["Finished" /* Finished */],
+    timeoutInMs: MCP_VUL_REPORT_DIGEST_TIMEOUT_MS
+  });
+  logInfo("Analysis subscription completed");
+};
 
-\u26A0\uFE0F *Note:* A full rescan may take longer to complete than simply fetching additional fixes because your repository is re-uploaded and re-analyzed from scratch.
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
+function extractPathFromPatch(patch) {
+  const match = patch?.match(/^diff --git a\/([^\s]+) b\//);
+  return match?.[1] ?? null;
+}
+var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService {
+  constructor() {
+    /**
+     * Cache of the last known total number of fixes per repository URL so that we
+     * can determine whether *new* fixes have been generated since the user last
+     * asked.
+     */
+    __publicField(this, "path", "");
+    __publicField(this, "filesLastScanned", {});
+    __publicField(this, "freshFixes", []);
+    __publicField(this, "reportedFixes", []);
+    __publicField(this, "intervalId", null);
+    __publicField(this, "isInitialScanComplete", false);
+  }
+  static getInstance() {
+    if (!_CheckForNewAvailableFixesService.instance) {
+      _CheckForNewAvailableFixesService.instance = new _CheckForNewAvailableFixesService();
+    }
+    return _CheckForNewAvailableFixesService.instance;
+  }
+  /**
+   * Resets any cached state so the service can be reused between independent
+   * MCP sessions.
+   */
+  reset() {
+    this.filesLastScanned = {};
+    this.freshFixes = [];
+    this.reportedFixes = [];
+    if (this.intervalId) {
+      clearInterval(this.intervalId);
+      this.intervalId = null;
+    }
+  }
+  /**
+   * Stub implementation – in a future version this will query the backend for
+   * the latest fixes count and compare it with the cached value. For now it
+   * simply returns a placeholder string so that the tool can be wired into the
+   * system and used in tests.
+   */
+  async scan({ path: path13 }) {
+    logInfo("Scanning for new fixes", { path: path13 });
+    const gqlClient = await getMcpGQLClient();
+    const isConnected = await gqlClient.verifyConnection();
+    if (!isConnected) {
+      logError("Failed to connect to the API, scan aborted");
+      return;
+    }
+    logInfo("Connected to the API, assebling list of files to scan", { path: path13 });
+    const files = await getLocalFiles({
+      path: path13,
+      maxFileSize: MCP_MAX_FILE_SIZE
+    });
+    logInfo("Active files", { files });
+    const filesToScan = files.filter((file) => {
+      const lastScannedEditTime = this.filesLastScanned[file.fullPath];
+      if (!lastScannedEditTime) {
+        return true;
+      }
+      return file.lastEdited > lastScannedEditTime;
+    });
+    if (filesToScan.length === 0) {
+      logInfo("No files to scan", { path: path13 });
+      return;
+    }
+    logInfo("Files to scan", { filesToScan });
+    const { fixReportId, projectId } = await scanFiles(
+      filesToScan.map((file) => file.relativePath),
+      path13,
+      gqlClient
+    );
+    logInfo("Scan completed", { fixReportId, projectId });
+    const fixes = await gqlClient.getReportFixesPaginated({
+      reportId: fixReportId,
+      offset: 0,
+      limit: 1e3
+    });
+    const newFixes = fixes?.fixes?.filter((fix) => !this.isAlreadyReported(fix));
+    logInfo("Fixes retrieved", {
+      count: fixes?.fixes?.length || 0,
+      newFixes: newFixes?.length || 0
+    });
+    this.freshFixes = this.freshFixes.filter((fix) => !this.isFixFromOldScan(fix, filesToScan)).concat(newFixes || []);
+    logInfo("Fresh fixes", { freshFixes: this.freshFixes });
+    filesToScan.forEach((file) => {
+      this.filesLastScanned[file.fullPath] = file.lastEdited;
+    });
+    this.isInitialScanComplete = true;
+  }
+  isAlreadyReported(fix) {
+    return this.reportedFixes.some(
+      (reportedFix) => reportedFix.sharedState?.id === fix.sharedState?.id
+    );
+  }
+  isFixFromOldScan(fix, filesToScan) {
+    const patch = fix.patchAndQuestions?.__typename === "FixData" ? fix.patchAndQuestions.patch : void 0;
+    const fixFile = extractPathFromPatch(patch);
+    if (!fixFile) {
+      return false;
+    }
+    logInfo("isOldFix", {
+      fixFile,
+      filesToScan,
