mobbdev 1.0.177 → 1.0.179

package/dist/index.mjs

@@ -32,7 +32,7 @@ var init_env = __esm({
 });
 
 // src/mcp/core/configs.ts
-var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_AUTO_FIX_DEBUG_MODE;
+var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_AUTO_FIX_DEBUG_MODE, MCP_PERIODIC_TRACK_INTERVAL, MCP_DEFAULT_REST_API_URL;
 var init_configs = __esm({
   "src/mcp/core/configs.ts"() {
     "use strict";
@@ -51,6 +51,8 @@ var init_configs = __esm({
     isAutoScan = process.env["AUTO_SCAN"] !== "false";
     MVS_AUTO_FIX_OVERRIDE = process.env["MVS_AUTO_FIX"];
     MCP_AUTO_FIX_DEBUG_MODE = true;
+    MCP_PERIODIC_TRACK_INTERVAL = 60 * 60 * 1e3;
+    MCP_DEFAULT_REST_API_URL = "https://api.mobb.ai/api/rest/mcp/track";
   }
 });
 
@@ -2274,6 +2276,39 @@ var UploadS3BucketInfoDocument = `
   }
 }
     `;
+var UploadAiBlameInferencesInitDocument = `
+    mutation UploadAIBlameInferencesInit($sessions: [AIBlameInferenceInitInput!]!) {
+  uploadAIBlameInferencesInit(sessions: $sessions) {
+    status
+    error
+    uploadSessions {
+      aiBlameInferenceId
+      prompt {
+        url
+        artifactId
+        fileName
+        uploadFieldsJSON
+        uploadKey
+      }
+      inference {
+        url
+        artifactId
+        fileName
+        uploadFieldsJSON
+        uploadKey
+      }
+    }
+  }
+}
+    `;
+var FinalizeAiBlameInferencesUploadDocument = `
+    mutation FinalizeAIBlameInferencesUpload($sessions: [AIBlameInferenceFinalizeInput!]!) {
+  finalizeAIBlameInferencesUpload(sessions: $sessions) {
+    status
+    error
+  }
+}
+    `;
 var DigestVulnerabilityReportDocument = `
     mutation DigestVulnerabilityReport($vulnerabilityReportFileName: String, $fixReportId: String!, $projectId: String!, $scanSource: String!, $repoUrl: String, $reference: String, $sha: String) {
   digestVulnerabilityReport(
@@ -2531,6 +2566,12 @@ function getSdk(client, withWrapper = defaultWrapper) {
     uploadS3BucketInfo(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: UploadS3BucketInfoDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "uploadS3BucketInfo", "mutation", variables);
     },
+    UploadAIBlameInferencesInit(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: UploadAiBlameInferencesInitDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "UploadAIBlameInferencesInit", "mutation", variables);
+    },
+    FinalizeAIBlameInferencesUpload(variables, requestHeaders, signal) {
+      return withWrapper((wrappedRequestHeaders) => client.request({ document: FinalizeAiBlameInferencesUploadDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "FinalizeAIBlameInferencesUpload", "mutation", variables);
+    },
     DigestVulnerabilityReport(variables, requestHeaders, signal) {
       return withWrapper((wrappedRequestHeaders) => client.request({ document: DigestVulnerabilityReportDocument, variables, requestHeaders: { ...requestHeaders, ...wrappedRequestHeaders }, signal }), "DigestVulnerabilityReport", "mutation", variables);
     },
@@ -6373,7 +6414,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path15 = [
+      const path17 = [
         prefixPath,
         owner,
         projectName,
@@ -6384,7 +6425,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path15}?${params2}`, origin2).toString();
+      return new URL(`${path17}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -6875,6 +6916,9 @@ var AdoSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
+  async getCommitDiff(_commitSha) {
+    throw new Error("getCommitDiff not implemented for ADO");
+  }
 };
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
@@ -7438,6 +7482,9 @@ var BitbucketSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
+  async getCommitDiff(_commitSha) {
+    throw new Error("getCommitDiff not implemented for Bitbucket");
+  }
 };
 
 // src/features/analysis/scm/constants.ts
@@ -7806,6 +7853,33 @@ function getGithubSdk(params = {}) {
         commit_sha: commitSha
       });
     },
+    async getCommitWithDiff({
+      commitSha,
+      owner,
+      repo
+    }) {
+      const [commitData, diffData] = await Promise.all([
+        // Get commit metadata
+        octokit.rest.repos.getCommit({
+          repo,
+          owner,
+          ref: commitSha
+        }),
+        // Get commit diff
+        octokit.request("GET /repos/{owner}/{repo}/commits/{ref}", {
+          owner,
+          repo,
+          ref: commitSha,
+          headers: {
+            Accept: "application/vnd.github.v3.diff"
+          }
+        })
+      ]);
+      return {
+        commit: commitData.data,
+        diff: diffData.data
+      };
+    },
     async getTagDate({
       tag,
       owner,
@@ -7839,14 +7913,14 @@ function getGithubSdk(params = {}) {
       };
     },
     async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path15 } = params2;
+      const { ref, gitHubUrl, path: path17 } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
       const res = await octokit.graphql(
         GET_BLAME_DOCUMENT,
         {
           owner,
           repo,
-          path: path15,
+          path: path17,
           ref
         }
       );
@@ -8153,11 +8227,11 @@ var GithubSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path15) {
+  async getRepoBlameRanges(ref, path17) {
     this._validateUrl();
     return await this.githubSdk.getGithubBlameRanges({
       ref,
-      path: path15,
+      path: path17,
       gitHubUrl: this.url
     });
   }
@@ -8241,6 +8315,24 @@ var GithubSCMLib = class extends SCMLib {
       comment_id: commentId
     });
   }
+  async getCommitDiff(commitSha) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const { commit, diff } = await this.githubSdk.getCommitWithDiff({
+      owner,
+      repo,
+      commitSha
+    });
+    const commitTimestamp = commit.commit.committer?.date ? new Date(commit.commit.committer.date) : new Date(commit.commit.author?.date || Date.now());
+    return {
+      diff,
+      commitTimestamp,
+      commitSha: commit.sha,
+      authorName: commit.commit.author?.name,
+      authorEmail: commit.commit.author?.email,
+      message: commit.commit.message
+    };
+  }
 };
 
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -8571,13 +8663,13 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
   const { organization, repoName, projectPath } = parsingResult;
   return { owner: organization, repo: repoName, projectPath };
 }
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path15 }, options) {
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path17 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
   const api2 = getGitBeaker({
     url: gitlabUrl,
     gitlabAuthToken: options?.gitlabAuthToken
   });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path15, ref);
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path17, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
     const oldLineNumber = lineNumber;
@@ -8753,10 +8845,10 @@ var GitlabSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path15) {
+  async getRepoBlameRanges(ref, path17) {
     this._validateUrl();
     return await getGitlabBlameRanges(
-      { ref, path: path15, gitlabUrl: this.url },
+      { ref, path: path17, gitlabUrl: this.url },
       {
         url: this.url,
         gitlabAuthToken: this.accessToken
@@ -8806,6 +8898,9 @@ var GitlabSCMLib = class extends SCMLib {
     this._validateAccessTokenAndUrl();
     return `${this.url}/-/commits/${branchName}`;
   }
+  async getCommitDiff(_commitSha) {
+    throw new Error("getCommitDiff not implemented for GitLab");
+  }
 };
 
