npm - mobbdev - Versions diffs - 1.0.112 → 1.0.114 - Mend

mobbdev 1.0.112 → 1.0.114

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +678 -426
package/package.json +10 -7

package/dist/index.mjs CHANGED Viewed

@@ -364,6 +364,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
   IssueType_Enum2["AvoidBuiltinShadowing"] = "AVOID_BUILTIN_SHADOWING";
   IssueType_Enum2["AvoidIdentityComparisonCachedTypes"] = "AVOID_IDENTITY_COMPARISON_CACHED_TYPES";
+  IssueType_Enum2["BufferOverflow"] = "BUFFER_OVERFLOW";
   IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
   IssueType_Enum2["CmDi"] = "CMDi";
   IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
@@ -533,6 +534,8 @@ var FixDetailsFragmentDoc = `
   confidence
   safeIssueType
   severityText
+  gitBlameLogin
+  severityValue
   vulnerabilityReportIssues {
     parsedIssueType
     parsedSeverity
@@ -596,7 +599,15 @@ var FixReportSummaryFieldsFragmentDoc = `
     }
   }
   fixes(
-    where: {_and: [{vulnerabilityReportIssues: {category: {_eq: "Fixable"}}}, $filters]}
+    where: {_and: [{vulnerabilityReportIssues: {category: {_eq: "Fixable"}}}, {_or: [{gitBlameLogin: {_is_null: true}}, {_not: {gitBlameLogin: {_ilike: $currentUserEmail}}}]}, $filters]}
+    order_by: {severityValue: desc}
+    limit: $limit
+    offset: $offset
+  ) {
+    ...FixDetails
+  }
+  userFixes: fixes(
+    where: {_and: [{gitBlameLogin: {_ilike: $currentUserEmail}}, {vulnerabilityReportIssues: {category: {_eq: "Fixable"}}}, $filters]}
     order_by: {severityValue: desc}
     limit: $limit
     offset: $offset
@@ -662,18 +673,18 @@ var MeDocument = `
   }
 }
     `;
-var GetOrgAndProjectIdDocument = `
-    query getOrgAndProjectId($filters: organization_to_organization_role_bool_exp, $limit: Int) {
-  organization_to_organization_role(
-    where: $filters
-    order_by: {organization: {createdOn: desc}}
-    limit: $limit
-  ) {
-    organization {
+var GetLastOrgAndNamedProjectDocument = `
+    query getLastOrgAndNamedProject($email: String!, $projectName: String!) {
+  user(where: {email: {_eq: $email}}) {
+    id
+    userOrganizationsAndUserOrganizationRoles(order_by: {createdOn: desc}) {
       id
-      projects(order_by: {updatedAt: desc}) {
+      organization {
         id
-        name
+        projects(where: {name: {_eq: $projectName}}) {
+          name
+          id
+        }
       }
     }
   }
@@ -1064,32 +1075,32 @@ var AutoPrAnalysisDocument = `
   }
 }
     `;
-var GetLatestReportByRepoUrlDocument = `
-    query GetLatestReportByRepoUrl($repoUrl: String!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!) {
-  fixReport(
-    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Finished}}]}
-    order_by: {createdOn: desc}
-    limit: 1
-  ) {
+var GetReportFixesDocument = `
+    query GetReportFixes($reportId: uuid!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!, $currentUserEmail: String!) {
+  fixReport(where: {_and: [{id: {_eq: $reportId}}, {state: {_eq: Finished}}]}) {
     ...FixReportSummaryFields
   }
   expiredReport: fixReport(
-    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Expired}}]}
-    order_by: {createdOn: desc}
-    limit: 1
+    where: {_and: [{id: {_eq: $reportId}}, {state: {_eq: Expired}}]}
   ) {
     id
     expirationOn
   }
 }
     ${FixReportSummaryFieldsFragmentDoc}`;
-var GetReportFixesDocument = `
-    query GetReportFixes($reportId: uuid!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!) {
-  fixReport(where: {_and: [{id: {_eq: $reportId}}, {state: {_eq: Finished}}]}) {
+var GetLatestReportByRepoUrlDocument = `
+    query GetLatestReportByRepoUrl($repoUrl: String!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!, $currentUserEmail: String!) {
+  fixReport(
+    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Finished}}]}
+    order_by: {createdOn: desc}
+    limit: 1
+  ) {
     ...FixReportSummaryFields
   }
   expiredReport: fixReport(
-    where: {_and: [{id: {_eq: $reportId}}, {state: {_eq: Expired}}]}
+    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Expired}}]}
+    order_by: {createdOn: desc}
+    limit: 1
   ) {
     id
     expirationOn
@@ -1109,8 +1120,8 @@ function getSdk(client, withWrapper = defaultWrapper) {
     Me(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: MeDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "Me", "query", variables);
     },
-    getOrgAndProjectId(variables, requestHeaders, signal) {
-      return withWrapper((wrappedRequestHeaders) => client.request({ document: GetOrgAndProjectIdDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "getOrgAndProjectId", "query", variables);
+    getLastOrgAndNamedProject(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: GetLastOrgAndNamedProjectDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "getLastOrgAndNamedProject", "query", variables);
     },
     GetEncryptedApiToken(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: GetEncryptedApiTokenDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "GetEncryptedApiToken", "query", variables);
@@ -1169,12 +1180,12 @@ function getSdk(client, withWrapper = defaultWrapper) {
     autoPrAnalysis(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: AutoPrAnalysisDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "autoPrAnalysis", "mutation", variables);
     },
-    GetLatestReportByRepoUrl(variables, requestHeaders, signal) {
-      return withWrapper((wrappedRequestHeaders) => client.request({ document: GetLatestReportByRepoUrlDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "GetLatestReportByRepoUrl", "query", variables);
-    },
     GetReportFixes(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: GetReportFixesDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "GetReportFixes", "query", variables);
     },
+    GetLatestReportByRepoUrl(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: GetLatestReportByRepoUrlDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "GetLatestReportByRepoUrl", "query", variables);
+    },
     updateDownloadedFixData(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: UpdateDownloadedFixDataDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "updateDownloadedFixData", "mutation", variables);
     }
@@ -1444,7 +1455,11 @@ var fixDetailsData = {
   ["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: void 0,
   ["NO_NESTED_TRY" /* NoNestedTry */]: void 0,
   ["REDOS" /* Redos */]: void 0,
-  ["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: void 0
+  ["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: void 0,
+  ["BUFFER_OVERFLOW" /* BufferOverflow */]: {
+    issueDescription: "Buffer Overflow occurs when a program writes data beyond the allocated memory space, leading to unexpected behavior or security vulnerabilities.",
+    fixInstructions: "Implement proper input validation and bounds checking to prevent buffer overflows. Use safe string manipulation functions and ensure that the buffer size is properly managed."