+      isOldFix: filesToScan.some((file) => file.relativePath === fixFile)
+    });
+    return filesToScan.some((file) => file.relativePath === fixFile);
+  }
+  async getFreshFixes({ path: path13 }) {
+    if (this.path !== path13) {
+      this.path = path13;
+      this.reset();
+    }
+    if (!this.intervalId) {
+      logInfo("Starting periodic scan for new fixes", { path: path13 });
+      this.intervalId = setInterval(() => {
+        logDebug("Triggering periodic scan", { path: path13 });
+        this.scan({ path: path13 }).catch((error) => {
+          logError("Error during periodic scan", { error });
+        });
+      }, MCP_PERIODIC_CHECK_INTERVAL);
+      logDebug("Triggering initial scan", { path: path13 });
+      this.scan({ path: path13 }).catch((error) => {
+        logError("Error during initial scan", { error });
+      });
+    }
+    if (this.freshFixes.length > 0) {
+      const freshFixes = this.freshFixes.splice(0, 3);
+      if (freshFixes.length > 0) {
+        this.reportedFixes.concat(freshFixes);
+        return freshFixesPrompt({ fixes: freshFixes });
+      }
+    }
+    if (!this.isInitialScanComplete) {
+      return initialScanInProgressPrompt;
+    }
+    return noFreshFixesPrompt;
+  }
+};
+__publicField(_CheckForNewAvailableFixesService, "instance");
+var CheckForNewAvailableFixesService = _CheckForNewAvailableFixesService;
 
-`;
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
+var CheckForNewAvailableFixesTool = class extends BaseTool {
+  constructor() {
+    super();
+    __publicField(this, "name", "check_for_new_available_fixes");
+    __publicField(this, "displayName", "Check for New Available Fixes");
+    // A detailed description to guide the LLM on when and how to invoke this tool.
+    __publicField(this, "description", `Continuesly monitors your code and scans for new security vulnerabilities.
+
+When to invoke:
+\u2022 ALWAYS call this tool ONCE at the very end of every reasoning / code-generation session (after all code edits, linting, tests, etc.).
+\u2022 Invoke when the user explicitly asks to "check for new fixes", "look for fresh patches", or similar.
+\u2022 The repository must exist locally and be a valid Git repo with an 'origin' remote configured.
+
+How to invoke:
+\u2022 Required argument:
+  \u2013 path (string): absolute path to the repository root.
+
+Behaviour:
+\u2022 If no new fixes are available, it returns a concise message indicating so.
+\u2022 If fixes are found, it returns a human-readable summary including total count and severity breakdown.
+
+Example payload:
+{
+  "path": "/home/user/my-project"
+}`);
+    __publicField(this, "inputSchema", {
+      type: "object",
+      properties: {
+        path: {
+          type: "string",
+          description: "Full local path to the cloned git repository to check for new available fixes"
+        }
+      },
+      required: ["path"]
+    });
+    __publicField(this, "inputValidationSchema", z32.object({
+      path: z32.string().describe(
+        "Full local path to the cloned git repository to check for new available fixes"
+      )
+    }));
+    __publicField(this, "newFixesService");
+    this.newFixesService = new CheckForNewAvailableFixesService();
+  }
+  async executeInternal(args) {
+    const pathValidationResult = await validatePath(args.path);
+    if (!pathValidationResult.isValid) {
+      throw new Error(
+        `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
+      );
+    }
+    const path13 = pathValidationResult.path;
+    const resultText = await this.newFixesService.getFreshFixes({
+      path: path13
+    });
+    logInfo("CheckForNewAvailableFixesTool execution completed", {
+      resultText
+    });
+    return {
+      content: [
+        {
+          type: "text",
+          text: resultText
+        }
+      ]
+    };
+  }
 };
 
-// src/mcp/tools/checkForAvailableFixes/AvailableFixesService.ts
-var AvailableFixesService = class {
+// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
+import { z as z33 } from "zod";
+
+// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
+var _FetchAvailableFixesService = class _FetchAvailableFixesService {
   constructor() {
     __publicField(this, "gqlClient", null);
