mobbdev 1.0.186 → 1.0.189

package/dist/index.mjs

@@ -32,7 +32,7 @@ var init_env = __esm({
 });
 
 // src/mcp/core/configs.ts
-var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_AUTO_FIX_DEBUG_MODE, MCP_PERIODIC_TRACK_INTERVAL, MCP_DEFAULT_REST_API_URL;
+var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_AUTO_FIX_DEBUG_MODE, MCP_PERIODIC_TRACK_INTERVAL, MCP_DEFAULT_REST_API_URL, MCP_SYSTEM_FIND_TIMEOUT_MS;
 var init_configs = __esm({
   "src/mcp/core/configs.ts"() {
     "use strict";
@@ -53,6 +53,7 @@ var init_configs = __esm({
     MCP_AUTO_FIX_DEBUG_MODE = true;
     MCP_PERIODIC_TRACK_INTERVAL = 60 * 60 * 1e3;
     MCP_DEFAULT_REST_API_URL = "https://api.mobb.ai/api/rest/mcp/track";
+    MCP_SYSTEM_FIND_TIMEOUT_MS = 15 * 60 * 1e3;
   }
 });
 
@@ -1766,6 +1767,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["Pt"] = "PT";
   IssueType_Enum2["RaceConditionFormatFlaw"] = "RACE_CONDITION_FORMAT_FLAW";
   IssueType_Enum2["Redos"] = "REDOS";
+  IssueType_Enum2["RedundantNilErrorCheck"] = "REDUNDANT_NIL_ERROR_CHECK";
   IssueType_Enum2["RegexInjection"] = "REGEX_INJECTION";
   IssueType_Enum2["RegexMissingTimeout"] = "REGEX_MISSING_TIMEOUT";
   IssueType_Enum2["RequestParametersBoundViaInput"] = "REQUEST_PARAMETERS_BOUND_VIA_INPUT";
@@ -2918,7 +2920,8 @@ var fixDetailsData = {
   ["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: void 0,
   ["RETURN_IN_INIT" /* ReturnInInit */]: void 0,
   ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: void 0,
-  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0
+  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: void 0,
+  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/getIssueType.ts
@@ -3057,7 +3060,8 @@ var issueTypeMap = {
   ["SPRING_DEFAULT_PERMIT" /* SpringDefaultPermit */]: "Spring Default Permit",
   ["RETURN_IN_INIT" /* ReturnInInit */]: "Return in Init",
   ["ACTION_NOT_PINNED_TO_COMMIT_SHA" /* ActionNotPinnedToCommitSha */]: "Action Not Pinned to Commit Sha",
-  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default"
+  ["DJANGO_BLANK_FIELD_NEEDS_NULL_OR_DEFAULT" /* DjangoBlankFieldNeedsNullOrDefault */]: "Django Blank Field Needs Null or Default",
+  ["REDUNDANT_NIL_ERROR_CHECK" /* RedundantNilErrorCheck */]: "Redundant Nil Error Check"
 };
 var issueTypeZ = z.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -5412,9 +5416,7 @@ var VulnerabilityReportIssueZ = BaseVulnerabilityReportIssueZ.merge(
 );
 var VulnerabilityReportIssueWithCodeFilePathZ = BaseVulnerabilityReportIssueZ.merge(
   z11.object({
-    codeFilePath: z11.string().nullable(),
-    //TODO: REMOVE THIS once we flush out all the reports that don't have codeFilePath
-    codeNodes: z11.array(z11.object({ path: z11.string() }))
+    codeFilePath: z11.string().nullable()
   })
 );
 var GetReportIssuesQueryZ = z11.object({
@@ -7622,14 +7624,38 @@ function getOctoKit(options) {
     //to debug the performance of these API calls.
     log: GITHUB_API_TOKEN ? console : void 0,
     request: {
-      fetch: getFetch(baseUrl)
-    },
-    retry: {
-      enabled: false
+      fetch: getFetch(baseUrl),
+      timeout: 1e4
+      // 10 second timeout
     },
-    throttle: {
-      enabled: false
-    }
+    retry: options?.isEnableRetries ? {
+      doNotRetry: [400, 401, 403, 404, 422],
+      // Don't retry on these status codes
+      retries: 3
+      // Retry up to 3 times
+    } : { enabled: false },
+    throttle: options?.isEnableRetries ? {
+      onRateLimit: (retryAfter, options2, octokit, retryCount) => {
+        octokit.log.warn(
+          `Request quota exhausted for request ${options2.method} ${options2.url}`
+        );
+        if (retryCount === 0) {
+          octokit.log.info(`Retrying after ${retryAfter} seconds!`);
+          return true;
+        }
+        return false;
+      },
+      onSecondaryRateLimit: (retryAfter, options2, octokit, retryCount) => {
+        octokit.log.warn(
+          `SecondaryRateLimit detected for request ${options2.method} ${options2.url}`
+        );
+        if (retryCount === 0) {
+          octokit.log.info(`Retrying after ${retryAfter} seconds!`);
+          return true;
+        }
+        return false;
+      }
+    } : { enabled: false }
   });
 }
 function isGithubActionActionToken(token) {
@@ -11107,8 +11133,8 @@ import path8 from "path";
 var debug15 = Debug15("mobbdev:checkmarx");
 var require2 = createRequire(import.meta.url);
 var getCheckmarxPath = () => {
-  const os5 = type();
-  const cxFileName = os5 === "Windows_NT" ? "cx.exe" : "cx";
+  const os6 = type();
+  const cxFileName = os6 === "Windows_NT" ? "cx.exe" : "cx";
   try {
     return require2.resolve(`.bin/${cxFileName}`);
   } catch (e) {
@@ -13198,13 +13224,15 @@ var McpGQLClient = class {
   async getLatestReportByRepoUrl({
     repoUrl,
     limit = MCP_DEFAULT_LIMIT,
-    offset = 0
+    offset = 0,
+    fileFilter
   }) {
     try {
       logDebug("[GraphQL] Calling GetLatestReportByRepoUrl query", {
         repoUrl,
         limit,
-        offset
+        offset,
+        fileFilter
       });
       let currentUserEmail = "%@%";
       try {
@@ -13217,11 +13245,18 @@ var McpGQLClient = class {
           error: err
         });
       }
+      const filters = {};
+      if (fileFilter && fileFilter.length > 0) {
+        filters["vulnerabilityReportIssues"] = {
+          codeNodes: { path: { _in: fileFilter } }
+        };
+      }
       const resp = await this.clientSdk.GetLatestReportByRepoUrl({
         repoUrl,
         limit,
         offset,
-        currentUserEmail
+        currentUserEmail,
+        filters
       });
       logDebug("[GraphQL] GetLatestReportByRepoUrl successful", {
         result: resp,
@@ -13253,7 +13288,8 @@ var McpGQLClient = class {
     limit = MCP_DEFAULT_LIMIT,
     offset = 0,
     issueType,
-    severity
+    severity,
+    fileFilter
   }) {
     const filters = {};
     if (issueType && issueType.length > 0) {
@@ -13262,6 +13298,11 @@ var McpGQLClient = class {
     if (severity && severity.length > 0) {
       filters["severityText"] = { _in: severity };
     }
+    if (fileFilter && fileFilter.length > 0) {
+      filters["vulnerabilityReportIssues"] = {
+        codeNodes: { path: { _in: fileFilter } }
+      };
+    }
     try {
       logDebug("[GraphQL] Calling GetReportFixes query", {
         reportId,
@@ -13269,7 +13310,8 @@ var McpGQLClient = class {
         offset,
         filters,
         issueType,
-        severity
+        severity,
+        fileFilter
       });
       let currentUserEmail = "%@%";
       try {
@@ -13452,30 +13494,34 @@ var readConfigFile = (filePath) => {
     return null;
   }
 };
+var mergeConfigIntoResult = (config4, mergedConfig) => {
+  if (config4?.projects) {
+    const allMcpServers = {};
+    for (const projectPath in config4.projects) {
+      const project = config4.projects[projectPath];
+      if (project?.mcpServers) {
+        Object.assign(allMcpServers, project.mcpServers);
+      }
+    }
+    mergedConfig.mcpServers = { ...mergedConfig.mcpServers, ...allMcpServers };
+  }
+  if (config4?.mcpServers) {
+    mergedConfig.mcpServers = {
+      ...mergedConfig.mcpServers,
+      ...config4.mcpServers
+    };
+  }
+  if (config4?.servers) {
+    mergedConfig.servers = { ...mergedConfig.servers, ...config4.servers };
+  }
+};
 var readMCPConfig = (hostName) => {
   const configPaths = getMCPConfigPaths(hostName);
   const mergedConfig = {};
   for (const configPath of configPaths) {
     const config4 = readConfigFile(configPath);
-    if (hostName === "claude" && config4?.projects) {
-      const allMcpServers = {};
-      for (const projectPath in config4.projects) {
-        const project = config4.projects[projectPath];
-        if (project?.mcpServers) {
-          Object.assign(allMcpServers, project.mcpServers);
-        }
-      }
-      mergedConfig.mcpServers = { ...mergedConfig.mcpServers, ...allMcpServers };
-      continue;
-    }
-    if (config4?.mcpServers) {
-      mergedConfig.mcpServers = {
-        ...mergedConfig.mcpServers,
-        ...config4.mcpServers
-      };
-    }
-    if (config4?.servers) {
-      mergedConfig.servers = { ...mergedConfig.servers, ...config4.servers };
+    if (config4) {
+      mergeConfigIntoResult(config4, mergedConfig);
     }
   }
   return Object.keys(mergedConfig).length > 0 ? mergedConfig : null;
@@ -13585,14 +13631,31 @@ var getProcessInfo = (pid) => {
     return null;
   }
 };
-var getHostInfo = () => {
+var getHostInfo = (additionalMcpList) => {
   const runningProcesses = getRunningProcesses().toLowerCase();
   const results = [];
   const allConfigs = {};
+  const ideConfigPaths = /* @__PURE__ */ new Set();
+  for (const ide of IDEs) {
+    const configPaths = getMCPConfigPaths(ide);
+    configPaths.forEach((path17) => ideConfigPaths.add(path17));
+  }
+  const uniqueAdditionalPaths = additionalMcpList.filter(
+    (path17) => !ideConfigPaths.has(path17)
+  );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
     if (cfg) allConfigs[ide] = cfg;
   }
+  for (const additionalPath of uniqueAdditionalPaths) {
+    const config4 = readConfigFile(additionalPath);
+    if (!config4) continue;
+    const mergedConfig = {};
+    mergeConfigIntoResult(config4, mergedConfig);
+    if (Object.keys(mergedConfig).length > 0) {
+      allConfigs["system"] = mergedConfig;
+    }
+  }
   const servers = [];
   for (const [ide, cfg] of Object.entries(allConfigs)) {
     for (const [name, server] of Object.entries(
@@ -13693,8 +13756,90 @@ var getHostInfo = () => {
 // src/mcp/services/McpUsageService/McpUsageService.ts
 init_configs();
 import fetch5 from "node-fetch";
-import os4 from "os";
+import os5 from "os";
 import { v4 as uuidv43, v5 as uuidv5 } from "uuid";
+
+// src/mcp/services/McpUsageService/system.ts
+init_configs();
+import { spawn } from "child_process";
+import os4 from "os";
+var findSystemMCPConfigs = async () => {
+  try {
+    const platform = os4.platform();
+    let command;
+    let args;
+    if (platform === "win32") {
+      command = "powershell";
+      args = [
+        "-NoProfile",
+        "-Command",
+        "Get-ChildItem -Path $env:USERPROFILE -Recurse -Include *mcp*.json,*claude*.json -ErrorAction SilentlyContinue | ForEach-Object { $_.FullName }"
+      ];
+    } else {
+      const home = os4.homedir();
+      command = "find";
+      args = [
+        home,
+        "-type",
+        "f",
+        "(",
+        "-iname",
+        "*mcp*.json",
+        "-o",
+        "-iname",
+        "*claude*.json",
+        ")"
+      ];
+    }
+    return await new Promise((resolve) => {
+      const child = spawn(command, args, {
+        stdio: ["ignore", "pipe", "pipe"],
+        shell: platform === "win32"
+        // needed for PowerShell
+      });
+      let output = "";
+      let errorOutput = "";
+      const timer = setTimeout(() => {
+        child.kill("SIGTERM");
+        logWarn(
+          `MCP config search timed out after ${MCP_SYSTEM_FIND_TIMEOUT_MS / 1e3}s`
+        );
+        resolve([]);
+      }, MCP_SYSTEM_FIND_TIMEOUT_MS);
+      child.stdout.on("data", (data) => {
+        output += data.toString();
+      });
+      child.stderr.on("data", (data) => {
+        const msg = data.toString();
+        if (!msg.includes("Operation not permitted") && !msg.includes("Permission denied") && !msg.includes("Access is denied")) {
+          errorOutput += msg;
+        }
+      });
+      child.on("error", (err) => {
+        clearTimeout(timer);
+        logWarn("MCP config search failed to start", { err });
+        resolve([]);
+      });
+      child.on("close", (code) => {
+        clearTimeout(timer);
+        if (code === 0 || output.trim().length > 0) {
+          const files = output.split(/\r?\n/).map((f) => f.trim()).filter(Boolean);
+          resolve(files);
+        } else {
+          if (errorOutput.trim().length > 0) {
+            logWarn("MCP config search finished with warnings", { errorOutput });
+          }
+          resolve([]);
+        }
+      });
+    });
+  } catch (err) {
+    logWarn("MCP config search unexpected error", { err });
+    return [];
+  }
+};
+
+// src/mcp/services/McpUsageService/McpUsageService.ts
 var McpUsageService = class {
   constructor(govOrgId) {
     __publicField(this, "configKey", "mcpUsage");
@@ -13709,6 +13854,10 @@ var McpUsageService = class {
       this.REST_API_URL = `${domain}/api/rest/mcp/track`;
     }
   }
+  async performSystemSearchAndTracking() {
+    const additionalMcpList = await findSystemMCPConfigs();
+    await this.trackServerStart(additionalMcpList);
+  }
   startPeriodicTracking() {
     if (!this.hasOrganizationId()) {
       logDebug(
@@ -13717,17 +13866,21 @@ var McpUsageService = class {
       return;
     }
     logDebug(`[UsageService] Starting periodic tracking for mcps`, {});
+    if (this.intervalId) {
+      return;
+    }
+    setTimeout(() => this.performSystemSearchAndTracking(), 0);
     this.intervalId = setInterval(async () => {
       logDebug(`[UsageService] Triggering periodic usage service`, {
         MCP_PERIODIC_TRACK_INTERVAL
       });
-      await this.trackServerStart();
-    }, 1e4);
+      await this.performSystemSearchAndTracking();
+    }, MCP_PERIODIC_TRACK_INTERVAL);
   }
   generateHostId() {
     const stored = configStore.get(this.configKey);
     if (stored?.mcpHostId) return stored.mcpHostId;
-    const interfaces = os4.networkInterfaces();
+    const interfaces = os5.networkInterfaces();
     const macs = [];
     for (const iface of Object.values(interfaces)) {
       if (!iface) continue;
@@ -13735,7 +13888,7 @@ var McpUsageService = class {
         if (net.mac && net.mac !== "00:00:00:00:00:00") macs.push(net.mac);
       }
     }
-    const macString = macs.length ? macs.sort().join(",") : `${os4.hostname()}-${uuidv43()}`;
+    const macString = macs.length ? macs.sort().join(",") : `${os5.hostname()}-${uuidv43()}`;
     const hostId = uuidv5(macString, uuidv5.DNS);
     logDebug("[UsageService] Generated new host ID", { hostId });
     return hostId;
@@ -13752,13 +13905,13 @@ var McpUsageService = class {
   hasOrganizationId() {
     return !!this.govOrgId;
   }
-  createUsageData(mcpHostId, organizationId, status) {
-    const { user, mcps } = getHostInfo();
+  createUsageData(mcpHostId, organizationId, status, additionalMcpList) {
+    const { user, mcps } = getHostInfo(additionalMcpList);
     return {
       mcpHostId,
       organizationId,
       mcpVersion: packageJson.version,
-      mcpOsName: os4.platform(),
+      mcpOsName: os5.platform(),
       mcps: JSON.stringify(mcps),
       status,
       userName: user.name,
@@ -13767,7 +13920,10 @@ var McpUsageService = class {
       // it's used to make sure we track the mcp usage daily
     };
   }
-  async trackUsage(status) {
+  async trackUsage({
+    status,
+    additionalMcpList
+  }) {
     try {
       const hostId = this.generateHostId();
       const organizationId = this.getOrganizationId();
@@ -13777,7 +13933,12 @@ var McpUsageService = class {
         );
         return;
       }
-      const usageData = this.createUsageData(hostId, organizationId, status);
+      const usageData = this.createUsageData(
+        hostId,
+        organizationId,
+        status,
+        additionalMcpList
+      );
       const stored = configStore.get(this.configKey);
       const hasChanges = !stored || Object.keys(usageData).some(
         (key) => usageData[key] !== stored[key]
@@ -13822,11 +13983,11 @@ var McpUsageService = class {
       );
     }
   }
-  async trackServerStart() {
-    await this.trackUsage("ACTIVE");
+  async trackServerStart(additionalMcpList = []) {
+    await this.trackUsage({ status: "ACTIVE", additionalMcpList });
   }
   async trackServerStop() {
-    await this.trackUsage("INACTIVE");
+    await this.trackUsage({ status: "INACTIVE", additionalMcpList: [] });
   }
   reset() {
     if (!this.intervalId) {
@@ -14959,6 +15120,35 @@ ${autoFixSettingsSection}
 
 ${whatHappensNextSection}`;
 };
+var noChangedFilesFoundPrompt = `\u{1F50D} **MOBB SECURITY SCAN: NO CHANGED FILES DETECTED**
+
+## \u{1F4CB} Current Status
+
+No changed files were found in the working directory for security scanning.
+
+## \u{1F914} What This Means
+
+This situation occurs when:
+\u2022 **Clean Working Directory**: All files are committed and there are no uncommitted changes
+\u2022 **Fresh Repository**: The repository has been recently cloned or initialized
+\u2022 **All Changes Committed**: Recent modifications have already been committed to git
+
+If you wish to scan files that were recently changed in your git history call the tool with the following parameters:
+
+\`\`\`json
+{
+  "path": "/path/to/your/repository",
+  "maxFiles": 50,
+  "rescan": true,
+  "scanRecentlyChangedFiles": true
+}
+\`\`\`
+
+
+\u2022 **scanRecentlyChangedFiles**: Set to \`true\` to automatically scan recently modified files from git history
+\u2022 **maxFiles**: Specify the maximum number of files to scan (higher = more comprehensive) (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN})
+\u2022 **rescan**: Set to \`true\` to force a complete fresh analysis
+`;
 
 // src/mcp/services/GetLocalFiles.ts
 init_FileUtils();
@@ -14971,13 +15161,15 @@ var getLocalFiles = async ({
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
-  scanContext
+  scanContext,
+  scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
     path: path17,
     maxFileSize,
     maxFiles,
-    isAllFilesScan
+    isAllFilesScan,
+    scanRecentlyChangedFiles
   });
   try {
     const resolvedRepoPath = await fs12.realpath(path17);
@@ -15015,10 +15207,10 @@ var getLocalFiles = async ({
       try {
         const gitResult = await gitService.getChangedFiles();
         files = gitResult.files;
-        if (files.length === 0 || maxFiles) {
+        if ((files.length === 0 || maxFiles) && (scanRecentlyChangedFiles || maxFiles)) {
           logDebug(
             `[${scanContext}] No changes found or maxFiles specified, getting recently changed files`,
-            { maxFiles }
+            { maxFiles, scanRecentlyChangedFiles }
           );
           const recentResult = await gitService.getRecentlyChangedFiles({
             maxFiles
@@ -17240,10 +17432,12 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
         { path: path17 }
       );
+      const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
         path: path17,
         isAllFilesScan,
-        scanContext
+        scanContext,
+        scanRecentlyChangedFiles: !isBackgroundScan
       });
       const scanStartTime = Date.now();
       logDebug(
@@ -17834,19 +18028,21 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
   async checkForAvailableFixes({
     repoUrl,
     limit = MCP_DEFAULT_LIMIT,
-    offset
+    offset,
+    fileFilter
   }) {
     try {
-      logDebug("Checking for available fixes", { repoUrl, limit });
+      logDebug("Checking for available fixes", { repoUrl, limit, fileFilter });
       const gqlClient = await this.initializeGqlClient();
       logDebug("GQL client initialized");
-      logDebug("querying for latest report", { repoUrl, limit });
+      logDebug("querying for latest report", { repoUrl, limit, fileFilter });
       const effectiveOffset = offset ?? (this.currentOffset || 0);
       logDebug("effectiveOffset", { effectiveOffset });
       const { fixReport, expiredReport } = await gqlClient.getLatestReportByRepoUrl({
         repoUrl,
         limit,
-        offset: effectiveOffset
+        offset: effectiveOffset,
+        fileFilter
       });
       logDebug("received latest report result", { fixReport, expiredReport });
       if (!fixReport) {
@@ -17901,11 +18097,20 @@ Required argument:
 Optional arguments:
 \u2022 offset \u2013 pagination offset (integer).
 \u2022 limit  \u2013 maximum number of fixes to return (integer).
+\u2022 fileFilter \u2013 list of file paths relative to the path parameter to filter fixes by. Only fixes affecting these files will be returned. INCOMPATIBLE with fetchFixesFromAnyFile.
+\u2022 fetchFixesFromAnyFile \u2013 if true, fetches fixes for all files in the repository. If false or not set (default), filters fixes to only those affecting files with changes in git status. INCOMPATIBLE with fileFilter.
 
 The tool will:
 1. Validate that the provided path is secure and exists.
 2. Verify that the directory is a valid Git repository with an "origin" remote.
-3. Query the MOBB service by the origin remote URL and return a textual summary of available fixes (total and by severity) or a message if none are found.
+3. Apply file filtering based on parameters (see below).
+4. Query the MOBB service by the origin remote URL and return a textual summary of available fixes (total and by severity) or a message if none are found.
+
+File Filtering Behavior:
+\u2022 If fetchFixesFromAnyFile is true: Returns fixes for all files (no filtering).
+\u2022 If fileFilter is provided: Returns only fixes affecting the specified files.
+\u2022 If neither is provided (default): Returns only fixes affecting files with changes in git status.
+\u2022 If BOTH are provided: Returns an error (parameters are mutually exclusive).
 
 Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only need a fixes summary and do NOT want to perform scanning or code modifications.`);
     __publicField(this, "hasAuthentication", true);
@@ -17923,6 +18128,17 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         limit: {
           type: "number",
           description: "[Optional] maximum number of results to return"
+        },
+        fileFilter: {
+          type: "array",
+          items: {
+            type: "string"
+          },
+          description: "[Optional] list of file paths relative to the path parameter to filter fixes by. Only fixes affecting these files will be returned. INCOMPATIBLE with fetchFixesFromAnyFile"
+        },
+        fetchFixesFromAnyFile: {
+          type: "boolean",
+          description: "[Optional] if true, fetches fixes for all files in the repository. If false or not set, filters fixes to only those affecting files with changes in git status. INCOMPATIBLE with fileFilter"
         }
       },
       required: ["path"]
@@ -17932,7 +18148,13 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         "Full local path to the cloned git repository to check for available fixes"
       ),
       offset: z35.number().optional().describe("Optional offset for pagination"),
-      limit: z35.number().optional().describe("Optional maximum number of fixes to return")
+      limit: z35.number().optional().describe("Optional maximum number of fixes to return"),
+      fileFilter: z35.array(z35.string()).optional().describe(
+        "Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
+      ),
+      fetchFixesFromAnyFile: z35.boolean().optional().describe(
+        "Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
+      )
     }));
     __publicField(this, "availableFixesService");
     this.availableFixesService = FetchAvailableFixesService.getInstance();
@@ -17959,10 +18181,37 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
     if (!originUrl) {
       throw new Error("No origin URL found for the repository");
     }
+    if (args.fileFilter && args.fetchFixesFromAnyFile) {
+      throw new Error(
+        'Parameters "fileFilter" and "fetchFixesFromAnyFile" are mutually exclusive. Please provide only one of these parameters:\n  - Use "fileFilter" to specify a custom list of files to filter by\n  - Use "fetchFixesFromAnyFile: true" to fetch fixes for all files without filtering\n  - Use neither to automatically filter by files with changes in git status (default behavior)'
+      );
+    }
+    let actualFileFilter;
+    if (args.fetchFixesFromAnyFile === true) {
+      actualFileFilter = void 0;
+      logDebug("Fetching fixes for all files (no filtering)");
+    } else if (args.fileFilter && args.fileFilter.length > 0) {
+      actualFileFilter = args.fileFilter;
+      logDebug("Using provided file filter", { fileFilter: actualFileFilter });
+    } else {
+      logDebug("Getting files from git status for filtering");
+      const gitStatusResult = await gitService.getChangedFiles();
+      if (gitStatusResult.files.length === 0) {
+        logDebug("No changed files found in git status");
+        actualFileFilter = void 0;
+      } else {
+        actualFileFilter = gitStatusResult.files;
+        logDebug("Using files from git status as filter", {
+          fileCount: actualFileFilter.length,
+          files: actualFileFilter
+        });
+      }
+    }
     const fixResult = await this.availableFixesService.checkForAvailableFixes({
       repoUrl: originUrl,
       limit: args.limit,
-      offset: args.offset
+      offset: args.offset,
+      fileFilter: actualFileFilter
     });
     logDebug("FetchAvailableFixesTool execution completed successfully", {
       fixResult
@@ -17998,7 +18247,7 @@ var _McpCheckerService = class _McpCheckerService {
       };
     }
     logInfo("Executing built-in mcp_checker tool");
-    const hostInfo = getHostInfo();
+    const hostInfo = getHostInfo([]);
     const mcpServersInfo = hostInfo.mcps.filter((mcp) => mcp.mcpName !== "unknown").map(
       (mcp) => `- ${mcp.mcpName} (${mcp.ideName} ${mcp.ideVersion}): ${mcp.isRunning ? "\u2705 Running" : "\u274C Not Running"}`
     ).join("\n");
@@ -18255,7 +18504,10 @@ Example payload:
       maxFiles: z37.number().optional().describe(
         `Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
       ),
-      rescan: z37.boolean().optional().describe("Optional whether to rescan the repository")
+      rescan: z37.boolean().optional().describe("Optional whether to rescan the repository"),
+      scanRecentlyChangedFiles: z37.boolean().optional().describe(
+        "Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
+      )
     }));
     __publicField(this, "inputSchema", {
       type: "object",
@@ -18279,6 +18531,10 @@ Example payload:
         rescan: {
           type: "boolean",
           description: "[Optional] whether to rescan the repository"
+        },
+        scanRecentlyChangedFiles: {
+          type: "boolean",
+          description: "[Optional] whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
         }
       },
       required: ["path"]
@@ -18305,7 +18561,8 @@ Example payload:
       path: path17,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
-      scanContext: ScanContext.USER_REQUEST
+      scanContext: ScanContext.USER_REQUEST,
+      scanRecentlyChangedFiles: args.scanRecentlyChangedFiles
     });
     logDebug("Files", { files });
     if (files.length === 0) {
@@ -18313,7 +18570,7 @@ Example payload:
         content: [
           {
             type: "text",
-            text: "No changed files found in the repository. The vulnerability scanner analyzes modified, added, or staged files. Make some changes to your code and try again."
+            text: noChangedFilesFoundPrompt
           }
         ]
       };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.186",
+  "version": "1.0.189",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",