mobbdev 1.0.107 → 1.0.108

package/dist/index.mjs

@@ -540,6 +540,9 @@ var FixDetailsFragmentDoc = `
       vulnerability_report_issue_tag_value
     }
   }
+  sharedState {
+    id
+  }
   patchAndQuestions {
     __typename
     ... on FixData {
@@ -4444,9 +4447,15 @@ import { z as z15 } from "zod";
 var EnvVariablesZod = z15.object({
   GITLAB_API_TOKEN: z15.string().optional(),
   GITHUB_API_TOKEN: z15.string().optional(),
-  GIT_PROXY_HOST: z15.string().optional().default("http://tinyproxy:8888")
+  GIT_PROXY_HOST: z15.string().optional().default("http://tinyproxy:8888"),
+  MAX_UPLOAD_FILE_SIZE_MB: z15.coerce.number().gt(0).default(5)
 });
-var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+var {
+  GITLAB_API_TOKEN,
+  GITHUB_API_TOKEN,
+  GIT_PROXY_HOST,
+  MAX_UPLOAD_FILE_SIZE_MB
+} = EnvVariablesZod.parse(process.env);
 
 // src/features/analysis/scm/ado/validation.ts
 import { z as z16 } from "zod";
@@ -4838,7 +4847,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path14 = [
+      const path13 = [
         prefixPath,
         owner,
         projectName,
@@ -4849,7 +4858,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path14}?${params2}`, origin2).toString();
+      return new URL(`${path13}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -5076,6 +5085,18 @@ import { setTimeout as setTimeout2 } from "timers/promises";
 import * as path2 from "path";
 import { simpleGit } from "simple-git";
 
+// src/mcp/core/configs.ts
+var MCP_DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
+var MCP_API_KEY_HEADER_NAME = "x-mobb-key";
+var MCP_LOGIN_MAX_WAIT = 10 * 60 * 1e3;
+var MCP_LOGIN_CHECK_DELAY = 1 * 1e3;
+var MCP_VUL_REPORT_DIGEST_TIMEOUT_MS = 5 * 60 * 1e3;
+var MCP_MAX_FILE_SIZE = MAX_UPLOAD_FILE_SIZE_MB * 1024 * 1024;
+var MCP_PERIODIC_CHECK_INTERVAL = 15 * 60 * 1e3;
+var MCP_DEFAULT_MAX_FILES_TO_SCAN = 10;
+var MCP_REPORT_ID_EXPIRATION_MS = 2 * 60 * 60 * 1e3;
+var MCP_TOOLS_BROWSER_COOLDOWN_MS = 24 * 60 * 60 * 1e3;
+
 // src/features/analysis/scm/FileUtils.ts
 import fs2 from "fs";
 import { isBinary } from "istextorbinary";
@@ -5083,6 +5104,9 @@ import path from "path";
 var EXCLUDED_FILE_PATTERNS = [
   // ... (copy the full array from FilePacking.ts)
   ".json",
+  ".snap",
+  ".env.vault",
+  ".env",
   ".yaml",
   ".yml",
   ".toml",
@@ -5234,16 +5258,24 @@ var FileUtils = class {
   }
   static shouldPackFile(filepath, maxFileSize = 1024 * 1024 * 5) {
     const absoluteFilepath = path.resolve(filepath);
-    if (this.isExcludedFileType(filepath)) return false;
-    if (!fs2.existsSync(absoluteFilepath)) return false;
-    if (fs2.lstatSync(absoluteFilepath).size > maxFileSize) return false;
+    if (this.isExcludedFileType(filepath)) {
+      return false;
+    }
+    if (!fs2.existsSync(absoluteFilepath)) {
+      return false;
+    }
+    if (fs2.lstatSync(absoluteFilepath).size > maxFileSize) {
+      return false;
+    }
     let data;
     try {
       data = fs2.readFileSync(absoluteFilepath);
     } catch {
       return false;
     }
-    if (isBinary(null, data)) return false;
+    if (isBinary(null, data)) {
+      return false;
+    }
     return true;
   }
   static getAllFiles(dir, rootDir) {
@@ -5253,7 +5285,7 @@ var FileUtils = class {
     if (relativeDepth > 20) {
       return [];
     }
-    if (results.length > 1e5) {
+    if (results.length > 1e3) {
       return [];
     }
     try {
@@ -5284,10 +5316,14 @@ var FileUtils = class {
     }
     return results;
   }
-  static getLastChangedFiles(dir, maxFileSize = 1024 * 1024 * 5, count = 10) {
+  static getLastChangedFiles({
+    dir,
+    maxFileSize,
+    maxFiles = MCP_DEFAULT_MAX_FILES_TO_SCAN
+  }) {
     if (!fs2.existsSync(dir) || !fs2.lstatSync(dir).isDirectory()) return [];
     const files = this.getAllFiles(dir);
-    return files.filter((file) => this.shouldPackFile(file.fullPath, maxFileSize)).sort((a, b) => b.time - a.time).slice(0, count).map((file) => file.relativePath);
+    return files.filter((file) => this.shouldPackFile(file.fullPath, maxFileSize)).sort((a, b) => b.time - a.time).slice(0, maxFiles).map((file) => file.relativePath);
   }
 };
 