     __publicField(this, "currentOffset", 0);
   }
+  static getInstance() {
+    if (!_FetchAvailableFixesService.instance) {
+      _FetchAvailableFixesService.instance = new _FetchAvailableFixesService();
+    }
+    return _FetchAvailableFixesService.instance;
+  }
+  reset() {
+    this.currentOffset = 0;
+  }
   async initializeGqlClient() {
     if (!this.gqlClient) {
       this.gqlClient = await getMcpGQLClient();
@@ -12282,40 +12869,44 @@ var AvailableFixesService = class {
   async checkForAvailableFixes({
     repoUrl,
     limit = 3,
-    offset = 0
+    offset
   }) {
     try {
       logDebug("Checking for available fixes", { repoUrl, limit });
       const gqlClient = await this.initializeGqlClient();
       logDebug("GQL client initialized");
       logDebug("querying for latest report", { repoUrl, limit });
-      let effectiveOffset;
-      if (offset !== void 0) {
-        effectiveOffset = offset;
-      } else if (this.currentOffset) {
-        effectiveOffset = this.currentOffset ?? 0;
-      } else {
-        effectiveOffset = 0;
-      }
-      logDebug("effectiveOffset", { test: "j", effectiveOffset });
-      const result = await gqlClient.getLatestReportByRepoUrl({
+      const effectiveOffset = offset ?? (this.currentOffset || 0);
+      logDebug("effectiveOffset", { effectiveOffset });
+      const { fixReport, expiredReport } = await gqlClient.getLatestReportByRepoUrl({
         repoUrl,
         limit,
         offset: effectiveOffset
       });
-      logDebug("received latest report result", { result });
-      if (!result) {
-        logInfo("No report found for repository", { repoUrl });
+      logDebug("received latest report result", { fixReport, expiredReport });
+      if (!fixReport) {
+        if (expiredReport) {
+          const lastReportDate = expiredReport.expirationOn ? new Date(expiredReport.expirationOn).toLocaleString() : "Unknown date";
+          logInfo("Expired report found", {
+            repoUrl,
+            expirationOn: expiredReport.expirationOn
+          });
+          return expiredReportPrompt({ lastReportDate });
+        }
+        logInfo("No report (active or expired) found for repository", {
+          repoUrl
+        });
         return noReportFoundPrompt;
       }
       logInfo("Successfully retrieved available fixes", {
         reportFound: true
       });
-      this.currentOffset = effectiveOffset + (result.fixes?.length || 0);
-      return fixesFoundPrompt({
-        fixReport: result,
-        offset: this.currentOffset
+      const prompt = fixesFoundPrompt({
+        fixReport,
+        offset: effectiveOffset
       });
+      this.currentOffset = effectiveOffset + (fixReport.fixes?.length || 0);
+      return prompt;
     } catch (error) {
       logError("Failed to check for available fixes", {
         error,
@@ -12325,20 +12916,40 @@ var AvailableFixesService = class {
     }
   }
 };
+__publicField(_FetchAvailableFixesService, "instance");
+var FetchAvailableFixesService = _FetchAvailableFixesService;
 
-// src/mcp/tools/checkForAvailableFixes/AvailableFixesTool.ts
-var CheckForAvailableFixesTool = class extends BaseTool {
+// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
+var FetchAvailableFixesTool = class extends BaseTool {
   constructor() {
-    super(...arguments);
-    __publicField(this, "name", "check_for_available_fixes");
-    __publicField(this, "displayName", "Check for Available Fixes");
-    __publicField(this, "description", "Checks if there are any available fixes for vulnerabilities in the project");
+    super();
+    __publicField(this, "name", "fetch_available_fixes");
+    __publicField(this, "displayName", "Fetch Available Fixes");
+    __publicField(this, "description", `Check the MOBB backend for pre-generated fixes (patch sets) that correspond to vulnerabilities detected in the supplied Git repository.
+
+Use when:
+\u2022 You already have a local clone of a Git repository and want to know if MOBB has fixes available for it.
+\u2022 A vulnerability scan has been run previously and uploaded to the MOBB backend and you want to fetch the list or count of ready-to-apply fixes before triggering a full scan-and-fix flow.