+  }
 };
 // src/features/analysis/scm/shared/src/getIssueType.ts
@@ -1558,7 +1573,8 @@ var issueTypeMap = {
   ["NO_NESTED_TRY" /* NoNestedTry */]: "No Nested Try",
   ["UNNECESSARY_IMPORTS" /* UnnecessaryImports */]: "Unnecessary Imports",
   ["REDOS" /* Redos */]: "Regular Expression Denial of Service",
-  ["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: "Do Not Throw Generic Exception"
+  ["DO_NOT_THROW_GENERIC_EXCEPTION" /* DoNotThrowGenericException */]: "Do Not Throw Generic Exception",
+  ["BUFFER_OVERFLOW" /* BufferOverflow */]: "Buffer Overflow"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -5141,14 +5157,17 @@ import { simpleGit } from "simple-git";
 // src/mcp/core/configs.ts
 var MCP_DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
 var MCP_API_KEY_HEADER_NAME = "x-mobb-key";
-var MCP_LOGIN_MAX_WAIT = 10 * 60 * 1e3;
-var MCP_LOGIN_CHECK_DELAY = 1 * 1e3;
+var MCP_LOGIN_MAX_WAIT = 2 * 60 * 1e3;
+var MCP_LOGIN_CHECK_DELAY = 2 * 1e3;
 var MCP_VUL_REPORT_DIGEST_TIMEOUT_MS = 5 * 60 * 1e3;
 var MCP_MAX_FILE_SIZE = MAX_UPLOAD_FILE_SIZE_MB * 1024 * 1024;
 var MCP_PERIODIC_CHECK_INTERVAL = 15 * 60 * 1e3;
 var MCP_DEFAULT_MAX_FILES_TO_SCAN = 10;
 var MCP_REPORT_ID_EXPIRATION_MS = 2 * 60 * 60 * 1e3;
 var MCP_TOOLS_BROWSER_COOLDOWN_MS = 24 * 60 * 60 * 1e3;
+var MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES = "check_for_new_available_fixes";
+var MCP_TOOL_FETCH_AVAILABLE_FIXES = "fetch_available_fixes";
+var MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES = "scan_and_fix_vulnerabilities";
 // src/features/analysis/scm/FileUtils.ts
 import fs2 from "fs";
@@ -8653,12 +8672,6 @@ var GqlClientError = class extends Error {
     this.name = "GqlClientError";
   }
 };
-var FileProcessingError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "FileProcessingError";
-  }
-};
 var ReportInitializationError = class extends Error {
   constructor(message) {
     super(message);
@@ -9592,7 +9605,7 @@ var GQLClient = class {
     });
     return res.insert_cli_login_one?.id || "";
   }
-  async verifyConnection() {
+  async verifyApiConnection() {
     try {
       await this.getUserInfo();
     } catch (e) {
@@ -9603,7 +9616,7 @@ var GQLClient = class {
     }
     return true;
   }
-  async verifyToken() {
+  async validateUserToken() {
     await this.createCommunityUser();
     let info;
     try {
@@ -9614,31 +9627,46 @@ var GQLClient = class {
     }
     return info?.email || true;
   }
-  async getOrgAndProjectId(params = {}) {
+  async getLastOrgAndNamedProject(params) {
+    const me = await this.getUserInfo();
+    const email = me?.email;
+    if (!email) {
+      throw new Error("User email not found");
+    }
     const { projectName, userDefinedOrganizationId } = params;
-    const getOrgAndProjectIdResult = await this._clientSdk.getOrgAndProjectId({
-      filters: userDefinedOrganizationId ? { organizationId: { _eq: userDefinedOrganizationId } } : {},
-      limit: 1
+    if (!projectName) {
+      throw new Error("Project name is required");
+    }
+    const orgAndProjectRes = await this._clientSdk.getLastOrgAndNamedProject({
+      email,
+      projectName
     });
-    const [organizationToOrganizationRole] = getOrgAndProjectIdResult.organization_to_organization_role;
-    if (!organizationToOrganizationRole) {
-      throw new Error("Organization not found");
+    if (!orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id) {
+      throw new Error(
+        `The user with email:${email}  is not associated with any organization`
+      );
+    }
+    const organization = orgAndProjectRes.user?.at(0)?.userOrganizationsAndUserOrganizationRoles.map((org) => org.organization).filter(
+      (org) => userDefinedOrganizationId ? org.id === userDefinedOrganizationId : true
+    )?.at(0);
+    if (!organization) {
+      throw new Error(
+        `Organization with id:${userDefinedOrganizationId} not found`
+      );
     }
-    const { organization: org } = organizationToOrganizationRole;
-    const project = projectName ? org?.projects.find((project2) => project2.name === projectName) ?? null : org?.projects[0];
-    let projectId = project?.id;
+    let projectId = organization?.projects?.[0]?.id;
     if (!projectId) {
       const createdProject = await this._clientSdk.CreateProject({
-        organizationId: org.id,
+        organizationId: organization.id,
         projectName: projectName || "My project"
       });
       projectId = createdProject.createProject.projectId;
     }
-    if (!project?.id) {
+    if (!projectId) {
       throw new Error("Project not found");
     }
     return {
-      organizationId: org.id,
+      organizationId: organization.id,
       projectId
     };
   }
@@ -10551,7 +10579,10 @@ async function _scan(params, { skipPrompts = false } = {}) {
     skipPrompts,
     apiKey
   });
-  const { projectId, organizationId } = await gqlClient.getOrgAndProjectId({
+  if (!mobbProjectName) {
+    throw new Error("mobbProjectName is required");
+  }
+  const { projectId, organizationId } = await gqlClient.getLastOrgAndNamedProject({
     projectName: mobbProjectName,
     userDefinedOrganizationId: userOrganizationId
   });
@@ -11128,7 +11159,7 @@ async function handleMobbLogin({
   skipPrompts
 }) {
   const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
-  const isConnected = await inGqlClient.verifyConnection();
+  const isConnected = await inGqlClient.verifyApiConnection();
   if (!isConnected) {
     createSpinner5().start().error({
       text: "\u{1F513} Connection to Mobb: failed to connect to the Mobb server"
@@ -11140,7 +11171,7 @@ async function handleMobbLogin({
   createSpinner5().start().success({
     text: `\u{1F513} Connection to Mobb: succeeded`
   });
-  const userVerify = await inGqlClient.verifyToken();
+  const userVerify = await inGqlClient.validateUserToken();
   if (userVerify) {
     createSpinner5().start().success({
       text: `\u{1F513} Login to Mobb succeeded. ${typeof userVerify === "string" ? `Logged in as ${userVerify}` : ""}`
@@ -11194,7 +11225,7 @@ async function handleMobbLogin({
     throw new CliError();
   }
   const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
-  const loginSuccess = await newGqlClient.verifyToken();
+  const loginSuccess = await newGqlClient.validateUserToken();
   if (loginSuccess) {
     debug18(`set api token ${newApiToken}`);
     config3.set("apiToken", newApiToken);
@@ -11257,7 +11288,7 @@ function validateRepoUrl(args) {
     });
   }
 }
-var supportExtensions = [".json", ".xml", ".fpr", ".sarif"];
+var supportExtensions = [".json", ".xml", ".fpr", ".sarif", ".zip"];
 function validateReportFileFormat(reportFile) {
   if (!supportExtensions.includes(path10.extname(reportFile))) {
     throw new CliError(
@@ -11353,7 +11384,7 @@ import {
 } from "@modelcontextprotocol/sdk/types.js";
 // src/mcp/Logger.ts
-var logglerUrl = "http://localhost:4444/log";
+var loggerUrl = "http://localhost:4444/log";
 var isTestEnvironment = process.env["VITEST"] || process.env["TEST"];
 var CIRCUIT_BREAKER_TIME = 5e3;
 var URL_CHECK_TIMEOUT = 200;
@@ -11400,11 +11431,14 @@ var Logger = class {
       this.isProcessing = false;
       return;
     }
-    const isReachable = await this.isUrlReachable(logglerUrl);
+    const isReachable = await this.isUrlReachable(loggerUrl);
     if (!isReachable) {
       this.triggerCircuitBreaker();
       return;
     }
+    await this.sendLogEntry(logEntry);
+  }
+  async sendLogEntry(logEntry) {
     const logMessage = {
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
       level: logEntry.level,
@@ -11416,21 +11450,23 @@ var Logger = class {
     const timeoutId = setTimeout(() => {
       controller.abort();
     }, 500);
-    fetch(logglerUrl, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(logMessage),
-      redirect: "error",
-      // do not follow redirects
-      signal: controller.signal
-    }).then((_response) => {
+    try {
+      await fetch(loggerUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(logMessage),
+        redirect: "error",
+        // do not follow redirects
+        signal: controller.signal
+      });
       this.queue.shift();
       setTimeout(() => this.processQueue(), 0);
-    }).catch(() => {
+    } catch (error) {
       this.triggerCircuitBreaker();
-    }).finally(() => {
+      logError("Failed to send log entry", error);
+    } finally {
       clearTimeout(timeoutId);
-    });
+    }
   }
   triggerCircuitBreaker() {
     this.isCircuitBroken = true;
@@ -11456,12 +11492,90 @@ var logDebug = (message, data) => logger.log(message, "debug", data);
 var log = logger.log.bind(logger);
 // src/mcp/services/McpGQLClient.ts
-import crypto2 from "crypto";
-import os2 from "os";
 import Configstore3 from "configstore";
+import crypto3 from "crypto";
 import { GraphQLClient as GraphQLClient2 } from "graphql-request";
-import open4 from "open";
 import { v4 as uuidv42 } from "uuid";
+// src/mcp/services/McpAuthService.ts
+import crypto2 from "crypto";
+import os2 from "os";
+import open4 from "open";
+var McpAuthService = class {
+  constructor(client) {
+    __publicField(this, "client");
+    __publicField(this, "lastBrowserOpenTime", 0);
+    this.client = client;
+  }
+  /**
+   * Opens a browser window for authentication
+   * @param url URL to open in browser
