mobbdev 1.0.125 → 1.0.126

package/dist/index.mjs

@@ -32,7 +32,7 @@ var init_env = __esm({
 });
 
 // src/mcp/core/configs.ts
-var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT;
+var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan;
 var init_configs = __esm({
   "src/mcp/core/configs.ts"() {
     "use strict";
@@ -48,6 +48,7 @@ var init_configs = __esm({
     MCP_REPORT_ID_EXPIRATION_MS = 2 * 60 * 60 * 1e3;
     MCP_TOOLS_BROWSER_COOLDOWN_MS = 24 * 60 * 60 * 1e3;
     MCP_DEFAULT_LIMIT = 3;
+    isAutoScan = process.env["AUTO_SCAN"] !== "false";
   }
 });
 
@@ -2259,14 +2260,14 @@ var GetReportFixesDocument = `
 var GetLatestReportByRepoUrlDocument = `
     query GetLatestReportByRepoUrl($repoUrl: String!, $filters: fix_bool_exp = {}, $limit: Int!, $offset: Int!, $currentUserEmail: String!) {
   fixReport(
-    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Finished}}]}
+    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Finished}}, {vulnerabilityReport: {_or: [{vendor: {_is_null: true}}, {vendor: {_nin: [semgrep, opengrep]}}]}}]}
     order_by: {createdOn: desc}
     limit: 1
   ) {
     ...FixReportSummaryFields
   }
   expiredReport: fixReport(
-    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Expired}}]}
+    where: {_and: [{repo: {originalUrl: {_eq: $repoUrl}}}, {state: {_eq: Expired}}, {_or: [{vulnerabilityReport: {vendor: {_is_null: true}}}, {vulnerabilityReport: {vendor: {_nin: [semgrep, opengrep]}}}]}]}
     order_by: {createdOn: desc}
     limit: 1
   ) {
@@ -11953,104 +11954,34 @@ import {
 } from "@modelcontextprotocol/sdk/types.js";
 
 // src/mcp/Logger.ts
-var loggerUrl = "http://localhost:4444/log";
-var isTestEnvironment = process.env["VITEST"] || process.env["TEST"];
-var CIRCUIT_BREAKER_TIME = 5e3;
-var URL_CHECK_TIMEOUT = 200;
-var MAX_QUEUE_SIZE = 100;
+import Configstore3 from "configstore";
+var MAX_LOGS_SIZE = 1e3;
 var Logger = class {
   constructor() {
-    __publicField(this, "queue", []);
-    __publicField(this, "isProcessing", false);
-    __publicField(this, "isCircuitBroken", false);
-    __publicField(this, "circuitBreakerTimer", null);
+    __publicField(this, "mobbConfigStore");
+    __publicField(this, "path");
+    this.path = process.env["WORKSPACE_FOLDER_PATHS"] || "unknown";
+    this.mobbConfigStore = new Configstore3("mobb-logs", {});
+    this.mobbConfigStore.set("version", packageJson.version);
   }
+  /**
+   * Log a message to the console.
+   * @param message - The message to log.
+   * @param level - The level of the message.
+   * @param data - The data to log.