+
+Required argument:
+\u2022 path \u2013 absolute path to the local Git repository clone.
+
+Optional arguments:
+\u2022 offset \u2013 pagination offset (integer).
+\u2022 limit  \u2013 maximum number of fixes to return (integer).
+
+The tool will:
+1. Validate that the provided path is secure and exists.
+2. Verify that the directory is a valid Git repository with an "origin" remote.
+3. Query the MOBB service by the origin remote URL and return a textual summary of available fixes (total and by severity) or a message if none are found.
+
+Call this tool instead of scan_and_fix_vulnerabilities when you only need a fixes summary and do NOT want to perform scanning or code modifications.`);
     __publicField(this, "inputSchema", {
       type: "object",
       properties: {
         path: {
           type: "string",
-          description: "Path to the local git repository to check for available fixes"
+          description: "Full local path to the cloned git repository to check for available fixes"
         },
         offset: {
           type: "number",
@@ -12351,23 +12962,26 @@ var CheckForAvailableFixesTool = class extends BaseTool {
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z32.object({
-      path: z32.string().describe(
-        "Path to the local git repository to check for available fixes"
+    __publicField(this, "inputValidationSchema", z33.object({
+      path: z33.string().describe(
+        "Full local path to the cloned git repository to check for available fixes"
       ),
-      offset: z32.number().optional().describe("Optional offset for pagination"),
-      limit: z32.number().optional().describe("Optional maximum number of fixes to return")
+      offset: z33.number().optional().describe("Optional offset for pagination"),
+      limit: z33.number().optional().describe("Optional maximum number of fixes to return")
     }));
+    __publicField(this, "availableFixesService");
+    this.availableFixesService = FetchAvailableFixesService.getInstance();
+    this.availableFixesService.reset();
   }
   async executeInternal(args) {
-    const pathValidation = new PathValidation();
-    const pathValidationResult = await pathValidation.validatePath(args.path);
+    const pathValidationResult = await validatePath(args.path);
     if (!pathValidationResult.isValid) {
       throw new Error(
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const gitService = new GitService(args.path, log);
+    const path13 = pathValidationResult.path;
+    const gitService = new GitService(path13, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -12380,13 +12994,12 @@ var CheckForAvailableFixesTool = class extends BaseTool {
     if (!originUrl) {
       throw new Error("No origin URL found for the repository");
     }
-    const availableFixesService = new AvailableFixesService();
-    const fixResult = await availableFixesService.checkForAvailableFixes({
+    const fixResult = await this.availableFixesService.checkForAvailableFixes({
       repoUrl: originUrl,
       limit: args.limit,
       offset: args.offset
     });
-    logInfo("CheckForAvailableFixesTool execution completed successfully", {
+    logInfo("FetchAvailableFixesTool execution completed successfully", {
       fixResult
     });
     return {
@@ -12400,55 +13013,13 @@ var CheckForAvailableFixesTool = class extends BaseTool {
   }
 };
 
-// src/mcp/tools/fixVulnerabilities/FixVulnerabilitiesTool.ts
-import z33 from "zod";
-
-// src/mcp/services/FilePacking.ts
-import fs10 from "fs";
-import path12 from "path";
-import AdmZip2 from "adm-zip";
-var MAX_FILE_SIZE2 = 1024 * 1024 * 5;
-var FilePacking = class {
-  async packFiles(sourceDirectoryPath, filesToPack) {
-    logInfo(`FilePacking: packing files from ${sourceDirectoryPath}`);
-    const zip = new AdmZip2();
-    let packedFilesCount = 0;
-    logInfo("FilePacking: compressing files");
-    for (const filepath of filesToPack) {
-      const absoluteFilepath = path12.join(sourceDirectoryPath, filepath);
-      if (!FileUtils.shouldPackFile(absoluteFilepath, MAX_FILE_SIZE2)) {
-        logInfo(
-          `FilePacking: ignoring ${filepath} because it is excluded or invalid`
-        );
-        continue;
-      }
-      let data;
-      try {
-        data = fs10.readFileSync(absoluteFilepath);
-      } catch (fsError) {
-        logInfo(
-          `FilePacking: failed to read ${filepath} from filesystem: ${fsError}`
-        );
-        continue;
-      }
-      zip.addFile(filepath, data);
-      packedFilesCount++;
-    }
-    const zipBuffer = zip.toBuffer();
-    logInfo(