+   * @param isBackgoundCall Whether this is called from tools context
+   */
+  async openBrowser(url, isBackgoundCall) {
+    if (isBackgoundCall) {
+      const now = Date.now();
+      if (now - this.lastBrowserOpenTime < MCP_TOOLS_BROWSER_COOLDOWN_MS) {
+        logDebug(`browser cooldown active, skipping open for ${url}`);
+        return;
+      }
+    }
+    logDebug(`opening browser url ${url}`);
+    await open4(url);
+    this.lastBrowserOpenTime = Date.now();
+  }
+  /**
+   * Handles the complete authentication flow
+   * @param isBackgoundCall Whether this is called from tools context
+   * @returns Authenticated API token
+   */
+  async authenticate(isBackgoundCall = false) {
+    const { publicKey, privateKey } = crypto2.generateKeyPairSync("rsa", {
+      modulusLength: 2048
+    });
+    logDebug("creating cli login");
+    const loginId = await this.client.createCliLogin({
+      publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
+    });
+    if (!loginId) {
+      throw new CliLoginError("Error: createCliLogin failed");
+    }
+    logDebug(`cli login created ${loginId}`);
+    const webLoginUrl2 = `${WEB_APP_URL}/cli-login`;
+    const browserUrl = `${webLoginUrl2}/${loginId}?hostname=${os2.hostname()}`;
+    await this.openBrowser(browserUrl, isBackgoundCall);
+    logDebug(`waiting for login to complete`);
+    let newApiToken = null;
+    for (let i = 0; i < MCP_LOGIN_MAX_WAIT / MCP_LOGIN_CHECK_DELAY; i++) {
+      const encryptedApiToken = await this.client.getEncryptedApiToken({
+        loginId
+      });
+      if (encryptedApiToken) {
+        logDebug("encrypted API token received");
+        newApiToken = crypto2.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
+        logDebug("API token decrypted");
+        break;
+      }
+      await sleep(MCP_LOGIN_CHECK_DELAY);
+    }
+    if (!newApiToken) {
+      throw new FailedToGetApiTokenError(
+        "Error: failed to get encrypted api token"
+      );
+    }
+    const verifyClient = new McpGQLClient({
+      apiKey: newApiToken,
+      type: "apiKey"
+    });
+    const loginSuccess = await verifyClient.validateUserToken();
+    if (!loginSuccess) {
+      throw new AuthenticationError("Invalid API token");
+    }
+    return newApiToken;
+  }
+};
+// src/mcp/services/McpGQLClient.ts
 var mobbConfigStore = new Configstore3(packageJson.name, { apiToken: "" });
 var McpGQLClient = class {
   constructor(args) {
@@ -11498,17 +11612,17 @@ var McpGQLClient = class {
       }
     };
   }
-  async verifyConnection() {
+  async verifyApiConnection() {
     try {
-      logDebug("GraphQL: Calling Me query for connection verification");
+      logDebug("GraphQL: Calling Me query for API connection verification");
       const result = await this.clientSdk.Me();
       logDebug("GraphQL: Me query successful", { result });
       return true;
     } catch (e) {
       const error = e;
-      logDebug(`verify connection failed ${error.toString()}`);
+      logDebug(`API connection verification failed ${error.toString()}`);
       if (error?.toString().includes("FetchError")) {
-        logError("verify connection failed", { error });
+        logError("API connection verification failed", { error });
         return false;
       }
     }
@@ -11520,7 +11634,7 @@ var McpGQLClient = class {
       const result = await this.clientSdk.uploadS3BucketInfo({
         fileName: "report.json"
       });
-      logInfo("GraphQL: uploadS3BucketInfo successful", { result });
+      logDebug("GraphQL: uploadS3BucketInfo successful", { result });
       return result;
     } catch (e) {
       logError("GraphQL: uploadS3BucketInfo failed", {
@@ -11536,7 +11650,7 @@ var McpGQLClient = class {
       const res = await this.clientSdk.getAnalysis({
         analysisId
       });
-      logInfo("GraphQL: getAnalysis successful", { result: res });
+      logDebug("GraphQL: getAnalysis successful", { result: res });
       if (!res.analysis) {
         throw new Error(`Analysis not found: ${analysisId}`);
       }
@@ -11556,7 +11670,7 @@ var McpGQLClient = class {
         variables
       });
       const result = await this.clientSdk.SubmitVulnerabilityReport(variables);
-      logInfo("GraphQL: SubmitVulnerabilityReport successful", { result });
+      logDebug("GraphQL: SubmitVulnerabilityReport successful", { result });
       return result;
     } catch (e) {
       logError("GraphQL: SubmitVulnerabilityReport failed", {
@@ -11590,7 +11704,7 @@ var McpGQLClient = class {
             return;
           }
           if (callbackStates.includes(data.analysis?.state)) {
-            logInfo("GraphQL: Analysis state matches callback states", {
+            logDebug("GraphQL: Analysis state matches callback states", {
               analysisId: data.analysis.id,
               state: data.analysis.state,
               callbackStates
@@ -11609,7 +11723,7 @@ var McpGQLClient = class {
           timeoutInMs: params.timeoutInMs
         }
       );
-      logInfo("GraphQL: GetAnalysis subscription completed", { result });
+      logDebug("GraphQL: GetAnalysis subscription completed", { result });
       return result;
     } catch (e) {
       logError("GraphQL: GetAnalysis subscription failed", {
@@ -11630,38 +11744,41 @@ var McpGQLClient = class {
       if (!userEmail) {
         throw new Error("User email not found");
       }
-      const shortEmailHash = crypto2.createHash("sha256").update(userEmail).digest("hex").slice(0, 8).toUpperCase();
+      const shortEmailHash = crypto3.createHash("sha256").update(userEmail).digest("hex").slice(0, 8).toUpperCase();
       const projectName = `MCP Scans ${shortEmailHash}`;
-      logDebug("GraphQL: Calling getOrgAndProjectId query", { projectName });
-      const getOrgAndProjectIdResult = await this.clientSdk.getOrgAndProjectId({
-        filters: {},
-        limit: 1
+      logDebug("GraphQL: Calling getLastOrgAndNamedProject query", {
+        projectName
       });
-      logInfo("GraphQL: getOrgAndProjectId successful", {
-        result: getOrgAndProjectIdResult
+      const orgAndProjectRes = await this.clientSdk.getLastOrgAndNamedProject({
+        email: userEmail,
+        projectName
+      });
+      logDebug("GraphQL: getLastOrgAndNamedProject successful", {
+        result: orgAndProjectRes
       });
-      const [organizationToOrganizationRole] = getOrgAndProjectIdResult.organization_to_organization_role;
-      if (!organizationToOrganizationRole) {
-        throw new Error("Organization not found");
-      }
-      const { organization: org } = organizationToOrganizationRole;
-      const project = projectName ? org?.projects.find((project2) => project2.name === projectName) ?? null : org?.projects[0];
-      if (project?.id) {
-        logInfo("GraphQL: Found existing project", {
-          projectId: project.id,
+      if (!orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id) {
+        throw new Error(
+          `The user with email:${userEmail}  is not associated with any organization`
+        );
+      }
+      const organization = orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization;
+      const projectId = organization?.projects?.[0]?.id;
+      if (projectId) {
+        logDebug("GraphQL: Found existing project", {
+          projectId,
           projectName
         });
-        return project.id;
+        return projectId;
       }
       logDebug("GraphQL: Project not found, creating new project", {
-        organizationId: org.id,
+        organizationId: organization.id,
         projectName
       });
       const createdProject = await this.clientSdk.CreateProject({
-        organizationId: org.id,
+        organizationId: organization.id,
         projectName
       });
-      logInfo("GraphQL: CreateProject successful", { result: createdProject });
+      logDebug("GraphQL: CreateProject successful", { result: createdProject });
       return createdProject.createProject.projectId;
     } catch (e) {
       logError("GraphQL: getProjectId failed", {
@@ -11675,15 +11792,15 @@ var McpGQLClient = class {
     const { me } = await this.clientSdk.Me();
     return me;
   }
-  async verifyToken() {
-    logDebug("verifying token");
+  async validateUserToken() {
+    logDebug("validating user token");
     try {
       await this.clientSdk.CreateCommunityUser();
       const info = await this.getUserInfo();
-      logDebug("token verified");
+      logDebug("user token validated successfully");
       return info?.email || true;
     } catch (e) {
-      logError("verify token failed");
+      logError("user token validation failed");
       return false;
     }
   }
@@ -11716,18 +11833,34 @@ var McpGQLClient = class {
       return null;
     }
   }
-  async _updateFixesArchiveState(fixIds) {
+  mergeUserAndSystemFixes(reportData, limit) {
+    if (!reportData) return [];
+    const { userFixes = [], fixes = [] } = reportData;
+    const fixMap = /* @__PURE__ */ new Map();
+    for (const fix of userFixes) {
+      if (fix.id) {
+        fixMap.set(fix.id, fix);
+      }
+    }
+    for (const fix of fixes) {
+      if (fix.id && !fixMap.has(fix.id)) {
+        fixMap.set(fix.id, fix);
+      }
+    }
+    return Array.from(fixMap.values()).slice(0, limit);
+  }
+  async updateFixesDownloadStatus(fixIds) {
     if (fixIds.length > 0) {
       const resUpdate = await this.clientSdk.updateDownloadedFixData({
         fixIds,
         source: "MCP" /* Mcp */
       });
-      logInfo("GraphQL: updateFixesArchiveState successful", {
+      logDebug("GraphQL: updateFixesDownloadStatus successful", {
         result: resUpdate,
         fixIds
       });
     } else {
-      logInfo("GraphQL: No fixes found");
+      logDebug("GraphQL: No fixes found to update download status");
     }
   }
   async getLatestReportByRepoUrl({
@@ -11741,19 +11874,35 @@ var McpGQLClient = class {
         limit,
         offset
       });
+      let currentUserEmail = "%@%";
+      try {
+        const userInfo = await this.getUserInfo();
+        if (userInfo?.email) {
+          currentUserEmail = `%${userInfo.email}%`;
+        }
+      } catch (err) {
+        logDebug("Failed to get user email, using default pattern", {
+          error: err
+        });
+      }
       const res = await this.clientSdk.GetLatestReportByRepoUrl({
         repoUrl,
         limit,
-        offset
+        offset,
+        currentUserEmail
       });
-      logInfo("GraphQL: GetLatestReportByRepoUrl successful", {
+      logDebug("GraphQL: GetLatestReportByRepoUrl successful", {
         result: res,
         reportCount: res.fixReport?.length || 0
       });
-      const fixIds = res.fixReport?.[0]?.fixes?.map((fix) => fix.id) || [];
-      await this._updateFixesArchiveState(fixIds);
+      const fixes = this.mergeUserAndSystemFixes(res.fixReport?.[0], limit);
+      const fixIds = fixes.map((fix) => fix.id);
+      await this.updateFixesDownloadStatus(fixIds);
       return {
-        fixReport: res.fixReport?.[0] || null,
+        fixReport: res.fixReport?.[0] ? {
+          ...res.fixReport?.[0],
+          fixes
+        } : null,
         expiredReport: res.expiredReport?.[0] || null
       };
     } catch (e) {
@@ -11772,14 +11921,14 @@ var McpGQLClient = class {
     issueType,
     severity
   }) {
+    const filters = {};
+    if (issueType && issueType.length > 0) {
+      filters["safeIssueType"] = { _in: issueType };
+    }
+    if (severity && severity.length > 0) {
+      filters["severityText"] = { _in: severity };
+    }
     try {
-      const filters = {};
-      if (issueType && issueType.length > 0) {
-        filters["safeIssueType"] = { _in: issueType };
-      }
-      if (severity && severity.length > 0) {
-        filters["severityText"] = { _in: severity };
-      }
       logDebug("GraphQL: Calling GetReportFixes query", {
         reportId,
         limit,
@@ -11788,13 +11937,25 @@ var McpGQLClient = class {
         issueType,
         severity
       });
+      let currentUserEmail = "%@%";
+      try {
+        const userInfo = await this.getUserInfo();
+        if (userInfo?.email) {
+          currentUserEmail = `%${userInfo.email}%`;
+        }
+      } catch (err) {
+        logDebug("Failed to get user email, using default pattern", {
+          error: err
+        });
+      }
       const res = await this.clientSdk.GetReportFixes({
         reportId,
         limit,
         offset,
-        filters
+        filters,
+        currentUserEmail
       });
-      logInfo("GraphQL: GetReportFixes successful", {
+      logDebug("GraphQL: GetReportFixes successful", {
         result: res,
         fixCount: res.fixReport?.[0]?.fixes?.length || 0,
         totalCount: res.fixReport?.[0]?.filteredFixesCount?.aggregate?.count || 0
@@ -11802,10 +11963,11 @@ var McpGQLClient = class {
       if (res.fixReport.length === 0) {
         return null;
       }
-      const fixIds = res.fixReport?.[0]?.fixes?.map((fix) => fix.id) || [];
-      await this._updateFixesArchiveState(fixIds);
+      const fixes = this.mergeUserAndSystemFixes(res.fixReport?.[0], limit);
+      const fixIds = fixes.map((fix) => fix.id);
+      await this.updateFixesDownloadStatus(fixIds);
       return {
-        fixes: res.fixReport?.[0]?.fixes || [],
+        fixes,
         totalCount: res.fixReport?.[0]?.filteredFixesCount?.aggregate?.count || 0,
         expiredReport: res.expiredReport?.[0] || null
       };
@@ -11819,82 +11981,29 @@ var McpGQLClient = class {
     }
   }
 };
-async function openBrowser(url, isToolsCall) {
-  if (isToolsCall) {
-    const now = Date.now();
-    const lastBrowserOpenTime = mobbConfigStore.get("lastBrowserOpenTime") || 0;
-    if (now - lastBrowserOpenTime < MCP_TOOLS_BROWSER_COOLDOWN_MS) {
-      logDebug(`browser cooldown active, skipping open for ${url}`);
-      return;
-    }
-  }
-  logDebug(`opening browser url ${url}`);
-  await open4(url);
-  mobbConfigStore.set("lastBrowserOpenTime", Date.now());
-}
-async function getMcpGQLClient({
-  isToolsCall = false
+async function createAuthenticatedMcpGQLClient({
+  isBackgoundCall = false
 } = {}) {
   logDebug("getting config", { apiToken: mobbConfigStore.get("apiToken") });
-  const inGqlClient = new McpGQLClient({
+  const initialClient = new McpGQLClient({
     apiKey: process.env["MOBB_API_KEY"] || process.env["API_KEY"] || // fallback for backward compatibility
     mobbConfigStore.get("apiToken") || "",
     type: "apiKey"
   });
-  const isConnected = await inGqlClient.verifyConnection();
-  logDebug("isConnected", { isConnected });
+  const isConnected = await initialClient.verifyApiConnection();
+  logDebug("API connection status", { isConnected });
   if (!isConnected) {
     throw new ApiConnectionError("Error: failed to connect to Mobb API");
   }
-  logDebug("verifying token");
-  const userVerify = await inGqlClient.verifyToken();
+  logDebug("validating user token");
+  const userVerify = await initialClient.validateUserToken();
   if (userVerify) {
-    return inGqlClient;
+    return initialClient;
   }
-  logDebug("verifying token failed");
-  const { publicKey, privateKey } = crypto2.generateKeyPairSync("rsa", {
-    modulusLength: 2048
-  });
-  logDebug("creating cli login");
-  const loginId = await inGqlClient.createCliLogin({
-    publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
-  });
-  if (!loginId) {
-    throw new CliLoginError("Error: createCliLogin failed");
-  }
-  logDebug(`cli login created ${loginId}`);
-  const webLoginUrl2 = `${WEB_APP_URL}/cli-login`;
-  const browserUrl = `${webLoginUrl2}/${loginId}?hostname=${os2.hostname()}`;
-  logDebug(`opening browser url ${browserUrl}`);
-  await openBrowser(browserUrl, isToolsCall);
-  logDebug(`waiting for login to complete`);
-  let newApiToken = null;
-  for (let i = 0; i < MCP_LOGIN_MAX_WAIT / MCP_LOGIN_CHECK_DELAY; i++) {
-    const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
-      loginId
-    });
-    if (encryptedApiToken) {
-      logDebug("encrypted API token received");
-      newApiToken = crypto2.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
-      logDebug("API token decrypted");
-      break;
-    }
-    await sleep(MCP_LOGIN_CHECK_DELAY);
-  }
-  if (!newApiToken) {
-    throw new FailedToGetApiTokenError(
-      "Error: failed to get encrypted api token"
-    );
-  }
-  const newGqlClient = new McpGQLClient({ apiKey: newApiToken, type: "apiKey" });
-  const loginSuccess = await newGqlClient.verifyToken();
-  if (loginSuccess) {
-    logDebug(`set api token ${newApiToken}`);
-    mobbConfigStore.set("apiToken", newApiToken);
-  } else {
-    throw new AuthenticationError("Invalid API token");
-  }
-  return newGqlClient;
+  const authService = new McpAuthService(initialClient);
+  const newApiToken = await authService.authenticate(isBackgoundCall);
+  mobbConfigStore.set("apiToken", newApiToken);
+  return new McpGQLClient({ apiKey: newApiToken, type: "apiKey" });
 }
 // src/mcp/core/ToolRegistry.ts
@@ -11951,14 +12060,11 @@ var McpServer = class {
     this.toolRegistry = new ToolRegistry();
     this.setupHandlers();
     this.setupProcessEventHandlers();
-    logInfo("MCP server instance created", config4);
+    logInfo("MCP server instance created");
+    logDebug("MCP server instance config", { config: config4 });
   }
-  setupProcessEventHandlers() {
-    if (this.isEventHandlersSetup) {
-      logDebug("Process event handlers already setup, skipping");
-      return;
-    }
-    const signals = {
+  handleProcessSignal(signal, error) {
+    const messages = {
       SIGINT: "MCP server interrupted",
       SIGTERM: "MCP server terminated",
       exit: "MCP server exiting",
@@ -11966,26 +12072,46 @@ var McpServer = class {
       unhandledRejection: "Unhandled promise rejection in MCP server",
       warning: "Warning in MCP server"
     };
-    Object.entries(signals).forEach(([signal, message]) => {
-      process.on(
-        signal,
-        (error) => {
-          if (error && signal !== "exit") {
-            logError(`${message}`, { error, signal });
-          } else {
-            logInfo(message, { signal });
-          }
-          if (signal === "SIGINT" || signal === "SIGTERM") {
-            process.exit(0);
-          }
-          if (signal === "uncaughtException") {
-            process.exit(1);
-          }
-        }
-      );
+    const message = messages[signal] || `Unhandled signal: ${signal}`;
+    if (signal === "exit") {
+      const exitCode = error;
+      if (exitCode === 0 || exitCode === void 0) {
+        logDebug(`${message} (clean exit)`, { signal, exitCode });
+      } else {
+        logWarn(`${message} (exit code: ${exitCode})`, { signal, exitCode });