+   */
   log(message, level = "info", data) {
-    if (isTestEnvironment) return;
-    if (this.queue.length >= MAX_QUEUE_SIZE) {
-      this.queue.shift();
-    }
-    this.queue.push({ message, level, data });
-    if (!this.isProcessing && !this.isCircuitBroken) {
-      this.processQueue();
-    }
-  }
-  async isUrlReachable(url) {
-    try {
-      const controller = new AbortController();
-      const timeoutId = setTimeout(() => controller.abort(), URL_CHECK_TIMEOUT);
-      await fetch(url, {
-        method: "HEAD",
-        signal: controller.signal
-      });
-      clearTimeout(timeoutId);
-      return true;
-    } catch (error) {
-      return false;
-    }
-  }
-  async processQueue() {
-    if (this.queue.length === 0 || this.isCircuitBroken) {
-      this.isProcessing = false;
-      return;
-    }
-    this.isProcessing = true;
-    const logEntry = this.queue[0];
-    if (!logEntry) {
-      this.isProcessing = false;
-      return;
-    }
-    const isReachable = await this.isUrlReachable(loggerUrl);
-    if (!isReachable) {
-      this.triggerCircuitBreaker();
-      return;
-    }
-    await this.sendLogEntry(logEntry);
-  }
-  async sendLogEntry(logEntry) {
     const logMessage = {
       timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      level: logEntry.level,
-      message: logEntry.message,
-      data: logEntry.data,
-      version: packageJson.version
+      level,
+      message,
+      data
     };
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => {
-      controller.abort();
-    }, 500);
-    try {
-      await fetch(loggerUrl, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(logMessage),
-        redirect: "error",
-        // do not follow redirects
-        signal: controller.signal
-      });
-      this.queue.shift();
-      setTimeout(() => this.processQueue(), 0);
-    } catch (error) {
-      this.triggerCircuitBreaker();
-      logError("Failed to send log entry", error);
-    } finally {
-      clearTimeout(timeoutId);
-    }
-  }
-  triggerCircuitBreaker() {
-    this.isCircuitBroken = true;
-    this.queue = [];
-    this.isProcessing = false;
-    if (this.circuitBreakerTimer) {
-      clearTimeout(this.circuitBreakerTimer);
+    const logs = this.mobbConfigStore.get(this.path) || [];
+    if (logs.length >= MAX_LOGS_SIZE) {
+      logs.shift();
     }
-    this.circuitBreakerTimer = setTimeout(() => {
-      this.isCircuitBroken = false;
-      this.circuitBreakerTimer = null;
-      if (this.queue.length > 0 && !this.isProcessing) {
-        this.processQueue();
-      }
-    }, CIRCUIT_BREAKER_TIME);
+    this.mobbConfigStore.set(this.path, [...logs, logMessage]);
   }
 };
 var logger = new Logger();
@@ -12061,12 +11992,34 @@ var logDebug = (message, data) => logger.log(message, "debug", data);
 var log = logger.log.bind(logger);
 
 // src/mcp/services/McpGQLClient.ts
-import Configstore3 from "configstore";
 import crypto3 from "crypto";
 import { GraphQLClient as GraphQLClient2 } from "graphql-request";
 import { v4 as uuidv42 } from "uuid";
 init_configs();
 
+// src/mcp/services/ConfigStoreService.ts
+init_configs();
+import Configstore4 from "configstore";
+function createConfigStore(defaultValues = { apiToken: "" }) {
+  const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
+  let domain = "";
+  try {
+    const url = new URL(API_URL2);
+    domain = url.hostname;
+  } catch (e) {
+    domain = API_URL2.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/:\d+$/, "");
+  }
+  const sanitizedDomain = domain.replace(/\./g, "_");
+  return new Configstore4(
+    `${packageJson.name}-${sanitizedDomain}`,
+    defaultValues
+  );
+}
+function getConfigStore() {
+  return createConfigStore();
+}
+var configStore = getConfigStore();
+
 // src/mcp/services/McpAuthService.ts
 import crypto2 from "crypto";
 import os2 from "os";
@@ -12147,16 +12100,17 @@ var McpAuthService = class {
 };
 