-      `FilePacking: read ${packedFilesCount} source files. total size: ${zipBuffer.length} bytes`
-    );
-    logInfo("FilePacking: Files packed successfully");
-    return zipBuffer;
-  }
-};
+// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
+import z34 from "zod";
 
-// src/mcp/tools/fixVulnerabilities/FixVulnerabilitiesService.ts
-var VUL_REPORT_DIGEST_TIMEOUT_MS2 = 1e3 * 60 * 5;
-var VulnerabilityFixService = class {
+// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
+var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService {
   constructor() {
     __publicField(this, "gqlClient");
-    __publicField(this, "filePacking");
     /**
      * Stores the fix report id that is created on the first run so that subsequent
      * calls can skip the expensive packing/uploading/scan flow and directly fetch
@@ -12456,7 +13027,32 @@ var VulnerabilityFixService = class {
      */
     __publicField(this, "storedFixReportId");
     __publicField(this, "currentOffset", 0);
-    this.filePacking = new FilePacking();
+    /**
+     * Timestamp when the fixReportId was created
+     * Used to expire the fixReportId after REPORT_ID_EXPIRATION_MS hours
+     */
+    __publicField(this, "fixReportIdTimestamp");
+  }
+  static getInstance() {
+    if (!_ScanAndFixVulnerabilitiesService.instance) {
+      _ScanAndFixVulnerabilitiesService.instance = new _ScanAndFixVulnerabilitiesService();
+    }
+    return _ScanAndFixVulnerabilitiesService.instance;
+  }
+  reset() {
+    this.storedFixReportId = void 0;
+    this.currentOffset = void 0;
+    this.fixReportIdTimestamp = void 0;
+  }
+  /**
+   * Checks if the stored fixReportId has expired (older than 2 hours)
+   */
+  isFixReportIdExpired() {
+    if (!this.fixReportIdTimestamp) {
+      return true;
+    }
+    const currentTime = Date.now();
+    return currentTime - this.fixReportIdTimestamp > MCP_REPORT_ID_EXPIRATION_MS;
   }
   async processVulnerabilities({
     fileList,
@@ -12467,37 +13063,44 @@ var VulnerabilityFixService = class {
   }) {
     try {
       this.gqlClient = await this.initializeGqlClient();
+      logInfo("storedFixReportId", {
+        storedFixReportId: this.storedFixReportId,
+        currentOffset: this.currentOffset,
+        fixReportIdTimestamp: this.fixReportIdTimestamp,
+        isExpired: this.storedFixReportId ? this.isFixReportIdExpired() : null
+      });
       let fixReportId = this.storedFixReportId;
-      if (!fixReportId || isRescan) {
+      if (!fixReportId || isRescan || this.isFixReportIdExpired()) {
+        this.reset();
         this.validateFiles(fileList);
-        const repoUploadInfo = await this.initializeReport();
-        fixReportId = repoUploadInfo.fixReportId;
-        this.storedFixReportId = fixReportId;
-        const zipBuffer = await this.packFiles(fileList, repositoryPath);
-        await this.uploadFiles(zipBuffer, repoUploadInfo);
-        const projectId = await this.getProjectId();
-        await this.runScan({ fixReportId, projectId });
-      }
-      let effectiveOffset;
-      if (offset !== void 0) {
-        effectiveOffset = offset;
-      } else if (fixReportId) {
-        effectiveOffset = this.currentOffset ?? 0;
-      } else {
-        effectiveOffset = 0;
+        const scanResult = await scanFiles(
+          fileList,
+          repositoryPath,
+          this.gqlClient
+        );
+        fixReportId = scanResult.fixReportId;
       }
+      const effectiveOffset = offset ?? (this.currentOffset || 0);
       logDebug("effectiveOffset", { effectiveOffset });
       const fixes = await this.getReportFixes(
         fixReportId,
         effectiveOffset,
         limit
       );
-      this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0);
-      return fixesPrompt({
+      if (fixes.totalCount > 0) {
+        this.storedFixReportId = fixReportId;
+        this.fixReportIdTimestamp = Date.now();
+      } else {
+        this.reset();
+      }
+      const prompt = fixesPrompt({
         fixes: fixes.fixes,
         totalCount: fixes.totalCount,
-        offset: effectiveOffset
+        offset: effectiveOffset,
+        scannedFiles: [...fileList]
       });
+      this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0);
+      return prompt;
     } catch (error) {
       const message = error.message;
       logError("Vulnerability processing failed", { error: message });
@@ -12514,106 +13117,11 @@ var VulnerabilityFixService = class {
     const isConnected = await gqlClient.verifyConnection();
     if (!isConnected) {
       throw new ApiConnectionError(