+      }
+    } else if (error) {
+      logError(`${message}`, { error, signal });
+    } else {
+      logDebug(message, { signal });
+    }
+    if (signal === "SIGINT" || signal === "SIGTERM") {
+      process.exit(0);
+    }
+    if (signal === "uncaughtException") {
+      process.exit(1);
+    }
+  }
+  setupProcessEventHandlers() {
+    if (this.isEventHandlersSetup) {
+      logDebug("Process event handlers already setup, skipping");
+      return;
+    }
+    const signals = [
+      "SIGINT",
+      "SIGTERM",
+      "exit",
+      "uncaughtException",
+      "unhandledRejection",
+      "warning"
+    ];
+    signals.forEach((signal) => {
+      process.on(signal, (error) => {
+        this.handleProcessSignal(signal, error);
+      });
     });
     this.isEventHandlersSetup = true;
-    logDebug("Process event handlers registered");
+    logInfo("Process event handlers registered");
   }
   createShutdownPromise() {
     return new Promise((resolve) => {
@@ -11997,12 +12123,45 @@ var McpServer = class {
       process.once("SIGTERM", cleanup);
     });
   }
+  async triggerScanForNewAvailableFixes() {
+    const gqlClient = await createAuthenticatedMcpGQLClient({
+      isBackgoundCall: true
+    });
+    const isConnected = await gqlClient.verifyApiConnection();
+    if (!isConnected) {
+      logError("Failed to connect to the API, skipping scan");
+      return;
+    }
+    if (process.env["WORKSPACE_FOLDER_PATHS"]) {
+      logDebug("WORKSPACE_FOLDER_PATHS is set", {
+        WORKSPACE_FOLDER_PATHS: process.env["WORKSPACE_FOLDER_PATHS"]
+      });
+      try {
+        const checkForNewAvailableFixesTool = this.toolRegistry.getTool(
+          MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES
+        );
+        logInfo("Triggering periodic scan for new available fixes");
+        checkForNewAvailableFixesTool.triggerScan({
+          path: process.env["WORKSPACE_FOLDER_PATHS"],
+          gqlClient
+        });
+      } catch (error) {
+        logError("Error getting workspace folder path tool", { error });
+      }
+    }
+  }
   async handleListToolsRequest(request) {
-    logInfo("Received list_tools request", { params: request.params });
-    logInfo("Request", {
+    logInfo("Received list_tools request");
+    logDebug("list_tools request", {
+      request: JSON.parse(JSON.stringify(request))
+    });
+    logDebug("Request", {
       request: JSON.parse(JSON.stringify(request))
     });
-    void getMcpGQLClient({ isToolsCall: true });
+    logDebug("env", {
+      env: process.env
+    });
+    void this.triggerScanForNewAvailableFixes();
     const toolsDefinitions = this.toolRegistry.getAllTools();
     const response = {
       tools: toolsDefinitions.map((tool) => ({
@@ -12016,13 +12175,13 @@ var McpServer = class {
         }
       }))
     };
-    logInfo("Returning list_tools response", { response });
+    logDebug("Returning list_tools response", { response });
     return response;
   }
   async handleCallToolRequest(request) {
     const { name, arguments: args } = request.params;
-    logInfo(`Received call tool request for ${name}`, { name, args });
-    logInfo("Request", {
+    logInfo(`Received call tool request for ${name}`);
+    logDebug("Request", {
       request: JSON.parse(JSON.stringify(request))
     });
     try {
@@ -12035,10 +12194,11 @@ var McpServer = class {
         });
         throw new Error(errorMsg);
       }
-      logDebug(`Executing tool: ${name}`, { args });
+      logInfo(`Executing tool: ${name}`);
       const response = await tool.execute(args);
       const serializedResponse = JSON.parse(JSON.stringify(response));
-      logInfo(`Tool ${name} executed successfully`, {
+      logInfo(`Tool ${name} executed successfully`);
+      logDebug(`Tool ${name} executed successfully`, {
         responseType: typeof response,
         hasContent: !!serializedResponse.content
       });
@@ -12062,18 +12222,18 @@ var McpServer = class {
       CallToolRequestSchema,
       (request) => this.handleCallToolRequest(request)
     );
-    logDebug("MCP server handlers registered");
+    logInfo("MCP server handlers registered");
   }
   registerTool(tool) {
     this.toolRegistry.registerTool(tool);
-    logDebug(`Tool registered: ${tool.name}`);
+    logInfo(`Tool registered: ${tool.name}`);
   }
   async start() {
     try {
-      logDebug("Starting MCP server");
+      logInfo("Starting MCP server");
       const transport = new StdioServerTransport();
       await this.server.connect(transport);
-      logInfo("MCP server is running on stdin/stdout");
+      logDebug("MCP server is running on stdin/stdout");
       process.stdin.resume();
       await this.createShutdownPromise();
       await this.stop();
@@ -12083,7 +12243,7 @@ var McpServer = class {
     }
   }
   async stop() {
-    logInfo("MCP server shutting down");
+    logDebug("MCP server shutting down");
   }
 };
@@ -12168,14 +12328,15 @@ var BaseTool = class {
     };
   }
   async execute(args) {
-    logInfo(`Authenticating tool: ${this.name}`, { args });
-    const mcpGqlClient = await getMcpGQLClient();
+    logDebug(`Authenticating tool: ${this.name}`, { args });
+    const mcpGqlClient = await createAuthenticatedMcpGQLClient();
     const userInfo = await mcpGqlClient.getUserInfo();
-    logDebug("Authenticated", { userInfo });
+    logDebug("User authenticated successfully", { userInfo });
     const validatedArgs = this.validateInput(args);
     logDebug(`Tool ${this.name} input validation successful`, {
       validatedArgs
     });
+    logInfo(`Executing tool: ${this.name}`);
     const result = await this.executeInternal(validatedArgs);
     logInfo(`Tool ${this.name} executed successfully`);
     return result;
@@ -12209,7 +12370,7 @@ var BaseTool = class {
 };
 // src/mcp/core/prompts.ts
-function frienlyType(s) {
+function friendlyType(s) {
   const withoutUnderscores = s.replace(/_/g, " ");
   const result = withoutUnderscores.replace(/([a-z])([A-Z])/g, "$1 $2");
   return result.charAt(0).toUpperCase() + result.slice(1);
@@ -12229,13 +12390,15 @@ var applyFixesPrompt = ({
     return noFixesReturnedForParameters;
   }
   const fixList = fixes.map((fix) => {
-    const vulnerabilityType = frienlyType(fix.safeIssueType);
+    const vulnerabilityType = friendlyType(fix.safeIssueType);
     const vulnerabilityDescription = fix.patchAndQuestions?.__typename === "FixData" ? fix.patchAndQuestions.extraContext?.fixDescription : void 0;
     const patch = fix.patchAndQuestions?.__typename === "FixData" ? fix.patchAndQuestions.patch : void 0;
+    const gitBlameLogin = fix.gitBlameLogin;
     return {
       vulnerabilityType,
       vulnerabilityDescription,
-      patch
+      patch,
+      gitBlameLogin
     };
   });
   return `## CRITICAL INSTRUCTIONS - READ CAREFULLY
@@ -12287,7 +12450,9 @@ ${fixList.map(
 **\u{1F4DD} Description:** ${fix.vulnerabilityDescription || "Security vulnerability fix"}
-**\u{1F527} Action Required:** Apply the following patch exactly as shown
+${fix.gitBlameLogin ? `**\u{1F464} Git Blame:** The code that needs to be fixed was last modified by: \`${fix.gitBlameLogin}\`
+` : ""}**\u{1F527} Action Required:** Apply the following patch exactly as shown
 **\u{1F4C1} Patch to Apply:**
 \`\`\`diff
@@ -12334,7 +12499,7 @@ We were unable to find a previous vulnerability report for this repository. This
 ### \u{1F3AF} Recommended Actions
 1. **Run a new security scan** to analyze your codebase
-   - Use the \`scan_and_fix_vulnerabilities\` tool to start a fresh scan
+   - Use the \`${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES}\` tool to start a fresh scan
    - This will analyze your current code for security issues
 2. **Verify repository access**
@@ -12362,7 +12527,7 @@ Your most recent vulnerability report for this repository **expired on ${lastRep
 ### \u{1F3AF} Recommended Actions
 1. **Run a fresh security scan** to generate an up-to-date vulnerability report.
-   - Use the \`scan_and_fix_vulnerabilities\` tool.
+   - Use the \`${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES}\` tool.
 2. **Verify repository access** if scans fail to run or the repository has moved.
 3. **Review your CI/CD pipeline** to ensure regular scans are triggered.
@@ -12416,7 +12581,7 @@ ${applyFixesPrompt({
     hasMore,
     nextOffset: 0,
     shownCount: fixReport.fixes.length,
-    currentTool: "fetch_available_fixes",
+    currentTool: MCP_TOOL_FETCH_AVAILABLE_FIXES,
     offset
   })}`;
 };
@@ -12441,7 +12606,6 @@ To perform a **rescan** of your repository (fetching a brand-new vulnerability r
 This will start a new analysis, discard any cached results.
 \u26A0\uFE0F *Note:* A full rescan may take longer to complete than simply fetching additional fixes because your repository is re-uploaded and re-analyzed from scratch.
 `;
 var noFixesFoundPrompt = ({
   scannedFiles
@@ -12467,20 +12631,19 @@ var fixesPrompt = ({
 ${applyFixesPrompt({
     fixes,
-    totalCount,
     hasMore,
+    totalCount,
     nextOffset,
     shownCount,
-    currentTool: "scan_and_fix_vulnerabilities",
+    currentTool: MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES,
     offset
   })}
 ${nextStepsPrompt({ scannedFiles })}
 `;
 };
-var noFreshFixesPrompt = `No fresh fixes available for this repository at this time.
-`;
-var initialScanInProgressPrompt = `Initial scan in progress. Call the tool again in 1 minute to check for available fixes.`;
+var noFreshFixesPrompt = `No fresh fixes available for this repository at this time. No user message needed. Do not show any comments to the user.`;
+var initialScanInProgressPrompt = `Initial scan is still in progress. No user message needed. Do not show any comments to the user.`;
 var freshFixesPrompt = ({ fixes }) => {
   return `Here are the fresh fixes to the vulnerabilities discovered by Mobb MCP
@@ -12490,7 +12653,7 @@ ${applyFixesPrompt({
     hasMore: false,
     nextOffset: 0,
     shownCount: fixes.length,
-    currentTool: "fetch_available_fixes",
+    currentTool: MCP_TOOL_FETCH_AVAILABLE_FIXES,
     offset: 0
   })}
 `;
@@ -12579,23 +12742,135 @@ var getLocalFiles = async ({
   return filesWithStats.filter((file) => file.lastEdited > 0);
 };
-// src/mcp/services/ScanFiles.ts
+// src/mcp/services/FileOperations.ts
 import fs11 from "fs";
 import path12 from "path";
 import AdmZip2 from "adm-zip";
+var FileOperations = class {
+  /**
+   * Creates a ZIP archive containing the specified source files
+   * @param fileList Array of relative file paths to include
+   * @param repositoryPath Base path for resolving relative file paths
+   * @param maxFileSize Maximum size allowed for individual files
+   * @returns ZIP archive as a Buffer with metadata
+   */
+  async createSourceCodeArchive(fileList, repositoryPath, maxFileSize) {
+    logDebug("FilePacking: packing files");
+    const zip = new AdmZip2();
+    let packedFilesCount = 0;
+    const resolvedRepoPath = path12.resolve(repositoryPath);
+    for (const filepath of fileList) {
+      const absoluteFilepath = path12.join(repositoryPath, filepath);
+      const resolvedFilePath = path12.resolve(absoluteFilepath);
+      if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
+        logDebug(
+          `Skipping ${filepath} due to potential path traversal security risk`
+        );
+        continue;
+      }
+      if (!FileUtils.shouldPackFile(absoluteFilepath, maxFileSize)) {
+        logDebug(
+          `Excluding ${filepath} - file is too large, binary, or matches exclusion rules`
+        );
+        continue;
+      }
+      const fileContent = await this.readSourceFile(absoluteFilepath, filepath);
+      if (fileContent) {
+        zip.addFile(filepath, fileContent);
+        packedFilesCount++;
+      }
+    }
+    const archiveBuffer = zip.toBuffer();
+    const result = {
+      archive: archiveBuffer,
+      packedFilesCount,
+      totalSize: archiveBuffer.length
+    };
+    logInfo("Files packed successfully");
+    return result;
+  }
+  /**
+   * Validates that file paths are within the repository and safe to access
+   * @param fileList Array of relative file paths to validate
+   * @param repositoryPath Base path for validation
+   * @returns Array of validated file paths
+   */
+  async validateFilePaths(fileList, repositoryPath) {
+    const resolvedRepoPath = path12.resolve(repositoryPath);
+    const validatedPaths = [];
+    for (const filepath of fileList) {
+      const absoluteFilepath = path12.join(repositoryPath, filepath);
+      const resolvedFilePath = path12.resolve(absoluteFilepath);
+      if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
+        logDebug(`Rejecting ${filepath} - path traversal attempt detected`);
+        continue;
+      }
+      try {
+        await fs11.promises.access(absoluteFilepath, fs11.constants.R_OK);
+        validatedPaths.push(filepath);
+      } catch (error) {
+        logDebug(`Skipping ${filepath} - file is not accessible: ${error}`);
+      }
+    }
+    return validatedPaths;
+  }
+  /**
+   * Reads source files and returns their data
+   * @param filePaths Array of absolute file paths to read
+   * @returns Array of file data objects
+   */
+  async readSourceFiles(filePaths) {
+    const fileDataArray = [];
+    for (const absolutePath of filePaths) {
+      try {
+        const content = await fs11.promises.readFile(absolutePath);
+        const relativePath = path12.basename(absolutePath);
+        fileDataArray.push({
+          relativePath,
+          absolutePath,
+          content
+        });
+      } catch (error) {
+        logError(`Failed to read file ${absolutePath}: ${error}`);
+      }
+    }
+    return fileDataArray;
+  }
+  /**
+   * Safely reads a single source file
+   * @param absoluteFilepath Absolute path to the file
+   * @param relativeFilepath Relative path for logging purposes
+   * @returns File content as Buffer or null if failed
+   */
+  async readSourceFile(absoluteFilepath, relativeFilepath) {
+    try {
+      return await fs11.promises.readFile(absoluteFilepath);
+    } catch (fsError) {
+      logError(`Failed to read ${relativeFilepath} from filesystem: ${fsError}`);
+      return null;
+    }
+  }
+};
+// src/mcp/services/ScanFiles.ts
 var scanFiles = async (fileList, repositoryPath, gqlClient) => {
-  const repoUploadInfo = await initializeReport(gqlClient);
+  const repoUploadInfo = await initializeSecurityReport(gqlClient);
   const fixReportId = repoUploadInfo.fixReportId;
-  const zipBuffer = await packFiles(fileList, repositoryPath);
-  await uploadFiles(zipBuffer, repoUploadInfo);
+  const fileOperations = new FileOperations();
+  const packingResult = await fileOperations.createSourceCodeArchive(
+    fileList,
+    repositoryPath,
+    MCP_MAX_FILE_SIZE
+  );
+  await uploadSourceCodeArchive(packingResult.archive, repoUploadInfo);
   const projectId = await getProjectId(gqlClient);
-  await runScan({ fixReportId, projectId, gqlClient });
+  await executeSecurityScan({ fixReportId, projectId, gqlClient });
   return {
     fixReportId,
     projectId
   };
 };
-var initializeReport = async (gqlClient) => {
+var initializeSecurityReport = async (gqlClient) => {
   if (!gqlClient) {
     throw new GqlClientError();
   }
@@ -12603,74 +12878,33 @@ var initializeReport = async (gqlClient) => {
     const {
       uploadS3BucketInfo: { repoUploadInfo }
     } = await gqlClient.uploadS3BucketInfo();
-    logInfo("Upload info retrieved", { uploadKey: repoUploadInfo?.uploadKey });
+    logDebug("Upload info retrieved");
     return repoUploadInfo;
   } catch (error) {
     const message = error.message;
-    throw new ReportInitializationError(`Error initializing report: ${message}`);
-  }
-};
-var packFiles = async (fileList, repositoryPath) => {
-  try {
-    logInfo(`FilePacking: packing files from ${repositoryPath}`);
-    const zip = new AdmZip2();
-    let packedFilesCount = 0;
-    const resolvedRepoPath = path12.resolve(repositoryPath);
-    logInfo("FilePacking: compressing files");
-    for (const filepath of fileList) {
-      const absoluteFilepath = path12.join(repositoryPath, filepath);
-      const resolvedFilePath = path12.resolve(absoluteFilepath);
-      if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
-        logInfo(
-          `FilePacking: skipping ${filepath} due to potential path traversal`
-        );
-        continue;
-      }
-      if (!FileUtils.shouldPackFile(absoluteFilepath, MCP_MAX_FILE_SIZE)) {
-        logInfo(
-          `FilePacking: ignoring ${filepath} because it is excluded or invalid`
-        );
-        continue;
-      }
-      let data;
-      try {
-        data = fs11.readFileSync(absoluteFilepath);
-      } catch (fsError) {
-        logInfo(
-          `FilePacking: failed to read ${filepath} from filesystem: ${fsError}`
-        );
-        continue;
-      }
-      zip.addFile(filepath, data);
-      packedFilesCount++;
-    }
-    const zipBuffer = zip.toBuffer();
-    logInfo(
-      `FilePacking: read ${packedFilesCount} source files. total size: ${zipBuffer.length} bytes`
+    throw new ReportInitializationError(
+      `Error initializing security report: ${message}`
     );
-    logInfo("Files packed successfully", { fileCount: fileList.length });
-    return zipBuffer;
-  } catch (error) {
-    const message = error.message;
-    throw new FileProcessingError(`Error packing files: ${message}`);
   }
 };
-var uploadFiles = async (zipBuffer, repoUploadInfo) => {
+var uploadSourceCodeArchive = async (archiveBuffer, repoUploadInfo) => {
   if (!repoUploadInfo) {
-    throw new FileUploadError("Upload info is required");
+    throw new FileUploadError("Upload info is required for source code archive");
   }
   try {
     await uploadFile({
-      file: zipBuffer,
+      file: archiveBuffer,
       url: repoUploadInfo.url,
       uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
       uploadKey: repoUploadInfo.uploadKey
     });
     logInfo("File uploaded successfully");
   } catch (error) {
-    logError("File upload failed", { error: error.message });
+    logError("Source code archive upload failed", {
+      error: error.message
+    });
     throw new FileUploadError(
-      `Failed to upload the file: ${error.message}`
+      `Failed to upload source code archive: ${error.message}`
     );
   }
 };
@@ -12679,10 +12913,10 @@ var getProjectId = async (gqlClient) => {
     throw new GqlClientError();
   }
   const projectId = await gqlClient.getProjectId();
-  logInfo("Project ID retrieved", { projectId });
+  logDebug("Project ID retrieved");
   return projectId;
 };
-var runScan = async ({
+var executeSecurityScan = async ({
   fixReportId,
   projectId,
   gqlClient
@@ -12690,7 +12924,7 @@ var runScan = async ({
   if (!gqlClient) {
     throw new GqlClientError();
   }
-  logInfo("Starting scan", { fixReportId, projectId });
+  logInfo("Starting scan");
   const submitVulnerabilityReportVariables = {
     fixReportId,
     projectId,
@@ -12703,25 +12937,28 @@ var runScan = async ({
     submitVulnerabilityReportVariables
   );
   if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
-    logError("Vulnerability report submission failed", {
-      response: submitRes
+    throw new ScanError(
+      `Security scan submission failed: ${submitRes.submitVulnerabilityReport.__typename}`
+    );
+  }
+  const analysisId = submitRes.submitVulnerabilityReport.fixReportId;
+  logInfo("Vulnerability report submitted successfully");
+  try {
+    await gqlClient.subscribeToGetAnalysis({
+      subscribeToAnalysisParams: { analysisId },
+      callback: async (completedAnalysisId) => {
+        logInfo("Security analysis completed successfully", {
+          analysisId: completedAnalysisId
+        });
+      },
+      callbackStates: ["Finished" /* Finished */],
+      timeoutInMs: MCP_VUL_REPORT_DIGEST_TIMEOUT_MS
     });
-    throw new ScanError("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
+  } catch (error) {
+    logError("Security analysis failed or timed out", { error, analysisId });
+    throw new ScanError(`Security analysis failed: ${error.message}`);
   }
-  logInfo("Vulnerability report submitted successfully", {
-    analysisId: submitRes.submitVulnerabilityReport.fixReportId
-  });
-  logInfo("Starting analysis subscription");
-  await gqlClient.subscribeToGetAnalysis({
-    subscribeToAnalysisParams: {
-      analysisId: submitRes.submitVulnerabilityReport.fixReportId
-    },
-    callback: () => {
-    },
-    callbackStates: ["Finished" /* Finished */],
-    timeoutInMs: MCP_VUL_REPORT_DIGEST_TIMEOUT_MS
-  });
-  logInfo("Analysis subscription completed");
+  logDebug("Security scan completed successfully", { fixReportId, projectId });
 };
 // src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
@@ -12742,6 +12979,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     __publicField(this, "reportedFixes", []);
     __publicField(this, "intervalId", null);
     __publicField(this, "isInitialScanComplete", false);
+    __publicField(this, "gqlClient", null);
   }
   static getInstance() {
     if (!_CheckForNewAvailableFixesService.instance) {
@@ -12763,25 +13001,28 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     }
   }
   /**
-   * Stub implementation – in a future version this will query the backend for
-   * the latest fixes count and compare it with the cached value. For now it
-   * simply returns a placeholder string so that the tool can be wired into the
-   * system and used in tests.