 // src/mcp/services/McpGQLClient.ts
-var mobbConfigStore = new Configstore3(packageJson.name, { apiToken: "" });
 var McpGQLClient = class {
   constructor(args) {
     __publicField(this, "client");
     __publicField(this, "clientSdk");
     __publicField(this, "_auth");
+    __publicField(this, "currentUser", null);
+    __publicField(this, "apiUrl");
     this._auth = args;
-    const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
-    logDebug("creating graphql client", { API_URL: API_URL2, args });
-    this.client = new GraphQLClient2(API_URL2, {
+    this.apiUrl = process.env["API_URL"] || MCP_DEFAULT_API_URL;
+    logDebug(`creating graphql client with api url ${this.apiUrl}`, { args });
+    this.client = new GraphQLClient2(this.apiUrl, {
       headers: args.type === "apiKey" ? { [MCP_API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
@@ -12175,7 +12129,7 @@ var McpGQLClient = class {
   }
   getErrorContext() {
     return {
-      endpoint: process.env["API_URL"] || MCP_DEFAULT_API_URL,
+      endpoint: this.apiUrl,
       apiKey: this._auth.type === "apiKey" ? this._auth.apiKey : "",
       headers: {
         [MCP_API_KEY_HEADER_NAME]: this._auth.type === "apiKey" ? "[REDACTED]" : "undefined",
@@ -12183,10 +12137,10 @@ var McpGQLClient = class {
       }
     };
   }
-  async verifyApiConnection() {
+  async isApiEndpointReachable() {
     try {
       logDebug("GraphQL: Calling Me query for API connection verification");
-      const result = await this.clientSdk.Me();
+      const result = await this.getUserInfo();
       logDebug("GraphQL: Me query successful", { result });
       return true;
     } catch (e) {
@@ -12199,6 +12153,23 @@ var McpGQLClient = class {
     }
     return true;
   }
+  /**
+   * Verifies both API endpoint reachability and user authentication
+   * @returns true if both API is reachable and user is authenticated
+   */
+  async verifyApiConnection() {
+    const isReachable = await this.isApiEndpointReachable();
+    if (!isReachable) {
+      return false;
+    }
+    try {
+      await this.validateUserToken();
+      return true;
+    } catch (e) {
+      logError("User token validation failed", { error: e });
+      return false;
+    }
+  }
   async uploadS3BucketInfo() {
     try {
       logDebug("GraphQL: Calling uploadS3BucketInfo mutation");
@@ -12253,8 +12224,9 @@ var McpGQLClient = class {
     }
   }
   async subscribeToGetAnalysis(params) {
+    const { scanContext } = params;
     try {
-      logDebug("GraphQL: Starting GetAnalysis subscription", {
+      logDebug(`[${scanContext}] GraphQL: Starting GetAnalysis subscription`, {
         params: params.subscribeToAnalysisParams
       });
       const { callbackStates } = params;
@@ -12262,10 +12234,13 @@ var McpGQLClient = class {
         GetAnalysisSubscriptionDocument,
         params.subscribeToAnalysisParams,
         async (resolve, reject, data) => {
-          logDebug("GraphQL: GetAnalysis subscription data received", { data });
+          logDebug(
+            `[${scanContext}] GraphQL: GetAnalysis subscription data received ${data.analysis?.state}`,
+            { data }
+          );
           if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
             const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
-            logError("GraphQL: Analysis failed", {
+            logError(`[${scanContext}] GraphQL: Analysis failed`, {
               analysisId: data.analysis?.id,
               state: data.analysis?.state,
               failReason: data.analysis?.failReason,
@@ -12275,11 +12250,14 @@ var McpGQLClient = class {
             return;
           }
           if (callbackStates.includes(data.analysis?.state)) {
-            logDebug("GraphQL: Analysis state matches callback states", {
-              analysisId: data.analysis.id,
-              state: data.analysis.state,
-              callbackStates
-            });
+            logDebug(