 // src/features/analysis/scm/scmFactory.ts
@@ -8902,6 +8997,17 @@ var StubSCMLib = class extends SCMLib {
   async addCommentToSubmitRequest(_submitRequestId, _comment) {
     console.warn("addCommentToSubmitRequest() no-op");
   }
+  async getCommitDiff(_commitSha) {
+    console.warn("getCommitDiff() returning stub diff");
+    return {
+      diff: "",
+      commitTimestamp: /* @__PURE__ */ new Date(),
+      commitSha: _commitSha,
+      authorName: void 0,
+      authorEmail: void 0,
+      message: void 0
+    };
+  }
 };
 
 // src/features/analysis/scm/scmFactory.ts
@@ -9454,7 +9560,8 @@ var mobbCliCommand = {
   analyze: "analyze",
   review: "review",
   convertToSarif: "convert-to-sarif",
-  mcp: "mcp"
+  mcp: "mcp",
+  uploadAiBlame: "upload-ai-blame"
 };
 var ScanContext = {
   FULL_SCAN: "FULL_SCAN",
@@ -9465,7 +9572,7 @@ var ScanContext = {
 };
 
 // src/args/yargs.ts
-import chalk10 from "chalk";
+import chalk11 from "chalk";
 import yargs from "yargs/yargs";
 
 // src/args/commands/analyze.ts
@@ -9834,7 +9941,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path15,
+    path: path17,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -9849,7 +9956,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path15,
+    path: path17,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -9883,7 +9990,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path15,
+    path: path17,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -9901,7 +10008,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path15,
+    path: path17,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -10198,10 +10305,10 @@ async function getGitInfo(srcDirPath) {
         repoUrl: void 0
       };
     }
-    const gitInfo = await gitService.getGitInfo();
+    const gitInfo2 = await gitService.getGitInfo();
     return {
       success: true,
-      ...gitInfo
+      ...gitInfo2
     };
   } catch (e) {
     if (e instanceof Error) {
@@ -10995,8 +11102,8 @@ import path8 from "path";
 var debug15 = Debug15("mobbdev:checkmarx");
 var require2 = createRequire(import.meta.url);
 var getCheckmarxPath = () => {
-  const os3 = type();
-  const cxFileName = os3 === "Windows_NT" ? "cx.exe" : "cx";
+  const os5 = type();
+  const cxFileName = os5 === "Windows_NT" ? "cx.exe" : "cx";
   try {
     return require2.resolve(`.bin/${cxFileName}`);
   } catch (e) {
@@ -11671,7 +11778,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         text: "\u{1F4C1} Uploading Report successful!"
       });
     }
-    let gitInfo = { success: false };
+    let gitInfo2 = { success: false };
     if (reportPath) {
       const vulnFiles = await _digestReport({
         gqlClient,
@@ -11687,7 +11794,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         repoUploadInfo,
         isIncludeAllFiles: false
       });
-      gitInfo = res.gitInfo;
+      gitInfo2 = res.gitInfo;
     } else {
       const res = await _zipAndUploadRepo({
         srcPath,
@@ -11695,7 +11802,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
         repoUploadInfo,
         isIncludeAllFiles: true
       });
-      gitInfo = res.gitInfo;
+      gitInfo2 = res.gitInfo;
       await _digestReport({
         gqlClient,
         fixReportId: reportUploadInfo.fixReportId,
@@ -11713,9 +11820,9 @@ async function _scan(params, { skipPrompts = false } = {}) {
         submitVulnerabilityReportVariables: {
           fixReportId: reportUploadInfo.fixReportId,
           projectId,
-          repoUrl: repo || gitInfo.repoUrl || getTopLevelDirName(srcPath),
-          reference: ref || gitInfo.reference || "no-branch",
-          sha: commitHash || gitInfo.hash || "0123456789abcdef",
+          repoUrl: repo || gitInfo2.repoUrl || getTopLevelDirName(srcPath),
+          reference: ref || gitInfo2.reference || "no-branch",
+          sha: commitHash || gitInfo2.hash || "0123456789abcdef",
           scanSource: _getScanSource(command, ci),
           pullRequest: params.pullRequest,
           experimentalEnabled: !!experimentalEnabled,
@@ -11761,11 +11868,11 @@ async function _zipAndUploadRepo({
   const srcFileStatus = await fsPromises2.lstat(srcPath);
   const zippingSpinner = createSpinner4("\u{1F4E6} Zipping repo").start();
   let zipBuffer;
-  let gitInfo = { success: false };
+  let gitInfo2 = { success: false };
   if (srcFileStatus.isFile() && path9.extname(srcPath).toLowerCase() === ".fpr") {
     zipBuffer = await repackFpr(srcPath);
   } else {
-    gitInfo = await getGitInfo(srcPath);
+    gitInfo2 = await getGitInfo(srcPath);
     zipBuffer = await pack(srcPath, vulnFiles, isIncludeAllFiles);
   }
   zippingSpinner.success({ text: "\u{1F4E6} Zipping repo successful!" });
@@ -11782,7 +11889,7 @@ async function _zipAndUploadRepo({
     throw e;
   }
   uploadRepoSpinner.success({ text: "\u{1F4C1} Uploading Repo successful!" });
-  return { gitInfo };
+  return { gitInfo: gitInfo2 };
 }
 async function _digestReport({
   gqlClient,
@@ -12283,6 +12390,29 @@ var logWarn = (message, data) => logger.log(message, "warn", data);
 var logDebug = (message, data) => logger.log(message, "debug", data);
 var log = logger.log.bind(logger);
 
+// src/mcp/services/ConfigStoreService.ts
+init_configs();
+import Configstore4 from "configstore";
+function createConfigStore(defaultValues = { apiToken: "" }) {
+  const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
+  let domain = "";
+  try {
+    const url = new URL(API_URL2);
+    domain = url.hostname;
+  } catch (e) {
+    domain = API_URL2.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/:\d+$/, "");
+  }
+  const sanitizedDomain = domain.replace(/\./g, "_");
+  return new Configstore4(
+    `${packageJson.name}-${sanitizedDomain}`,
+    defaultValues
+  );
+}
+function getConfigStore() {
+  return createConfigStore();
+}
+var configStore = getConfigStore();
+
 // src/mcp/services/McpGQLClient.ts
 import crypto3 from "crypto";
 import { GraphQLClient as GraphQLClient2 } from "graphql-request";
@@ -12415,29 +12545,6 @@ var GetLatestReportByRepoUrlResponseSchema = z31.object({
   expiredReport: z31.array(ExpiredReportSchema)
 });
 
-// src/mcp/services/ConfigStoreService.ts
-init_configs();
-import Configstore4 from "configstore";
-function createConfigStore(defaultValues = { apiToken: "" }) {
-  const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
-  let domain = "";
-  try {
-    const url = new URL(API_URL2);
-    domain = url.hostname;
-  } catch (e) {
-    domain = API_URL2.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/:\d+$/, "");
-  }
-  const sanitizedDomain = domain.replace(/\./g, "_");
-  return new Configstore4(
-    `${packageJson.name}-${sanitizedDomain}`,
-    defaultValues
-  );
-}
-function getConfigStore() {
-  return createConfigStore();
-}
-var configStore = getConfigStore();
-
 // src/mcp/services/McpAuthService.ts
 import crypto2 from "crypto";
 import os2 from "os";
@@ -12557,6 +12664,12 @@ var McpGQLClient = class {
       }
     };
   }
+  async uploadAIBlameInferencesInitRaw(variables) {
+    return await this.clientSdk.UploadAIBlameInferencesInit(variables);
+  }
+  async finalizeAIBlameInferencesUploadRaw(variables) {
+    return await this.clientSdk.FinalizeAIBlameInferencesUpload(variables);
+  }
   async isApiEndpointReachable() {
     try {
       logDebug("[GraphQL] Calling Me query for API connection verification");
@@ -13119,6 +13232,369 @@ async function createAuthenticatedMcpGQLClient({
   return new McpGQLClient({ apiKey: newApiToken, type: "apiKey" });
 }
 
+// src/mcp/services/McpUsageService/McpUsageService.ts
+init_configs();
+import fetch5 from "node-fetch";
+import os4 from "os";
+import { v4 as uuidv43, v5 as uuidv5 } from "uuid";
+
+// src/mcp/services/McpUsageService/host.ts
+import { execSync } from "child_process";
+import fs10 from "fs";
+import os3 from "os";
+import path11 from "path";
+var IDEs = ["cursor", "windsurf", "webstorm", "vscode"];
+var runCommand = (cmd) => {
+  try {
+    return execSync(cmd, { encoding: "utf8" }).trim();
+  } catch {
+    return "";
+  }
+};
+var gitInfo = {
+  name: runCommand("git config user.name"),
+  email: runCommand("git config user.email")
+};
+var getMCPConfigPath = (hostName) => {
+  const home = os3.homedir();
+  switch (hostName.toLowerCase()) {
+    case "cursor":
+      return path11.join(home, ".cursor", "mcp.json");
+    case "windsurf":
+      return path11.join(home, ".codeium", "windsurf", "mcp_config.json");
+    case "webstorm":
+      return "";
+    case "visualstudiocode":
+    case "vscode":
+      return process.platform === "win32" ? path11.join(home, "AppData", "Roaming", "Code", "User", "mcp.json") : path11.join(
+        home,
+        "Library",
+        "Application Support",
+        "Code",
+        "User",
+        "mcp.json"
+      );
+    default:
+      throw new Error(`Unknown hostName: ${hostName}`);
+  }
+};
+var readMCPConfig = (hostName) => {
+  const filePath = getMCPConfigPath(hostName);
+  if (!fs10.existsSync(filePath)) return null;
+  return JSON.parse(fs10.readFileSync(filePath, "utf8"));
+};
+var getRunningProcesses = () => {
+  try {
+    return os3.platform() === "win32" ? execSync("tasklist", { encoding: "utf8" }) : execSync("ps aux", { encoding: "utf8" });
+  } catch {
+    return "";
+  }
+};
+var knownHosts = {
+  webstorm: "WebStorm",
+  cursor: "Cursor",
+  windsurf: "Windsurf",
+  code: "Vscode"
+};
+var versionCommands = {
+  WebStorm: {
+    darwin: [
+      `grep -m1 '"version"' /Applications/WebStorm.app/Contents/Resources/product-info.json | cut -d'"' -f4`
+    ],
+    win32: []
+  },
+  Cursor: {
+    darwin: [
+      "grep -A1 CFBundleVersion /Applications/Cursor.app/Contents/Info.plist | grep '<string>' | sed -E 's/.*<string>(.*)<\\/string>.*/\\1/'",
+      "cursor --version"
+    ],
+    win32: [
+      '(Get-Item "$env:LOCALAPPDATA\\Programs\\cursor\\Cursor.exe").VersionInfo.ProductVersion'
+    ]
+  },
+  Windsurf: {
+    darwin: [
+      "grep -A1 CFBundleVersion /Applications/Windsurf.app/Contents/Info.plist | grep '<string>' | sed -E 's/.*<string>(.*)<\\/string>.*/\\1/'",
+      "windsurf --version"
+    ],
+    win32: [
+      `(Get-Item "$env:LOCALAPPDATA\\Programs\\Windsurf\\Windsurf.exe").VersionInfo.ProductVersion`
+    ]
+  },
+  Vscode: {
+    darwin: [
+      `grep -A1 CFBundleVersion "/Applications/Visual Studio Code.app/Contents/Info.plist" | grep '<string>' | sed -E 's/.*<string>(.*)<\\/string>.*/\\1/'`,
+      process.env["TERM_PROGRAM_VERSION"] || "Unknown"
+    ],
+    win32: [
+      `(Get-Item "$env:LOCALAPPDATA\\Programs\\Microsoft VS Code\\Code.exe").VersionInfo.ProductVersion`
+    ]
+  }
+};
+var getProcessInfo = (pid) => {
+  const platform = os3.platform();
+  try {
+    if (platform === "linux" || platform === "darwin") {
+      const output = execSync(`ps -o pid=,ppid=,comm= -p ${pid}`, {
+        stdio: ["pipe", "pipe", "ignore"]
+      }).toString().trim();
+      if (!output) return null;
+      const [pidStr, ppid, ...cmd] = output.trim().split(/\s+/);
+      return { pid: pidStr ?? "", ppid: ppid ?? "", cmd: cmd.join(" ") };
+    } else if (platform === "win32") {
+      const output = execSync(
+        `powershell -Command "Get-CimInstance Win32_Process -Filter 'ProcessId=${pid}' | Select-Object ProcessId,ParentProcessId,Name | Format-Table -HideTableHeaders"`,
+        { stdio: ["pipe", "pipe", "ignore"] }
+      ).toString().trim();
+      if (!output) return null;
+      const parts = output.split(/\s+/);
+      const pidStr = parts[0];
+      const ppid = parts[1];
+      const cmd = parts.slice(2).join(" ");
+      return { pid: pidStr ?? "", ppid: ppid ?? "", cmd };
+    } else {
+      logWarn(`[UsageService] Unsupported platform: ${platform}`);
+      return null;
+    }
+  } catch {
+    return null;
+  }
+};
+var getHostInfo = () => {
+  const runningProcesses = getRunningProcesses().toLowerCase();
+  const results = [];
+  const allConfigs = {};
+  for (const ide of IDEs) {
+    const cfg = readMCPConfig(ide);
+    if (cfg) allConfigs[ide] = cfg;
+  }
+  const servers = [];
+  for (const [ide, cfg] of Object.entries(allConfigs)) {
+    for (const [name, server] of Object.entries(
+      cfg.mcpServers || cfg.servers || {}
+    )) {
+      servers.push({
+        ide,
+        name,
+        command: server.command || "",
+        isRunning: false
+      });
+    }
+  }
+  const runningLines = runningProcesses.split("\n");
+  for (const line of runningLines) {
+    if (line.includes("mcp")) {
+      const cmdLower = line.toLowerCase();
+      const existingServer = servers.find(
+        (s) => s.command && cmdLower.includes(s.command.toLowerCase())
+      );
+      if (existingServer) {
+        existingServer.isRunning = true;
+      } else {
+        let ideName = "Unknown";
+        const foundHostKey = Object.keys(knownHosts).find(
+          (key) => cmdLower.includes(key)
+        );
+        if (foundHostKey) {
+          ideName = knownHosts[foundHostKey] || "Unknown";
+        } else {
+          const pidMatch = line.trim().split(/\s+/)[1];
+          const pid = parseInt(String(pidMatch), 10);
+          if (!isNaN(pid)) {
+            let currentPid = pid;
+            while (currentPid && currentPid !== 0) {
+              const proc = getProcessInfo(currentPid);
+              if (!proc) break;
+              const cmdProc = proc.cmd.toLowerCase();
+              const found = Object.keys(knownHosts).find(
+                (key) => cmdProc.includes(key)
+              );
+              if (found) {
+                ideName = knownHosts[found] || "Unknown";
+                break;
+              }
+              currentPid = parseInt(proc.ppid, 10);
+            }
+          }
+        }
+        servers.push({
+          ide: ideName.toLowerCase(),
+          name: "unknown",
+          command: line.trim(),
+          isRunning: true
+        });
+      }
+    }
+  }
+  for (const { ide, name, command, isRunning } of servers) {
+    const config4 = allConfigs[ide] || null;
+    const ideName = ide.charAt(0).toUpperCase() + ide.slice(1) || "Unknown";
+    let ideVersion = "Unknown";
+    const platform = os3.platform();
+    const cmds = versionCommands[ideName]?.[platform] ?? [];
+    for (const cmd of cmds) {
+      try {
+        const versionOutput = cmd.includes("grep") || cmd.includes("--version") || cmd.includes("sed") ? execSync(cmd, { stdio: ["pipe", "pipe", "ignore"] }).toString().split("\n")[0] ?? "" : cmd;
+        if (versionOutput && versionOutput !== "Unknown") {
+          ideVersion = versionOutput;
+          break;
+        }
+      } catch {
+        continue;
+      }
+    }
+    let mcpConfigObj = {};
+    if (config4) {
+      const allServers = config4.mcpServers || config4.servers || {};
+      if (name in allServers && allServers[name]) {
+        mcpConfigObj = allServers[name];
+      }
+    }
+    results.push({
+      mcpName: name || command,
+      mcpConfiguration: JSON.stringify(mcpConfigObj),
+      ideName: ideName || "Unknown",
+      ideVersion: ideVersion || "Unknown",
+      isRunning
+    });
+  }
+  return { mcps: results, user: gitInfo };
+};
+
+// src/mcp/services/McpUsageService/McpUsageService.ts
+var McpUsageService = class {
+  constructor() {
+    __publicField(this, "configKey", "mcpUsage");
+    __publicField(this, "intervalId", null);
+    __publicField(this, "REST_API_URL", MCP_DEFAULT_REST_API_URL);
+    this.startPeriodicTracking();
+    if (process.env["API_URL"]) {
+      const url = new URL(process.env["API_URL"]);
+      const domain = `${url.protocol}//${url.host}`;
+      this.REST_API_URL = `${domain}/api/rest/mcp/track`;
+    }
+  }
+  startPeriodicTracking() {
+    logDebug(`[UsageService] Starting periodic tracking for mcps`, {});
+    this.intervalId = setInterval(async () => {
+      logDebug(`[UsageService] Triggering periodic usage service`, {
+        MCP_PERIODIC_TRACK_INTERVAL
+      });
+      await mcpUsageService.trackServerStart();
+    }, 1e4);
+  }
+  generateHostId() {
+    const stored = configStore.get(this.configKey);
+    if (stored?.mcpHostId) return stored.mcpHostId;
+    const interfaces = os4.networkInterfaces();
+    const macs = [];
+    for (const iface of Object.values(interfaces)) {
+      if (!iface) continue;
+      for (const net of iface) {
+        if (net.mac && net.mac !== "00:00:00:00:00:00") macs.push(net.mac);
+      }
+    }
+    const macString = macs.length ? macs.sort().join(",") : `${os4.hostname()}-${uuidv43()}`;
+    const hostId = uuidv5(macString, uuidv5.DNS);
+    logDebug("[UsageService] Generated new host ID", { hostId });
+    return hostId;
+  }
+  getOrganizationId() {
+    const organizationId = configStore.get("GOV-ORG-ID") || "";
+    if (organizationId) {
+      logDebug("[UsageService] Using stored organization ID", {
+        organizationId
+      });
+      return organizationId;
+    }
+    return "";
+  }
+  createUsageData(mcpHostId, organizationId, status) {
+    const { user, mcps } = getHostInfo();
+    return {
+      mcpHostId,
+      organizationId,
+      mcpVersion: packageJson.version,
+      mcpOsName: os4.platform(),
+      mcps: JSON.stringify(mcps),
+      status,
+      userName: user.name,
+      userEmail: user.email,
+      date: String((/* @__PURE__ */ new Date()).toISOString().split("T")[0])
+      // it's used to make sure we track the mcp usage daily
+    };
+  }
+  async trackUsage(status) {
+    try {
+      const hostId = this.generateHostId();
+      const organizationId = this.getOrganizationId();
+      if (!organizationId) {
+        logError(
+          "[UsageService] Cannot track MCP usage - organization ID not available"
+        );
+        return;
+      }
+      const usageData = this.createUsageData(hostId, organizationId, status);
+      const stored = configStore.get(this.configKey);
+      const hasChanges = !stored || Object.keys(usageData).some(
+        (key) => usageData[key] !== stored[key]
+      );
+      if (!hasChanges) {
+        logDebug(
+          `[UsageService] Skipping ${status} usage tracking - no changes`
+        );
+        return;
+      }
+      logDebug("[UsageService] Before", { usageData });
+      try {
+        const res = await fetch5(this.REST_API_URL, {
+          method: "POST",
+          headers: {
+            Accept: "application/json"
+          },
+          body: JSON.stringify({
+            organizationId,
+            mcps: usageData.mcps,
+            status,
+            osName: usageData.mcpOsName,
+            userFullName: usageData.userName,
+            userEmail: usageData.userEmail
+          })
+        });
+        const authResult = await res.json();
+        logDebug("[UsageService] Success usage data", { authResult });
+      } catch (err) {
+        logDebug("[UsageService] Error usage data", { err });
+      }
+      logDebug("[UsageService] Saving usage data", { usageData });
+      configStore.set(this.configKey, usageData);
+      logInfo(
+        `[UsageService] MCP server ${status === "ACTIVE" ? "start" : "stop"} tracked successfully`
+      );
+    } catch (error) {
+      configStore.set(this.configKey, { status: "FAILED" });
+      logError(
+        `[UsageService] Failed to track MCP server ${status === "ACTIVE" ? "start" : "stop"}`,
+        { error }
+      );
+    }
+  }
+  async trackServerStart() {
+    await this.trackUsage("ACTIVE");
+  }
+  async trackServerStop() {
+    await this.trackUsage("INACTIVE");
+  }
+  reset() {
+    if (!this.intervalId) {
+      return;
+    }
+    clearInterval(this.intervalId);
+    this.intervalId = null;
+  }
+};
+var mcpUsageService = new McpUsageService();
+
 // src/mcp/tools/toolNames.ts
 var MCP_TOOL_CHECK_FOR_NEW_AVAILABLE_FIXES = "check_for_new_available_fixes";
 var MCP_TOOL_FETCH_AVAILABLE_FIXES = "fetch_available_fixes";
@@ -13185,7 +13661,23 @@ var McpServer = class {
     logInfo("MCP server instance created");
     logDebug("MCP server instance config", { config: config4 });
   }
-  handleProcessSignal({
+  async trackServerUsage(action, signalOrError) {
+    try {
+      if (action === "start") {
+        await mcpUsageService.trackServerStart();
+      }
+      if (action === "stop") {
+        await mcpUsageService.trackServerStop();
+        mcpUsageService.reset();
+      }
+    } catch (usageError) {
+      logWarn(`Failed to track MCP server ${action}`, {
+        error: usageError,
+        signalOrError
+      });
+    }
+  }
+  async handleProcessSignal({
     signal,
     error
   }) {
@@ -13223,9 +13715,11 @@ var McpServer = class {
       logDebug(message, { signal });
     }
     if (signal === "SIGINT" || signal === "SIGTERM") {
+      await this.trackServerUsage("stop", signal);
       process.exit(0);
     }
     if (signal === "uncaughtException") {
+      await this.trackServerUsage("stop", signal);
       process.exit(1);
     }
   }
@@ -13243,8 +13737,8 @@ var McpServer = class {
       "warning"
     ];
     signals.forEach((signal) => {
-      const handler = (error) => {
-        this.handleProcessSignal({ signal, error });
+      const handler = async (error) => {
+        await this.handleProcessSignal({ signal, error });
       };
       this.eventHandlers.set(signal, handler);
       process.on(signal, handler);
@@ -13303,6 +13797,12 @@ var McpServer = class {
     }
   }
   async handleListToolsRequest(request) {
+    const govOrgId = configStore.get("GOV-ORG-ID") || "";
+    if (govOrgId) {
+      return {
+        tools: []
+      };
+    }
     logInfo("Received list_tools request");
     logDebug("list_tools request", {
       request: JSON.parse(JSON.stringify(request))
@@ -13390,6 +13890,7 @@ var McpServer = class {
       const transport = new StdioServerTransport();
       await this.server.connect(transport);
       logDebug("MCP server is running on stdin/stdout");
+      await this.trackServerUsage("start");
       process.stdin.resume();
       await this.createShutdownPromise();
       await this.stop();
@@ -13400,6 +13901,7 @@ var McpServer = class {
   }
   async stop() {
     logDebug("MCP server shutting down");
+    await this.trackServerUsage("stop");
     this.eventHandlers.forEach((handler, signal) => {
       process.removeListener(signal, handler);
     });
@@ -13413,8 +13915,8 @@ var McpServer = class {
 import { z as z34 } from "zod";
 
 // src/mcp/services/PathValidation.ts
-import fs10 from "fs";
-import path11 from "path";
+import fs11 from "fs";
+import path12 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
   if (/^\/[a-zA-Z]:\//.test(inputPath)) {
@@ -13441,7 +13943,7 @@ async function validatePath(inputPath) {
     logError(error);
     return { isValid: false, error, path: inputPath };
   }
-  const normalizedPath = path11.normalize(inputPath);
+  const normalizedPath = path12.normalize(inputPath);
   if (normalizedPath.includes("..")) {
     const error = `Normalized path contains path traversal patterns: ${inputPath}`;
     logError(error);
@@ -13468,7 +13970,7 @@ async function validatePath(inputPath) {
   logDebug("Path validation successful", { inputPath });
   logDebug("Checking path existence", { inputPath });
   try {
-    await fs10.promises.access(inputPath);
+    await fs11.promises.access(inputPath);
     logDebug("Path exists and is accessible", { inputPath });
     return { isValid: true, path: inputPath };
   } catch (error) {
@@ -14030,26 +14532,26 @@ ${whatHappensNextSection}`;
 init_FileUtils();
 init_GitService();
 init_configs();
-import fs11 from "fs/promises";
+import fs12 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
-  path: path15,
+  path: path17,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
   scanContext
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
-    path: path15,
+    path: path17,
     maxFileSize,
     maxFiles,
     isAllFilesScan
   });
   try {
-    const resolvedRepoPath = await fs11.realpath(path15);
+    const resolvedRepoPath = await fs12.realpath(path17);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
-      originalPath: path15
+      originalPath: path17
     });
     const gitService = new GitService(resolvedRepoPath, log);
     const gitValidation = await gitService.validateRepository();
@@ -14062,7 +14564,7 @@ var getLocalFiles = async ({
     if (!gitValidation.isValid || isAllFilesScan) {
       try {
         files = await FileUtils.getLastChangedFiles({
-          dir: path15,
+          dir: path17,
           maxFileSize,
           maxFiles,
           isAllFilesScan
@@ -14126,7 +14628,7 @@ var getLocalFiles = async ({
           absoluteFilePath
         );
         try {
-          const fileStat = await fs11.stat(absoluteFilePath);
+          const fileStat = await fs12.stat(absoluteFilePath);
           return {
             filename: nodePath.basename(absoluteFilePath),
             relativePath,
@@ -14154,15 +14656,15 @@ var getLocalFiles = async ({
     logError(`${scanContext}Unexpected error in getLocalFiles`, {
       error: error instanceof Error ? error.message : String(error),
       stack: error instanceof Error ? error.stack : void 0,
-      path: path15
+      path: path17
     });
     throw error;
   }
 };
 
 // src/mcp/services/LocalMobbFolderService.ts
-import fs12 from "fs";
-import path12 from "path";
+import fs13 from "fs";
+import path13 from "path";
 import { z as z33 } from "zod";
 init_GitService();
 function extractPathFromPatch(patch) {
@@ -14249,19 +14751,19 @@ var LocalMobbFolderService = class {
           "[LocalMobbFolderService] Non-git repository detected, skipping .gitignore operations"
         );
       }
-      const mobbFolderPath = path12.join(
+      const mobbFolderPath = path13.join(
         this.repoPath,
         this.defaultMobbFolderName
       );
-      if (!fs12.existsSync(mobbFolderPath)) {
+      if (!fs13.existsSync(mobbFolderPath)) {
         logInfo("[LocalMobbFolderService] Creating .mobb folder", {
           mobbFolderPath
         });
-        fs12.mkdirSync(mobbFolderPath, { recursive: true });
+        fs13.mkdirSync(mobbFolderPath, { recursive: true });
       } else {
         logDebug("[LocalMobbFolderService] .mobb folder already exists");
       }
-      const stats = fs12.statSync(mobbFolderPath);
+      const stats = fs13.statSync(mobbFolderPath);
       if (!stats.isDirectory()) {
         throw new Error(`Path exists but is not a directory: ${mobbFolderPath}`);
       }
@@ -14302,13 +14804,13 @@ var LocalMobbFolderService = class {
       logDebug("[LocalMobbFolderService] Git repository validated successfully");
     } else {
       try {
-        const stats = fs12.statSync(this.repoPath);
+        const stats = fs13.statSync(this.repoPath);
         if (!stats.isDirectory()) {
           throw new Error(
             `Path exists but is not a directory: ${this.repoPath}`
           );
         }
-        fs12.accessSync(this.repoPath, fs12.constants.R_OK | fs12.constants.W_OK);
+        fs13.accessSync(this.repoPath, fs13.constants.R_OK | fs13.constants.W_OK);
         logDebug(
           "[LocalMobbFolderService] Non-git directory validated successfully"
         );
@@ -14421,8 +14923,8 @@ var LocalMobbFolderService = class {
         mobbFolderPath,
         baseFileName
       );
-      const filePath = path12.join(mobbFolderPath, uniqueFileName);
-      await fs12.promises.writeFile(filePath, patch, "utf8");
+      const filePath = path13.join(mobbFolderPath, uniqueFileName);
+      await fs13.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
         fileName: uniqueFileName,
@@ -14479,11 +14981,11 @@ var LocalMobbFolderService = class {
    * @returns Unique filename that doesn't conflict with existing files
    */
   getUniqueFileName(folderPath, baseFileName) {
-    const baseName = path12.parse(baseFileName).name;
-    const extension = path12.parse(baseFileName).ext;
+    const baseName = path13.parse(baseFileName).name;
+    const extension = path13.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs12.existsSync(path12.join(folderPath, uniqueFileName))) {
+    while (fs13.existsSync(path13.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -14514,18 +15016,18 @@ var LocalMobbFolderService = class {
     logDebug("[LocalMobbFolderService] Logging patch info", { fixId: fix.id });
     try {
       const mobbFolderPath = await this.getFolder();
-      const patchInfoPath = path12.join(mobbFolderPath, "patchInfo.md");
+      const patchInfoPath = path13.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
-      if (fs12.existsSync(patchInfoPath)) {
-        existingContent = await fs12.promises.readFile(patchInfoPath, "utf8");
+      if (fs13.existsSync(patchInfoPath)) {
+        existingContent = await fs13.promises.readFile(patchInfoPath, "utf8");
         logDebug("[LocalMobbFolderService] Existing patchInfo.md found");
       } else {
         logDebug("[LocalMobbFolderService] Creating new patchInfo.md file");
       }
       const separator = existingContent ? "\n\n================================================================================\n\n" : "";
       const updatedContent = `${markdownContent}${separator}${existingContent}`;
-      await fs12.promises.writeFile(patchInfoPath, updatedContent, "utf8");
+      await fs13.promises.writeFile(patchInfoPath, updatedContent, "utf8");
       logInfo("[LocalMobbFolderService] Patch info logged successfully", {
         patchInfoPath,
         fixId: fix.id,
@@ -14556,7 +15058,7 @@ var LocalMobbFolderService = class {
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const patch = this.extractPatchFromFix(fix);
     const relativePatchedFilePath = patch ? extractPathFromPatch(patch) : null;
-    const patchedFilePath = relativePatchedFilePath ? path12.resolve(this.repoPath, relativePatchedFilePath) : null;
+    const patchedFilePath = relativePatchedFilePath ? path13.resolve(this.repoPath, relativePatchedFilePath) : null;
     const fixIdentifier = savedPatchFileName ? savedPatchFileName.replace(".patch", "") : fix.id;
     let markdown = `# Fix ${fixIdentifier}
 
@@ -14898,16 +15400,16 @@ import {
   unlinkSync,
   writeFileSync
 } from "fs";
-import fs13 from "fs/promises";
+import fs14 from "fs/promises";
 import parseDiff2 from "parse-diff";
-import path13 from "path";
+import path14 from "path";
 var PatchApplicationService = class {
   /**
    * Gets the appropriate comment syntax for a file based on its extension
    */
   static getCommentSyntax(filePath) {
-    const ext = path13.extname(filePath).toLowerCase();
-    const basename2 = path13.basename(filePath);
+    const ext = path14.extname(filePath).toLowerCase();
+    const basename2 = path14.basename(filePath);
     const commentMap = {
       // C-style languages (single line comments)
       ".js": "//",
@@ -15117,7 +15619,7 @@ var PatchApplicationService = class {
         }
       );
     }
-    const dirPath = path13.dirname(filePath);
+    const dirPath = path14.dirname(filePath);
     mkdirSync(dirPath, { recursive: true });
     writeFileSync(filePath, finalContent, "utf8");
     return filePath;
@@ -15401,9 +15903,9 @@ var PatchApplicationService = class {
         continue;
       }
       try {
-        const absolutePath = path13.resolve(repositoryPath, targetFile);
+        const absolutePath = path14.resolve(repositoryPath, targetFile);
         if (existsSync2(absolutePath)) {
-          const stats = await fs13.stat(absolutePath);
+          const stats = await fs14.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
           if (fileModTime > scanStartTime) {
             logError(
@@ -15444,7 +15946,7 @@ var PatchApplicationService = class {
     const appliedFixes = [];
     const failedFixes = [];
     const skippedFixes = [];
-    const resolvedRepoPath = await fs13.realpath(repositoryPath);
+    const resolvedRepoPath = await fs14.realpath(repositoryPath);
     logInfo(
       `[${scanContext}] Starting patch application for ${fixes.length} fixes`,
       {
@@ -15592,11 +16094,11 @@ var PatchApplicationService = class {
   }) {
     const sanitizedRepoPath = String(repositoryPath || "").replace("\0", "").replace(/^(\.\.(\/|\\))+/, "");
     const sanitizedTargetFile = String(targetFile || "").replace("\0", "").replace(/^(\.\.(\/|\\))+/, "");
-    const absoluteFilePath = path13.resolve(
+    const absoluteFilePath = path14.resolve(
       sanitizedRepoPath,
       sanitizedTargetFile
     );
-    const relativePath = path13.relative(sanitizedRepoPath, absoluteFilePath);
+    const relativePath = path14.relative(sanitizedRepoPath, absoluteFilePath);
     if (relativePath.startsWith("..")) {
       throw new Error(
         `Security violation: target file ${targetFile} resolves outside repository`
@@ -15630,7 +16132,7 @@ var PatchApplicationService = class {
       fix,
       scanContext
     });
-    appliedFiles.push(path13.relative(repositoryPath, actualPath));
+    appliedFiles.push(path14.relative(repositoryPath, actualPath));
     logDebug(`[${scanContext}] Created new file: ${relativePath}`);
   }
   /**
@@ -15678,7 +16180,7 @@ var PatchApplicationService = class {
         fix,
         scanContext
       });
-      appliedFiles.push(path13.relative(repositoryPath, actualPath));
+      appliedFiles.push(path14.relative(repositoryPath, actualPath));
       logDebug(`[${scanContext}] Modified file: ${relativePath}`);
     }
   }
@@ -15873,8 +16375,8 @@ init_configs();
 
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
-import fs14 from "fs";
-import path14 from "path";
+import fs15 from "fs";
+import path15 from "path";
 import AdmZip2 from "adm-zip";
 var FileOperations = class {
   /**
@@ -15894,10 +16396,10 @@ var FileOperations = class {
     let packedFilesCount = 0;
     const packedFiles = [];
     const excludedFiles = [];
-    const resolvedRepoPath = path14.resolve(repositoryPath);
+    const resolvedRepoPath = path15.resolve(repositoryPath);
     for (const filepath of fileList) {
-      const absoluteFilepath = path14.join(repositoryPath, filepath);
-      const resolvedFilePath = path14.resolve(absoluteFilepath);
+      const absoluteFilepath = path15.join(repositoryPath, filepath);
+      const resolvedFilePath = path15.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         const reason = "potential path traversal security risk";
         logDebug(`[FileOperations] Skipping ${filepath} due to ${reason}`);
@@ -15944,11 +16446,11 @@ var FileOperations = class {
     fileList,
     repositoryPath
   }) {
-    const resolvedRepoPath = path14.resolve(repositoryPath);
+    const resolvedRepoPath = path15.resolve(repositoryPath);
     const validatedPaths = [];
     for (const filepath of fileList) {
-      const absoluteFilepath = path14.join(repositoryPath, filepath);
-      const resolvedFilePath = path14.resolve(absoluteFilepath);
+      const absoluteFilepath = path15.join(repositoryPath, filepath);
+      const resolvedFilePath = path15.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         logDebug(
           `[FileOperations] Rejecting ${filepath} - path traversal attempt detected`
@@ -15956,7 +16458,7 @@ var FileOperations = class {
         continue;
       }
       try {
-        await fs14.promises.access(absoluteFilepath, fs14.constants.R_OK);
+        await fs15.promises.access(absoluteFilepath, fs15.constants.R_OK);
         validatedPaths.push(filepath);
       } catch (error) {
         logDebug(
@@ -15975,8 +16477,8 @@ var FileOperations = class {
     const fileDataArray = [];
     for (const absolutePath of filePaths) {
       try {
-        const content = await fs14.promises.readFile(absolutePath);
-        const relativePath = path14.basename(absolutePath);
+        const content = await fs15.promises.readFile(absolutePath);
+        const relativePath = path15.basename(absolutePath);
         fileDataArray.push({
           relativePath,
           absolutePath,
@@ -16001,7 +16503,7 @@ var FileOperations = class {
     relativeFilepath
   }) {
     try {
-      return await fs14.promises.readFile(absoluteFilepath);
+      return await fs15.promises.readFile(absoluteFilepath);
     } catch (fsError) {
       logError(
         `[FileOperations] Failed to read ${relativeFilepath} from filesystem: ${fsError}`
@@ -16288,14 +16790,14 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
    * since the last scan.
    */
   async scanForSecurityVulnerabilities({
-    path: path15,
+    path: path17,
     isAllDetectionRulesScan,
     isAllFilesScan,
     scanContext
   }) {
     this.hasAuthenticationFailed = false;
     logDebug(`[${scanContext}] Scanning for new security vulnerabilities`, {
-      path: path15
+      path: path17
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
@@ -16311,10 +16813,10 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       logDebug(
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
-        { path: path15 }
+        { path: path17 }
       );
       const files = await getLocalFiles({
-        path: path15,
+        path: path17,
         isAllFilesScan,
         scanContext
       });
@@ -16339,13 +16841,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
       const { fixReportId, projectId } = await scanFiles({
         fileList: filesToScan.map((file) => file.relativePath),
-        repositoryPath: path15,
+        repositoryPath: path17,
         gqlClient: this.gqlClient,
         isAllDetectionRulesScan,
         scanContext
       });
       logInfo(
-        `[${scanContext}] Security scan completed for ${path15} reportId: ${fixReportId} projectId: ${projectId}`
+        `[${scanContext}] Security scan completed for ${path17} reportId: ${fixReportId} projectId: ${projectId}`
       );
       if (isAllFilesScan) {
         return;
@@ -16639,13 +17141,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     return scannedFiles.some((file) => file.relativePath === fixFile);
   }
-  async getFreshFixes({ path: path15 }) {
+  async getFreshFixes({ path: path17 }) {
     const scanContext = ScanContext.USER_REQUEST;
-    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path15 });
-    if (this.path !== path15) {
-      this.path = path15;
+    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path17 });
+    if (this.path !== path17) {
+      this.path = path17;
       this.reset();
-      logInfo(`[${scanContext}] Reset service state for new path`, { path: path15 });
+      logInfo(`[${scanContext}] Reset service state for new path`, { path: path17 });
     }
     try {
       this.gqlClient = await createAuthenticatedMcpGQLClient();
@@ -16663,7 +17165,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       throw error;
     }
-    this.triggerScan({ path: path15, gqlClient: this.gqlClient });
+    this.triggerScan({ path: path17, gqlClient: this.gqlClient });
     let isMvsAutoFixEnabled = null;
     try {
       isMvsAutoFixEnabled = await this.gqlClient.getMvsAutoFixSettings();
@@ -16697,33 +17199,33 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     return noFreshFixesPrompt;
   }
   triggerScan({
-    path: path15,
+    path: path17,
     gqlClient
   }) {
-    if (this.path !== path15) {
-      this.path = path15;
+    if (this.path !== path17) {
+      this.path = path17;
       this.reset();
-      logInfo(`Reset service state for new path in triggerScan`, { path: path15 });
+      logInfo(`Reset service state for new path in triggerScan`, { path: path17 });
     }
     this.gqlClient = gqlClient;
     if (!this.intervalId) {
-      this.startPeriodicScanning(path15);
-      this.executeInitialScan(path15);
-      void this.executeInitialFullScan(path15);
+      this.startPeriodicScanning(path17);
+      this.executeInitialScan(path17);
+      void this.executeInitialFullScan(path17);
     }
   }
-  startPeriodicScanning(path15) {
+  startPeriodicScanning(path17) {
     const scanContext = ScanContext.BACKGROUND_PERIODIC;
     logDebug(
       `[${scanContext}] Starting periodic scan for new security vulnerabilities`,
       {
-        path: path15
+        path: path17
       }
     );
     this.intervalId = setInterval(() => {
-      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path15 });
+      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path17 });
       this.scanForSecurityVulnerabilities({
-        path: path15,
+        path: path17,
         scanContext
       }).catch((error) => {
         logError(`[${scanContext}] Error during periodic security scan`, {
@@ -16732,45 +17234,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  async executeInitialFullScan(path15) {
+  async executeInitialFullScan(path17) {
     const scanContext = ScanContext.FULL_SCAN;
-    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path15 });
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path17 });
     logDebug(`[${scanContext}] Full scan paths scanned`, {
       fullScanPathsScanned: this.fullScanPathsScanned
     });
-    if (this.fullScanPathsScanned.includes(path15)) {
+    if (this.fullScanPathsScanned.includes(path17)) {
       logDebug(`[${scanContext}] Full scan already executed for this path`, {
-        path: path15
+        path: path17
       });
       return;
     }
     configStore.set("fullScanPathsScanned", [
       ...this.fullScanPathsScanned,
-      path15
+      path17
     ]);
     try {
       await this.scanForSecurityVulnerabilities({
-        path: path15,
+        path: path17,
         isAllFilesScan: true,
         isAllDetectionRulesScan: true,
         scanContext: ScanContext.FULL_SCAN
       });
-      if (!this.fullScanPathsScanned.includes(path15)) {
-        this.fullScanPathsScanned.push(path15);
+      if (!this.fullScanPathsScanned.includes(path17)) {
+        this.fullScanPathsScanned.push(path17);
         configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
       }
-      logInfo(`[${scanContext}] Full scan completed`, { path: path15 });
+      logInfo(`[${scanContext}] Full scan completed`, { path: path17 });
     } catch (error) {
       logError(`[${scanContext}] Error during initial full security scan`, {
         error
       });
     }
   }
-  executeInitialScan(path15) {
+  executeInitialScan(path17) {
     const scanContext = ScanContext.BACKGROUND_INITIAL;
-    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path15 });
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path17 });
     this.scanForSecurityVulnerabilities({
-      path: path15,
+      path: path17,
       scanContext: ScanContext.BACKGROUND_INITIAL
     }).catch((error) => {
       logError(`[${scanContext}] Error during initial security scan`, { error });
@@ -16866,9 +17368,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path15 = pathValidationResult.path;
+    const path17 = pathValidationResult.path;
     const resultText = await this.newFixesService.getFreshFixes({
-      path: path15
+      path: path17
     });
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
@@ -17016,8 +17518,8 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path15 = pathValidationResult.path;
-    const gitService = new GitService(path15, log);
+    const path17 = pathValidationResult.path;
+    const gitService = new GitService(path17, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -17283,9 +17785,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path15 = pathValidationResult.path;
+    const path17 = pathValidationResult.path;
     const files = await getLocalFiles({
-      path: path15,
+      path: path17,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
       scanContext: ScanContext.USER_REQUEST
@@ -17304,7 +17806,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: path15,
+        repositoryPath: path17,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
@@ -17355,9 +17857,12 @@ function createMcpServer() {
   logInfo("MCP server created and configured");
   return server;
 }
-async function startMcpServer() {
+async function startMcpServer({
+  govOrgId = ""
+}) {
   try {
     logDebug("Initializing MCP server");
+    configStore.set("GOV-ORG-ID", govOrgId);
     const server = createMcpServer();
     await server.start();
   } catch (error) {
@@ -17368,7 +17873,7 @@ async function startMcpServer() {
 
 // src/args/commands/mcp.ts
 var mcpBuilder = (yargs2) => {
-  return yargs2.example("$0 mcp", "Launch the MCP server").option("debug", {
+  return yargs2.example("$0 mcp", "Launch the MCP server").option("gov-org-id", organizationIdOptions).option("debug", {
     alias: "d",
     type: "boolean",
     description: "Run in debug mode with communication logging",
@@ -17377,7 +17882,8 @@ var mcpBuilder = (yargs2) => {
 };
 var mcpHandler = async (_args) => {
   try {
-    await startMcpServer();
+    validateOrganizationId(_args.govOrgId);
+    await startMcpServer({ govOrgId: _args.govOrgId });
   } catch (error) {
     console.error("Failed to start MCP server:", error);
     process.exit(1);
@@ -17385,7 +17891,7 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs15 from "fs";
+import fs16 from "fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -17422,7 +17928,7 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs15.existsSync(argv.f)) {
+  if (!fs16.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }
@@ -17494,60 +18000,183 @@ async function addScmTokenHandler(args) {
   await addScmToken(args);
 }
 
+// src/args/commands/upload_ai_blame.ts
+import fs17 from "fs/promises";
+import path16 from "path";
+import chalk10 from "chalk";
+function uploadAiBlameBuilder(args) {
+  return args.option("prompt", {
+    type: "string",
+    array: true,
+    demandOption: true,
+    describe: chalk10.bold("Path(s) to prompt artifact(s) (one per session)")
+  }).option("inference", {
+    type: "string",
+    array: true,
+    demandOption: true,
+    describe: chalk10.bold(
+      "Path(s) to inference artifact(s) (one per session)"
+    )
+  }).option("ai-response-at", {
+    type: "string",
+    array: true,
+    describe: chalk10.bold(
+      "ISO timestamp(s) for AI response (one per session, defaults to now)"
+    )
+  }).option("model", {
+    type: "string",
+    array: true,
+    describe: chalk10.bold("AI model name(s) (optional, one per session)")
+  }).option("tool-name", {
+    type: "string",
+    array: true,
+    describe: chalk10.bold("Tool/IDE name(s) (optional, one per session)")
+  }).strict();
+}
+async function uploadAiBlameHandler(args) {
+  const prompts = args.prompt || [];
+  const inferences = args.inference || [];
+  const models = args.model || [];
+  const tools = args.toolName || args["tool-name"] || [];
+  const responseTimes = args.aiResponseAt || args["ai-response-at"] || [];
+  if (prompts.length !== inferences.length) {
+    console.error(
+      chalk10.red("prompt and inference must have the same number of entries")
+    );
+    process.exit(1);
+  }
+  const nowIso = (/* @__PURE__ */ new Date()).toISOString();
+  const sessions = [];
+  for (let i = 0; i < prompts.length; i++) {
+    const promptPath = String(prompts[i]);
+    const inferencePath = String(inferences[i]);
+    try {
+      await Promise.all([fs17.access(promptPath), fs17.access(inferencePath)]);
+    } catch {
+      console.error(chalk10.red(`File not found for session ${i + 1}`));
+      process.exit(1);
+    }
+    sessions.push({
+      promptFileName: path16.basename(promptPath),
+      inferenceFileName: path16.basename(inferencePath),
+      aiResponseAt: responseTimes[i] || nowIso,
+      model: models[i],
+      toolName: tools[i]
+    });
+  }
+  const gqlClient = await createAuthenticatedMcpGQLClient();
+  const initRes = await gqlClient.uploadAIBlameInferencesInitRaw({ sessions });
+  const uploadSessions = initRes.uploadAIBlameInferencesInit?.uploadSessions ?? [];
+  if (uploadSessions.length !== sessions.length) {
+    console.error(
+      chalk10.red("Init failed to return expected number of sessions")
+    );
+    process.exit(1);
+  }
+  for (let i = 0; i < uploadSessions.length; i++) {
+    const us = uploadSessions[i];
+    const promptPath = String(prompts[i]);
+    const inferencePath = String(inferences[i]);
+    await uploadFile({
+      file: promptPath,
+      url: us.prompt.url,
+      uploadFields: JSON.parse(us.prompt.uploadFieldsJSON),
+      uploadKey: us.prompt.uploadKey
+    });
+    await uploadFile({
+      file: inferencePath,
+      url: us.inference.url,
+      uploadFields: JSON.parse(us.inference.uploadFieldsJSON),
+      uploadKey: us.inference.uploadKey
+    });
+  }
+  const finalizeSessions = uploadSessions.map((us, i) => {
+    const s = sessions[i];
+    return {
+      aiBlameInferenceId: us.aiBlameInferenceId,
+      promptKey: us.prompt.uploadKey,
+      inferenceKey: us.inference.uploadKey,
+      aiResponseAt: s.aiResponseAt,
+      model: s.model,
+      toolName: s.toolName
+    };
+  });
+  const finRes = await gqlClient.finalizeAIBlameInferencesUploadRaw({
+    sessions: finalizeSessions
+  });
+  const status = finRes?.finalizeAIBlameInferencesUpload?.status;
+  if (status !== "OK") {
+    console.error(
+      chalk10.red(
+        `Finalize failed: ${finRes?.finalizeAIBlameInferencesUpload?.error || "unknown error"}`
+      )
+    );
+    process.exit(1);
+  }
+  console.log(chalk10.green("AI Blame uploads finalized successfully"));
+}
+
 // src/args/yargs.ts
 var parseArgs = async (args) => {
   const yargsInstance = yargs(args);
   return yargsInstance.updateStrings({
-    "Commands:": chalk10.yellow.underline.bold("Commands:"),
-    "Options:": chalk10.yellow.underline.bold("Options:"),
-    "Examples:": chalk10.yellow.underline.bold("Examples:"),
-    "Show help": chalk10.bold("Show help")
+    "Commands:": chalk11.yellow.underline.bold("Commands:"),
+    "Options:": chalk11.yellow.underline.bold("Options:"),
+    "Examples:": chalk11.yellow.underline.bold("Examples:"),
+    "Show help": chalk11.bold("Show help")
   }).usage(
-    `${chalk10.bold(
+    `${chalk11.bold(
       "\n Bugsy - Trusted, Automatic Vulnerability Fixer \u{1F575}\uFE0F\u200D\u2642\uFE0F\n\n"
-    )} ${chalk10.yellow.underline.bold("Usage:")} 
-  $0 ${chalk10.green(
+    )} ${chalk11.yellow.underline.bold("Usage:")} 
+  $0 ${chalk11.green(
       "<command>"
-    )} ${chalk10.dim("[options]")}
+    )} ${chalk11.dim("[options]")}
             `
   ).version(false).command(
     mobbCliCommand.scan,
-    chalk10.bold(
+    chalk11.bold(
       "Scan your code for vulnerabilities, get automated fixes right away."
     ),
     scanBuilder,
     scanHandler
   ).command(
     mobbCliCommand.analyze,
-    chalk10.bold(
+    chalk11.bold(
       "Provide a code repository, get automated fixes right away. You can also provide a vulnerability report to analyze or have Mobb scan the code for you."
     ),
     analyzeBuilder,
     analyzeHandler
   ).command(
     mobbCliCommand.review,
-    chalk10.bold(
+    chalk11.bold(
       "Mobb will review your github pull requests and provide comments with fixes "
     ),
     reviewBuilder,
     reviewHandler
   ).command(
     mobbCliCommand.addScmToken,
-    chalk10.bold(
+    chalk11.bold(
       "Add your SCM (Github, Gitlab, Azure DevOps) token to Mobb to enable automated fixes."
     ),
     addScmTokenBuilder,
     addScmTokenHandler
   ).command(
     mobbCliCommand.convertToSarif,
-    chalk10.bold("Convert an existing SAST report to SARIF format."),
+    chalk11.bold("Convert an existing SAST report to SARIF format."),
     convertToSarifBuilder,
     convertToSarifHandler
   ).command(
     mobbCliCommand.mcp,
-    chalk10.bold("Launch the MCP (Model Context Protocol) server."),
+    chalk11.bold("Launch the MCP (Model Context Protocol) server."),
     mcpBuilder,
     mcpHandler
+  ).command(
+    mobbCliCommand.uploadAiBlame,
+    chalk11.bold(
+      "Upload AI Blame inference artifacts (prompt + inference) and finalize them."
+    ),
+    uploadAiBlameBuilder,
+    uploadAiBlameHandler
   ).example(
     "npx mobbdev@latest scan -r https://github.com/WebGoat/WebGoat",
     "Scan an existing repository"
@@ -17556,7 +18185,7 @@ var parseArgs = async (args) => {
     handler() {
       yargsInstance.showHelp();
     }
-  }).strictOptions().help("h").alias("h", "help").epilog(chalk10.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
+  }).strictOptions().help("h").alias("h", "help").epilog(chalk11.bgBlue("Made with \u2764\uFE0F by Mobb")).showHelpOnFail(true).wrap(Math.min(120, yargsInstance.terminalWidth())).parse();
 };
 
 // src/index.ts