+   * Scans repository for security vulnerabilities and identifies new fixes
+   * since the last scan.
    */
-  async scan({ path: path13 }) {
-    logInfo("Scanning for new fixes", { path: path13 });
-    const gqlClient = await getMcpGQLClient();
-    const isConnected = await gqlClient.verifyConnection();
+  async scanForSecurityVulnerabilities({
+    path: path13
+  }) {
+    logDebug("Scanning for new security vulnerabilities", { path: path13 });
+    if (!this.gqlClient) {
+      logInfo("No GQL client found, skipping scan");
+      return;
+    }
+    const isConnected = await this.gqlClient.verifyApiConnection();
     if (!isConnected) {
       logError("Failed to connect to the API, scan aborted");
       return;
     }
-    logInfo("Connected to the API, assebling list of files to scan", { path: path13 });
+    logDebug("Connected to the API, assembling list of files to scan", { path: path13 });
     const files = await getLocalFiles({
       path: path13,
       maxFileSize: MCP_MAX_FILE_SIZE
     });
-    logInfo("Active files", { files });
+    logDebug("Active files", { files });
     const filesToScan = files.filter((file) => {
       const lastScannedEditTime = this.filesLastScanned[file.fullPath];
       if (!lastScannedEditTime) {
@@ -12790,34 +13031,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       return file.lastEdited > lastScannedEditTime;
     });
     if (filesToScan.length === 0) {
-      logInfo("No files to scan", { path: path13 });
+      logInfo("No files require scanning");
       return;
     }
-    logInfo("Files to scan", { filesToScan });
+    logDebug("Files requiring security scan", { filesToScan });
     const { fixReportId, projectId } = await scanFiles(
       filesToScan.map((file) => file.relativePath),
       path13,
-      gqlClient
+      this.gqlClient
+    );
+    logInfo(
+      `Security scan completed for ${path13} reportId: ${fixReportId} projectId: ${projectId}`
     );
-    logInfo("Scan completed", { fixReportId, projectId });
-    const fixes = await gqlClient.getReportFixesPaginated({
+    const fixes = await this.gqlClient.getReportFixesPaginated({
       reportId: fixReportId,
       offset: 0,
       limit: 1e3
     });
-    const newFixes = fixes?.fixes?.filter((fix) => !this.isAlreadyReported(fix));
-    logInfo("Fixes retrieved", {
-      count: fixes?.fixes?.length || 0,
-      newFixes: newFixes?.length || 0
+    const newFixes = fixes?.fixes?.filter(
+      (fix) => !this.isFixAlreadyReported(fix)
+    );
+    logInfo(
+      `Security fixes retrieved, total: ${fixes?.fixes?.length || 0}, new: ${newFixes?.length || 0}`
+    );
+    this.updateFreshFixesCache(newFixes || [], filesToScan);
+    this.updateFilesScanTimestamps(filesToScan);
+    this.isInitialScanComplete = true;
+  }
+  updateFreshFixesCache(newFixes, filesToScan) {
+    this.freshFixes = this.freshFixes.filter((fix) => !this.isFixFromOldScan(fix, filesToScan)).concat(newFixes).sort((a, b) => {
+      return (b.severityValue ?? 0) - (a.severityValue ?? 0);
     });
-    this.freshFixes = this.freshFixes.filter((fix) => !this.isFixFromOldScan(fix, filesToScan)).concat(newFixes || []);
-    logInfo("Fresh fixes", { freshFixes: this.freshFixes });
+    logInfo(`Fresh fixes cache updated, total: ${this.freshFixes.length}`);
+  }
+  updateFilesScanTimestamps(filesToScan) {
     filesToScan.forEach((file) => {
       this.filesLastScanned[file.fullPath] = file.lastEdited;
     });
-    this.isInitialScanComplete = true;
   }
-  isAlreadyReported(fix) {
+  isFixAlreadyReported(fix) {
     return this.reportedFixes.some(
       (reportedFix) => reportedFix.sharedState?.id === fix.sharedState?.id
     );
@@ -12828,10 +13080,10 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     if (!fixFile) {
       return false;
     }
-    logInfo("isOldFix", {
+    logDebug("Checking if fix is from old scan", {
       fixFile,
       filesToScan,
-      isOldFix: filesToScan.some((file) => file.relativePath === fixFile)
+      isFromOldScan: filesToScan.some((file) => file.relativePath === fixFile)
     });
     return filesToScan.some((file) => file.relativePath === fixFile);
   }
@@ -12840,31 +13092,51 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       this.path = path13;
       this.reset();
     }
-    if (!this.intervalId) {
-      logInfo("Starting periodic scan for new fixes", { path: path13 });
-      this.intervalId = setInterval(() => {
-        logDebug("Triggering periodic scan", { path: path13 });
-        this.scan({ path: path13 }).catch((error) => {
-          logError("Error during periodic scan", { error });
-        });
-      }, MCP_PERIODIC_CHECK_INTERVAL);
-      logDebug("Triggering initial scan", { path: path13 });
-      this.scan({ path: path13 }).catch((error) => {
-        logError("Error during initial scan", { error });
-      });
-    }
+    this.gqlClient = await createAuthenticatedMcpGQLClient();
+    this.triggerScan({ path: path13, gqlClient: this.gqlClient });
     if (this.freshFixes.length > 0) {
-      const freshFixes = this.freshFixes.splice(0, 3);
-      if (freshFixes.length > 0) {
-        this.reportedFixes.concat(freshFixes);
-        return freshFixesPrompt({ fixes: freshFixes });
-      }
+      return this.generateFreshFixesResponse();
     }
     if (!this.isInitialScanComplete) {
       return initialScanInProgressPrompt;
     }
     return noFreshFixesPrompt;
   }
+  triggerScan({
+    path: path13,
+    gqlClient
+  }) {
+    this.gqlClient = gqlClient;
+    if (!this.intervalId) {
+      this.startPeriodicScanning(path13);
+      this.executeInitialScan(path13);
+    }
+  }
+  startPeriodicScanning(path13) {
+    logDebug("Starting periodic scan for new security vulnerabilities", {
+      path: path13
+    });
+    this.intervalId = setInterval(() => {
+      logDebug("Triggering periodic security scan", { path: path13 });
+      this.scanForSecurityVulnerabilities({ path: path13 }).catch((error) => {
+        logError("Error during periodic security scan", { error });
+      });
+    }, MCP_PERIODIC_CHECK_INTERVAL);
+  }
+  executeInitialScan(path13) {
+    logDebug("Triggering initial security scan", { path: path13 });
+    this.scanForSecurityVulnerabilities({ path: path13 }).catch((error) => {
+      logError("Error during initial security scan", { error });
+    });
+  }
+  generateFreshFixesResponse() {
+    const freshFixes = this.freshFixes.splice(0, 3);
+    if (freshFixes.length > 0) {
+      this.reportedFixes.push(...freshFixes);
+      return freshFixesPrompt({ fixes: freshFixes });
+    }
+    return noFreshFixesPrompt;
+  }
 };
 __publicField(_CheckForNewAvailableFixesService, "instance");
 var CheckForNewAvailableFixesService = _CheckForNewAvailableFixesService;
@@ -12873,7 +13145,7 @@ var CheckForNewAvailableFixesService = _CheckForNewAvailableFixesService;
 var CheckForNewAvailableFixesTool = class extends BaseTool {
   constructor() {
     super();
-    __publicField(this, "name", "check_for_new_available_fixes");
+    __publicField(this, "name", MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES);
     __publicField(this, "displayName", "Check for New Available Fixes");
     // A detailed description to guide the LLM on when and how to invoke this tool.
     __publicField(this, "description", `Continuesly monitors your code and scans for new security vulnerabilities.
@@ -12913,6 +13185,9 @@ Example payload:
     __publicField(this, "newFixesService");
     this.newFixesService = new CheckForNewAvailableFixesService();
   }
+  triggerScan(args) {
+    this.newFixesService.triggerScan(args);
+  }
   async executeInternal(args) {
     const pathValidationResult = await validatePath(args.path);
     if (!pathValidationResult.isValid) {
@@ -12927,14 +13202,7 @@ Example payload:
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
     });
-    return {
-      content: [
-        {
-          type: "text",
-          text: resultText
-        }
-      ]
-    };
+    return this.createSuccessResponse(resultText);
   }
 };
@@ -12958,7 +13226,7 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
   }
   async initializeGqlClient() {
     if (!this.gqlClient) {
-      this.gqlClient = await getMcpGQLClient();
+      this.gqlClient = await createAuthenticatedMcpGQLClient();
     }
     return this.gqlClient;
   }
@@ -12982,21 +13250,18 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
       logDebug("received latest report result", { fixReport, expiredReport });
       if (!fixReport) {
         if (expiredReport) {
+          logInfo("Expired report found");
           const lastReportDate = expiredReport.expirationOn ? new Date(expiredReport.expirationOn).toLocaleString() : "Unknown date";
-          logInfo("Expired report found", {
+          logDebug("Expired report ", {
             repoUrl,
             expirationOn: expiredReport.expirationOn
           });
           return expiredReportPrompt({ lastReportDate });
         }
-        logInfo("No report (active or expired) found for repository", {
-          repoUrl
-        });
+        logInfo(`No report (active or expired) found for repository ${repoUrl}`);
         return noReportFoundPrompt;
       }
-      logInfo("Successfully retrieved available fixes", {
-        reportFound: true
-      });
+      logInfo(`Successfully retrieved available fixes for ${repoUrl}`);
       const prompt = fixesFoundPrompt({
         fixReport,
         offset: effectiveOffset
@@ -13019,7 +13284,7 @@ var FetchAvailableFixesService = _FetchAvailableFixesService;
 var FetchAvailableFixesTool = class extends BaseTool {
   constructor() {
     super();
-    __publicField(this, "name", "fetch_available_fixes");
+    __publicField(this, "name", MCP_TOOL_FETCH_AVAILABLE_FIXES);
     __publicField(this, "displayName", "Fetch Available Fixes");
     __publicField(this, "description", `Check the MOBB backend for pre-generated fixes (patch sets) that correspond to vulnerabilities detected in the supplied Git repository.
@@ -13039,7 +13304,7 @@ The tool will:
 2. Verify that the directory is a valid Git repository with an "origin" remote.
 3. Query the MOBB service by the origin remote URL and return a textual summary of available fixes (total and by severity) or a message if none are found.
-Call this tool instead of scan_and_fix_vulnerabilities when you only need a fixes summary and do NOT want to perform scanning or code modifications.`);
+Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only need a fixes summary and do NOT want to perform scanning or code modifications.`);
     __publicField(this, "inputSchema", {
       type: "object",
       properties: {
@@ -13095,17 +13360,10 @@ Call this tool instead of scan_and_fix_vulnerabilities when you only need a fixe
       limit: args.limit,
       offset: args.offset
     });
-    logInfo("FetchAvailableFixesTool execution completed successfully", {
+    logDebug("FetchAvailableFixesTool execution completed successfully", {
       fixResult
     });
-    return {
-      content: [
-        {
-          type: "text",
-          text: fixResult
-        }
-      ]
-    };
+    return this.createSuccessResponse(fixResult);
   }
 };
@@ -13157,9 +13415,10 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
     limit,
     isRescan = false
   }) {
+    logInfo("Processing vulnerabilities");
     try {
       this.gqlClient = await this.initializeGqlClient();
-      logInfo("storedFixReportId", {
+      logDebug("storedFixReportId", {
         storedFixReportId: this.storedFixReportId,
         currentOffset: this.currentOffset,
         fixReportIdTimestamp: this.fixReportIdTimestamp,
@@ -13167,6 +13426,7 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
       });
       let fixReportId = this.storedFixReportId;
       if (!fixReportId || isRescan || this.isFixReportIdExpired()) {
+        logInfo("Scanning files");
         this.reset();
         this.validateFiles(fileList);
         const scanResult = await scanFiles(
@@ -13175,6 +13435,8 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
           this.gqlClient
         );
         fixReportId = scanResult.fixReportId;
+      } else {
+        logInfo("Using stored fixReportId");
       }
       const effectiveOffset = offset ?? (this.currentOffset || 0);
       logDebug("effectiveOffset", { effectiveOffset });
@@ -13183,6 +13445,7 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
         effectiveOffset,
         limit
       );
+      logInfo(`Found ${fixes.totalCount} fixes`);
       if (fixes.totalCount > 0) {
         this.storedFixReportId = fixReportId;
         this.fixReportIdTimestamp = Date.now();
@@ -13209,13 +13472,14 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
     }
   }
   async initializeGqlClient() {
-    const gqlClient = await getMcpGQLClient();
-    const isConnected = await gqlClient.verifyConnection();
+    const gqlClient = await createAuthenticatedMcpGQLClient();
+    const isConnected = await gqlClient.verifyApiConnection();
     if (!isConnected) {
       throw new ApiConnectionError(
         "Failed to connect to the API. Please check your MOBB_API_KEY"
       );
     }
+    this.gqlClient = gqlClient;
     return gqlClient;
   }
   async getReportFixes(fixReportId, offset, limit) {
@@ -13228,7 +13492,7 @@ var _ScanAndFixVulnerabilitiesService = class _ScanAndFixVulnerabilitiesService
       offset,
       limit
     });
-    logInfo("Fixes retrieved", { fixCount: fixes?.fixes?.length });
+    logDebug(`${fixes?.fixes?.length} fixes retrieved`);
     return {
       fixes: fixes?.fixes || [],
       totalCount: fixes?.totalCount || 0
@@ -13242,7 +13506,7 @@ var ScanAndFixVulnerabilitiesService = _ScanAndFixVulnerabilitiesService;
 var ScanAndFixVulnerabilitiesTool = class extends BaseTool {
   constructor() {
     super();
-    __publicField(this, "name", "scan_and_fix_vulnerabilities");
+    __publicField(this, "name", MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES);
     __publicField(this, "displayName", "Scan and Fix Vulnerabilities");
     // A detailed description to guide the LLM on when and how to invoke this tool.
     __publicField(this, "description", `Scans a given local repository for security vulnerabilities and returns auto-generated code fixes.
@@ -13322,7 +13586,9 @@ Example payload:
     this.vulnerabilityFixService.reset();
   }
   async executeInternal(args) {
-    logInfo("Executing tool: scan_and_fix_vulnerabilities", { path: args.path });
+    logDebug(`Executing tool: ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES}`, {
+      path: args.path
+    });
     if (!args.path) {
       throw new Error("Invalid arguments: Missing required parameter 'path'");
     }
@@ -13339,7 +13605,7 @@ Example payload:
       // 5MB
       maxFiles: args.maxFiles
     });
-    logInfo("Files", { files });
+    logDebug("Files", { files });
     if (files.length === 0) {
       return {
         content: [
@@ -13358,34 +13624,20 @@ Example payload:
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
       });
-      const result = {
-        content: [
-          {
-            type: "text",
-            text: fixResult
-          }
-        ]
-      };
-      logInfo("Tool execution completed successfully", {
+      const successResponse = this.createSuccessResponse(fixResult);
+      logDebug("Tool execution completed successfully", {
         resultLength: fixResult.length,
         fileCount: files.length,
-        result
+        result: successResponse
       });
-      return result;
+      return successResponse;
     } catch (error) {
-      const errorResult = {
-        content: [
-          {
-            type: "text",
-            text: error.message
-          }
-        ]
-      };
-      logInfo("Tool execution failed", {
+      const errorResponse = this.createSuccessResponse(error.message);
+      logError("Tool execution failed", {
         error: error.message,
-        result: errorResult
+        result: errorResponse
       });
-      return errorResult;
+      return errorResponse;
     }
   }
 };