+              `[${scanContext}] GraphQL: Analysis state matches callback states: ${data.analysis.state}`,
+              {
+                analysisId: data.analysis.id,
+                state: data.analysis.state,
+                callbackStates
+              }
+            );
             await params.callback(data.analysis.id);
             resolve(data);
           }
@@ -12294,10 +12272,12 @@ var McpGQLClient = class {
           timeoutInMs: params.timeoutInMs
         }
       );
-      logDebug("GraphQL: GetAnalysis subscription completed", { result });
+      logDebug(`[${scanContext}] GraphQL: GetAnalysis subscription completed`, {
+        result
+      });
       return result;
     } catch (e) {
-      logError("GraphQL: GetAnalysis subscription failed", {
+      logError(`[${scanContext}] GraphQL: GetAnalysis subscription failed`, {
         error: e,
         params: params.subscribeToAnalysisParams,
         ...this.getErrorContext()
@@ -12361,8 +12341,12 @@ var McpGQLClient = class {
   }
   async getUserInfo() {
     const { me } = await this.clientSdk.Me();
+    this.currentUser = me;
     return me;
   }
+  getCurrentUser() {
+    return this.currentUser;
+  }
   async validateUserToken() {
     logDebug("validating user token");
     try {
@@ -12555,16 +12539,16 @@ var McpGQLClient = class {
 async function createAuthenticatedMcpGQLClient({
   isBackgoundCall = false
 } = {}) {
-  logDebug("getting config", { apiToken: mobbConfigStore.get("apiToken") });
+  logDebug("getting config", { apiToken: configStore.get("apiToken") });
   const initialClient = new McpGQLClient({
     apiKey: process.env["MOBB_API_KEY"] || process.env["API_KEY"] || // fallback for backward compatibility
-    mobbConfigStore.get("apiToken") || "",
+    configStore.get("apiToken") || "",
     type: "apiKey"
   });
-  const isConnected = await initialClient.verifyApiConnection();
-  logDebug("API connection status", { isConnected });
-  if (!isConnected) {
-    throw new ApiConnectionError("Error: failed to connect to Mobb API");
+  const isApiEndpointReachable = await initialClient.isApiEndpointReachable();
+  logDebug("API connection status", { isApiEndpointReachable });
+  if (!isApiEndpointReachable) {
+    throw new ApiConnectionError("Error: failed to reach Mobb GraphQL endpoint");
   }
   logDebug("validating user token");
   const userVerify = await initialClient.validateUserToken();
@@ -12573,7 +12557,7 @@ async function createAuthenticatedMcpGQLClient({
   }
   const authService = new McpAuthService(initialClient);
   const newApiToken = await authService.authenticate(isBackgoundCall);
-  mobbConfigStore.set("apiToken", newApiToken);
+  configStore.set("apiToken", newApiToken);
   return new McpGQLClient({ apiKey: newApiToken, type: "apiKey" });
 }
 
@@ -12582,6 +12566,9 @@ var MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES = "check_for_new_available_fixes";
 var MCP_TOOL_FETCH_AVAILABLE_FIXES = "fetch_available_fixes";
 var MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES = "scan_and_fix_vulnerabilities";
 
+// src/mcp/core/McpServer.ts
+init_configs();
+
 // src/mcp/core/ToolRegistry.ts
 var ToolRegistry = class {
   constructor() {
@@ -12656,6 +12643,18 @@ var McpServer = class {
       } else {
         logWarn(`${message} (exit code: ${exitCode})`, { signal, exitCode });
       }
+    } else if (signal === "unhandledRejection") {
+      const errorDetails = {
+        signal,
+        errorType: error?.constructor?.name || "Unknown",
+        errorMessage: error instanceof Error ? error.message : String(error),
+        errorStack: error instanceof Error ? error.stack : void 0,
+        errorString: error?.toString(),
+        errorJson: JSON.stringify(error, null, 2),
+        timestamp: (/* @__PURE__ */ new Date()).toISOString()
+      };
+      logError(`${message} - Enhanced error details`, errorDetails);
+      logError(`${message} - Raw error object`, { error, signal });
     } else if (error) {
       logError(`${message}`, { error, signal });
     } else {
@@ -12700,30 +12699,43 @@ var McpServer = class {
     });
   }
   async triggerScanForNewAvailableFixes() {
-    const gqlClient = await createAuthenticatedMcpGQLClient({
-      isBackgoundCall: true
-    });
-    const isConnected = await gqlClient.verifyApiConnection();
-    if (!isConnected) {
-      logError("Failed to connect to the API, skipping scan");
-      return;
-    }
-    if (process.env["WORKSPACE_FOLDER_PATHS"]) {
-      logDebug("WORKSPACE_FOLDER_PATHS is set", {
-        WORKSPACE_FOLDER_PATHS: process.env["WORKSPACE_FOLDER_PATHS"]
+    try {
+      const gqlClient = await createAuthenticatedMcpGQLClient({
+        isBackgoundCall: true
       });
-      try {
-        const checkForNewAvailableFixesTool = this.toolRegistry.getTool(
-          MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES
-        );
-        logInfo("Triggering periodic scan for new available fixes");
-        checkForNewAvailableFixesTool.triggerScan({
-          path: process.env["WORKSPACE_FOLDER_PATHS"],
-          gqlClient
+      const isConnected = await gqlClient.verifyApiConnection();
+      if (!isConnected) {
+        logError("Failed to connect to the API, skipping background scan");
+        return;
+      }
+      if (process.env["WORKSPACE_FOLDER_PATHS"]) {
+        logDebug("WORKSPACE_FOLDER_PATHS is set", {
+          WORKSPACE_FOLDER_PATHS: process.env["WORKSPACE_FOLDER_PATHS"]
         });
-      } catch (error) {
-        logError("Error getting workspace folder path tool", { error });
+        try {
+          const checkForNewAvailableFixesTool = this.toolRegistry.getTool(
+            MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES
+          );
+          logInfo("Triggering periodic scan for new available fixes");
+          checkForNewAvailableFixesTool.triggerScan({
+            path: process.env["WORKSPACE_FOLDER_PATHS"],
+            gqlClient
+          });
+        } catch (error) {
+          logError("Error getting workspace folder path tool", { error });
+        }
+      }
+    } catch (error) {
+      if (error instanceof Error && (error.message.includes("Authentication") || error.message.includes("failed to connect to Mobb API"))) {
+        logError(
+          "Background scan skipped due to authentication failure. Please re-authenticate by running a manual scan.",
+          {
+            error: error.message
+          }
+        );
+        return;
       }
+      logError("Unexpected error during background scan", { error });
     }
   }
   async handleListToolsRequest(request) {
@@ -12737,7 +12749,11 @@ var McpServer = class {
     logDebug("env", {
       env: process.env
     });
-    void this.triggerScanForNewAvailableFixes();
+    if (isAutoScan) {
+      void this.triggerScanForNewAvailableFixes();
+    } else {
+      logDebug("Auto scan disabled, skipping triggerScanForNewAvailableFixes");
+    }
     const toolsDefinitions = this.toolRegistry.getAllTools();
     const response = {
       tools: toolsDefinitions.map((tool) => ({
@@ -12947,7 +12963,6 @@ var BaseTool = class {
 
 // src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
 init_configs();
-import Configstore4 from "configstore";
 
 // src/mcp/core/prompts.ts
 init_configs();
@@ -13566,6 +13581,18 @@ var initializeSecurityReport = async (gqlClient, scanContext) => {
     return repoUploadInfo;
   } catch (error) {
     const message = error.message;
+    if (message.includes("Authentication hook unauthorized") || message.includes("access-denied")) {
+      logError(
+        "Authentication failed during security report initialization. Please re-authenticate.",
+        {
+          error: message
+        }
+      );
+      throw new ReportInitializationError(
+        "Authentication failed. Please re-authenticate and try again."
+      );
+    }
+    logError("Error initializing security report", { error: message });
     throw new ReportInitializationError(
       `Error initializing security report: ${message}`
     );
@@ -13646,7 +13673,8 @@ var executeSecurityScan = async ({
         });
       },
       callbackStates: ["Finished" /* Finished */],
-      timeoutInMs: MCP_VUL_REPORT_DIGEST_TIMEOUT_MS
+      timeoutInMs: MCP_VUL_REPORT_DIGEST_TIMEOUT_MS,
+      scanContext
     });
   } catch (error) {
     logError(`[${scanContext}] Security analysis failed or timed out`, {
@@ -13680,6 +13708,8 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     __publicField(this, "intervalId", null);
     __publicField(this, "isInitialScanComplete", false);
     __publicField(this, "gqlClient", null);
+    __publicField(this, "fullScanPathsScanned", []);
+    this.fullScanPathsScanned = configStore.get("fullScanPathsScanned") || [];
   }
   static getInstance() {
     if (!_CheckForNewAvailableFixesService.instance) {
@@ -13695,6 +13725,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     this.filesLastScanned = {};
     this.freshFixes = [];
     this.reportedFixes = [];
+    this.fullScanPathsScanned = configStore.get("fullScanPathsScanned") || [];
     if (this.intervalId) {
       clearInterval(this.intervalId);
       this.intervalId = null;
@@ -13715,61 +13746,84 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
-      return;
-    }
-    const isConnected = await this.gqlClient.verifyApiConnection();
-    if (!isConnected) {
-      logError(`[${scanContext}] Failed to connect to the API, scan aborted`);
-      return;
+      throw new Error("No GQL client found");
     }
-    logDebug(
-      `[${scanContext}] Connected to the API, assembling list of files to scan`,
-      { path: path13 }
-    );
-    const files = await getLocalFiles({
-      path: path13,
-      isAllFilesScan
-    });
-    logDebug(`[${scanContext}] Active files`, { files });
-    const filesToScan = files.filter((file) => {
-      const lastScannedEditTime = this.filesLastScanned[file.fullPath];
-      if (!lastScannedEditTime) {
-        return true;
+    try {
+      const isConnected = await this.gqlClient.verifyApiConnection();
+      if (!isConnected) {
+        logError(`[${scanContext}] Failed to connect to the API, scan aborted`);
+        throw new ApiConnectionError();
       }
-      return file.lastEdited > lastScannedEditTime;
-    });
-    if (filesToScan.length === 0) {
-      logInfo(`[${scanContext}] No files require scanning`);
-      return;
-    }
-    logDebug(`[${scanContext}] Files requiring security scan`, { filesToScan });
-    const { fixReportId, projectId } = await scanFiles({
-      fileList: filesToScan.map((file) => file.relativePath),
-      repositoryPath: path13,
-      gqlClient: this.gqlClient,
-      isAllDetectionRulesScan,
-      scanContext
-    });
-    logInfo(
-      `[${scanContext}] Security scan completed for ${path13} reportId: ${fixReportId} projectId: ${projectId}`
-    );
-    if (isAllFilesScan) {
-      return;
+      logDebug(
+        `[${scanContext}] Connected to the API, assembling list of files to scan`,
+        { path: path13 }
+      );
+      const files = await getLocalFiles({
+        path: path13,
+        isAllFilesScan
+      });
+      logDebug(`[${scanContext}] Active files`, { files });
+      const filesToScan = files.filter((file) => {
+        const lastScannedEditTime = this.filesLastScanned[file.fullPath];
+        if (!lastScannedEditTime) {
+          return true;
+        }
+        return file.lastEdited > lastScannedEditTime;
+      });
+      if (filesToScan.length === 0) {
+        logInfo(`[${scanContext}] No files require scanning`);
+        return;
+      }
+      logDebug(`[${scanContext}] Files requiring security scan`, {
+        filesToScan
+      });
+      const { fixReportId, projectId } = await scanFiles({
+        fileList: filesToScan.map((file) => file.relativePath),
+        repositoryPath: path13,
+        gqlClient: this.gqlClient,
+        isAllDetectionRulesScan,
+        scanContext
+      });
+      logInfo(
+        `[${scanContext}] Security scan completed for ${path13} reportId: ${fixReportId} projectId: ${projectId}`
+      );
+      if (isAllFilesScan) {
+        return;
+      }
+      const fixes = await this.gqlClient.getReportFixesPaginated({
+        reportId: fixReportId,
+        offset: 0,
+        limit: 1e3
+      });
+      const newFixes = fixes?.fixes?.filter(
+        (fix) => !this.isFixAlreadyReported(fix)
+      );
+      logInfo(
+        `[${scanContext}] Security fixes retrieved, total: ${fixes?.fixes?.length || 0}, new: ${newFixes?.length || 0}`
+      );
+      this.updateFreshFixesCache(newFixes || [], filesToScan);
+      this.updateFilesScanTimestamps(filesToScan);
+      this.isInitialScanComplete = true;
+    } catch (error) {
+      const errorMessage = error.message;
+      if (errorMessage.includes("Authentication failed") || errorMessage.includes("access-denied") || errorMessage.includes("Authentication hook unauthorized")) {
+        logError(
+          "Periodic scan skipped due to authentication failure. Please re-authenticate by running a manual scan.",
+          {
+            error: errorMessage
+          }
+        );
+        return;
+      }
+      if (errorMessage.includes("ReportInitializationError")) {
+        logError("Periodic scan failed during report initialization", {
+          error: errorMessage
+        });
+        return;
+      }
+      logError("Unexpected error during periodic security scan", { error });
+      throw error;
     }
-    const fixes = await this.gqlClient.getReportFixesPaginated({
-      reportId: fixReportId,
-      offset: 0,
-      limit: 1e3
-    });
-    const newFixes = fixes?.fixes?.filter(
-      (fix) => !this.isFixAlreadyReported(fix)
-    );
-    logInfo(
-      `[${scanContext}] Security fixes retrieved, total: ${fixes?.fixes?.length || 0}, new: ${newFixes?.length || 0}`
-    );
-    this.updateFreshFixesCache(newFixes || [], filesToScan);
-    this.updateFilesScanTimestamps(filesToScan);
-    this.isInitialScanComplete = true;
   }
   updateFreshFixesCache(newFixes, filesToScan) {
     this.freshFixes = this.freshFixes.filter((fix) => !this.isFixFromOldScan(fix, filesToScan)).concat(newFixes).sort((a, b) => {
@@ -13823,7 +13877,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     if (!this.intervalId) {
       this.startPeriodicScanning(path13);
       this.executeInitialScan(path13);
-      this.executeInitialFullScan(path13);
+      void this.executeInitialFullScan(path13);
     }
   }
   startPeriodicScanning(path13) {
@@ -13840,37 +13894,46 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  executeInitialFullScan(path13) {
-    logDebug("Triggering initial full security scan", { path: path13 });
-    const mobbConfigStore2 = new Configstore4(packageJson.name, { apiToken: "" });
-    const fullScanPathsScanned = mobbConfigStore2.get("fullScanPathsScanned") || [];
-    logDebug("Full scan paths scanned", { fullScanPathsScanned });
-    if (fullScanPathsScanned.includes(path13)) {
-      logDebug("Full scan already executed for this path", { path: path13 });
+  async executeInitialFullScan(path13) {
+    const scanContext = "FULL_SCAN";
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path13 });
+    logDebug(`[${scanContext}] Full scan paths scanned`, {
+      fullScanPathsScanned: this.fullScanPathsScanned
+    });
+    if (this.fullScanPathsScanned.includes(path13)) {
+      logDebug(`[${scanContext}] Full scan already executed for this path`, {
+        path: path13
+      });
       return;
     }
-    mobbConfigStore2.set("fullScanPathsScanned", [...fullScanPathsScanned, path13]);
-    this.scanForSecurityVulnerabilities({
-      path: path13,
-      isAllFilesScan: true,
-      isAllDetectionRulesScan: true,
-      scanContext: "FULL_SCAN"
-    }).catch((error) => {
+    configStore.set("fullScanPathsScanned", [
+      ...this.fullScanPathsScanned,
+      path13
+    ]);
+    try {
+      await this.scanForSecurityVulnerabilities({
+        path: path13,
+        isAllFilesScan: true,
+        isAllDetectionRulesScan: true,
+        scanContext: "FULL_SCAN"
+      });
+      if (!this.fullScanPathsScanned.includes(path13)) {
+        this.fullScanPathsScanned.push(path13);
+        configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
+      }
+      logInfo(`[${scanContext}] Full scan completed`, { path: path13 });
+    } catch (error) {
       logError("Error during initial full security scan", { error });
-    }).then(() => {
-      const fullScanPathsScanned2 = mobbConfigStore2.get("fullScanPathsScanned") || [];
-      fullScanPathsScanned2.push(path13);
-      mobbConfigStore2.set("fullScanPathsScanned", fullScanPathsScanned2);
-      logDebug("Full scan completed", { path: path13 });
-    });
+    }
   }
   executeInitialScan(path13) {
-    logDebug("Triggering initial security scan", { path: path13 });
+    const scanContext = "BACKGROUND_INITIAL";
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path13 });
     this.scanForSecurityVulnerabilities({
       path: path13,
       scanContext: "BACKGROUND_INITIAL"
     }).catch((error) => {
-      logError("Error during initial security scan", { error });
+      logError(`[${scanContext}] Error during initial security scan`, { error });
     });
   }
   generateFreshFixesResponse() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.125",
+  "version": "1.0.126",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.js",
@@ -11,13 +11,14 @@
     "postinstall": "node ./src/post_install/cx_install.mjs",
     "build": "tsc && tsup-node --env.NODE_ENV production",
     "build:dev": "tsup-node --env.NODE_ENV development",
+    "increment-version": "./src/scripts/increment-version.sh",
     "test:mcp": "pnpm run build && vitest run __tests__/mcp/",
     "test:mcp:watch": "vitest watch __tests__/mcp/",
     "test:mcp:verbose": "pnpm run build && NODE_ENV=test VERBOSE=true vitest run __tests__/mcp/",
-    "test:mcp:integration": "pnpm run build && GIT_PROXY_HOST=http://tinyproxy:8888 API_URL=http://app-api:8080/v1/graphql TOKEN=$(../../scripts/login_auth0.sh) vitest run __tests__/integration.test.ts -t 'mcp|MCP'",
+    "test:mcp:integration": "pnpm run build && GIT_PROXY_HOST=http://tinyproxy:8888 API_URL=http://app-api:8080/v1/graphql TOKEN=$(../../scripts/login_auth0.sh) vitest run --sequence.concurrent=false false __tests__/integration.test.ts -t 'mcp|MCP'",
     "test:mcp:all": "pnpm run test:mcp && pnpm run test:mcp:integration && cd ./__e2e__ && npm i && npm run test:mcp",
     "test:unit": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run --exclude='**/__tests__/integration.test.ts' --exclude='**/__tests__/mcp/**'",
-    "test:integration": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run __tests__/integration.test.ts",
+    "test:integration": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run --sequence.concurrent=false false __tests__/integration.test.ts",
     "test:integration:watch": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest watch run __tests__/integration.test.ts",
     "test": "pnpm run test:unit && pnpm run test:mcp && pnpm run test:integration",
     "test:ado": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run ado.test",
@@ -27,7 +28,7 @@
     "test:cli:main": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run cli-main.test",
     "test:coverage": "GIT_PROXY_HOST=http://tinyproxy:8888 TOKEN=$(../../scripts/login_auth0.sh) vitest run --coverage",
     "test:watch": "TOKEN=$(../../scripts/login_auth0.sh) vitest",
-    "test:integration:proxy": "GIT_PROXY_HOST=http://tinyproxy:8888 HTTP_PROXY=http://localhost:8888 API_URL=http://app-api:8080/v1/graphql TOKEN=$(../../scripts/login_auth0.sh) vitest run integration.test.ts",
+    "test:integration:proxy": "GIT_PROXY_HOST=http://tinyproxy:8888 HTTP_PROXY=http://localhost:8888 API_URL=http://app-api:8080/v1/graphql TOKEN=$(../../scripts/login_auth0.sh) vitest run --sequence.concurrent=false false integration.test.ts",
     "lint": "eslint --cache --max-warnings 0 --ignore-path .eslintignore --ext .ts,.tsx,.jsx,.graphql .",
     "lint:fix": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx,.graphql . && prettier --write \"src/**/*.graphql\"",
     "lint:fix:files": "eslint --fix --cache --max-warnings 0 --ignore-path .eslintignore --ext .js,.ts,.tsx,.jsx,.graphql",