@@ -5336,7 +5372,10 @@ var GitService = class {
         gitRoot,
         this.repositoryPath
       );
-      const files = status.files.map((file) => {
+      const deletedFiles = status.files.filter((file) => file.index === "D" || file.working_dir === "D").map((file) => file.path);
+      const files = status.files.filter((file) => {
+        return !(file.index === "D" || file.working_dir === "D");
+      }).map((file) => {
         const gitRelativePath = file.path;
         if (relativePathFromGitRoot === "") {
           return gitRelativePath;
@@ -5353,11 +5392,13 @@ var GitService = class {
         fileCount: files.length,
         files: files.slice(0, 10),
         // Log first 10 files to avoid spam
+        deletedFileCount: deletedFiles.length,
+        deletedFiles: deletedFiles.slice(0, 10),
         gitRoot,
         workingDir: this.repositoryPath,
         relativePathFromGitRoot
       });
-      return { files, status };
+      return { files, deletedFiles, status };
     } catch (error) {
       const errorMessage = `Failed to get git status: ${error.message}`;
       this.log(errorMessage, "error", { error });
@@ -5482,11 +5523,13 @@ var GitService = class {
     }
   }
   /**
-   * Gets the 10 most recently changed files based on commit history
+   * Gets the maxFiles most recently changed files based on commit history
    */
-  async getRecentlyChangedFiles() {
+  async getRecentlyChangedFiles({
+    maxFiles = MCP_DEFAULT_MAX_FILES_TO_SCAN
+  }) {
     this.log(
-      "Getting the 10 most recently changed files from commit history",
+      `Getting the ${maxFiles} most recently changed files from commit history`,
       "debug"
     );
     try {
@@ -5499,8 +5542,8 @@ var GitService = class {
       const files = [];
       let commitsProcessed = 0;
       const logResult = await this.git.log({
-        maxCount: 100,
-        // Get last 100 commits - should be enough to find 10 unique files
+        maxCount: maxFiles * 5,
+        // 5 times the max files to scan to ensure we find enough files
         format: {
           hash: "%H",
           date: "%ai",
@@ -5510,7 +5553,7 @@ var GitService = class {
         }
       });
       for (const commit of logResult.all) {
-        if (files.length >= 10) {
+        if (files.length >= maxFiles) {
           break;
         }
         commitsProcessed++;
@@ -5522,7 +5565,7 @@ var GitService = class {
           ]);
           const commitFiles = filesOutput.split("\n").filter((file) => file.trim() !== "");
           for (const file of commitFiles) {
-            if (files.length >= 10) {
+            if (files.length >= maxFiles) {
               break;
             }
             const gitRelativePath = file.trim();
@@ -5540,7 +5583,7 @@ var GitService = class {
               );
             }
             this.log(`Considering file: ${adjustedPath}`, "debug");
-            if (!fileSet.has(adjustedPath) && FileUtils.shouldPackFile(path2.join(gitRoot, gitRelativePath))) {
+            if (!fileSet.has(adjustedPath) && FileUtils.shouldPackFile(path2.join(gitRoot, gitRelativePath)) && !adjustedPath.startsWith("..")) {
               fileSet.add(adjustedPath);
               files.push(adjustedPath);
             }
@@ -5555,8 +5598,8 @@ var GitService = class {
         fileCount: files.length,
         commitsProcessed,
         totalCommitsAvailable: logResult.all.length,
-        files: files.slice(0, 10),
-        // Log the files (should be all of them since we limit to 10)
+        files: files.slice(0, maxFiles),
+        // Log the files (should be all of them since we limit to maxFiles)
         gitRoot,
         workingDir: this.repositoryPath,
         relativePathFromGitRoot
@@ -6887,14 +6930,14 @@ function getGithubSdk(params = {}) {
       };
     },
     async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path14 } = params2;
+      const { ref, gitHubUrl, path: path13 } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
       const res = await octokit.graphql(
         GET_BLAME_DOCUMENT,
         {
           owner,
           repo,
-          path: path14,
+          path: path13,
           ref
         }
       );
@@ -7203,11 +7246,11 @@ var GithubSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path14) {
+  async getRepoBlameRanges(ref, path13) {
     this._validateUrl();
     return await this.githubSdk.getGithubBlameRanges({
       ref,
-      path: path14,
+      path: path13,
       gitHubUrl: this.url
     });
   }
@@ -7613,13 +7656,13 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
   const { organization, repoName, projectPath } = parsingResult;
   return { owner: organization, repo: repoName, projectPath };
 }
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path14 }, options) {
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path13 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
   const api2 = getGitBeaker({
     url: gitlabUrl,
     gitlabAuthToken: options?.gitlabAuthToken
   });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path14, ref);
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path13, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
     const oldLineNumber = lineNumber;
@@ -7795,10 +7838,10 @@ var GitlabSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path14) {
+  async getRepoBlameRanges(ref, path13) {
     this._validateUrl();
     return await getGitlabBlameRanges(
-      { ref, path: path14, gitlabUrl: this.url },
+      { ref, path: path13, gitlabUrl: this.url },
       {
         url: this.url,
         gitlabAuthToken: this.accessToken
@@ -8797,7 +8840,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path14,
+    path: path13,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -8812,7 +8855,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path14,
+    path: path13,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -8846,7 +8889,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path14,
+    path: path13,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -8864,7 +8907,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path14,
+    path: path13,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -10059,8 +10102,8 @@ async function forkSnyk(args, { display }) {
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
   debug15("get snyk report start %s %s", reportPath, repoRoot);
-  const config5 = await forkSnyk(["config"], { display: false });
-  const { message: configMessage } = config5;
+  const config4 = await forkSnyk(["config"], { display: false });
+  const { message: configMessage } = config4;
   if (!configMessage.includes("api: ")) {
     const snykLoginSpinner = createSpinner3().start();
     if (!skipPrompts) {
@@ -10072,7 +10115,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug15("no token in the config %s", config5);
+    debug15("no token in the config %s", config4);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -11289,10 +11332,6 @@ import { GraphQLClient as GraphQLClient2 } from "graphql-request";
 import open4 from "open";
 import { v4 as uuidv42 } from "uuid";
 
-// src/mcp/constants.ts
-var DEFAULT_API_URL2 = "https://api.mobb.ai/v1/graphql";
-var API_KEY_HEADER_NAME2 = "x-mobb-key";
-
 // src/mcp/core/Errors.ts
 var ApiConnectionError = class extends Error {
   constructor(message = "Failed to connect to the API") {
@@ -11356,21 +11395,17 @@ var FailedToGetApiTokenError = class extends Error {
 };
 