-        "Failed to connect to the API. Please check your API_KEY"
+        "Failed to connect to the API. Please check your MOBB_API_KEY"
       );
     }
     return gqlClient;
   }
-  async initializeReport() {
-    if (!this.gqlClient) {
-      throw new GqlClientError();
-    }
-    try {
-      const {
-        uploadS3BucketInfo: { repoUploadInfo }
-      } = await this.gqlClient.uploadS3BucketInfo();
-      logInfo("Upload info retrieved", { uploadKey: repoUploadInfo?.uploadKey });
-      return repoUploadInfo;
-    } catch (error) {
-      const message = error.message;
-      throw new ReportInitializationError(
-        `Error initializing report: ${message}`
-      );
-    }
-  }
-  async packFiles(fileList, repositoryPath) {
-    try {
-      const zipBuffer = await this.filePacking.packFiles(
-        repositoryPath,
-        fileList
-      );
-      logInfo("Files packed successfully", { fileCount: fileList.length });
-      return zipBuffer;
-    } catch (error) {
-      const message = error.message;
-      throw new FileProcessingError(`Error packing files: ${message}`);
-    }
-  }
-  async uploadFiles(zipBuffer, repoUploadInfo) {
-    if (!repoUploadInfo) {
-      throw new FileUploadError("Upload info is required");
-    }
-    try {
-      await uploadFile({
-        file: zipBuffer,
-        url: repoUploadInfo.url,
-        uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
-        uploadKey: repoUploadInfo.uploadKey
-      });
-      logInfo("File uploaded successfully");
-    } catch (error) {
-      logError("File upload failed", { error: error.message });
-      throw new FileUploadError(
-        `Failed to upload the file: ${error.message}`
-      );
-    }
-  }
-  async getProjectId() {
-    if (!this.gqlClient) {
-      throw new GqlClientError();
-    }
-    const projectId = await this.gqlClient.getProjectId();
-    logInfo("Project ID retrieved", { projectId });
-    return projectId;
-  }
-  async runScan(params) {
-    if (!this.gqlClient) {
-      throw new GqlClientError();
-    }
-    const { fixReportId, projectId } = params;
-    logInfo("Starting scan", { fixReportId, projectId });
-    const submitVulnerabilityReportVariables = {
-      fixReportId,
-      projectId,
-      repoUrl: "",
-      reference: "no-branch",
-      scanSource: "MCP" /* Mcp */
-    };
-    logInfo("Submitting vulnerability report");
-    const submitRes = await this.gqlClient.submitVulnerabilityReport(
-      submitVulnerabilityReportVariables
-    );
-    if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
-      logError("Vulnerability report submission failed", {
-        response: submitRes
-      });
-      throw new ScanError("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
-    }
-    logInfo("Vulnerability report submitted successfully", {
-      analysisId: submitRes.submitVulnerabilityReport.fixReportId
-    });
-    logInfo("Starting analysis subscription");
-    await this.gqlClient.subscribeToGetAnalysis({
-      subscribeToAnalysisParams: {
-        analysisId: submitRes.submitVulnerabilityReport.fixReportId
-      },
-      callback: () => {
-      },
-      callbackStates: ["Finished" /* Finished */],
-      timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS2
-    });
-    logInfo("Analysis subscription completed");
-  }
   async getReportFixes(fixReportId, offset, limit) {
     logDebug("getReportFixes", { fixReportId, offset, limit });
     if (!this.gqlClient) {
@@ -12631,28 +13139,68 @@ var VulnerabilityFixService = class {
     };
   }
 };
+__publicField(_ScanAndFixVulnerabilitiesService, "instance");
+var ScanAndFixVulnerabilitiesService = _ScanAndFixVulnerabilitiesService;
 
-// src/mcp/tools/fixVulnerabilities/FixVulnerabilitiesTool.ts
-var FixVulnerabilitiesTool = class extends BaseTool {
+// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
+var ScanAndFixVulnerabilitiesTool = class extends BaseTool {
   constructor() {
-    super(...arguments);
-    __publicField(this, "name", "fix_vulnerabilities");
-    __publicField(this, "displayName", "Fix Vulnerabilities");
-    __publicField(this, "description", "Scans the current code changes and returns fixes for potential vulnerabilities");
-    __publicField(this, "inputValidationSchema", z33.object({
-      path: z33.string().describe(
-        "Path to the local git repository to check for available fixes"
+    super();
+    __publicField(this, "name", "scan_and_fix_vulnerabilities");
+    __publicField(this, "displayName", "Scan and Fix Vulnerabilities");
+    // A detailed description to guide the LLM on when and how to invoke this tool.
+    __publicField(this, "description", `Scans a given local repository for security vulnerabilities and returns auto-generated code fixes.
+
+When to invoke:
+\u2022 Use when the user explicitly asks to "scan for vulnerabilities", "run a security check", or "test for security issues" in a local repository.
+\u2022 The repository must exist on disk; supply its absolute path with the required "path" argument.
+\u2022 Ideal after the user makes code changes (added/modified/staged files) but before committing, or whenever they request a full rescan.
+
+How to invoke:
+\u2022 Required argument:
+  \u2013 path (string): absolute path to the repository root.
+\u2022 Optional arguments:
+  \u2013 offset (number): pagination offset used when the result set is large.
+  \u2013 limit (number): maximum number of fixes to include in the response.
+  \u2013 maxFiles (number): maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Provide this value to increase the scope of the scan.
+  \u2013 rescan (boolean): true to force a complete rescan even if cached results exist.
+
+Behaviour:
+\u2022 If the directory is a valid Git repository, the tool scans the changed files in the repository. If there are no changes, it scans the files included in the las commit.
+\u2022 If the directory is not a valid Git repository, the tool falls back to scanning recently changed files in the folder.
+\u2022 If maxFiles is provided, the tool scans the maxFiles most recently changed files in the repository.
+\u2022 By default, only new, modified, or staged files are scanned; if none are found, it checks recently changed files.
+\u2022 The tool NEVER commits or pushes changes; it only returns proposed diffs/fixes as text.
+
+Return value:
+The response is an object with a single "content" array containing one text element. The text is either:
+\u2022 A human-readable summary of the fixes / patches, or
+\u2022 A diagnostic or error message if the scan fails or finds nothing to fix.
+
+Example payload:
+{
+  "path": "/home/user/my-project",
+  "limit": 20,
+  "maxFiles": 50,
+  "rescan": false
+}`);
+    __publicField(this, "inputValidationSchema", z34.object({
+      path: z34.string().describe(
+        "Full local path to repository to scan and fix vulnerabilities"
       ),
-      offset: z33.number().optional().describe("Optional offset for pagination"),
-      limit: z33.number().optional().describe("Optional maximum number of results to return"),
-      rescan: z33.boolean().optional().describe("Optional whether to rescan the repository")
+      offset: z34.number().optional().describe("Optional offset for pagination"),
+      limit: z34.number().optional().describe("Optional maximum number of results to return"),
+      maxFiles: z34.number().optional().describe(
+        `Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
+      ),
+      rescan: z34.boolean().optional().describe("Optional whether to rescan the repository")
     }));
     __publicField(this, "inputSchema", {
       type: "object",
       properties: {
         path: {
           type: "string",
-          description: "Path to the project directory to check for available fixes"
+          description: "Full local path to repository to scan and fix vulnerabilities"
         },
         offset: {
           type: "number",
@@ -12662,6 +13210,10 @@ var FixVulnerabilitiesTool = class extends BaseTool {
           type: "number",
           description: "[Optional] maximum number of results to return"
         },
+        maxFiles: {
+          type: "number",
+          description: `[Optional] maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Use higher values for more comprehensive scans or lower values for faster performance.`
+        },
         rescan: {
           type: "boolean",
           description: "[Optional] whether to rescan the repository"
@@ -12669,55 +13221,29 @@ var FixVulnerabilitiesTool = class extends BaseTool {
       },
       required: ["path"]
     });
+    __publicField(this, "vulnerabilityFixService");
+    this.vulnerabilityFixService = ScanAndFixVulnerabilitiesService.getInstance();
+    this.vulnerabilityFixService.reset();
