npm - mobbdev - Versions diffs - 1.0.108 → 1.0.110 - Mend

mobbdev 1.0.108 → 1.0.110

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +175 -112
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -707,6 +707,7 @@ var GetAnalysisSubscriptionDocument = `
   analysis: fixReport_by_pk(id: $analysisId) {
     id
     state
+    failReason
   }
 }
     `;
@@ -715,6 +716,7 @@ var GetAnalysisDocument = `
   analysis: fixReport_by_pk(id: $analysisId) {
     id
     state
+    failReason
     repo {
       commitSha
       pullRequest
@@ -1094,6 +1096,13 @@ var GetReportFixesDocument = `
   }
 }
     ${FixReportSummaryFieldsFragmentDoc}`;
+var UpdateDownloadedFixDataDocument = `
+    mutation updateDownloadedFixData($fixIds: [String!]!, $source: FixDownloadSource!) {
+  updateDownloadedFixData(fixIds: $fixIds, source: $source) {
+    status
+  }
+}
+    `;
 var defaultWrapper = (action, _operationName, _operationType, _variables) => action();
 function getSdk(client, withWrapper = defaultWrapper) {
   return {
@@ -1165,6 +1174,9 @@ function getSdk(client, withWrapper = defaultWrapper) {
     },
     GetReportFixes(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: GetReportFixesDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "GetReportFixes", "query", variables);
+    },
+    updateDownloadedFixData(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: UpdateDownloadedFixDataDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "updateDownloadedFixData", "mutation", variables);
     }
   };
 }
@@ -1597,9 +1609,9 @@ function getParsedFalsePositiveMessage(data) {
   const containsTemplate = extraContext.some(
     (context) => fixDescription.includes(`\${${context.key}}`)
   );
-  const description2 = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
+  const description = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
   const contextString = containsTemplate ? null : `\`\`\`${extraContext.map(({ value }) => value).join(" ")} \`\`\``;
-  return { description: description2, contextString };
+  return { description, contextString };
 }
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -1625,7 +1637,7 @@ var getCommitDescription = ({
   irrelevantIssueWithTags
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
-  let description2 = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
+  let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
     vendor
   )}**.
@@ -1633,7 +1645,7 @@ var getCommitDescription = ({
   const parseIssueTypeRes = z2.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description2 += `
+      description += `
 > [!tip]
 > This issue was found to be irrelevant to your project - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
 > Mobb recommends to ignore this issue, however fix is available if you think differently.
@@ -1645,7 +1657,7 @@ ${issueDescription[irrelevantIssueWithTags[0].tag]}
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
     if (staticData) {
-      description2 += `## Issue description
+      description += `## Issue description
 ${staticData.issueDescription}
 ## Fix instructions
@@ -1653,16 +1665,16 @@ ${staticData.fixInstructions}
 `;
     }
   }
-  description2 += `
+  description += `
 ${guidances.map(({ guidance }) => `## Additional actions required
  ${guidance}
 `).join("")}
 `;
   if (fixUrl) {
-    description2 += `
+    description += `
 [More info and fix customization are available in the Mobb platform](${fixUrl})`;
   }
-  return description2;
+  return description;
 };
 var getCommitIssueDescription = ({
   vendor,
@@ -1671,12 +1683,12 @@ var getCommitIssueDescription = ({
   fpDescription
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
-  let description2 = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
+  let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 `;
   const parseIssueTypeRes = z2.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description2 = `
+      description = `
 > [!tip]
 > The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 > ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
@@ -1689,12 +1701,12 @@ ${fpDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
     if (staticData) {
-      description2 += `## Issue description
+      description += `## Issue description
 ${staticData.issueDescription}
 `;
     }
   }
-  return description2;
+  return description;
 };
 // src/features/analysis/scm/shared/src/guidances.ts
@@ -2917,15 +2929,22 @@ var openRedirect2 = {
     description: () => "",
     guidance: () => ""
   },
-  allowlist: {
-    content: () => "Allowed domains/paths",
-    description: () => description,
+  domainAllowlist: {
+    content: () => "Allowed domains names",
+    description: () => "please provide a coma separated list of allowed domains names (example.com, example.org, etc.)",
+    guidance: () => ""
+  },
+  pathAllowlist: {
+    content: () => "Allowed paths (URIs)",
+    description: () => "please provide a coma separated list of allowed path (/health, /api/v1/health, etc.)",
+    guidance: () => ""
+  },
+  includeProtocolValidation: {
+    content: () => "Should HTTP or HTTPS protocol be enforced?",
+    description: () => "please indicate if the protocol should be enforced",
     guidance: () => ""
   }
 };
-var description = `- *If external*, provide a coma separated list of allowed domains.
-&nbsp;
-- *If internal*, provide a coma seperated list of allowed paths`;
 // src/features/analysis/scm/shared/src/storedQuestionData/js/pt.ts
 var pt3 = {
@@ -3674,6 +3693,7 @@ var ReportQueryResultZ = z11.object({
     createdOn: z11.string(),
     expirationOn: z11.string().nullable(),
     state: z11.nativeEnum(Fix_Report_State_Enum),
+    failReason: z11.string().nullable(),
     fixes: z11.array(
       z11.object({
         id: z11.string().uuid(),
@@ -4683,11 +4703,11 @@ async function adoValidateParams({
     console.log("adoValidateParams error", e);
     const error = e;
     const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description2 = error.description || `${e}`;
-    if (code === 401 || code === 403 || description2.includes("401") || description2.includes("403")) {
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
       throw new InvalidAccessTokenError(`invalid ADO access token`);
     }
-    if (code === 404 || description2.includes("404") || description2.includes("Not Found")) {
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid ADO repo URL ${url}`);
     }
     console.log("adoValidateParams error", e);
@@ -7411,11 +7431,11 @@ async function gitlabValidateParams({
   } catch (e) {
     const error = e;
     const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description2 = error.description || `${e}`;
-    if (code === 401 || code === 403 || description2.includes("401") || description2.includes("403")) {
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
       throw new InvalidAccessTokenError(`invalid gitlab access token`);
     }
-    if (code === 404 || description2.includes("404") || description2.includes("Not Found")) {
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
       throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
     }
     console.log("gitlabValidateParams error", e);
@@ -8569,6 +8589,84 @@ import open2 from "open";
 import tmp2 from "tmp";
 import { z as z29 } from "zod";
+// src/mcp/core/Errors.ts
+var ApiConnectionError = class extends Error {
+  constructor(message = "Failed to connect to the API") {
+    super(message);
+    this.name = "ApiConnectionError";
+  }
+};
+var CliLoginError = class extends Error {
+  constructor(message = "CLI login failed") {
+    super(message);
+    this.name = "CliLoginError";
+  }
+};
+var AuthenticationError = class extends Error {
+  constructor(message = "Authentication failed") {
+    super(message);
+    this.name = "AuthenticationError";
+  }
+};
+var NoFilesError = class extends Error {
+  constructor(message = "No files to fix") {
+    super(message);
+    this.name = "NoFilesError";
+  }
+};
+var GqlClientError = class extends Error {
+  constructor(message = "GraphQL client not initialized") {
+    super(message);
+    this.name = "GqlClientError";
+  }
+};
+var FileProcessingError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FileProcessingError";
+  }
+};
+var ReportInitializationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ReportInitializationError";
+  }
+};
+var FileUploadError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FileUploadError";
+  }
+};
+var ScanError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ScanError";
+  }
+};
+var FailedToGetApiTokenError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FailedToGetApiTokenError";
+  }
+};
+var _ReportDigestError = class _ReportDigestError extends Error {
+  constructor(message, failReason) {
+    super(message);
+    this.failReason = failReason;
+    this.name = "ReportDigestError";
+    this.failReason = failReason;
+  }
+  getDisplayMessage() {
+    if (this.failReason?.trim()) {
+      return `\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. ${this.failReason}`;
+    }
+    return _ReportDigestError.defaultMessage;
+  }
+};
+__publicField(_ReportDigestError, "defaultMessage", "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format.");
+var ReportDigestError = _ReportDigestError;
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug8 from "debug";
@@ -9092,10 +9190,10 @@ async function addFixCommentsForPr({
           const parsedFpRes = await FalsePositivePartsZ.parseAsync(
             fpRes?.getFalsePositive
           );
-          const { description: description2, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
-          fpDescription = contextString ? `${description2}
+          const { description, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
+          fpDescription = contextString ? `${description}
-${contextString}` : description2;
+${contextString}` : description;
         }
         return await Promise.all(
           vulnerabilityReportIssue.codeNodes.map(
@@ -9674,7 +9772,10 @@ var GQLClient = class {
       params.subscribeToAnalysisParams,
       async (resolve, reject, data) => {
         if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
-          reject(new Error(`Analysis failed with id: ${data.analysis?.id}`));
+          const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
+          reject(
+            new ReportDigestError(errorMessage, data.analysis?.failReason ?? "")
+          );
           return;
         }
         if (callbackStates.includes(data.analysis?.state)) {
@@ -10785,23 +10886,19 @@ async function _digestReport({
         shouldScan
       }
     );
-    try {
-      await gqlClient.subscribeToAnalysis({
-        subscribeToAnalysisParams: {
-          analysisId: fixReportId
-        },
-        callback: () => digestSpinner.update({
-          text: progressMassages.processingVulnerabilityReportSuccess
-        }),
-        callbackStates: [
-          "Digested" /* Digested */,
-          "Finished" /* Finished */
-        ],
-        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
-      });
-    } catch (e) {
-      throw new Error(progressMassages.processingVulnerabilityReportFailed);
-    }
+    await gqlClient.subscribeToAnalysis({
+      subscribeToAnalysisParams: {
+        analysisId: fixReportId
+      },
+      callback: () => digestSpinner.update({
+        text: progressMassages.processingVulnerabilityReportSuccess
+      }),
+      callbackStates: [
+        "Digested" /* Digested */,
+        "Finished" /* Finished */
+      ],
+      timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+    });
     const vulnFiles = await gqlClient.getVulnerabilityReportPaths(
       vulnerabilityReportId
     );
@@ -10810,8 +10907,9 @@ async function _digestReport({
     });
     return vulnFiles;
   } catch (e) {
+    const errorMessage = e instanceof ReportDigestError ? e.getDisplayMessage() : ReportDigestError.defaultMessage;
     digestSpinner.error({
-      text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format."
+      text: errorMessage
     });
     throw e;
   }
@@ -11331,70 +11429,6 @@ import Configstore3 from "configstore";
 import { GraphQLClient as GraphQLClient2 } from "graphql-request";
 import open4 from "open";
 import { v4 as uuidv42 } from "uuid";
-// src/mcp/core/Errors.ts
-var ApiConnectionError = class extends Error {
-  constructor(message = "Failed to connect to the API") {
-    super(message);
-    this.name = "ApiConnectionError";
-  }
-};
-var CliLoginError = class extends Error {
-  constructor(message = "CLI login failed") {
-    super(message);
-    this.name = "CliLoginError";
-  }
-};
-var AuthenticationError = class extends Error {
-  constructor(message = "Authentication failed") {
-    super(message);
-    this.name = "AuthenticationError";
-  }
-};
-var NoFilesError = class extends Error {
-  constructor(message = "No files to fix") {
-    super(message);
-    this.name = "NoFilesError";
-  }
-};
-var GqlClientError = class extends Error {
-  constructor(message = "GraphQL client not initialized") {
-    super(message);
-    this.name = "GqlClientError";
-  }
-};
-var FileProcessingError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "FileProcessingError";
-  }
-};
-var ReportInitializationError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "ReportInitializationError";
-  }
-};
-var FileUploadError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "FileUploadError";
-  }
-};
-var ScanError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "ScanError";
-  }
-};
-var FailedToGetApiTokenError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "FailedToGetApiTokenError";
-  }
-};
-// src/mcp/services/McpGQLClient.ts
 var mobbConfigStore = new Configstore3(packageJson.name, { apiToken: "" });
 var McpGQLClient = class {
   constructor(args) {
@@ -11512,12 +11546,14 @@ var McpGQLClient = class {
         async (resolve, reject, data) => {
           logDebug("GraphQL: GetAnalysis subscription data received", { data });
           if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
+            const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
             logError("GraphQL: Analysis failed", {
               analysisId: data.analysis?.id,
               state: data.analysis?.state,
+              failReason: data.analysis?.failReason,
               ...this.getErrorContext()
             });
-            reject(new Error(`Analysis failed with id: ${data.analysis?.id}`));
+            reject(new Error(errorMessage));
             return;
           }
           if (callbackStates.includes(data.analysis?.state)) {
@@ -11553,7 +11589,16 @@ var McpGQLClient = class {
   }
   async getProjectId() {
     try {
-      const projectName = "MCP Scans";
+      const me = await this.getUserInfo();
+      if (!me) {
+        throw new Error("User not found");
+      }
+      const userEmail = me.email;
+      if (!userEmail) {
+        throw new Error("User email not found");
+      }
+      const shortEmailHash = crypto2.createHash("sha256").update(userEmail).digest("hex").slice(0, 8).toUpperCase();
+      const projectName = `MCP Scans ${shortEmailHash}`;
       logDebug("GraphQL: Calling getOrgAndProjectId query", { projectName });
       const getOrgAndProjectIdResult = await this.clientSdk.getOrgAndProjectId({
         filters: {},
@@ -11638,6 +11683,20 @@ var McpGQLClient = class {
       return null;
     }
   }
+  async _updateFixesArchiveState(fixIds) {
+    if (fixIds.length > 0) {
+      const resUpdate = await this.clientSdk.updateDownloadedFixData({
+        fixIds,
+        source: "MCP" /* Mcp */
+      });
+      logInfo("GraphQL: updateFixesArchiveState successful", {
+        result: resUpdate,
+        fixIds
+      });
+    } else {
+      logInfo("GraphQL: No fixes found");
+    }
+  }
   async getLatestReportByRepoUrl({
     repoUrl,
     limit = 3,
@@ -11658,6 +11717,8 @@ var McpGQLClient = class {
         result: res,
         reportCount: res.fixReport?.length || 0
       });
+      const fixIds = res.fixReport?.[0]?.fixes?.map((fix) => fix.id) || [];
+      await this._updateFixesArchiveState(fixIds);
       return {
         fixReport: res.fixReport?.[0] || null,
         expiredReport: res.expiredReport?.[0] || null
@@ -11708,6 +11769,8 @@ var McpGQLClient = class {
       if (res.fixReport.length === 0) {
         return null;
       }
+      const fixIds = res.fixReport?.[0]?.fixes?.map((fix) => fix.id) || [];
+      await this._updateFixesArchiveState(fixIds);
       return {
         fixes: res.fixReport?.[0]?.fixes || [],
         totalCount: res.fixReport?.[0]?.filteredFixesCount?.aggregate?.count || 0,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.108",
+  "version": "1.0.110",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",