 // src/mcp/services/McpGQLClient.ts
-var LOGIN_MAX_WAIT2 = 10 * 1e3;
-var LOGIN_CHECK_DELAY2 = 1 * 1e3;
-var config4 = new Configstore3(packageJson.name, { apiToken: "" });
-var BROWSER_COOLDOWN_MS = 5e3;
-var lastBrowserOpenTime = 0;
+var mobbConfigStore = new Configstore3(packageJson.name, { apiToken: "" });
 var McpGQLClient = class {
   constructor(args) {
     __publicField(this, "client");
     __publicField(this, "clientSdk");
     __publicField(this, "_auth");
     this._auth = args;
-    const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL2;
+    const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
     logDebug("creating graphql client", { API_URL: API_URL2, args });
     this.client = new GraphQLClient2(API_URL2, {
-      headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME2]: args.apiKey || "" } : {
+      headers: args.type === "apiKey" ? { [MCP_API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
       requestMiddleware: (request) => {
@@ -11388,10 +11423,10 @@ var McpGQLClient = class {
   }
   getErrorContext() {
     return {
-      endpoint: process.env["API_URL"] || DEFAULT_API_URL2,
+      endpoint: process.env["API_URL"] || MCP_DEFAULT_API_URL,
       apiKey: this._auth.type === "apiKey" ? this._auth.apiKey : "",
       headers: {
-        [API_KEY_HEADER_NAME2]: this._auth.type === "apiKey" ? "[REDACTED]" : "undefined",
+        [MCP_API_KEY_HEADER_NAME]: this._auth.type === "apiKey" ? "[REDACTED]" : "undefined",
         "x-hasura-request-id": "[DYNAMIC]"
       }
     };
@@ -11578,7 +11613,7 @@ var McpGQLClient = class {
     try {
       const res = await this.clientSdk.CreateCliLogin(variables, {
         // We may have outdated API key in the config storage. Avoid using it for the login request.
-        [API_KEY_HEADER_NAME2]: ""
+        [MCP_API_KEY_HEADER_NAME]: ""
       });
       const loginId = res.insert_cli_login_one?.id || "";
       if (!loginId) {
@@ -11595,7 +11630,7 @@ var McpGQLClient = class {
     try {
       const res = await this.clientSdk.GetEncryptedApiToken(variables, {
         // We may have outdated API key in the config storage. Avoid using it for the login request.
-        [API_KEY_HEADER_NAME2]: ""
+        [MCP_API_KEY_HEADER_NAME]: ""
       });
       return res?.cli_login_by_pk?.encryptedApiToken || null;
     } catch (e) {
@@ -11688,21 +11723,26 @@ var McpGQLClient = class {
     }
   }
 };
-async function openBrowser(url) {
-  const now = Date.now();
-  if (!process.env["TEST"] && now - lastBrowserOpenTime < BROWSER_COOLDOWN_MS) {
-    logDebug(`browser cooldown active, skipping open for ${url}`);
-    return;
+async function openBrowser(url, isToolsCall) {
+  if (isToolsCall) {
+    const now = Date.now();
+    const lastBrowserOpenTime = mobbConfigStore.get("lastBrowserOpenTime") || 0;
+    if (now - lastBrowserOpenTime < MCP_TOOLS_BROWSER_COOLDOWN_MS) {
+      logDebug(`browser cooldown active, skipping open for ${url}`);
+      return;
+    }
   }
   logDebug(`opening browser url ${url}`);
   await open4(url);
-  lastBrowserOpenTime = now;
+  mobbConfigStore.set("lastBrowserOpenTime", Date.now());
 }
-async function getMcpGQLClient() {
-  logDebug("getting config", { apiToken: config4.get("apiToken") });
+async function getMcpGQLClient({
+  isToolsCall = false
+} = {}) {
+  logDebug("getting config", { apiToken: mobbConfigStore.get("apiToken") });
   const inGqlClient = new McpGQLClient({
     apiKey: process.env["MOBB_API_KEY"] || process.env["API_KEY"] || // fallback for backward compatibility
-    config4.get("apiToken") || "",
+    mobbConfigStore.get("apiToken") || "",
     type: "apiKey"
   });
   const isConnected = await inGqlClient.verifyConnection();
@@ -11730,10 +11770,10 @@ async function getMcpGQLClient() {
   const webLoginUrl2 = `${WEB_APP_URL}/cli-login`;
   const browserUrl = `${webLoginUrl2}/${loginId}?hostname=${os2.hostname()}`;
   logDebug(`opening browser url ${browserUrl}`);
-  await openBrowser(browserUrl);
+  await openBrowser(browserUrl, isToolsCall);
   logDebug(`waiting for login to complete`);
   let newApiToken = null;
-  for (let i = 0; i < LOGIN_MAX_WAIT2 / LOGIN_CHECK_DELAY2; i++) {
+  for (let i = 0; i < MCP_LOGIN_MAX_WAIT / MCP_LOGIN_CHECK_DELAY; i++) {
     const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
       loginId
     });
@@ -11743,7 +11783,7 @@ async function getMcpGQLClient() {
       logDebug("API token decrypted");
       break;
     }
-    await sleep(LOGIN_CHECK_DELAY2);
+    await sleep(MCP_LOGIN_CHECK_DELAY);
   }
   if (!newApiToken) {
     throw new FailedToGetApiTokenError(
@@ -11754,7 +11794,7 @@ async function getMcpGQLClient() {
   const loginSuccess = await newGqlClient.verifyToken();
   if (loginSuccess) {
     logDebug(`set api token ${newApiToken}`);
-    config4.set("apiToken", newApiToken);
+    mobbConfigStore.set("apiToken", newApiToken);
   } else {
     throw new AuthenticationError("Invalid API token");
   }
@@ -11797,14 +11837,14 @@ var ToolRegistry = class {
 
 // src/mcp/core/McpServer.ts
 var McpServer = class {
-  constructor(config5) {
+  constructor(config4) {
     __publicField(this, "server");
     __publicField(this, "toolRegistry");
     __publicField(this, "isEventHandlersSetup", false);
     this.server = new Server(
       {
-        name: config5.name,
-        version: config5.version
+        name: config4.name,
+        version: config4.version
       },
       {
         capabilities: {
@@ -11815,7 +11855,7 @@ var McpServer = class {
     this.toolRegistry = new ToolRegistry();
     this.setupHandlers();
     this.setupProcessEventHandlers();
-    logInfo("MCP server instance created", config5);
+    logInfo("MCP server instance created", config4);
   }
   setupProcessEventHandlers() {
     if (this.isEventHandlersSetup) {
@@ -11866,7 +11906,7 @@ var McpServer = class {
     logInfo("Request", {
       request: JSON.parse(JSON.stringify(request))
     });
-    void getMcpGQLClient();
+    void getMcpGQLClient({ isToolsCall: true });
     const toolsDefinitions = this.toolRegistry.getAllTools();
     const response = {
       tools: toolsDefinitions.map((tool) => ({
@@ -11951,7 +11991,7 @@ var McpServer = class {
   }
 };
 
-// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
 import { z as z32 } from "zod";
 
 // src/mcp/services/PathValidation.ts
@@ -11959,7 +11999,10 @@ import fs9 from "fs";
 import path11 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
-  if (inputPath === ".") {
+  if (/^\/[a-zA-Z]:\//.test(inputPath)) {
+    inputPath = inputPath.slice(1);
+  }
+  if (inputPath === "." || inputPath === "./") {
     if (process.env["WORKSPACE_FOLDER_PATHS"]) {
       logDebug("Fallback to workspace folder path", {
         inputPath,
@@ -12029,7 +12072,6 @@ var BaseTool = class {
     };
   }
   async execute(args) {
-    logInfo(`Executing tool: ${this.name}`, { args });
     logInfo(`Authenticating tool: ${this.name}`, { args });
     const mcpGqlClient = await getMcpGQLClient();
     const userInfo = await mcpGqlClient.getUserInfo();
@@ -12282,9 +12324,36 @@ ${applyFixesPrompt({
     offset
   })}`;
 };
-var noFixesFoundPrompt = `\u{1F50D} **MOBB SECURITY SCAN COMPLETED** 
+var nextStepsPrompt = ({ scannedFiles }) => `
+### \u{1F4C1} Scanned Files
+${scannedFiles.map((file) => `- ${file}`).join("\n")}
+
+### Extend the scan scope
+
+To scan a larger number of files, include the additional parameter:
+
+- **maxFiles**: <number_of_files_to_scan>
+
+This will scan up to the specified number of recently changed files.
+
+### \u{1F504} Running a Fresh Scan
+
+To perform a **rescan** of your repository (fetching a brand-new vulnerability report and updated fixes), include the additional parameter:
+
+- **rescan**: true
+
+This will start a new analysis, discard any cached results.
+
+\u26A0\uFE0F *Note:* A full rescan may take longer to complete than simply fetching additional fixes because your repository is re-uploaded and re-analyzed from scratch.
+
+`;
+var noFixesFoundPrompt = ({
+  scannedFiles
+}) => `\u{1F50D} **MOBB SECURITY SCAN COMPLETED** 
 
 Mobb security scan completed successfully but found no automated fixes available at this time.
+
+${nextStepsPrompt({ scannedFiles })}
 `;
 var fixesPrompt = ({
   fixes,
@@ -12293,7 +12362,7 @@ var fixesPrompt = ({
   scannedFiles
 }) => {
   if (totalCount === 0) {
-    return noFixesFoundPrompt;
+    return noFixesFoundPrompt({ scannedFiles });
   }
   const shownCount = fixes.length;
   const nextOffset = offset + shownCount;
@@ -12310,22 +12379,472 @@ ${applyFixesPrompt({
     offset
   })}
 
-### \u{1F4C1} Scanned Files
-${scannedFiles.map((file) => `- ${file}`).join("\n")}
+${nextStepsPrompt({ scannedFiles })}
+`;
+};
+var noFreshFixesPrompt = `No fresh fixes available for this repository at this time.
+`;
+var initialScanInProgressPrompt = `Initial scan in progress. Call the tool again in 1 minute to check for available fixes.`;
+var freshFixesPrompt = ({ fixes }) => {
+  return `Here are the fresh fixes to the vulnerabilities discovered by Mobb MCP
 
-### \u{1F504} Running a Fresh Scan
+${applyFixesPrompt({
+    fixes,
+    totalCount: fixes.length,
+    hasMore: false,
+    nextOffset: 0,
+    shownCount: fixes.length,
+    currentTool: "fetch_available_fixes",
+    offset: 0
+  })}
+`;
+};
 
-To perform a **rescan** of your repository (fetching a brand-new vulnerability report and updated fixes), include the additional parameter:
+// src/mcp/services/GetLocalFiles.ts
+import fs10 from "fs/promises";
+import nodePath from "path";
+var getLocalFiles = async ({
+  path: path13,
+  maxFileSize = 1024 * 1024 * 5,
+  maxFiles
+}) => {
+  const resolvedRepoPath = await fs10.realpath(path13);
+  const gitService = new GitService(resolvedRepoPath, log);
+  const gitValidation = await gitService.validateRepository();
+  let files = [];
+  if (!gitValidation.isValid) {
+    logDebug(
+      "Git repository validation failed, using all files in the repository",
+      {
+        path: path13
+      }
+    );
+    files = FileUtils.getLastChangedFiles({
+      dir: path13,
+      maxFileSize,
+      maxFiles
+    });
+    logDebug("Found files in the repository", {
+      files,
+      fileCount: files.length
+    });
+  } else {
+    logDebug("maxFiles", {
+      maxFiles
+    });
+    const gitResult = await gitService.getChangedFiles();
+    files = gitResult.files;
+    if (files.length === 0 || maxFiles) {
+      const recentResult = await gitService.getRecentlyChangedFiles({
+        maxFiles
+      });
+      files = recentResult.files;
+      logDebug(
+        "No changes found, using recently changed files from git history",
+        {
+          files,
+          fileCount: files.length,
+          commitsChecked: recentResult.commitCount
+        }
+      );
+    } else {
+      logDebug("Found changed files in the git repository", {
+        files,
+        fileCount: files.length
+      });
+    }
+  }
+  files = files.filter(
+    (file) => FileUtils.shouldPackFile(
+      nodePath.resolve(resolvedRepoPath, file),
+      maxFileSize
+    )
+  );
+  const filesWithStats = await Promise.all(
+    files.map(async (file) => {
+      const absoluteFilePath = nodePath.resolve(resolvedRepoPath, file);
+      const relativePath = nodePath.relative(resolvedRepoPath, absoluteFilePath);
+      let fileStat;
+      try {
+        fileStat = await fs10.stat(absoluteFilePath);
+      } catch (e) {
+        logDebug("File not found", {
+          file
+        });
+      }
+      return {
+        filename: nodePath.basename(absoluteFilePath),
+        relativePath,
+        fullPath: absoluteFilePath,
+        lastEdited: fileStat?.mtime.getTime() ?? 0
+      };
+    })
+  );
+  return filesWithStats.filter((file) => file.lastEdited > 0);
+};
 
-- **isRescan**: true
+// src/mcp/services/ScanFiles.ts
+import fs11 from "fs";
+import path12 from "path";
+import AdmZip2 from "adm-zip";
+var scanFiles = async (fileList, repositoryPath, gqlClient) => {
+  const repoUploadInfo = await initializeReport(gqlClient);
+  const fixReportId = repoUploadInfo.fixReportId;
+  const zipBuffer = await packFiles(fileList, repositoryPath);
+  await uploadFiles(zipBuffer, repoUploadInfo);
+  const projectId = await getProjectId(gqlClient);
+  await runScan({ fixReportId, projectId, gqlClient });
+  return {
+    fixReportId,
+    projectId
+  };
+};
+var initializeReport = async (gqlClient) => {
+  if (!gqlClient) {
+    throw new GqlClientError();
+  }
+  try {
+    const {
+      uploadS3BucketInfo: { repoUploadInfo }
+    } = await gqlClient.uploadS3BucketInfo();
+    logInfo("Upload info retrieved", { uploadKey: repoUploadInfo?.uploadKey });
+    return repoUploadInfo;
+  } catch (error) {
+    const message = error.message;
+    throw new ReportInitializationError(`Error initializing report: ${message}`);
+  }
+};
+var packFiles = async (fileList, repositoryPath) => {
+  try {
+    logInfo(`FilePacking: packing files from ${repositoryPath}`);
+    const zip = new AdmZip2();
+    let packedFilesCount = 0;
+    const resolvedRepoPath = path12.resolve(repositoryPath);
+    logInfo("FilePacking: compressing files");
+    for (const filepath of fileList) {
+      const absoluteFilepath = path12.join(repositoryPath, filepath);
+      const resolvedFilePath = path12.resolve(absoluteFilepath);
+      if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
+        logInfo(
+          `FilePacking: skipping ${filepath} due to potential path traversal`
+        );
+        continue;
+      }
+      if (!FileUtils.shouldPackFile(absoluteFilepath, MCP_MAX_FILE_SIZE)) {
+        logInfo(
+          `FilePacking: ignoring ${filepath} because it is excluded or invalid`
+        );
+        continue;
+      }
+      let data;
+      try {
+        data = fs11.readFileSync(absoluteFilepath);
+      } catch (fsError) {
+        logInfo(
+          `FilePacking: failed to read ${filepath} from filesystem: ${fsError}`
+        );
+        continue;
+      }
+      zip.addFile(filepath, data);
+      packedFilesCount++;
+    }
+    const zipBuffer = zip.toBuffer();
+    logInfo(
+      `FilePacking: read ${packedFilesCount} source files. total size: ${zipBuffer.length} bytes`
+    );
+    logInfo("Files packed successfully", { fileCount: fileList.length });
+    return zipBuffer;
+  } catch (error) {
+    const message = error.message;
+    throw new FileProcessingError(`Error packing files: ${message}`);
+  }
+};
+var uploadFiles = async (zipBuffer, repoUploadInfo) => {
+  if (!repoUploadInfo) {
+    throw new FileUploadError("Upload info is required");
+  }
+  try {
+    await uploadFile({
+      file: zipBuffer,
+      url: repoUploadInfo.url,
+      uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
+      uploadKey: repoUploadInfo.uploadKey
+    });
+    logInfo("File uploaded successfully");
+  } catch (error) {
+    logError("File upload failed", { error: error.message });
+    throw new FileUploadError(
+      `Failed to upload the file: ${error.message}`
+    );
+  }
+};
+var getProjectId = async (gqlClient) => {
+  if (!gqlClient) {
+    throw new GqlClientError();
+  }
+  const projectId = await gqlClient.getProjectId();
+  logInfo("Project ID retrieved", { projectId });
+  return projectId;
+};
+var runScan = async ({
+  fixReportId,
+  projectId,
+  gqlClient
+}) => {
+  if (!gqlClient) {
+    throw new GqlClientError();
+  }
+  logInfo("Starting scan", { fixReportId, projectId });
+  const submitVulnerabilityReportVariables = {
+    fixReportId,
+    projectId,
+    repoUrl: "",
+    reference: "no-branch",
+    scanSource: "MCP" /* Mcp */
+  };
+  logInfo("Submitting vulnerability report");
+  const submitRes = await gqlClient.submitVulnerabilityReport(
+    submitVulnerabilityReportVariables
+  );
+  if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
+    logError("Vulnerability report submission failed", {
+      response: submitRes
+    });
+    throw new ScanError("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
+  }
+  logInfo("Vulnerability report submitted successfully", {
+    analysisId: submitRes.submitVulnerabilityReport.fixReportId
+  });
+  logInfo("Starting analysis subscription");
+  await gqlClient.subscribeToGetAnalysis({
+    subscribeToAnalysisParams: {
+      analysisId: submitRes.submitVulnerabilityReport.fixReportId
+    },
+    callback: () => {
+    },
+    callbackStates: ["Finished" /* Finished */],
+    timeoutInMs: MCP_VUL_REPORT_DIGEST_TIMEOUT_MS
+  });
+  logInfo("Analysis subscription completed");
+};
 
-This will start a new analysis, discard any cached results.
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
+function extractPathFromPatch(patch) {
+  const match = patch?.match(/^diff --git a\/([^\s]+) b\//);
+  return match?.[1] ?? null;
+}
+var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService {
+  constructor() {
+    /**
+     * Cache of the last known total number of fixes per repository URL so that we
+     * can determine whether *new* fixes have been generated since the user last
+     * asked.
+     */
+    __publicField(this, "path", "");
+    __publicField(this, "filesLastScanned", {});
+    __publicField(this, "freshFixes", []);
+    __publicField(this, "reportedFixes", []);
+    __publicField(this, "intervalId", null);
+    __publicField(this, "isInitialScanComplete", false);
+  }
+  static getInstance() {
+    if (!_CheckForNewAvailableFixesService.instance) {
+      _CheckForNewAvailableFixesService.instance = new _CheckForNewAvailableFixesService();
+    }
+    return _CheckForNewAvailableFixesService.instance;
+  }
+  /**
+   * Resets any cached state so the service can be reused between independent
+   * MCP sessions.
+   */
+  reset() {
+    this.filesLastScanned = {};
+    this.freshFixes = [];
+    this.reportedFixes = [];
+    if (this.intervalId) {
+      clearInterval(this.intervalId);
+      this.intervalId = null;
+    }
+  }
+  /**
+   * Stub implementation – in a future version this will query the backend for
+   * the latest fixes count and compare it with the cached value. For now it
+   * simply returns a placeholder string so that the tool can be wired into the
+   * system and used in tests.
+   */
+  async scan({ path: path13 }) {
+    logInfo("Scanning for new fixes", { path: path13 });
+    const gqlClient = await getMcpGQLClient();
+    const isConnected = await gqlClient.verifyConnection();
+    if (!isConnected) {
+      logError("Failed to connect to the API, scan aborted");
+      return;
+    }
+    logInfo("Connected to the API, assebling list of files to scan", { path: path13 });
+    const files = await getLocalFiles({
+      path: path13,
+      maxFileSize: MCP_MAX_FILE_SIZE
+    });
+    logInfo("Active files", { files });
+    const filesToScan = files.filter((file) => {
+      const lastScannedEditTime = this.filesLastScanned[file.fullPath];
+      if (!lastScannedEditTime) {
+        return true;
+      }
+      return file.lastEdited > lastScannedEditTime;
+    });
+    if (filesToScan.length === 0) {
+      logInfo("No files to scan", { path: path13 });
+      return;
+    }
+    logInfo("Files to scan", { filesToScan });
+    const { fixReportId, projectId } = await scanFiles(
+      filesToScan.map((file) => file.relativePath),
+      path13,
+      gqlClient
+    );
+    logInfo("Scan completed", { fixReportId, projectId });
+    const fixes = await gqlClient.getReportFixesPaginated({
+      reportId: fixReportId,
+      offset: 0,
+      limit: 1e3
+    });
+    const newFixes = fixes?.fixes?.filter((fix) => !this.isAlreadyReported(fix));
+    logInfo("Fixes retrieved", {
+      count: fixes?.fixes?.length || 0,
+      newFixes: newFixes?.length || 0
+    });
+    this.freshFixes = this.freshFixes.filter((fix) => !this.isFixFromOldScan(fix, filesToScan)).concat(newFixes || []);
+    logInfo("Fresh fixes", { freshFixes: this.freshFixes });
+    filesToScan.forEach((file) => {
+      this.filesLastScanned[file.fullPath] = file.lastEdited;
+    });
+    this.isInitialScanComplete = true;
+  }
+  isAlreadyReported(fix) {
+    return this.reportedFixes.some(
+      (reportedFix) => reportedFix.sharedState?.id === fix.sharedState?.id
+    );
+  }
+  isFixFromOldScan(fix, filesToScan) {
+    const patch = fix.patchAndQuestions?.__typename === "FixData" ? fix.patchAndQuestions.patch : void 0;
+    const fixFile = extractPathFromPatch(patch);
+    if (!fixFile) {
+      return false;
+    }
+    logInfo("isOldFix", {
+      fixFile,
+      filesToScan,
+      isOldFix: filesToScan.some((file) => file.relativePath === fixFile)
+    });
+    return filesToScan.some((file) => file.relativePath === fixFile);
+  }
+  async getFreshFixes({ path: path13 }) {
+    if (this.path !== path13) {
+      this.path = path13;
+      this.reset();
+    }
+    if (!this.intervalId) {
+      logInfo("Starting periodic scan for new fixes", { path: path13 });
+      this.intervalId = setInterval(() => {
+        logDebug("Triggering periodic scan", { path: path13 });
+        this.scan({ path: path13 }).catch((error) => {
+          logError("Error during periodic scan", { error });
+        });
+      }, MCP_PERIODIC_CHECK_INTERVAL);
+      logDebug("Triggering initial scan", { path: path13 });
+      this.scan({ path: path13 }).catch((error) => {
+        logError("Error during initial scan", { error });
+      });
+    }
+    if (this.freshFixes.length > 0) {
+      const freshFixes = this.freshFixes.splice(0, 3);
+      if (freshFixes.length > 0) {
+        this.reportedFixes.concat(freshFixes);
+        return freshFixesPrompt({ fixes: freshFixes });
+      }
+    }
+    if (!this.isInitialScanComplete) {
+      return initialScanInProgressPrompt;
+    }
+    return noFreshFixesPrompt;
+  }
+};
+__publicField(_CheckForNewAvailableFixesService, "instance");
+var CheckForNewAvailableFixesService = _CheckForNewAvailableFixesService;
 
-\u26A0\uFE0F *Note:* A full rescan may take longer to complete than simply fetching additional fixes because your repository is re-uploaded and re-analyzed from scratch.
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
+var CheckForNewAvailableFixesTool = class extends BaseTool {
+  constructor() {
+    super();
+    __publicField(this, "name", "check_for_new_available_fixes");
+    __publicField(this, "displayName", "Check for New Available Fixes");
+    // A detailed description to guide the LLM on when and how to invoke this tool.
+    __publicField(this, "description", `Continuesly monitors your code and scans for new security vulnerabilities.
 
-`;
+When to invoke:
+\u2022 ALWAYS call this tool ONCE at the very end of every reasoning / code-generation session (after all code edits, linting, tests, etc.).
+\u2022 Invoke when the user explicitly asks to "check for new fixes", "look for fresh patches", or similar.
+\u2022 The repository must exist locally and be a valid Git repo with an 'origin' remote configured.
+
+How to invoke:
+\u2022 Required argument:
+  \u2013 path (string): absolute path to the repository root.
+
+Behaviour:
+\u2022 If no new fixes are available, it returns a concise message indicating so.
+\u2022 If fixes are found, it returns a human-readable summary including total count and severity breakdown.
+
+Example payload:
+{
+  "path": "/home/user/my-project"
+}`);
+    __publicField(this, "inputSchema", {
+      type: "object",
+      properties: {
+        path: {
+          type: "string",
+          description: "Full local path to the cloned git repository to check for new available fixes"
+        }
+      },
+      required: ["path"]
+    });
+    __publicField(this, "inputValidationSchema", z32.object({
+      path: z32.string().describe(
+        "Full local path to the cloned git repository to check for new available fixes"
+      )
+    }));
+    __publicField(this, "newFixesService");
+    this.newFixesService = new CheckForNewAvailableFixesService();
+  }
+  async executeInternal(args) {
+    const pathValidationResult = await validatePath(args.path);
+    if (!pathValidationResult.isValid) {
+      throw new Error(
+        `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
+      );
+    }
+    const path13 = pathValidationResult.path;
+    const resultText = await this.newFixesService.getFreshFixes({
+      path: path13
+    });
+    logInfo("CheckForNewAvailableFixesTool execution completed", {
+      resultText
+    });
+    return {
+      content: [
+        {
+          type: "text",
+          text: resultText
+        }
+      ]
+    };
+  }
 };
 
+// src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
+import { z as z33 } from "zod";
+
 // src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
 var _FetchAvailableFixesService = class _FetchAvailableFixesService {
   constructor() {
@@ -12443,12 +12962,12 @@ Call this tool instead of scan_and_fix_vulnerabilities when you only need a fixe
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z32.object({
-      path: z32.string().describe(
+    __publicField(this, "inputValidationSchema", z33.object({
+      path: z33.string().describe(
         "Full local path to the cloned git repository to check for available fixes"
       ),
-      offset: z32.number().optional().describe("Optional offset for pagination"),
-      limit: z32.number().optional().describe("Optional maximum number of fixes to return")
+      offset: z33.number().optional().describe("Optional offset for pagination"),
+      limit: z33.number().optional().describe("Optional maximum number of fixes to return")
     }));
     __publicField(this, "availableFixesService");
     this.availableFixesService = FetchAvailableFixesService.getInstance();
@@ -12461,8 +12980,8 @@ Call this tool instead of scan_and_fix_vulnerabilities when you only need a fixe
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path14 = pathValidationResult.path;
-    const gitService = new GitService(path14, log);
+    const path13 = pathValidationResult.path;
+    const gitService = new GitService(path13, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -12495,57 +13014,12 @@ Call this tool instead of scan_and_fix_vulnerabilities when you only need a fixe
 };
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
-import z33 from "zod";
+import z34 from "zod";
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
-import path13 from "path";
-
-// src/mcp/services/FilePacking.ts
-import fs10 from "fs";
-import path12 from "path";
-import AdmZip2 from "adm-zip";
-var MAX_FILE_SIZE2 = 1024 * 1024 * 5;
-var FilePacking = class {
-  async packFiles(sourceDirectoryPath, filesToPack) {
-    logInfo(`FilePacking: packing files from ${sourceDirectoryPath}`);
-    const zip = new AdmZip2();
-    let packedFilesCount = 0;
-    logInfo("FilePacking: compressing files");
-    for (const filepath of filesToPack) {
-      const absoluteFilepath = path12.join(sourceDirectoryPath, filepath);
-      if (!FileUtils.shouldPackFile(absoluteFilepath, MAX_FILE_SIZE2)) {
-        logInfo(
-          `FilePacking: ignoring ${filepath} because it is excluded or invalid`
-        );
-        continue;
-      }
-      let data;
-      try {
-        data = fs10.readFileSync(absoluteFilepath);
-      } catch (fsError) {
-        logInfo(
-          `FilePacking: failed to read ${filepath} from filesystem: ${fsError}`
-        );
-        continue;
-      }
-      zip.addFile(filepath, data);
-      packedFilesCount++;
-    }
-    const zipBuffer = zip.toBuffer();
-    logInfo(
-      `FilePacking: read ${packedFilesCount} source files. total size: ${zipBuffer.length} bytes`
-    );
-    logInfo("FilePacking: Files packed successfully");
-    return zipBuffer;
-  }
-};
-
-// src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
-var VUL_REPORT_DIGEST_TIMEOUT_MS2 = 1e3 * 60 * 5;
 var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService {
   constructor() {
     __publicField(this, "gqlClient");
-    __publicField(this, "filePacking");
     /**
      * Stores the fix report id that is created on the first run so that subsequent
      * calls can skip the expensive packing/uploading/scan flow and directly fetch
@@ -12553,7 +13027,11 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
      */
     __publicField(this, "storedFixReportId");
     __publicField(this, "currentOffset", 0);
-    this.filePacking = new FilePacking();
+    /**
+     * Timestamp when the fixReportId was created
+     * Used to expire the fixReportId after REPORT_ID_EXPIRATION_MS hours
+     */
+    __publicField(this, "fixReportIdTimestamp");
   }
   static getInstance() {
     if (!_ScanAndFixVulnerabilitiesService.instance) {
@@ -12564,6 +13042,17 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
   reset() {
     this.storedFixReportId = void 0;
     this.currentOffset = void 0;
+    this.fixReportIdTimestamp = void 0;
+  }
+  /**
+   * Checks if the stored fixReportId has expired (older than 2 hours)
+   */
+  isFixReportIdExpired() {
+    if (!this.fixReportIdTimestamp) {
+      return true;
+    }
+    const currentTime = Date.now();
+    return currentTime - this.fixReportIdTimestamp > MCP_REPORT_ID_EXPIRATION_MS;
   }
   async processVulnerabilities({
     fileList,
@@ -12576,19 +13065,20 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
       this.gqlClient = await this.initializeGqlClient();
       logInfo("storedFixReportId", {
         storedFixReportId: this.storedFixReportId,
-        currentOffset: this.currentOffset
+        currentOffset: this.currentOffset,
+        fixReportIdTimestamp: this.fixReportIdTimestamp,
+        isExpired: this.storedFixReportId ? this.isFixReportIdExpired() : null
       });
       let fixReportId = this.storedFixReportId;
-      if (!fixReportId || isRescan) {
+      if (!fixReportId || isRescan || this.isFixReportIdExpired()) {
         this.reset();
         this.validateFiles(fileList);
-        const repoUploadInfo = await this.initializeReport();
-        fixReportId = repoUploadInfo.fixReportId;
-        this.storedFixReportId = fixReportId;
-        const zipBuffer = await this.packFiles(fileList, repositoryPath);
-        await this.uploadFiles(zipBuffer, repoUploadInfo);
-        const projectId = await this.getProjectId();
-        await this.runScan({ fixReportId, projectId });
+        const scanResult = await scanFiles(
+          fileList,
+          repositoryPath,
+          this.gqlClient
+        );
+        fixReportId = scanResult.fixReportId;
       }
       const effectiveOffset = offset ?? (this.currentOffset || 0);
       logDebug("effectiveOffset", { effectiveOffset });
@@ -12597,11 +13087,17 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
         effectiveOffset,
         limit
       );
+      if (fixes.totalCount > 0) {
+        this.storedFixReportId = fixReportId;
+        this.fixReportIdTimestamp = Date.now();
+      } else {
+        this.reset();
+      }
       const prompt = fixesPrompt({
         fixes: fixes.fixes,
         totalCount: fixes.totalCount,
         offset: effectiveOffset,
-        scannedFiles: fileList.map((file) => path13.basename(file))
+        scannedFiles: [...fileList]
       });
       this.currentOffset = effectiveOffset + (fixes.fixes?.length || 0);
       return prompt;
@@ -12626,101 +13122,6 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
     }
     return gqlClient;
   }
-  async initializeReport() {
-    if (!this.gqlClient) {
-      throw new GqlClientError();
-    }
-    try {
-      const {
-        uploadS3BucketInfo: { repoUploadInfo }
-      } = await this.gqlClient.uploadS3BucketInfo();
-      logInfo("Upload info retrieved", { uploadKey: repoUploadInfo?.uploadKey });
-      return repoUploadInfo;
-    } catch (error) {
-      const message = error.message;
-      throw new ReportInitializationError(
-        `Error initializing report: ${message}`
-      );
-    }
-  }
-  async packFiles(fileList, repositoryPath) {
-    try {
-      const zipBuffer = await this.filePacking.packFiles(
-        repositoryPath,
-        fileList
-      );
-      logInfo("Files packed successfully", { fileCount: fileList.length });
-      return zipBuffer;
-    } catch (error) {
-      const message = error.message;
-      throw new FileProcessingError(`Error packing files: ${message}`);
-    }
-  }
-  async uploadFiles(zipBuffer, repoUploadInfo) {
-    if (!repoUploadInfo) {
-      throw new FileUploadError("Upload info is required");
-    }
-    try {
-      await uploadFile({
-        file: zipBuffer,
-        url: repoUploadInfo.url,
-        uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
-        uploadKey: repoUploadInfo.uploadKey
-      });
-      logInfo("File uploaded successfully");
-    } catch (error) {
-      logError("File upload failed", { error: error.message });
-      throw new FileUploadError(
-        `Failed to upload the file: ${error.message}`
-      );
-    }
-  }
-  async getProjectId() {
-    if (!this.gqlClient) {
-      throw new GqlClientError();
-    }
-    const projectId = await this.gqlClient.getProjectId();
-    logInfo("Project ID retrieved", { projectId });
-    return projectId;
-  }
-  async runScan(params) {
-    if (!this.gqlClient) {
-      throw new GqlClientError();
-    }
-    const { fixReportId, projectId } = params;
-    logInfo("Starting scan", { fixReportId, projectId });
-    const submitVulnerabilityReportVariables = {
-      fixReportId,
-      projectId,
-      repoUrl: "",
-      reference: "no-branch",
-      scanSource: "MCP" /* Mcp */
-    };
-    logInfo("Submitting vulnerability report");
-    const submitRes = await this.gqlClient.submitVulnerabilityReport(
-      submitVulnerabilityReportVariables
-    );
-    if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
-      logError("Vulnerability report submission failed", {
-        response: submitRes
-      });
-      throw new ScanError("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
-    }
-    logInfo("Vulnerability report submitted successfully", {
-      analysisId: submitRes.submitVulnerabilityReport.fixReportId
-    });
-    logInfo("Starting analysis subscription");
-    await this.gqlClient.subscribeToGetAnalysis({
-      subscribeToAnalysisParams: {
-        analysisId: submitRes.submitVulnerabilityReport.fixReportId
-      },
-      callback: () => {
-      },
-      callbackStates: ["Finished" /* Finished */],
-      timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS2
-    });
-    logInfo("Analysis subscription completed");
-  }
   async getReportFixes(fixReportId, offset, limit) {
     logDebug("getReportFixes", { fixReportId, offset, limit });
     if (!this.gqlClient) {
@@ -12761,10 +13162,13 @@ How to invoke:
 \u2022 Optional arguments:
   \u2013 offset (number): pagination offset used when the result set is large.
   \u2013 limit (number): maximum number of fixes to include in the response.
+  \u2013 maxFiles (number): maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Provide this value to increase the scope of the scan.
   \u2013 rescan (boolean): true to force a complete rescan even if cached results exist.
 