   }
   async executeInternal(args) {
-    logInfo("Executing tool: fix_vulnerabilities", { path: args.path });
+    logInfo("Executing tool: scan_and_fix_vulnerabilities", { path: args.path });
     if (!args.path) {
       throw new Error("Invalid arguments: Missing required parameter 'path'");
     }
-    const pathValidation = new PathValidation();
-    const pathValidationResult = await pathValidation.validatePath(args.path);
+    const pathValidationResult = await validatePath(args.path);
     if (!pathValidationResult.isValid) {
       throw new Error(
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const gitService = new GitService(args.path, log);
-    const gitValidation = await gitService.validateRepository();
-    let files = [];
-    if (!gitValidation.isValid) {
-      logDebug(
-        "Git repository validation failed, using all files in the repository",
-        {
-          path: args.path
-        }
-      );
-      files = FileUtils.getLastChangedFiles(args.path);
-      logDebug("Found files in the repository", {
-        files,
-        fileCount: files.length
-      });
-    } else {
-      const gitResult = await gitService.getChangedFiles();
-      files = gitResult.files;
-      if (files.length === 0) {
-        const recentResult = await gitService.getRecentlyChangedFiles();
-        files = recentResult.files;
-        logDebug(
-          "No changes found, using recently changed files from git history",
-          {
-            files,
-            fileCount: files.length,
-            commitsChecked: recentResult.commitCount
-          }
-        );
-      } else {
-        logDebug("Found changed files in the git repository", {
-          files,
-          fileCount: files.length
-        });
-      }
-    }
+    const path13 = pathValidationResult.path;
+    const files = await getLocalFiles({
+      path: path13,
+      maxFileSize: 1024 * 1024 * 5,
+      // 5MB
+      maxFiles: args.maxFiles
+    });
+    logInfo("Files", { files });
     if (files.length === 0) {
       return {
         content: [
@@ -12729,13 +13255,12 @@ var FixVulnerabilitiesTool = class extends BaseTool {
       };
     }
     try {
-      const vulnerabilityFixService = new VulnerabilityFixService();
-      const fixResult = await vulnerabilityFixService.processVulnerabilities({
-        fileList: files,
+      const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
+        fileList: files.map((file) => file.relativePath),
         repositoryPath: args.path,
         offset: args.offset,
         limit: args.limit,
-        isRescan: args.rescan
+        isRescan: args.rescan || !!args.maxFiles
       });
       const result = {
         content: [
@@ -12774,7 +13299,7 @@ function createMcpServer() {
   logDebug("Creating MCP server");
   const server = new McpServer({
     name: "mobb-mcp",
-    version: "1.0.0"
+    version: packageJson.version
   });
   const enabledToolsEnv = process.env["TOOLS_ENABLED"];
   const enabledToolsSet = enabledToolsEnv ? new Set(
@@ -12788,10 +13313,12 @@ function createMcpServer() {
       logDebug(`Skipping tool (disabled): ${tool.name}`);
     }
   };
-  const fixVulnerabilitiesTool = new FixVulnerabilitiesTool();
-  const checkForAvailableFixesTool = new CheckForAvailableFixesTool();
-  registerIfEnabled(fixVulnerabilitiesTool);
-  registerIfEnabled(checkForAvailableFixesTool);
+  const scanAndFixVulnerabilitiesTool = new ScanAndFixVulnerabilitiesTool();
+  const fetchAvailableFixesTool = new FetchAvailableFixesTool();
+  const checkForNewAvailableFixesTool = new CheckForNewAvailableFixesTool();
+  registerIfEnabled(scanAndFixVulnerabilitiesTool);
+  registerIfEnabled(fetchAvailableFixesTool);
+  registerIfEnabled(checkForNewAvailableFixesTool);
   logInfo("MCP server created and configured");
   return server;
 }
@@ -12825,7 +13352,7 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs11 from "fs";
+import fs12 from "fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -12862,7 +13389,7 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs11.existsSync(argv.f)) {
+  if (!fs12.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }