mobbdev 1.0.188 → 1.0.190

package/dist/index.mjs

@@ -32,7 +32,7 @@ var init_env = __esm({
 });
 
 // src/mcp/core/configs.ts
-var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_AUTO_FIX_DEBUG_MODE, MCP_PERIODIC_TRACK_INTERVAL, MCP_DEFAULT_REST_API_URL;
+var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_DEFAULT_MAX_FILES_TO_SCAN, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_AUTO_FIX_DEBUG_MODE, MCP_PERIODIC_TRACK_INTERVAL, MCP_DEFAULT_REST_API_URL, MCP_SYSTEM_FIND_TIMEOUT_MS;
 var init_configs = __esm({
   "src/mcp/core/configs.ts"() {
     "use strict";
@@ -53,6 +53,7 @@ var init_configs = __esm({
     MCP_AUTO_FIX_DEBUG_MODE = true;
     MCP_PERIODIC_TRACK_INTERVAL = 60 * 60 * 1e3;
     MCP_DEFAULT_REST_API_URL = "https://api.mobb.ai/api/rest/mcp/track";
+    MCP_SYSTEM_FIND_TIMEOUT_MS = 15 * 60 * 1e3;
   }
 });
 
@@ -1322,10 +1323,10 @@ import Debug20 from "debug";
 import { hideBin } from "yargs/helpers";
 
 // src/args/commands/convert_to_sarif.ts
-import fs6 from "fs";
+import fs7 from "fs";
 
 // src/commands/convert_to_sarif.ts
-import fs5 from "fs";
+import fs6 from "fs";
 import path5 from "path";
 
 // src/commands/fpr_stream_parser.ts
@@ -9086,6 +9087,7 @@ __export(utils_exports, {
   CliError: () => CliError,
   Spinner: () => Spinner,
   getDirName: () => getDirName,
+  getModuleRootDir: () => getModuleRootDir,
   getTopLevelDirName: () => getTopLevelDirName,
   keypress: () => keypress,
   packageJson: () => packageJson,
@@ -9093,8 +9095,20 @@ __export(utils_exports, {
 });
 
 // src/utils/dirname.ts
+import fs4 from "fs";
 import path3 from "path";
 import { fileURLToPath } from "url";
+function getModuleRootDir() {
+  let manifestDir = getDirName();
+  for (let i = 0; i < 10; i++) {
+    const manifestPath = path3.join(manifestDir, "package.json");
+    if (fs4.existsSync(manifestPath)) {
+      return manifestDir;
+    }
+    manifestDir = path3.join(manifestDir, "..");
+  }
+  throw new Error("Cannot locate package.json file");
+}
 function getDirName() {
   return path3.dirname(fileURLToPath(import.meta.url));
 }
@@ -9162,15 +9176,13 @@ function Spinner({ ci = false } = {}) {
 }
 
 // src/utils/check_node_version.ts
-import fs4 from "fs";
+import fs5 from "fs";
 import path4 from "path";
 import semver from "semver";
 function getPackageJson() {
-  let manifestPath = path4.join(getDirName(), "../package.json");
-  if (!fs4.existsSync(manifestPath)) {
-    manifestPath = path4.join(getDirName(), "../../package.json");
-  }
-  return JSON.parse(fs4.readFileSync(manifestPath, "utf8"));
+  return JSON.parse(
+    fs5.readFileSync(path4.join(getModuleRootDir(), "package.json"), "utf8")
+  );
 }
 var packageJson = getPackageJson();
 if (!semver.satisfies(process.version, packageJson.engines.node)) {
@@ -9236,7 +9248,7 @@ async function convertFprToSarif(inputFilePath, outputFilePath, codePathPatterns
       await auditXmlSaxParser.parse();
     }
     await zipIn.close();
-    const writer = fs5.createWriteStream(outputFilePath);
+    const writer = fs6.createWriteStream(outputFilePath);
     writer.write(`{
   "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
   "version": "2.1.0",
@@ -9342,14 +9354,12 @@ import chalk2 from "chalk";
 
 // src/constants.ts
 import path6 from "path";
-import { fileURLToPath as fileURLToPath2 } from "url";
 import chalk from "chalk";
 import Debug4 from "debug";
 import * as dotenv from "dotenv";
 import { z as z24 } from "zod";
 var debug5 = Debug4("mobbdev:constants");
-var __dirname = path6.dirname(fileURLToPath2(import.meta.url));
-dotenv.config({ path: path6.join(__dirname, "../.env") });
+dotenv.config({ path: path6.join(getModuleRootDir(), ".env") });
 var scmFriendlyText = {
   ["Ado" /* Ado */]: "Azure DevOps",
   ["Bitbucket" /* Bitbucket */]: "Bitbucket",
@@ -9570,7 +9580,7 @@ function convertToSarifBuilder(args) {
   ).help().demandOption(["input-file-path", "input-file-format", "output-file-path"]);
 }
 async function validateConvertToSarifOptions(args) {
-  if (!fs6.existsSync(args.inputFilePath)) {
+  if (!fs7.existsSync(args.inputFilePath)) {
     throw new CliError(
       "\nError: --input-file-path flag should point to an existing file"
     );
@@ -9604,14 +9614,14 @@ import chalk11 from "chalk";
 import yargs from "yargs/yargs";
 
 // src/args/commands/analyze.ts
-import fs9 from "fs";
+import fs10 from "fs";
 
 // src/commands/index.ts
 import crypto from "crypto";
 import os from "os";
 
 // src/features/analysis/index.ts
-import fs8 from "fs";
+import fs9 from "fs";
 import fsPromises2 from "fs/promises";
 import path9 from "path";
 import { env as env2 } from "process";
@@ -10891,7 +10901,7 @@ var GQLClient = class {
 
 // src/features/analysis/pack.ts
 init_configs();
-import fs7 from "fs";
+import fs8 from "fs";
 import path7 from "path";
 import AdmZip from "adm-zip";
 import Debug13 from "debug";
@@ -10968,11 +10978,11 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
         continue;
       }
     }
-    if (fs7.lstatSync(absFilepath).size > MCP_MAX_FILE_SIZE) {
+    if (fs8.lstatSync(absFilepath).size > MCP_MAX_FILE_SIZE) {
       debug14("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
-    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs7.readFileSync(absFilepath);
+    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs8.readFileSync(absFilepath);
     if (isBinary2(null, data)) {
       debug14("ignoring %s because is seems to be a binary file", filepath);
       continue;
@@ -11132,8 +11142,8 @@ import path8 from "path";
 var debug15 = Debug15("mobbdev:checkmarx");
 var require2 = createRequire(import.meta.url);
 var getCheckmarxPath = () => {
-  const os5 = type();
-  const cxFileName = os5 === "Windows_NT" ? "cx.exe" : "cx";
+  const os6 = type();
+  const cxFileName = os6 === "Windows_NT" ? "cx.exe" : "cx";
   try {
     return require2.resolve(`.bin/${cxFileName}`);
   } catch (e) {
@@ -11396,13 +11406,13 @@ async function downloadRepo({
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(`Can't access ${chalk5.bold(repoUrl)}`);
   }
-  const fileWriterStream = fs8.createWriteStream(zipFilePath);
+  const fileWriterStream = fs9.createWriteStream(zipFilePath);
   if (!response.body) {
     throw new Error("Response body is empty");
   }
   await pipeline(response.body, fileWriterStream);
   await extract(zipFilePath, { dir: dirname });
-  const repoRoot = fs8.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
+  const repoRoot = fs9.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
@@ -12331,7 +12341,7 @@ function analyzeBuilder(yargs2) {
   ).help();
 }
 function validateAnalyzeOptions(argv) {
-  if (argv.f && !fs9.existsSync(argv.f)) {
+  if (argv.f && !fs10.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk8.bold(argv.f)}`);
   }
@@ -13223,13 +13233,15 @@ var McpGQLClient = class {
   async getLatestReportByRepoUrl({
     repoUrl,
     limit = MCP_DEFAULT_LIMIT,
-    offset = 0
+    offset = 0,
+    fileFilter
   }) {
     try {
       logDebug("[GraphQL] Calling GetLatestReportByRepoUrl query", {
         repoUrl,
         limit,
-        offset
+        offset,
+        fileFilter
       });
       let currentUserEmail = "%@%";
       try {
@@ -13242,11 +13254,18 @@ var McpGQLClient = class {
           error: err
         });
       }
+      const filters = {};
+      if (fileFilter && fileFilter.length > 0) {
+        filters["vulnerabilityReportIssues"] = {
+          codeNodes: { path: { _in: fileFilter } }
+        };
+      }
       const resp = await this.clientSdk.GetLatestReportByRepoUrl({
         repoUrl,
         limit,
         offset,
-        currentUserEmail
+        currentUserEmail,
+        filters
       });
       logDebug("[GraphQL] GetLatestReportByRepoUrl successful", {
         result: resp,
@@ -13278,7 +13297,8 @@ var McpGQLClient = class {
     limit = MCP_DEFAULT_LIMIT,
     offset = 0,
     issueType,
-    severity
+    severity,
+    fileFilter
   }) {
     const filters = {};
     if (issueType && issueType.length > 0) {
@@ -13287,6 +13307,11 @@ var McpGQLClient = class {
     if (severity && severity.length > 0) {
       filters["severityText"] = { _in: severity };
     }
+    if (fileFilter && fileFilter.length > 0) {
+      filters["vulnerabilityReportIssues"] = {
+        codeNodes: { path: { _in: fileFilter } }
+      };
+    }
     try {
       logDebug("[GraphQL] Calling GetReportFixes query", {
         reportId,
@@ -13294,7 +13319,8 @@ var McpGQLClient = class {
         offset,
         filters,
         issueType,
-        severity
+        severity,
+        fileFilter
       });
       let currentUserEmail = "%@%";
       try {
@@ -13376,7 +13402,7 @@ async function createAuthenticatedMcpGQLClient({
 
 // src/mcp/services/McpUsageService/host.ts
 import { execSync } from "child_process";
-import fs10 from "fs";
+import fs11 from "fs";
 import os3 from "os";
 import path11 from "path";
 var IDEs = ["cursor", "windsurf", "webstorm", "vscode", "claude"];
@@ -13395,15 +13421,15 @@ var getClaudeWorkspacePaths = () => {
   const home = os3.homedir();
   const claudeIdePath = path11.join(home, ".claude", "ide");
   const workspacePaths = [];
-  if (!fs10.existsSync(claudeIdePath)) {
+  if (!fs11.existsSync(claudeIdePath)) {
     return workspacePaths;
   }
   try {
-    const lockFiles = fs10.readdirSync(claudeIdePath).filter((file) => file.endsWith(".lock"));
+    const lockFiles = fs11.readdirSync(claudeIdePath).filter((file) => file.endsWith(".lock"));
     for (const lockFile of lockFiles) {
       const lockFilePath = path11.join(claudeIdePath, lockFile);
       try {
-        const lockContent = JSON.parse(fs10.readFileSync(lockFilePath, "utf8"));
+        const lockContent = JSON.parse(fs11.readFileSync(lockFilePath, "utf8"));
         if (lockContent.workspaceFolders && Array.isArray(lockContent.workspaceFolders)) {
           workspacePaths.push(...lockContent.workspaceFolders);
         }
@@ -13469,38 +13495,42 @@ var getMCPConfigPaths = (hostName) => {
   }
 };
 var readConfigFile = (filePath) => {
-  if (!fs10.existsSync(filePath)) return null;
+  if (!fs11.existsSync(filePath)) return null;
   try {
-    return JSON.parse(fs10.readFileSync(filePath, "utf8"));
+    return JSON.parse(fs11.readFileSync(filePath, "utf8"));
   } catch (error) {
     logWarn(`[UsageService] Failed to read MCP config: ${filePath}`);
     return null;
   }
 };
+var mergeConfigIntoResult = (config4, mergedConfig) => {
+  if (config4?.projects) {
+    const allMcpServers = {};
+    for (const projectPath in config4.projects) {
+      const project = config4.projects[projectPath];
+      if (project?.mcpServers) {
+        Object.assign(allMcpServers, project.mcpServers);
+      }
+    }
+    mergedConfig.mcpServers = { ...mergedConfig.mcpServers, ...allMcpServers };
+  }
+  if (config4?.mcpServers) {
+    mergedConfig.mcpServers = {
+      ...mergedConfig.mcpServers,
+      ...config4.mcpServers
+    };
+  }
+  if (config4?.servers) {
+    mergedConfig.servers = { ...mergedConfig.servers, ...config4.servers };
+  }
+};
 var readMCPConfig = (hostName) => {
   const configPaths = getMCPConfigPaths(hostName);
   const mergedConfig = {};
   for (const configPath of configPaths) {
     const config4 = readConfigFile(configPath);
-    if (hostName === "claude" && config4?.projects) {
-      const allMcpServers = {};
-      for (const projectPath in config4.projects) {
-        const project = config4.projects[projectPath];
-        if (project?.mcpServers) {
-          Object.assign(allMcpServers, project.mcpServers);
-        }
-      }
-      mergedConfig.mcpServers = { ...mergedConfig.mcpServers, ...allMcpServers };
-      continue;
-    }
-    if (config4?.mcpServers) {
-      mergedConfig.mcpServers = {
-        ...mergedConfig.mcpServers,
-        ...config4.mcpServers
-      };
-    }
-    if (config4?.servers) {
-      mergedConfig.servers = { ...mergedConfig.servers, ...config4.servers };
+    if (config4) {
+      mergeConfigIntoResult(config4, mergedConfig);
     }
   }
   return Object.keys(mergedConfig).length > 0 ? mergedConfig : null;
@@ -13610,14 +13640,31 @@ var getProcessInfo = (pid) => {
     return null;
   }
 };
-var getHostInfo = () => {
+var getHostInfo = (additionalMcpList) => {
   const runningProcesses = getRunningProcesses().toLowerCase();
   const results = [];
   const allConfigs = {};
+  const ideConfigPaths = /* @__PURE__ */ new Set();
+  for (const ide of IDEs) {
+    const configPaths = getMCPConfigPaths(ide);
+    configPaths.forEach((path17) => ideConfigPaths.add(path17));
+  }
+  const uniqueAdditionalPaths = additionalMcpList.filter(
+    (path17) => !ideConfigPaths.has(path17)
+  );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
     if (cfg) allConfigs[ide] = cfg;
   }
+  for (const additionalPath of uniqueAdditionalPaths) {
+    const config4 = readConfigFile(additionalPath);
+    if (!config4) continue;
+    const mergedConfig = {};
+    mergeConfigIntoResult(config4, mergedConfig);
+    if (Object.keys(mergedConfig).length > 0) {
+      allConfigs["system"] = mergedConfig;
+    }
+  }
   const servers = [];
   for (const [ide, cfg] of Object.entries(allConfigs)) {
     for (const [name, server] of Object.entries(
@@ -13718,8 +13765,90 @@ var getHostInfo = () => {
 // src/mcp/services/McpUsageService/McpUsageService.ts
 init_configs();
 import fetch5 from "node-fetch";
-import os4 from "os";
+import os5 from "os";
 import { v4 as uuidv43, v5 as uuidv5 } from "uuid";
+
+// src/mcp/services/McpUsageService/system.ts
+init_configs();
+import { spawn } from "child_process";
+import os4 from "os";
+var findSystemMCPConfigs = async () => {
+  try {
+    const platform = os4.platform();
+    let command;
+    let args;
+    if (platform === "win32") {
+      command = "powershell";
+      args = [
+        "-NoProfile",
+        "-Command",
+        "Get-ChildItem -Path $env:USERPROFILE -Recurse -Include *mcp*.json,*claude*.json -ErrorAction SilentlyContinue | ForEach-Object { $_.FullName }"
+      ];
+    } else {
+      const home = os4.homedir();
+      command = "find";
+      args = [
+        home,
+        "-type",
+        "f",
+        "(",
+        "-iname",
+        "*mcp*.json",
+        "-o",
+        "-iname",
+        "*claude*.json",
+        ")"
+      ];
+    }
+    return await new Promise((resolve) => {
+      const child = spawn(command, args, {
+        stdio: ["ignore", "pipe", "pipe"],
+        shell: platform === "win32"
+        // needed for PowerShell
+      });
+      let output = "";
+      let errorOutput = "";
+      const timer = setTimeout(() => {
+        child.kill("SIGTERM");
+        logWarn(
+          `MCP config search timed out after ${MCP_SYSTEM_FIND_TIMEOUT_MS / 1e3}s`
+        );
+        resolve([]);
+      }, MCP_SYSTEM_FIND_TIMEOUT_MS);
+      child.stdout.on("data", (data) => {
+        output += data.toString();
+      });
+      child.stderr.on("data", (data) => {
+        const msg = data.toString();
+        if (!msg.includes("Operation not permitted") && !msg.includes("Permission denied") && !msg.includes("Access is denied")) {
+          errorOutput += msg;
+        }
+      });
+      child.on("error", (err) => {
+        clearTimeout(timer);
+        logWarn("MCP config search failed to start", { err });
+        resolve([]);
+      });
+      child.on("close", (code) => {
+        clearTimeout(timer);
+        if (code === 0 || output.trim().length > 0) {
+          const files = output.split(/\r?\n/).map((f) => f.trim()).filter(Boolean);
+          resolve(files);
+        } else {
+          if (errorOutput.trim().length > 0) {
+            logWarn("MCP config search finished with warnings", { errorOutput });
+          }
+          resolve([]);
+        }
+      });
+    });
+  } catch (err) {
+    logWarn("MCP config search unexpected error", { err });
+    return [];
+  }
+};
+
+// src/mcp/services/McpUsageService/McpUsageService.ts
 var McpUsageService = class {
   constructor(govOrgId) {
     __publicField(this, "configKey", "mcpUsage");
@@ -13734,6 +13863,10 @@ var McpUsageService = class {
       this.REST_API_URL = `${domain}/api/rest/mcp/track`;
     }
   }
+  async performSystemSearchAndTracking() {
+    const additionalMcpList = await findSystemMCPConfigs();
+    await this.trackServerStart(additionalMcpList);
+  }
   startPeriodicTracking() {
     if (!this.hasOrganizationId()) {
       logDebug(
@@ -13742,17 +13875,21 @@ var McpUsageService = class {
       return;
     }
     logDebug(`[UsageService] Starting periodic tracking for mcps`, {});
+    if (this.intervalId) {
+      return;
+    }
+    setTimeout(() => this.performSystemSearchAndTracking(), 0);
     this.intervalId = setInterval(async () => {
       logDebug(`[UsageService] Triggering periodic usage service`, {
         MCP_PERIODIC_TRACK_INTERVAL
       });
-      await this.trackServerStart();
-    }, 1e4);
+      await this.performSystemSearchAndTracking();
+    }, MCP_PERIODIC_TRACK_INTERVAL);
   }
   generateHostId() {
     const stored = configStore.get(this.configKey);
     if (stored?.mcpHostId) return stored.mcpHostId;
-    const interfaces = os4.networkInterfaces();
+    const interfaces = os5.networkInterfaces();
     const macs = [];
     for (const iface of Object.values(interfaces)) {
       if (!iface) continue;
@@ -13760,7 +13897,7 @@ var McpUsageService = class {
         if (net.mac && net.mac !== "00:00:00:00:00:00") macs.push(net.mac);
       }
     }
-    const macString = macs.length ? macs.sort().join(",") : `${os4.hostname()}-${uuidv43()}`;
+    const macString = macs.length ? macs.sort().join(",") : `${os5.hostname()}-${uuidv43()}`;
     const hostId = uuidv5(macString, uuidv5.DNS);
     logDebug("[UsageService] Generated new host ID", { hostId });
     return hostId;
@@ -13777,13 +13914,13 @@ var McpUsageService = class {
   hasOrganizationId() {
     return !!this.govOrgId;
   }
-  createUsageData(mcpHostId, organizationId, status) {
-    const { user, mcps } = getHostInfo();
+  createUsageData(mcpHostId, organizationId, status, additionalMcpList) {
+    const { user, mcps } = getHostInfo(additionalMcpList);
     return {
       mcpHostId,
       organizationId,
       mcpVersion: packageJson.version,
-      mcpOsName: os4.platform(),
+      mcpOsName: os5.platform(),
       mcps: JSON.stringify(mcps),
       status,
       userName: user.name,
@@ -13792,7 +13929,10 @@ var McpUsageService = class {
       // it's used to make sure we track the mcp usage daily
     };
   }
-  async trackUsage(status) {
+  async trackUsage({
+    status,
+    additionalMcpList
+  }) {
     try {
       const hostId = this.generateHostId();
       const organizationId = this.getOrganizationId();
@@ -13802,7 +13942,12 @@ var McpUsageService = class {
         );
         return;
       }
-      const usageData = this.createUsageData(hostId, organizationId, status);
+      const usageData = this.createUsageData(
+        hostId,
+        organizationId,
+        status,
+        additionalMcpList
+      );
       const stored = configStore.get(this.configKey);
       const hasChanges = !stored || Object.keys(usageData).some(
         (key) => usageData[key] !== stored[key]
@@ -13847,11 +13992,11 @@ var McpUsageService = class {
       );
     }
   }
-  async trackServerStart() {
-    await this.trackUsage("ACTIVE");
+  async trackServerStart(additionalMcpList = []) {
+    await this.trackUsage({ status: "ACTIVE", additionalMcpList });
   }
   async trackServerStop() {
-    await this.trackUsage("INACTIVE");
+    await this.trackUsage({ status: "INACTIVE", additionalMcpList: [] });
   }
   reset() {
     if (!this.intervalId) {
@@ -14336,7 +14481,7 @@ var McpServer = class {
 import { z as z34 } from "zod";
 
 // src/mcp/services/PathValidation.ts
-import fs11 from "fs";
+import fs12 from "fs";
 import path12 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
@@ -14396,7 +14541,7 @@ async function validatePath(inputPath) {
   logDebug("Path validation successful", { inputPath });
   logDebug("Checking path existence", { inputPath });
   try {
-    await fs11.promises.access(inputPath);
+    await fs12.promises.access(inputPath);
     logDebug("Path exists and is accessible", { inputPath });
     WorkspaceService.setKnownWorkspacePath(inputPath);
     logDebug("Stored validated path in WorkspaceService", { inputPath });
@@ -14984,28 +15129,59 @@ ${autoFixSettingsSection}
 
 ${whatHappensNextSection}`;
 };
+var noChangedFilesFoundPrompt = `\u{1F50D} **MOBB SECURITY SCAN: NO CHANGED FILES DETECTED**
+
+## \u{1F4CB} Current Status
+
+No changed files were found in the working directory for security scanning.
+
+## \u{1F914} What This Means
+
+This situation occurs when:
+\u2022 **Clean Working Directory**: All files are committed and there are no uncommitted changes
+\u2022 **Fresh Repository**: The repository has been recently cloned or initialized
+\u2022 **All Changes Committed**: Recent modifications have already been committed to git
+
+If you wish to scan files that were recently changed in your git history call the tool with the following parameters:
+
+\`\`\`json
+{
+  "path": "/path/to/your/repository",
+  "maxFiles": 50,
+  "rescan": true,
+  "scanRecentlyChangedFiles": true
+}
+\`\`\`
+
+
+\u2022 **scanRecentlyChangedFiles**: Set to \`true\` to automatically scan recently modified files from git history
+\u2022 **maxFiles**: Specify the maximum number of files to scan (higher = more comprehensive) (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN})
+\u2022 **rescan**: Set to \`true\` to force a complete fresh analysis
+`;
 
 // src/mcp/services/GetLocalFiles.ts
 init_FileUtils();
 init_GitService();
 init_configs();
-import fs12 from "fs/promises";
+import fs13 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
   path: path17,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
-  scanContext
+  scanContext,
+  scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
     path: path17,
     maxFileSize,
     maxFiles,
-    isAllFilesScan
+    isAllFilesScan,
+    scanRecentlyChangedFiles
   });
   try {
-    const resolvedRepoPath = await fs12.realpath(path17);
+    const resolvedRepoPath = await fs13.realpath(path17);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
       originalPath: path17
@@ -15040,10 +15216,10 @@ var getLocalFiles = async ({
       try {
         const gitResult = await gitService.getChangedFiles();
         files = gitResult.files;
-        if (files.length === 0 || maxFiles) {
+        if ((files.length === 0 || maxFiles) && (scanRecentlyChangedFiles || maxFiles)) {
           logDebug(
             `[${scanContext}] No changes found or maxFiles specified, getting recently changed files`,
-            { maxFiles }
+            { maxFiles, scanRecentlyChangedFiles }
           );
           const recentResult = await gitService.getRecentlyChangedFiles({
             maxFiles
@@ -15085,7 +15261,7 @@ var getLocalFiles = async ({
           absoluteFilePath
         );
         try {
-          const fileStat = await fs12.stat(absoluteFilePath);
+          const fileStat = await fs13.stat(absoluteFilePath);
           return {
             filename: nodePath.basename(absoluteFilePath),
             relativePath,
@@ -15120,7 +15296,7 @@ var getLocalFiles = async ({
 };
 
 // src/mcp/services/LocalMobbFolderService.ts
-import fs13 from "fs";
+import fs14 from "fs";
 import path13 from "path";
 import { z as z33 } from "zod";
 init_GitService();
@@ -15212,15 +15388,15 @@ var LocalMobbFolderService = class {
         this.repoPath,
         this.defaultMobbFolderName
       );
-      if (!fs13.existsSync(mobbFolderPath)) {
+      if (!fs14.existsSync(mobbFolderPath)) {
         logInfo("[LocalMobbFolderService] Creating .mobb folder", {
           mobbFolderPath
         });
-        fs13.mkdirSync(mobbFolderPath, { recursive: true });
+        fs14.mkdirSync(mobbFolderPath, { recursive: true });
       } else {
         logDebug("[LocalMobbFolderService] .mobb folder already exists");
       }
-      const stats = fs13.statSync(mobbFolderPath);
+      const stats = fs14.statSync(mobbFolderPath);
       if (!stats.isDirectory()) {
         throw new Error(`Path exists but is not a directory: ${mobbFolderPath}`);
       }
@@ -15261,13 +15437,13 @@ var LocalMobbFolderService = class {
       logDebug("[LocalMobbFolderService] Git repository validated successfully");
     } else {
       try {
-        const stats = fs13.statSync(this.repoPath);
+        const stats = fs14.statSync(this.repoPath);
         if (!stats.isDirectory()) {
           throw new Error(
             `Path exists but is not a directory: ${this.repoPath}`
           );
         }
-        fs13.accessSync(this.repoPath, fs13.constants.R_OK | fs13.constants.W_OK);
+        fs14.accessSync(this.repoPath, fs14.constants.R_OK | fs14.constants.W_OK);
         logDebug(
           "[LocalMobbFolderService] Non-git directory validated successfully"
         );
@@ -15381,7 +15557,7 @@ var LocalMobbFolderService = class {
         baseFileName
       );
       const filePath = path13.join(mobbFolderPath, uniqueFileName);
-      await fs13.promises.writeFile(filePath, patch, "utf8");
+      await fs14.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
         fileName: uniqueFileName,
@@ -15442,7 +15618,7 @@ var LocalMobbFolderService = class {
     const extension = path13.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs13.existsSync(path13.join(folderPath, uniqueFileName))) {
+    while (fs14.existsSync(path13.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -15476,15 +15652,15 @@ var LocalMobbFolderService = class {
       const patchInfoPath = path13.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
-      if (fs13.existsSync(patchInfoPath)) {
-        existingContent = await fs13.promises.readFile(patchInfoPath, "utf8");
+      if (fs14.existsSync(patchInfoPath)) {
+        existingContent = await fs14.promises.readFile(patchInfoPath, "utf8");
         logDebug("[LocalMobbFolderService] Existing patchInfo.md found");
       } else {
         logDebug("[LocalMobbFolderService] Creating new patchInfo.md file");
       }
       const separator = existingContent ? "\n\n================================================================================\n\n" : "";
       const updatedContent = `${markdownContent}${separator}${existingContent}`;
-      await fs13.promises.writeFile(patchInfoPath, updatedContent, "utf8");
+      await fs14.promises.writeFile(patchInfoPath, updatedContent, "utf8");
       logInfo("[LocalMobbFolderService] Patch info logged successfully", {
         patchInfoPath,
         fixId: fix.id,
@@ -15857,7 +16033,7 @@ import {
   unlinkSync,
   writeFileSync
 } from "fs";
-import fs14 from "fs/promises";
+import fs15 from "fs/promises";
 import parseDiff2 from "parse-diff";
 import path14 from "path";
 var PatchApplicationService = class {
@@ -16355,7 +16531,7 @@ var PatchApplicationService = class {
       try {
         const absolutePath = path14.resolve(repositoryPath, targetFile);
         if (existsSync2(absolutePath)) {
-          const stats = await fs14.stat(absolutePath);
+          const stats = await fs15.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
           if (fileModTime > scanStartTime) {
             logError(
@@ -16396,7 +16572,7 @@ var PatchApplicationService = class {
     const appliedFixes = [];
     const failedFixes = [];
     const skippedFixes = [];
-    const resolvedRepoPath = await fs14.realpath(repositoryPath);
+    const resolvedRepoPath = await fs15.realpath(repositoryPath);
     logInfo(
       `[${scanContext}] Starting patch application for ${fixes.length} fixes`,
       {
@@ -16825,7 +17001,7 @@ init_configs();
 
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
-import fs15 from "fs";
+import fs16 from "fs";
 import path15 from "path";
 import AdmZip2 from "adm-zip";
 var FileOperations = class {
@@ -16908,7 +17084,7 @@ var FileOperations = class {
         continue;
       }
       try {
-        await fs15.promises.access(absoluteFilepath, fs15.constants.R_OK);
+        await fs16.promises.access(absoluteFilepath, fs16.constants.R_OK);
         validatedPaths.push(filepath);
       } catch (error) {
         logDebug(
@@ -16927,7 +17103,7 @@ var FileOperations = class {
     const fileDataArray = [];
     for (const absolutePath of filePaths) {
       try {
-        const content = await fs15.promises.readFile(absolutePath);
+        const content = await fs16.promises.readFile(absolutePath);
         const relativePath = path15.basename(absolutePath);
         fileDataArray.push({
           relativePath,
@@ -16953,7 +17129,7 @@ var FileOperations = class {
     relativeFilepath
   }) {
     try {
-      return await fs15.promises.readFile(absoluteFilepath);
+      return await fs16.promises.readFile(absoluteFilepath);
     } catch (fsError) {
       logError(
         `[FileOperations] Failed to read ${relativeFilepath} from filesystem: ${fsError}`
@@ -17265,10 +17441,12 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
         { path: path17 }
       );
+      const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
         path: path17,
         isAllFilesScan,
-        scanContext
+        scanContext,
+        scanRecentlyChangedFiles: !isBackgroundScan
       });
       const scanStartTime = Date.now();
       logDebug(
@@ -17859,19 +18037,21 @@ var _FetchAvailableFixesService = class _FetchAvailableFixesService {
   async checkForAvailableFixes({
     repoUrl,
     limit = MCP_DEFAULT_LIMIT,
-    offset
+    offset,
+    fileFilter
   }) {
     try {
-      logDebug("Checking for available fixes", { repoUrl, limit });
+      logDebug("Checking for available fixes", { repoUrl, limit, fileFilter });
       const gqlClient = await this.initializeGqlClient();
       logDebug("GQL client initialized");
-      logDebug("querying for latest report", { repoUrl, limit });
+      logDebug("querying for latest report", { repoUrl, limit, fileFilter });
       const effectiveOffset = offset ?? (this.currentOffset || 0);
       logDebug("effectiveOffset", { effectiveOffset });
       const { fixReport, expiredReport } = await gqlClient.getLatestReportByRepoUrl({
         repoUrl,
         limit,
-        offset: effectiveOffset
+        offset: effectiveOffset,
+        fileFilter
       });
       logDebug("received latest report result", { fixReport, expiredReport });
       if (!fixReport) {
@@ -17926,11 +18106,20 @@ Required argument:
 Optional arguments:
 \u2022 offset \u2013 pagination offset (integer).
 \u2022 limit  \u2013 maximum number of fixes to return (integer).
+\u2022 fileFilter \u2013 list of file paths relative to the path parameter to filter fixes by. Only fixes affecting these files will be returned. INCOMPATIBLE with fetchFixesFromAnyFile.
+\u2022 fetchFixesFromAnyFile \u2013 if true, fetches fixes for all files in the repository. If false or not set (default), filters fixes to only those affecting files with changes in git status. INCOMPATIBLE with fileFilter.
 
 The tool will:
 1. Validate that the provided path is secure and exists.
 2. Verify that the directory is a valid Git repository with an "origin" remote.
-3. Query the MOBB service by the origin remote URL and return a textual summary of available fixes (total and by severity) or a message if none are found.
+3. Apply file filtering based on parameters (see below).
+4. Query the MOBB service by the origin remote URL and return a textual summary of available fixes (total and by severity) or a message if none are found.
+
+File Filtering Behavior:
+\u2022 If fetchFixesFromAnyFile is true: Returns fixes for all files (no filtering).
+\u2022 If fileFilter is provided: Returns only fixes affecting the specified files.
+\u2022 If neither is provided (default): Returns only fixes affecting files with changes in git status.
+\u2022 If BOTH are provided: Returns an error (parameters are mutually exclusive).
 
 Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only need a fixes summary and do NOT want to perform scanning or code modifications.`);
     __publicField(this, "hasAuthentication", true);
@@ -17948,6 +18137,17 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         limit: {
           type: "number",
           description: "[Optional] maximum number of results to return"
+        },
+        fileFilter: {
+          type: "array",
+          items: {
+            type: "string"
+          },
+          description: "[Optional] list of file paths relative to the path parameter to filter fixes by. Only fixes affecting these files will be returned. INCOMPATIBLE with fetchFixesFromAnyFile"
+        },
+        fetchFixesFromAnyFile: {
+          type: "boolean",
+          description: "[Optional] if true, fetches fixes for all files in the repository. If false or not set, filters fixes to only those affecting files with changes in git status. INCOMPATIBLE with fileFilter"
         }
       },
       required: ["path"]
@@ -17957,7 +18157,13 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         "Full local path to the cloned git repository to check for available fixes"
       ),
       offset: z35.number().optional().describe("Optional offset for pagination"),
-      limit: z35.number().optional().describe("Optional maximum number of fixes to return")
+      limit: z35.number().optional().describe("Optional maximum number of fixes to return"),
+      fileFilter: z35.array(z35.string()).optional().describe(
+        "Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
+      ),
+      fetchFixesFromAnyFile: z35.boolean().optional().describe(
+        "Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
+      )
     }));
     __publicField(this, "availableFixesService");
     this.availableFixesService = FetchAvailableFixesService.getInstance();
@@ -17984,10 +18190,37 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
     if (!originUrl) {
       throw new Error("No origin URL found for the repository");
     }
+    if (args.fileFilter && args.fetchFixesFromAnyFile) {
+      throw new Error(
+        'Parameters "fileFilter" and "fetchFixesFromAnyFile" are mutually exclusive. Please provide only one of these parameters:\n  - Use "fileFilter" to specify a custom list of files to filter by\n  - Use "fetchFixesFromAnyFile: true" to fetch fixes for all files without filtering\n  - Use neither to automatically filter by files with changes in git status (default behavior)'
+      );
+    }
+    let actualFileFilter;
+    if (args.fetchFixesFromAnyFile === true) {
+      actualFileFilter = void 0;
+      logDebug("Fetching fixes for all files (no filtering)");
+    } else if (args.fileFilter && args.fileFilter.length > 0) {
+      actualFileFilter = args.fileFilter;
+      logDebug("Using provided file filter", { fileFilter: actualFileFilter });
+    } else {
+      logDebug("Getting files from git status for filtering");
+      const gitStatusResult = await gitService.getChangedFiles();
+      if (gitStatusResult.files.length === 0) {
+        logDebug("No changed files found in git status");
+        actualFileFilter = void 0;
+      } else {
+        actualFileFilter = gitStatusResult.files;
+        logDebug("Using files from git status as filter", {
+          fileCount: actualFileFilter.length,
+          files: actualFileFilter
+        });
+      }
+    }
     const fixResult = await this.availableFixesService.checkForAvailableFixes({
       repoUrl: originUrl,
       limit: args.limit,
-      offset: args.offset
+      offset: args.offset,
+      fileFilter: actualFileFilter
     });
     logDebug("FetchAvailableFixesTool execution completed successfully", {
       fixResult
@@ -18023,7 +18256,7 @@ var _McpCheckerService = class _McpCheckerService {
       };
     }
     logInfo("Executing built-in mcp_checker tool");
-    const hostInfo = getHostInfo();
+    const hostInfo = getHostInfo([]);
     const mcpServersInfo = hostInfo.mcps.filter((mcp) => mcp.mcpName !== "unknown").map(
       (mcp) => `- ${mcp.mcpName} (${mcp.ideName} ${mcp.ideVersion}): ${mcp.isRunning ? "\u2705 Running" : "\u274C Not Running"}`
     ).join("\n");
@@ -18280,7 +18513,10 @@ Example payload:
       maxFiles: z37.number().optional().describe(
         `Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
       ),
-      rescan: z37.boolean().optional().describe("Optional whether to rescan the repository")
+      rescan: z37.boolean().optional().describe("Optional whether to rescan the repository"),
+      scanRecentlyChangedFiles: z37.boolean().optional().describe(
+        "Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
+      )
     }));
     __publicField(this, "inputSchema", {
       type: "object",
@@ -18304,6 +18540,10 @@ Example payload:
         rescan: {
           type: "boolean",
           description: "[Optional] whether to rescan the repository"
+        },
+        scanRecentlyChangedFiles: {
+          type: "boolean",
+          description: "[Optional] whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
         }
       },
       required: ["path"]
@@ -18330,7 +18570,8 @@ Example payload:
       path: path17,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
-      scanContext: ScanContext.USER_REQUEST
+      scanContext: ScanContext.USER_REQUEST,
+      scanRecentlyChangedFiles: args.scanRecentlyChangedFiles
     });
     logDebug("Files", { files });
     if (files.length === 0) {
@@ -18338,7 +18579,7 @@ Example payload:
         content: [
           {
             type: "text",
-            text: "No changed files found in the repository. The vulnerability scanner analyzes modified, added, or staged files. Make some changes to your code and try again."
+            text: noChangedFilesFoundPrompt
           }
         ]
       };
@@ -18437,7 +18678,7 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs16 from "fs";
+import fs17 from "fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -18474,7 +18715,7 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs16.existsSync(argv.f)) {
+  if (!fs17.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }
@@ -18547,7 +18788,7 @@ async function addScmTokenHandler(args) {
 }
 
 // src/args/commands/upload_ai_blame.ts
-import fs17 from "fs/promises";
+import fs18 from "fs/promises";
 import path16 from "path";
 import chalk10 from "chalk";
 function uploadAiBlameBuilder(args) {
@@ -18597,7 +18838,7 @@ async function uploadAiBlameHandler(args) {
     const promptPath = String(prompts[i]);
     const inferencePath = String(inferences[i]);
     try {
-      await Promise.all([fs17.access(promptPath), fs17.access(inferencePath)]);
+      await Promise.all([fs18.access(promptPath), fs18.access(inferencePath)]);
     } catch {
       console.error(chalk10.red(`File not found for session ${i + 1}`));
       process.exit(1);