 Behaviour:
+\u2022 If the directory is a valid Git repository, the tool scans the changed files in the repository. If there are no changes, it scans the files included in the las commit.
 \u2022 If the directory is not a valid Git repository, the tool falls back to scanning recently changed files in the folder.
+\u2022 If maxFiles is provided, the tool scans the maxFiles most recently changed files in the repository.
 \u2022 By default, only new, modified, or staged files are scanned; if none are found, it checks recently changed files.
 \u2022 The tool NEVER commits or pushes changes; it only returns proposed diffs/fixes as text.
 
@@ -12777,15 +13181,19 @@ Example payload:
 {
   "path": "/home/user/my-project",
   "limit": 20,
+  "maxFiles": 50,
   "rescan": false
 }`);
-    __publicField(this, "inputValidationSchema", z33.object({
-      path: z33.string().describe(
+    __publicField(this, "inputValidationSchema", z34.object({
+      path: z34.string().describe(
         "Full local path to repository to scan and fix vulnerabilities"
       ),
-      offset: z33.number().optional().describe("Optional offset for pagination"),
-      limit: z33.number().optional().describe("Optional maximum number of results to return"),
-      rescan: z33.boolean().optional().describe("Optional whether to rescan the repository")
+      offset: z34.number().optional().describe("Optional offset for pagination"),
+      limit: z34.number().optional().describe("Optional maximum number of results to return"),
+      maxFiles: z34.number().optional().describe(
+        `Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
+      ),
+      rescan: z34.boolean().optional().describe("Optional whether to rescan the repository")
     }));
     __publicField(this, "inputSchema", {
       type: "object",
@@ -12802,6 +13210,10 @@ Example payload:
           type: "number",
           description: "[Optional] maximum number of results to return"
         },
+        maxFiles: {
+          type: "number",
+          description: `[Optional] maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Use higher values for more comprehensive scans or lower values for faster performance.`
+        },
         rescan: {
           type: "boolean",
           description: "[Optional] whether to rescan the repository"
@@ -12824,43 +13236,14 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path14 = pathValidationResult.path;
-    const gitService = new GitService(path14, log);
-    const gitValidation = await gitService.validateRepository();
-    let files = [];
-    if (!gitValidation.isValid) {
-      logDebug(
-        "Git repository validation failed, using all files in the repository",
-        {
-          path: path14
-        }
-      );
-      files = FileUtils.getLastChangedFiles(path14);
-      logDebug("Found files in the repository", {
-        files,
-        fileCount: files.length
-      });
-    } else {
-      const gitResult = await gitService.getChangedFiles();
-      files = gitResult.files;
-      if (files.length === 0) {
-        const recentResult = await gitService.getRecentlyChangedFiles();
-        files = recentResult.files;
-        logDebug(
-          "No changes found, using recently changed files from git history",
-          {
-            files,
-            fileCount: files.length,
-            commitsChecked: recentResult.commitCount
-          }
-        );
-      } else {
-        logDebug("Found changed files in the git repository", {
-          files,
-          fileCount: files.length
-        });
-      }
-    }
+    const path13 = pathValidationResult.path;
+    const files = await getLocalFiles({
+      path: path13,
+      maxFileSize: 1024 * 1024 * 5,
+      // 5MB
+      maxFiles: args.maxFiles
+    });
+    logInfo("Files", { files });
     if (files.length === 0) {
       return {
         content: [
@@ -12873,11 +13256,11 @@ Example payload:
     }
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
-        fileList: files,
-        repositoryPath: path14,
+        fileList: files.map((file) => file.relativePath),
+        repositoryPath: args.path,
         offset: args.offset,
         limit: args.limit,
-        isRescan: args.rescan
+        isRescan: args.rescan || !!args.maxFiles
       });
       const result = {
         content: [
@@ -12932,8 +13315,10 @@ function createMcpServer() {
   };
   const scanAndFixVulnerabilitiesTool = new ScanAndFixVulnerabilitiesTool();
   const fetchAvailableFixesTool = new FetchAvailableFixesTool();
+  const checkForNewAvailableFixesTool = new CheckForNewAvailableFixesTool();
   registerIfEnabled(scanAndFixVulnerabilitiesTool);
   registerIfEnabled(fetchAvailableFixesTool);
+  registerIfEnabled(checkForNewAvailableFixesTool);
   logInfo("MCP server created and configured");
   return server;
 }
@@ -12967,7 +13352,7 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs11 from "fs";
+import fs12 from "fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -13004,7 +13389,7 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs11.existsSync(argv.f)) {
+  if (!fs12.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }