mobbdev 1.0.207 → 1.0.208

package/dist/index.mjs

@@ -9953,13 +9953,8 @@ import fs10 from "fs";
 import chalk8 from "chalk";
 
 // src/commands/index.ts
-import crypto from "crypto";
-import os from "os";
-import chalk6 from "chalk";
 import chalkAnimation from "chalk-animation";
-import Configstore2 from "configstore";
-import Debug19 from "debug";
-import open3 from "open";
+import Configstore3 from "configstore";
 
 // src/features/analysis/index.ts
 import fs9 from "fs";
@@ -9967,16 +9962,32 @@ import fsPromises2 from "fs/promises";
 import path9 from "path";
 import { env as env2 } from "process";
 import { pipeline } from "stream/promises";
-import chalk5 from "chalk";
-import Configstore from "configstore";
-import Debug18 from "debug";
+import chalk6 from "chalk";
+import Configstore2 from "configstore";
+import Debug19 from "debug";
 import extract from "extract-zip";
 import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
-import open2 from "open";
+import open3 from "open";
 import tmp2 from "tmp";
 import { z as z29 } from "zod";
 
+// src/commands/handleMobbLogin.ts
+import crypto from "crypto";
+import os from "os";
+import chalk3 from "chalk";
+import Configstore from "configstore";
+import Debug7 from "debug";
+import open from "open";
+
+// src/features/analysis/graphql/gql.ts
+import fetchOrig from "cross-fetch";
+import Debug6 from "debug";
+import { GraphQLClient } from "graphql-request";
+import { HttpProxyAgent } from "http-proxy-agent";
+import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
+import { v4 as uuidv4 } from "uuid";
+
 // src/mcp/core/Errors.ts
 var ApiConnectionError = class extends Error {
   constructor(message = "Failed to connect to the API") {
@@ -10049,1218 +10060,1313 @@ var _ReportDigestError = class _ReportDigestError extends Error {
 __publicField(_ReportDigestError, "defaultMessage", "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format.");
 var ReportDigestError = _ReportDigestError;
 
-// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-import Debug8 from "debug";
-
-// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
-import Debug7 from "debug";
-import parseDiff from "parse-diff";
-import { z as z26 } from "zod";
-
-// src/features/analysis/utils/by_key.ts
-function keyBy(array, keyBy2) {
-  return array.reduce((acc, item) => {
-    return { ...acc, [item[keyBy2]]: item };
-  }, {});
-}
-
-// src/features/analysis/utils/send_report.ts
+// src/features/analysis/graphql/subscribe.ts
 import Debug5 from "debug";
-var debug6 = Debug5("mobbdev:index");
-async function sendReport({
-  spinner,
-  submitVulnerabilityReportVariables,
-  gqlClient
-}) {
-  try {
-    const submitRes = await gqlClient.submitVulnerabilityReport(
-      submitVulnerabilityReportVariables
-    );
-    if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
-      debug6("error submit vul report %s", submitRes);
-      throw new Error("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
+import { createClient } from "graphql-ws";
+import { HttpsProxyAgent } from "https-proxy-agent";
+import WebSocket from "ws";
+var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
+var debug6 = Debug5("mobbdev:subscribe");
+var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
+function createWSClient(options) {
+  const proxy = options.url.startsWith("wss://") && process.env["HTTPS_PROXY"] ? new HttpsProxyAgent(process.env["HTTPS_PROXY"]) : options.url.startsWith("ws://") && process.env["HTTP_PROXY"] ? new HttpsProxyAgent(process.env["HTTP_PROXY"]) : null;
+  debug6(
+    `Using proxy: ${proxy ? "yes" : "no"} with url: ${options.url} and with proxy: ${process.env["HTTP_PROXY"]} for the websocket connection`
+  );
+  const CustomWebSocket = class extends WebSocket {
+    constructor(address, protocols) {
+      super(
+        address,
+        protocols,
+        proxy ? { agent: proxy } : void 0
+      );
     }
-    spinner.update({ text: progressMassages.processingVulnerabilityReport });
-    await gqlClient.subscribeToAnalysis({
-      subscribeToAnalysisParams: {
-        analysisId: submitRes.submitVulnerabilityReport.fixReportId
-      },
-      callback: () => spinner.update({
-        text: "\u2699\uFE0F Vulnerability report processed successfully"
-      }),
-      callbackStates: [
-        "Digested" /* Digested */,
-        "Finished" /* Finished */
-      ],
-      timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+  };
+  return createClient({
+    //this is needed to prevent AWS from killing the connection
+    //currently our load balancer has a 29s idle timeout
+    keepAlive: 1e4,
+    url: options.url,
+    webSocketImpl: proxy ? CustomWebSocket : options.websocket || WebSocket,
+    connectionParams: () => {
+      return {
+        headers: options.type === "apiKey" ? {
+          [API_KEY_HEADER_NAME]: options.apiKey
+        } : { authorization: `Bearer ${options.token}` }
+      };
+    }
+  });
+}
+function subscribe(query, variables, callback, wsClientOptions) {
+  return new Promise((resolve, reject) => {
+    let timer = null;
+    const { timeoutInMs = SUBSCRIPTION_TIMEOUT_MS } = wsClientOptions;
+    const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL;
+    const client = createWSClient({
+      ...wsClientOptions,
+      websocket: WebSocket,
+      url: API_URL2.replace("http", "ws")
     });
-    return submitRes;
-  } catch (e) {
-    spinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
-    throw e;
-  }
+    const unsubscribe = client.subscribe(
+      { query, variables },
+      {
+        next: (data) => {
+          function callbackResolve(data2) {
+            unsubscribe();
+            if (timer) {
+              clearTimeout(timer);
+            }
+            resolve(data2);
+          }
+          function callbackReject(data2) {
+            unsubscribe();
+            if (timer) {
+              clearTimeout(timer);
+            }
+            reject(data2);
+          }
+          if (!data.data) {
+            reject(
+              new Error(
+                `Broken data object from graphQL subscribe: ${JSON.stringify(
+                  data
+                )} for query: ${query}`
+              )
+            );
+          } else {
+            callback(callbackResolve, callbackReject, data.data);
+          }
+        },
+        error: (error) => {
+          if (timer) {
+            clearTimeout(timer);
+          }
+          reject(error);
+        },
+        complete: () => {
+          return;
+        }
+      }
+    );
+    if (typeof timeoutInMs === "number") {
+      timer = setTimeout(() => {
+        unsubscribe();
+        reject(
+          new Error(
+            `Timeout expired for graphQL subscribe query: ${query} with timeout: ${timeoutInMs}`
+          )
+        );
+      }, timeoutInMs);
+    }
+  });
 }
 
-// src/features/analysis/utils/index.ts
-function getFromArraySafe(array) {
-  return array.reduce((acc, nullableItem) => {
-    if (nullableItem) {
-      acc.push(nullableItem);
+// src/features/analysis/graphql/types.ts
+import { z as z25 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z25.object({
+  vulnerabilityReportIssueId: z25.string(),
+  path: z25.string(),
+  startLine: z25.number(),
+  vulnerabilityReportIssue: z25.object({
+    fixId: z25.string(),
+    category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
+    safeIssueType: z25.string(),
+    vulnerabilityReportIssueTags: z25.array(
+      z25.object({
+        tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+      })
+    )
+  })
+});
+var VulnerabilityReportIssueNoFixCodeNodeZ = z25.object({
+  vulnerabilityReportIssues: z25.array(
+    z25.object({
+      id: z25.string(),
+      fixId: z25.string().nullable(),
+      category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
+      safeIssueType: z25.string(),
+      fpId: z25.string().uuid().nullable(),
+      codeNodes: z25.array(
+        z25.object({
+          path: z25.string(),
+          startLine: z25.number()
+        })
+      ),
+      vulnerabilityReportIssueTags: z25.array(
+        z25.object({
+          tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+        })
+      )
+    })
+  )
+});
+var GetVulByNodesMetadataZ = z25.object({
+  vulnerabilityReportIssueCodeNodes: z25.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z25.object({
+    aggregate: z25.object({
+      count: z25.number()
+    })
+  }),
+  fixablePrVuls: z25.object({
+    aggregate: z25.object({
+      count: z25.number()
+    })
+  }),
+  totalScanVulnerabilities: z25.object({
+    aggregate: z25.object({
+      count: z25.number()
+    })
+  }),
+  irrelevantVulnerabilityReportIssue: z25.array(
+    VulnerabilityReportIssueNoFixCodeNodeZ
+  )
+});
+
+// src/features/analysis/graphql/gql.ts
+var debug7 = Debug6("mobbdev:gql");
+var API_KEY_HEADER_NAME = "x-mobb-key";
+var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
+function getProxyAgent(url) {
+  try {
+    const parsedUrl = new URL(url);
+    const isHttp = parsedUrl.protocol === "http:";
+    const isHttps = parsedUrl.protocol === "https:";
+    const proxy = isHttps ? HTTPS_PROXY : isHttp ? HTTP_PROXY : null;
+    if (proxy) {
+      debug7("Using proxy %s", proxy);
+      debug7("Proxy agent %o", proxy);
+      return isHttps ? new HttpsProxyAgent2(proxy) : new HttpProxyAgent(proxy);
     }
-    return acc;
-  }, []);
+  } catch (err) {
+    debug7(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return void 0;
 }
-
-// src/features/analysis/add_fix_comments_for_pr/constants.ts
-var contactUsMarkdown = `For specific requests [contact us](https://content.mobb.ai/contact) and we'll do the most to answer your need quickly.`;
-var MobbIconMarkdown = `![image](${MOBB_ICON_IMG})`;
-var noVulnerabilitiesFoundTitle = `# ${MobbIconMarkdown} No security issues were found \u2705`;
-var COMMIT_FIX_SVG = `https://app.mobb.ai/gh-action/commit-button.svg`;
-var scannerToFriendlyString = {
-  checkmarx: "Checkmarx",
-  codeql: "CodeQL",
-  fortify: "Fortify",
-  snyk: "Snyk",
-  sonarqube: "Sonarqube",
-  semgrep: "Semgrep",
-  datadog: "Datadog"
+var fetchWithProxy = (url, options = {}) => {
+  try {
+    const agent = getProxyAgent(url.toString());
+    if (agent) {
+      return fetchOrig(url, {
+        ...options,
+        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
+        agent
+      });
+    }
+  } catch (err) {
+    debug7(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return fetchOrig(url, options);
 };
-
-// src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
-import Debug6 from "debug";
-import { z as z25 } from "zod";
-var debug7 = Debug6("mobbdev:handle-finished-analysis");
-var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
-function buildFixCommentBody({
-  fix,
-  issueId,
-  commentId,
-  commentUrl,
-  scanner,
-  fixId,
-  projectId,
-  analysisId,
-  organizationId,
-  patch,
-  irrelevantIssueWithTags
-}) {
-  const isIrrelevantIssueWithTags = irrelevantIssueWithTags?.[0]?.tag;
-  const commitUrl = isIrrelevantIssueWithTags ? getCommitIssueUrl({
-    appBaseUrl: WEB_APP_URL,
-    issueId,
-    projectId,
-    analysisId,
-    organizationId,
-    redirectUrl: commentUrl,
-    commentId
-  }) : getCommitUrl({
-    appBaseUrl: WEB_APP_URL,
-    fixId,
-    projectId,
-    analysisId,
-    organizationId,
-    redirectUrl: commentUrl,
-    commentId
-  });
-  const fixUrl = isIrrelevantIssueWithTags ? getIssueUrlWithRedirect({
-    appBaseUrl: WEB_APP_URL,
-    issueId,
-    projectId,
-    analysisId,
-    organizationId,
-    redirectUrl: commentUrl,
-    commentId
-  }) : getFixUrlWithRedirect({
-    appBaseUrl: WEB_APP_URL,
-    fixId,
-    projectId,
-    analysisId,
-    organizationId,
-    redirectUrl: commentUrl,
-    commentId
-  });
-  const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
-  const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
-  const validFixParseRes = z25.object({
-    patchAndQuestions: PatchAndQuestionsZ,
-    safeIssueLanguage: z25.nativeEnum(IssueLanguage_Enum),
-    severityText: z25.nativeEnum(Vulnerability_Severity_Enum),
-    safeIssueType: z25.nativeEnum(IssueType_Enum)
-  }).safeParse(fix);
-  if (!validFixParseRes.success) {
-    debug7(
-      `fix ${fixId} has custom issue type or language, therefore the commit description will not be added`,
-      validFixParseRes.error
-    );
+var GQLClient = class {
+  constructor(args) {
+    __publicField(this, "_client");
+    __publicField(this, "_clientSdk");
+    __publicField(this, "_auth");
+    debug7(`init with  ${args}`);
+    this._auth = args;
+    this._client = new GraphQLClient(API_URL, {
+      headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
+        Authorization: `Bearer ${args.token}`
+      },
+      fetch: fetchWithProxy,
+      requestMiddleware: (request) => {
+        const requestId = uuidv4();
+        debug7(
+          `sending API request with id: ${requestId} and with request: ${request.body}`
+        );
+        return {
+          ...request,
+          headers: {
+            ...request.headers,
+            "x-hasura-request-id": requestId
+          }
+        };
+      }
+    });
+    this._clientSdk = getSdk(this._client);
   }
-  const subTitle = validFixParseRes.success ? getCommitDescription({
-    issueType: validFixParseRes.data.safeIssueType,
-    vendor: scannerToVulnerabilityReportVendorEnum[scanner],
-    severity: validFixParseRes.data.severityText,
-    guidances: getGuidances({
-      questions: validFixParseRes.data.patchAndQuestions.questions.map(toQuestion),
-      issueType: validFixParseRes.data.safeIssueType,
-      issueLanguage: validFixParseRes.data.safeIssueLanguage,
-      fixExtraContext: validFixParseRes.data.patchAndQuestions.extraContext
-    }),
-    irrelevantIssueWithTags
-  }) : "";
-  const diff = `\`\`\`diff
-${patch} 
-\`\`\``;
-  const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
-  return `${title}
-${subTitle}
-${diff}
-${getCommitFixButton(
-    commitUrl
-  )}
-${fixPageLink}`;
-}
-function buildIssueCommentBody({
-  issueId,
-  commentId,
-  commentUrl,
-  scanner,
-  issueType,
-  projectId,
-  analysisId,
-  organizationId,
-  irrelevantIssueWithTags,
-  fpDescription
-}) {
-  const issueUrl = getIssueUrlWithRedirect({
-    appBaseUrl: WEB_APP_URL,
-    issueId,
-    projectId,
-    analysisId,
-    organizationId,
-    redirectUrl: commentUrl,
-    commentId
-  });
-  const title = `# ${MobbIconMarkdown} Irrelevant issues were spotted - no action required \u{1F9F9}`;
-  const subTitle = getCommitIssueDescription({
-    issueType,
-    vendor: scannerToVulnerabilityReportVendorEnum[scanner],
-    irrelevantIssueWithTags,
-    fpDescription
-  });
-  const issuePageLink = `[Learn more about this issue](${issueUrl})`;
-  return `${title}
-${subTitle}
-${issuePageLink}`;
-}
-
-// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
-var debug8 = Debug7("mobbdev:handle-finished-analysis");
-function calculateRanges(integers) {
-  if (integers.length === 0) {
-    return [];
+  async getUserInfo() {
+    const { me } = await this._clientSdk.Me();
+    return me;
   }
-  integers.sort((a, b) => a - b);
-  const ranges = integers.reduce(
-    (result, current, index) => {
-      if (index === 0) {
-        return [...result, [current, current]];
-      }
-      const currentRange = result[result.length - 1];
-      const [_start, end] = currentRange;
-      if (current === end + 1) {
-        currentRange[1] = current;
-      } else {
-        result.push([current, current]);
-      }
-      return result;
-    },
-    []
-  );
-  return ranges;
-}
-function deleteAllPreviousComments({
-  comments,
-  scm
-}) {
-  return comments.data.filter((comment) => {
-    return comment.body.includes(MOBB_ICON_IMG);
-  }).map((comment) => {
+  async createCliLogin(variables) {
+    const res = await this._clientSdk.CreateCliLogin(variables, {
+      // We may have outdated API key in the config storage. Avoid using it for the login request.
+      [API_KEY_HEADER_NAME]: ""
+    });
+    return res.insert_cli_login_one?.id || "";
+  }
+  async verifyApiConnection() {
     try {
-      return scm.deleteComment({ comment_id: comment.id });
+      await this.getUserInfo();
     } catch (e) {
-      debug8("delete comment failed %s", e);
-      return Promise.resolve();
+      if (e?.toString().startsWith("FetchError")) {
+        debug7("verify connection failed %o", e);
+        return false;
+      }
     }
-  });
-}
-function deleteAllPreviousGeneralPrComments(params) {
-  const { generalPrComments, scm } = params;
-  return generalPrComments.data.filter((comment) => {
-    if (!comment.body) {
+    return true;
+  }
+  async validateUserToken() {
+    await this.createCommunityUser();
+    let info;
+    try {
+      info = await this.getUserInfo();
+    } catch (e) {
+      debug7("verify token failed %o", e);
       return false;
     }
-    return comment.body.includes(MOBB_ICON_IMG);
-  }).map((comment) => {
+    return info?.email || true;
+  }
+  async getLastOrgAndNamedProject(params) {
+    const me = await this.getUserInfo();
+    const email = me?.email;
+    if (!email) {
+      throw new Error("User email not found");
+    }
+    const { projectName, userDefinedOrganizationId } = params;
+    if (!projectName) {
+      throw new Error("Project name is required");
+    }
+    const orgAndProjectRes = await this._clientSdk.getLastOrgAndNamedProject({
+      email,
+      projectName
+    });
+    if (!orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id) {
+      throw new Error(
+        `The user with email:${email}  is not associated with any organization`
+      );
+    }
+    const organization = orgAndProjectRes.user?.at(0)?.userOrganizationsAndUserOrganizationRoles.map(
+      (org) => org.organization
+    ).filter(
+      (org) => userDefinedOrganizationId ? org.id === userDefinedOrganizationId : true
+    )?.at(0);
+    if (!organization) {
+      throw new Error(
+        `Organization with id:${userDefinedOrganizationId} not found`
+      );
+    }
+    let projectId = organization?.projects?.[0]?.id;
+    if (!projectId) {
+      const createdProject = await this._clientSdk.CreateProject({
+        organizationId: organization.id,
+        projectName: projectName || "My project"
+      });
+      projectId = createdProject.createProject.projectId;
+    }
+    if (!projectId) {
+      throw new Error("Project not found");
+    }
+    return {
+      organizationId: organization.id,
+      projectId
+    };
+  }
+  async getEncryptedApiToken(variables) {
+    const res = await this._clientSdk.GetEncryptedApiToken(variables, {
+      // We may have outdated API key in the config storage. Avoid using it for the login request.
+      [API_KEY_HEADER_NAME]: ""
+    });
+    return res?.cli_login_by_pk?.encryptedApiToken || null;
+  }
+  async createCommunityUser() {
     try {
-      return scm.deleteGeneralPrComment({ commentId: comment.id });
+      await this._clientSdk.CreateCommunityUser();
     } catch (e) {
-      debug8("delete comment failed %s", e);
-      return Promise.resolve();
+      debug7("create community user failed %o", e);
     }
-  });
-}
-async function postIssueComment(params) {
-  const {
-    vulnerabilityReportIssueCodeNode,
-    projectId,
-    analysisId,
-    organizationId,
-    scm,
-    commitSha,
-    pullRequest,
-    scanner,
-    fpDescription
-  } = params;
-  const {
-    path: path17,
-    startLine,
-    vulnerabilityReportIssue: {
-      vulnerabilityReportIssueTags,
-      category,
-      safeIssueType
-    },
-    vulnerabilityReportIssueId
-  } = vulnerabilityReportIssueCodeNode;
-  const irrelevantIssueWithTags = mapCategoryToBucket[category] === "irrelevant" && vulnerabilityReportIssueTags?.length > 0 ? vulnerabilityReportIssueTags : [];
-  const commentRes = await scm.postPrComment({
-    body: `# ${MobbIconMarkdown} Your fix is ready!
-Refresh the page in order to see the changes.`,
-    pull_number: pullRequest,
-    commit_id: commitSha,
-    path: path17,
-    line: startLine
-  });
-  const commentId = commentRes.data.id;
-  const commentBody = buildIssueCommentBody({
-    issueId: vulnerabilityReportIssueId,
-    issueType: safeIssueType,
-    irrelevantIssueWithTags,
-    commentId,
-    commentUrl: commentRes.data.html_url,
-    scanner,
-    projectId,
-    analysisId,
-    organizationId,
-    fpDescription
-  });
-  return await scm.updatePrComment({
-    body: commentBody,
-    comment_id: commentId
-  });
-}
-async function postFixComment(params) {
-  const {
-    vulnerabilityReportIssueCodeNode,
-    projectId,
-    analysisId,
-    organizationId,
-    fixesById,
-    scm,
-    commitSha,
-    pullRequest,
-    scanner
-  } = params;
-  const {
-    path: path17,
-    startLine,
-    vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
-    vulnerabilityReportIssueId
-  } = vulnerabilityReportIssueCodeNode;
-  const irrelevantIssueWithTags = mapCategoryToBucket[category] === "irrelevant" && vulnerabilityReportIssueTags?.length > 0 ? vulnerabilityReportIssueTags : [];
-  const fix = fixesById[fixId];
-  if (!fix || fix.patchAndQuestions.__typename !== "FixData") {
-    throw new Error(`fix ${fixId} not found`);
-  }
-  const {
-    patchAndQuestions: { patch }
-  } = fix;
-  const commentRes = await scm.postPrComment({
-    body: `# ${MobbIconMarkdown} Your fix is ready!
-Refresh the page in order to see the changes.`,
-    pull_number: pullRequest,
-    commit_id: commitSha,
-    path: path17,
-    line: startLine
-  });
-  const commentId = commentRes.data.id;
-  const commentBody = buildFixCommentBody({
-    fix,
-    issueId: vulnerabilityReportIssueId,
-    irrelevantIssueWithTags,
-    commentId,
-    commentUrl: commentRes.data.html_url,
-    scanner,
-    fixId,
-    projectId,
-    analysisId,
-    organizationId,
-    patch
-  });
-  return await scm.updatePrComment({
-    body: commentBody,
-    comment_id: commentId
-  });
-}
-async function getRelevantVulenrabilitiesFromDiff(params) {
-  const { gqlClient, diff, vulnerabilityReportId } = params;
-  const parsedDiff = parseDiff(diff);
-  const fileHunks = parsedDiff.map((file) => {
-    const fileNumbers = file.chunks.flatMap((chunk) => chunk.changes).filter((change) => change.type === "add").map((_change) => {
-      const change = _change;
-      return change.ln;
-    });
-    const lineAddedRanges = calculateRanges(fileNumbers);
-    const fileFilter = {
-      path: z26.string().parse(file.to),
-      ranges: lineAddedRanges.map(([startLine, endLine]) => ({
-        endLine,
-        startLine
-      }))
-    };
-    return fileFilter;
-  });
-  return gqlClient.getVulByNodesMetadata({
-    hunks: fileHunks,
-    vulnerabilityReportId
-  });
-}
-async function getFixesData(params) {
-  const { gqlClient, fixesId } = params;
-  const { fixes } = await gqlClient.getFixes(fixesId);
-  return keyBy(fixes, "id");
-}
-async function postAnalysisInsightComment(params) {
-  const { prVulenrabilities, pullRequest, scanner, scm } = params;
-  const scanerString = scannerToFriendlyString[scanner];
-  const {
-    totalPrVulnerabilities,
-    vulnerabilitiesOutsidePr,
-    fixablePrVuls,
-    nonFixablePrVuls
-  } = prVulenrabilities;
-  debug8({
-    fixablePrVuls,
-    nonFixablePrVuls,
-    vulnerabilitiesOutsidePr,
-    totalPrVulnerabilities
-  });
-  if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr === 0) {
-    const body = `Awesome! No vulnerabilities were found  by **${scanerString}**`;
-    const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
-${body}`;
-    await scm.postGeneralPrComment({
-      body: noVulsFoundComment,
-      prNumber: pullRequest
-    });
-    return;
-  }
-  if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr > 0) {
-    const body = `Awesome! No vulnerabilities were found by **${scanerString}** in the changes made as part of this PR.`;
-    const body2 = `Please notice there are issues in this repo that are unrelated to this PR.`;
-    const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
-${body}
-${body2}`;
-    await scm.postGeneralPrComment({
-      body: noVulsFoundComment,
-      prNumber: pullRequest
-    });
-    return;
-  }
-  if (fixablePrVuls === 0 && nonFixablePrVuls > 0) {
-    const title = `# ${MobbIconMarkdown} We couldn't fix the issues detected by **${scanerString}**`;
-    const body = `Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.`;
-    const noFixableVulsComment = `${title}
-${body}
-${contactUsMarkdown}`;
-    await scm.postGeneralPrComment({
-      body: noFixableVulsComment,
-      prNumber: pullRequest
-    });
-    return;
-  }
-  if (fixablePrVuls < nonFixablePrVuls && fixablePrVuls > 0) {
-    const title = `# ${MobbIconMarkdown} We couldn't fix some of the issues detected by **${scanerString}**`;
-    const body = "Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.";
-    const fixableVulsComment = `${title}
-${body}
-${contactUsMarkdown}`;
-    await scm.postGeneralPrComment({
-      body: fixableVulsComment,
-      prNumber: pullRequest
-    });
-    return;
-  }
-}
-
-// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-var debug9 = Debug8("mobbdev:handle-finished-analysis");
-async function addFixCommentsForPr({
-  analysisId,
-  scm: _scm,
-  gqlClient,
-  scanner
-}) {
-  if (!(_scm instanceof GithubSCMLib)) {
-    return;
-  }
-  const scm = _scm;
-  const getAnalysisRes = await gqlClient.getAnalysis(analysisId);
-  debug9("getAnalysis %o", getAnalysisRes);
-  const {
-    vulnerabilityReport: {
-      projectId,
-      project: {
-        organizationId,
-        organization: { ghFixerNoFixComments }
-      }
-    }
-  } = getAnalysisRes;
-  if (!getAnalysisRes.repo?.commitSha || !getAnalysisRes.repo.pullRequest) {
-    throw new Error("repo not found");
-  }
-  const { commitSha, pullRequest } = getAnalysisRes.repo;
-  const diff = await scm.getPrDiff({ pull_number: pullRequest });
-  const prVulenrabilities = await getRelevantVulenrabilitiesFromDiff({
-    diff,
-    gqlClient,
-    vulnerabilityReportId: getAnalysisRes.vulnerabilityReportId
-  });
-  const {
-    vulnerabilityReportIssueCodeNodes,
-    irrelevantVulnerabilityReportIssues
-  } = prVulenrabilities;
-  const fixesId = vulnerabilityReportIssueCodeNodes.map(
-    ({ vulnerabilityReportIssue: { fixId } }) => fixId
-  );
-  const fixesById = await getFixesData({ fixesId, gqlClient });
-  const [comments, generalPrComments] = await Promise.all([
-    scm.getPrComments({ pull_number: pullRequest }),
-    scm.getGeneralPrComments({ prNumber: pullRequest })
-  ]);
-  await Promise.all([
-    ...deleteAllPreviousComments({ comments, scm }),
-    ...deleteAllPreviousGeneralPrComments({ generalPrComments, scm })
-  ]);
-  await Promise.all(
-    [
-      ...prVulenrabilities.vulnerabilityReportIssueCodeNodes.map(
-        (vulnerabilityReportIssueCodeNode) => {
-          return postFixComment({
-            vulnerabilityReportIssueCodeNode,
-            projectId,
-            analysisId,
-            organizationId,
-            fixesById,
-            scm,
-            pullRequest,
-            scanner,
-            commitSha
-          });
-        }
-      ),
-      ...irrelevantVulnerabilityReportIssues.map(
-        async (vulnerabilityReportIssue) => {
-          let fpDescription = null;
-          if (vulnerabilityReportIssue.fpId) {
-            const fpRes = await gqlClient.getFalsePositive({
-              fpId: vulnerabilityReportIssue.fpId
-            });
-            const parsedFpRes = await FalsePositivePartsZ.parseAsync(
-              fpRes?.getFalsePositive
-            );
-            const { description, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
-            fpDescription = contextString ? `${description}
-
-${contextString}` : description;
-          }
-          return await Promise.all(
-            vulnerabilityReportIssue.codeNodes.map(
-              async (vulnerabilityReportIssueCodeNode) => {
-                return await postIssueComment({
-                  vulnerabilityReportIssueCodeNode: {
-                    path: vulnerabilityReportIssueCodeNode.path,
-                    startLine: vulnerabilityReportIssueCodeNode.startLine,
-                    vulnerabilityReportIssue: {
-                      fixId: "",
-                      safeIssueType: vulnerabilityReportIssue.safeIssueType,
-                      vulnerabilityReportIssueTags: vulnerabilityReportIssue.vulnerabilityReportIssueTags,
-                      category: vulnerabilityReportIssue.category
-                    },
-                    vulnerabilityReportIssueId: vulnerabilityReportIssue.id
-                  },
-                  projectId,
-                  analysisId,
-                  organizationId,
-                  fixesById,
-                  scm,
-                  pullRequest,
-                  scanner,
-                  commitSha,
-                  fpDescription
-                });
-              }
-            )
-          );
-        }
-      ),
-      !ghFixerNoFixComments && postAnalysisInsightComment({
-        prVulenrabilities,
-        pullRequest,
-        scanner,
-        scm
-      })
-    ].filter(Boolean)
-  );
-}
-
-// src/features/analysis/auto_pr_handler.ts
-import Debug9 from "debug";
-var debug10 = Debug9("mobbdev:handleAutoPr");
-async function handleAutoPr(params) {
-  const {
-    gqlClient,
-    analysisId,
-    commitDirectly,
-    prId,
-    createSpinner: createSpinner5,
-    createOnePr
-  } = params;
-  const createAutoPrSpinner = createSpinner5(
-    "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
-  ).start();
-  return await gqlClient.subscribeToAnalysis({
-    subscribeToAnalysisParams: {
-      analysisId
-    },
-    callback: async (analysisId2) => {
-      const autoPrAnalysisRes = await gqlClient.autoPrAnalysis({
-        analysisId: analysisId2,
-        commitDirectly,
-        prId,
-        prStrategy: createOnePr ? "CONDENSE" /* Condense */ : "SPREAD" /* Spread */
-      });
-      debug10("auto pr analysis res %o", autoPrAnalysisRes);
-      if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
-        createAutoPrSpinner.error({
-          text: `\u{1F504} Automatic pull request failed - ${autoPrAnalysisRes.autoPrAnalysis.error}`
-        });
-        return;
-      }
-      if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrSuccess") {
-        const { appliedAutoPrIssueTypes } = autoPrAnalysisRes.autoPrAnalysis;
-        if (appliedAutoPrIssueTypes.length === 0) {
-          createAutoPrSpinner.success({
-            text: "\u{1F504} Automatic pull request did not find any new fixes to open a pull request for"
-          });
-          return;
-        }
-        createAutoPrSpinner.success({
-          text: `\u{1F504} Automatic pull request creation initiated successfully for the following issue types: ${appliedAutoPrIssueTypes}`
-        });
+  }
+  async updateScmToken(args) {
+    const { scmType, url, token, org, refreshToken } = args;
+    const updateScmTokenResult = await this._clientSdk.updateScmToken({
+      scmType,
+      url,
+      token,
+      org,
+      refreshToken
+    });
+    return updateScmTokenResult;
+  }
+  async uploadS3BucketInfo() {
+    const uploadS3BucketInfoResult = await this._clientSdk.uploadS3BucketInfo({
+      fileName: REPORT_DEFAULT_FILE_NAME
+    });
+    return uploadS3BucketInfoResult;
+  }
+  async getVulByNodesMetadata({
+    hunks,
+    vulnerabilityReportId
+  }) {
+    const filters = hunks.map((hunk) => {
+      const filter = {
+        path: { _eq: hunk.path },
+        _or: hunk.ranges.flatMap(({ endLine, startLine }) => {
+          return [
+            { startLine: { _gte: startLine, _lte: endLine } },
+            { endLine: { _gte: startLine, _lte: endLine } }
+          ];
+        })
+      };
+      return filter;
+    });
+    const getVulByNodesMetadataRes = await this._clientSdk.getVulByNodesMetadata({
+      filters: { _or: filters },
+      vulnerabilityReportId
+    });
+    const parsedGetVulByNodesMetadataRes = GetVulByNodesMetadataZ.parse(
+      getVulByNodesMetadataRes
+    );
+    const uniqueVulByNodesMetadata = parsedGetVulByNodesMetadataRes.vulnerabilityReportIssueCodeNodes.reduce((acc, vulnerabilityReportIssueCodeNode) => {
+      if (acc[vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]) {
+        return acc;
       }
-    },
-    callbackStates: ["Finished" /* Finished */]
-  });
-}
-
-// src/features/analysis/git.ts
-init_GitService();
-import Debug10 from "debug";
-var debug11 = Debug10("mobbdev:git");
-async function getGitInfo(srcDirPath) {
-  debug11("getting git info for %s", srcDirPath);
-  const gitService = new GitService(srcDirPath);
-  try {
-    const validationResult = await gitService.validateRepository();
-    if (!validationResult.isValid) {
-      debug11("folder is not a git repo");
       return {
-        success: false,
-        hash: void 0,
-        reference: void 0,
-        repoUrl: void 0
+        ...acc,
+        [vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]: vulnerabilityReportIssueCodeNode
       };
-    }
-    const gitInfo2 = await gitService.getGitInfo();
+    }, {});
+    const nonFixablePrVuls = parsedGetVulByNodesMetadataRes.nonFixablePrVuls.aggregate.count;
+    const fixablePrVuls = parsedGetVulByNodesMetadataRes.fixablePrVuls.aggregate.count;
+    const totalScanVulnerabilities = parsedGetVulByNodesMetadataRes.totalScanVulnerabilities.aggregate.count;
+    const vulnerabilitiesOutsidePr = totalScanVulnerabilities - nonFixablePrVuls - fixablePrVuls;
+    const totalPrVulnerabilities = nonFixablePrVuls + fixablePrVuls;
+    const irrelevantVulnerabilityReportIssues = parsedGetVulByNodesMetadataRes.irrelevantVulnerabilityReportIssue?.[0]?.vulnerabilityReportIssues ?? [];
     return {
-      success: true,
-      ...gitInfo2
+      vulnerabilityReportIssueCodeNodes: Object.values(
+        uniqueVulByNodesMetadata
+      ),
+      nonFixablePrVuls,
+      fixablePrVuls,
+      totalScanVulnerabilities,
+      vulnerabilitiesOutsidePr,
+      totalPrVulnerabilities,
+      irrelevantVulnerabilityReportIssues
     };
-  } catch (e) {
-    if (e instanceof Error) {
-      debug11("failed to run git %o", e);
-      if (e.message.includes(" spawn ")) {
-        debug11("git cli not installed");
-      } else {
-        throw e;
-      }
-    }
-    throw e;
   }
-}
-
-// src/features/analysis/graphql/gql.ts
-import fetchOrig from "cross-fetch";
-import Debug12 from "debug";
-import { GraphQLClient } from "graphql-request";
-import { HttpProxyAgent } from "http-proxy-agent";
-import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
-import { v4 as uuidv4 } from "uuid";
-
-// src/features/analysis/graphql/subscribe.ts
-import Debug11 from "debug";
-import { createClient } from "graphql-ws";
-import { HttpsProxyAgent } from "https-proxy-agent";
-import WebSocket from "ws";
-var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
-var debug12 = Debug11("mobbdev:subscribe");
-var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
-function createWSClient(options) {
-  const proxy = options.url.startsWith("wss://") && process.env["HTTPS_PROXY"] ? new HttpsProxyAgent(process.env["HTTPS_PROXY"]) : options.url.startsWith("ws://") && process.env["HTTP_PROXY"] ? new HttpsProxyAgent(process.env["HTTP_PROXY"]) : null;
-  debug12(
-    `Using proxy: ${proxy ? "yes" : "no"} with url: ${options.url} and with proxy: ${process.env["HTTP_PROXY"]} for the websocket connection`
-  );
-  const CustomWebSocket = class extends WebSocket {
-    constructor(address, protocols) {
-      super(
-        address,
-        protocols,
-        proxy ? { agent: proxy } : void 0
-      );
+  async digestVulnerabilityReport({
+    fixReportId,
+    projectId,
+    scanSource,
+    repoUrl,
+    reference,
+    sha,
+    shouldScan
+  }) {
+    const res = await this._clientSdk.DigestVulnerabilityReport({
+      fixReportId,
+      vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
+      projectId,
+      scanSource,
+      repoUrl,
+      reference,
+      sha
+    });
+    if (res.digestVulnerabilityReport.__typename !== "VulnerabilityReport") {
+      throw new Error("Digesting vulnerability report failed");
     }
-  };
-  return createClient({
-    //this is needed to prevent AWS from killing the connection
-    //currently our load balancer has a 29s idle timeout
-    keepAlive: 1e4,
-    url: options.url,
-    webSocketImpl: proxy ? CustomWebSocket : options.websocket || WebSocket,
-    connectionParams: () => {
-      return {
-        headers: options.type === "apiKey" ? {
-          [API_KEY_HEADER_NAME]: options.apiKey
-        } : { authorization: `Bearer ${options.token}` }
-      };
+    return res.digestVulnerabilityReport;
+  }
+  async submitVulnerabilityReport(params) {
+    const {
+      fixReportId,
+      repoUrl,
+      reference,
+      projectId,
+      sha,
+      experimentalEnabled,
+      vulnerabilityReportFileName,
+      pullRequest
+    } = params;
+    return await this._clientSdk.SubmitVulnerabilityReport({
+      fixReportId,
+      repoUrl,
+      reference,
+      vulnerabilityReportFileName,
+      projectId,
+      pullRequest,
+      sha: sha || "",
+      experimentalEnabled: !!experimentalEnabled,
+      scanSource: params.scanSource,
+      scanContext: ScanContext.BUGSY
+    });
+  }
+  async getFixReportState(fixReportId) {
+    const res = await this._clientSdk.FixReportState({ id: fixReportId });
+    return res?.fixReport_by_pk?.state || "Created" /* Created */;
+  }
+  async waitFixReportInit(fixReportId, includeDigested = false) {
+    const FINAL_STATES = [
+      "Finished" /* Finished */,
+      "Failed" /* Failed */
+    ];
+    let lastState = "Created" /* Created */;
+    let attempts = 100;
+    if (includeDigested) {
+      FINAL_STATES.push("Digested" /* Digested */);
     }
-  });
-}
-function subscribe(query, variables, callback, wsClientOptions) {
-  return new Promise((resolve, reject) => {
-    let timer = null;
-    const { timeoutInMs = SUBSCRIPTION_TIMEOUT_MS } = wsClientOptions;
-    const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL;
-    const client = createWSClient({
-      ...wsClientOptions,
-      websocket: WebSocket,
-      url: API_URL2.replace("http", "ws")
+    do {
+      await sleep(REPORT_STATE_CHECK_DELAY);
+      lastState = await this.getFixReportState(fixReportId);
+    } while (!FINAL_STATES.includes(
+      lastState
+      // wait for final the state of the fix report
+    ) && attempts-- > 0);
+    return lastState;
+  }
+  async getVulnerabilityReportPaths(vulnerabilityReportId) {
+    const res = await this._clientSdk.GetVulnerabilityReportPaths({
+      vulnerabilityReportId
     });
-    const unsubscribe = client.subscribe(
-      { query, variables },
-      {
-        next: (data) => {
-          function callbackResolve(data2) {
-            unsubscribe();
-            if (timer) {
-              clearTimeout(timer);
-            }
-            resolve(data2);
-          }
-          function callbackReject(data2) {
-            unsubscribe();
-            if (timer) {
-              clearTimeout(timer);
-            }
-            reject(data2);
-          }
-          if (!data.data) {
-            reject(
-              new Error(
-                `Broken data object from graphQL subscribe: ${JSON.stringify(
-                  data
-                )} for query: ${query}`
-              )
-            );
-          } else {
-            callback(callbackResolve, callbackReject, data.data);
-          }
-        },
-        error: (error) => {
-          if (timer) {
-            clearTimeout(timer);
-          }
-          reject(error);
-        },
-        complete: () => {
+    return res.vulnerability_report_path.map((p) => p.path);
+  }
+  async subscribeToAnalysis(params) {
+    const { callbackStates } = params;
+    return subscribe(
+      GetAnalysisSubscriptionDocument,
+      params.subscribeToAnalysisParams,
+      async (resolve, reject, data) => {
+        if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
+          const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
+          reject(
+            new ReportDigestError(errorMessage, data.analysis?.failReason ?? "")
+          );
           return;
         }
+        if (callbackStates.includes(data.analysis?.state)) {
+          await params.callback(data.analysis.id);
+          resolve(data);
+        }
+      },
+      this._auth.type === "apiKey" ? {
+        apiKey: this._auth.apiKey,
+        type: "apiKey",
+        timeoutInMs: params.timeoutInMs
+      } : {
+        token: this._auth.token,
+        type: "token",
+        timeoutInMs: params.timeoutInMs
       }
     );
-    if (typeof timeoutInMs === "number") {
-      timer = setTimeout(() => {
-        unsubscribe();
-        reject(
-          new Error(
-            `Timeout expired for graphQL subscribe query: ${query} with timeout: ${timeoutInMs}`
-          )
-        );
-      }, timeoutInMs);
+  }
+  async getFixReportsByRepoUrl({ repoUrl }) {
+    const res = await this._clientSdk.GetFixReportsByRepoUrl({
+      repoUrl
+    });
+    return res;
+  }
+  async getAnalysis(analysisId) {
+    const res = await this._clientSdk.getAnalysis({
+      analysisId
+    });
+    if (!res.analysis) {
+      throw new Error(`Analysis not found: ${analysisId}`);
     }
+    return res.analysis;
+  }
+  async autoPrAnalysis({
+    analysisId,
+    commitDirectly,
+    prId,
+    prStrategy
+  }) {
+    return this._clientSdk.autoPrAnalysis({
+      analysisId,
+      commitDirectly,
+      prId,
+      prStrategy
+    });
+  }
+  async getFixes(fixIds) {
+    const res = await this._clientSdk.getFixes({
+      filters: { id: { _in: fixIds } }
+    });
+    return res;
+  }
+  async validateRepoUrl(args) {
+    return this._clientSdk.validateRepoUrl(args);
+  }
+  async getReferenceData(args) {
+    return this._clientSdk.gitReference(args);
+  }
+  async getFalsePositive(args) {
+    return this._clientSdk.getFalsePositive(args);
+  }
+  async uploadAIBlameInferencesInitRaw(variables) {
+    return await this._clientSdk.UploadAIBlameInferencesInit(variables);
+  }
+  async finalizeAIBlameInferencesUploadRaw(variables) {
+    return await this._clientSdk.FinalizeAIBlameInferencesUpload(variables);
+  }
+};
+
+// src/commands/handleMobbLogin.ts
+var debug8 = Debug7("mobbdev:commands");
+var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
+var LOGIN_CHECK_DELAY = 5 * 1e3;
+var webLoginUrl = `${WEB_APP_URL}/cli-login`;
+var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk3.bgBlue(
+  "press any key to continue"
+)};`;
+var config2 = new Configstore(packageJson.name, { apiToken: "" });
+async function handleMobbLogin({
+  inGqlClient,
+  apiKey,
+  skipPrompts
+}) {
+  const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
+  const isConnected = await inGqlClient.verifyApiConnection();
+  if (!isConnected) {
+    createSpinner5().start().error({
+      text: "\u{1F513} Connection to Mobb: failed to connect to the Mobb server"
+    });
+    throw new CliError(
+      "Connection to Mobb: failed to connect to the Mobb server"
+    );
+  }
+  createSpinner5().start().success({
+    text: `\u{1F513} Connection to Mobb: succeeded`
+  });
+  const userVerify = await inGqlClient.validateUserToken();
+  if (userVerify) {
+    createSpinner5().start().success({
+      text: `\u{1F513} Login to Mobb succeeded. ${typeof userVerify === "string" ? `Logged in as ${userVerify}` : ""}`
+    });
+    return inGqlClient;
+  } else if (apiKey) {
+    createSpinner5().start().error({
+      text: "\u{1F513} Login to Mobb failed: The provided API key does not match any configured API key on the system"
+    });
+    throw new CliError(
+      "Login to Mobb failed: The provided API key does not match any configured API key on the system"
+    );
+  }
+  const loginSpinner = createSpinner5().start();
+  if (!skipPrompts) {
+    loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
+    await keypress();
+  }
+  loginSpinner.update({
+    text: "\u{1F513} Waiting for Mobb login..."
+  });
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+    modulusLength: 2048
   });
+  const loginId = await inGqlClient.createCliLogin({
+    publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
+  });
+  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+  !skipPrompts && console.log(
+    `If the page does not open automatically, kindly access it through ${browserUrl}.`
+  );
+  await open(browserUrl);
+  let newApiToken = null;
+  for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+    const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
+      loginId
+    });
+    loginSpinner.spin();
+    if (encryptedApiToken) {
+      debug8("encrypted API token received %s", encryptedApiToken);
+      newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
+      debug8("API token decrypted");
+      break;
+    }
+    await sleep(LOGIN_CHECK_DELAY);
+  }
+  if (!newApiToken) {
+    loginSpinner.error({
+      text: "Login timeout error"
+    });
+    throw new CliError();
+  }
+  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
+  const loginSuccess = await newGqlClient.validateUserToken();
+  if (loginSuccess) {
+    debug8(`set api token ${newApiToken}`);
+    config2.set("apiToken", newApiToken);
+    loginSpinner.success({
+      text: `\u{1F513} Login to Mobb successful! ${typeof loginSpinner === "string" ? `Logged in as ${loginSuccess}` : ""}`
+    });
+  } else {
+    loginSpinner.error({
+      text: "Something went wrong, API token is invalid."
+    });
+    throw new CliError();
+  }
+  return newGqlClient;
 }
 
-// src/features/analysis/graphql/types.ts
+// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
+import Debug11 from "debug";
+
+// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
+import Debug10 from "debug";
+import parseDiff from "parse-diff";
 import { z as z27 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z27.object({
-  vulnerabilityReportIssueId: z27.string(),
-  path: z27.string(),
-  startLine: z27.number(),
-  vulnerabilityReportIssue: z27.object({
-    fixId: z27.string(),
-    category: z27.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
-    safeIssueType: z27.string(),
-    vulnerabilityReportIssueTags: z27.array(
-      z27.object({
-        tag: z27.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
-      })
-    )
-  })
-});
-var VulnerabilityReportIssueNoFixCodeNodeZ = z27.object({
-  vulnerabilityReportIssues: z27.array(
-    z27.object({
-      id: z27.string(),
-      fixId: z27.string().nullable(),
-      category: z27.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
-      safeIssueType: z27.string(),
-      fpId: z27.string().uuid().nullable(),
-      codeNodes: z27.array(
-        z27.object({
-          path: z27.string(),
-          startLine: z27.number()
-        })
-      ),
-      vulnerabilityReportIssueTags: z27.array(
-        z27.object({
-          tag: z27.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
-        })
-      )
-    })
-  )
-});
-var GetVulByNodesMetadataZ = z27.object({
-  vulnerabilityReportIssueCodeNodes: z27.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z27.object({
-    aggregate: z27.object({
-      count: z27.number()
-    })
-  }),
-  fixablePrVuls: z27.object({
-    aggregate: z27.object({
-      count: z27.number()
-    })
-  }),
-  totalScanVulnerabilities: z27.object({
-    aggregate: z27.object({
-      count: z27.number()
-    })
-  }),
-  irrelevantVulnerabilityReportIssue: z27.array(
-    VulnerabilityReportIssueNoFixCodeNodeZ
-  )
-});
 
-// src/features/analysis/graphql/gql.ts
-var debug13 = Debug12("mobbdev:gql");
-var API_KEY_HEADER_NAME = "x-mobb-key";
-var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
-function getProxyAgent(url) {
-  try {
-    const parsedUrl = new URL(url);
-    const isHttp = parsedUrl.protocol === "http:";
-    const isHttps = parsedUrl.protocol === "https:";
-    const proxy = isHttps ? HTTPS_PROXY : isHttp ? HTTP_PROXY : null;
-    if (proxy) {
-      debug13("Using proxy %s", proxy);
-      debug13("Proxy agent %o", proxy);
-      return isHttps ? new HttpsProxyAgent2(proxy) : new HttpProxyAgent(proxy);
-    }
-  } catch (err) {
-    debug13(`Skipping proxy for ${url}. Reason: ${err.message}`);
-  }
-  return void 0;
+// src/features/analysis/utils/by_key.ts
+function keyBy(array, keyBy2) {
+  return array.reduce((acc, item) => {
+    return { ...acc, [item[keyBy2]]: item };
+  }, {});
 }
-var fetchWithProxy = (url, options = {}) => {
+
+// src/features/analysis/utils/send_report.ts
+import Debug8 from "debug";
+var debug9 = Debug8("mobbdev:index");
+async function sendReport({
+  spinner,
+  submitVulnerabilityReportVariables,
+  gqlClient
+}) {
   try {
-    const agent = getProxyAgent(url.toString());
-    if (agent) {
-      return fetchOrig(url, {
-        ...options,
-        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
-        agent
-      });
+    const submitRes = await gqlClient.submitVulnerabilityReport(
+      submitVulnerabilityReportVariables
+    );
+    if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
+      debug9("error submit vul report %s", submitRes);
+      throw new Error("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
     }
-  } catch (err) {
-    debug13(`Skipping proxy for ${url}. Reason: ${err.message}`);
-  }
-  return fetchOrig(url, options);
-};
-var GQLClient = class {
-  constructor(args) {
-    __publicField(this, "_client");
-    __publicField(this, "_clientSdk");
-    __publicField(this, "_auth");
-    debug13(`init with  ${args}`);
-    this._auth = args;
-    this._client = new GraphQLClient(API_URL, {
-      headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
-        Authorization: `Bearer ${args.token}`
+    spinner.update({ text: progressMassages.processingVulnerabilityReport });
+    await gqlClient.subscribeToAnalysis({
+      subscribeToAnalysisParams: {
+        analysisId: submitRes.submitVulnerabilityReport.fixReportId
       },
-      fetch: fetchWithProxy,
-      requestMiddleware: (request) => {
-        const requestId = uuidv4();
-        debug13(
-          `sending API request with id: ${requestId} and with request: ${request.body}`
-        );
-        return {
-          ...request,
-          headers: {
-            ...request.headers,
-            "x-hasura-request-id": requestId
-          }
-        };
-      }
+      callback: () => spinner.update({
+        text: "\u2699\uFE0F Vulnerability report processed successfully"
+      }),
+      callbackStates: [
+        "Digested" /* Digested */,
+        "Finished" /* Finished */
+      ],
+      timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
     });
-    this._clientSdk = getSdk(this._client);
+    return submitRes;
+  } catch (e) {
+    spinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
+    throw e;
   }
-  async getUserInfo() {
-    const { me } = await this._clientSdk.Me();
-    return me;
+}
+
+// src/features/analysis/utils/index.ts
+function getFromArraySafe(array) {
+  return array.reduce((acc, nullableItem) => {
+    if (nullableItem) {
+      acc.push(nullableItem);
+    }
+    return acc;
+  }, []);
+}
+
+// src/features/analysis/add_fix_comments_for_pr/constants.ts
+var contactUsMarkdown = `For specific requests [contact us](https://content.mobb.ai/contact) and we'll do the most to answer your need quickly.`;
+var MobbIconMarkdown = `![image](${MOBB_ICON_IMG})`;
+var noVulnerabilitiesFoundTitle = `# ${MobbIconMarkdown} No security issues were found \u2705`;
+var COMMIT_FIX_SVG = `https://app.mobb.ai/gh-action/commit-button.svg`;
+var scannerToFriendlyString = {
+  checkmarx: "Checkmarx",
+  codeql: "CodeQL",
+  fortify: "Fortify",
+  snyk: "Snyk",
+  sonarqube: "Sonarqube",
+  semgrep: "Semgrep",
+  datadog: "Datadog"
+};
+
+// src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
+import Debug9 from "debug";
+import { z as z26 } from "zod";
+var debug10 = Debug9("mobbdev:handle-finished-analysis");
+var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
+function buildFixCommentBody({
+  fix,
+  issueId,
+  commentId,
+  commentUrl,
+  scanner,
+  fixId,
+  projectId,
+  analysisId,
+  organizationId,
+  patch,
+  irrelevantIssueWithTags
+}) {
+  const isIrrelevantIssueWithTags = irrelevantIssueWithTags?.[0]?.tag;
+  const commitUrl = isIrrelevantIssueWithTags ? getCommitIssueUrl({
+    appBaseUrl: WEB_APP_URL,
+    issueId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  }) : getCommitUrl({
+    appBaseUrl: WEB_APP_URL,
+    fixId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  });
+  const fixUrl = isIrrelevantIssueWithTags ? getIssueUrlWithRedirect({
+    appBaseUrl: WEB_APP_URL,
+    issueId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  }) : getFixUrlWithRedirect({
+    appBaseUrl: WEB_APP_URL,
+    fixId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  });
+  const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
+  const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
+  const validFixParseRes = z26.object({
+    patchAndQuestions: PatchAndQuestionsZ,
+    safeIssueLanguage: z26.nativeEnum(IssueLanguage_Enum),
+    severityText: z26.nativeEnum(Vulnerability_Severity_Enum),
+    safeIssueType: z26.nativeEnum(IssueType_Enum)
+  }).safeParse(fix);
+  if (!validFixParseRes.success) {
+    debug10(
+      `fix ${fixId} has custom issue type or language, therefore the commit description will not be added`,
+      validFixParseRes.error
+    );
   }
-  async createCliLogin(variables) {
-    const res = await this._clientSdk.CreateCliLogin(variables, {
-      // We may have outdated API key in the config storage. Avoid using it for the login request.
-      [API_KEY_HEADER_NAME]: ""
-    });
-    return res.insert_cli_login_one?.id || "";
+  const subTitle = validFixParseRes.success ? getCommitDescription({
+    issueType: validFixParseRes.data.safeIssueType,
+    vendor: scannerToVulnerabilityReportVendorEnum[scanner],
+    severity: validFixParseRes.data.severityText,
+    guidances: getGuidances({
+      questions: validFixParseRes.data.patchAndQuestions.questions.map(toQuestion),
+      issueType: validFixParseRes.data.safeIssueType,
+      issueLanguage: validFixParseRes.data.safeIssueLanguage,
+      fixExtraContext: validFixParseRes.data.patchAndQuestions.extraContext
+    }),
+    irrelevantIssueWithTags
+  }) : "";
+  const diff = `\`\`\`diff
+${patch} 
+\`\`\``;
+  const fixPageLink = `[Learn more and fine tune the fix](${fixUrl})`;
+  return `${title}
+${subTitle}
+${diff}
+${getCommitFixButton(
+    commitUrl
+  )}
+${fixPageLink}`;
+}
+function buildIssueCommentBody({
+  issueId,
+  commentId,
+  commentUrl,
+  scanner,
+  issueType,
+  projectId,
+  analysisId,
+  organizationId,
+  irrelevantIssueWithTags,
+  fpDescription
+}) {
+  const issueUrl = getIssueUrlWithRedirect({
+    appBaseUrl: WEB_APP_URL,
+    issueId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  });
+  const title = `# ${MobbIconMarkdown} Irrelevant issues were spotted - no action required \u{1F9F9}`;
+  const subTitle = getCommitIssueDescription({
+    issueType,
+    vendor: scannerToVulnerabilityReportVendorEnum[scanner],
+    irrelevantIssueWithTags,
+    fpDescription
+  });
+  const issuePageLink = `[Learn more about this issue](${issueUrl})`;
+  return `${title}
+${subTitle}
+${issuePageLink}`;
+}
+
+// src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
+var debug11 = Debug10("mobbdev:handle-finished-analysis");
+function calculateRanges(integers) {
+  if (integers.length === 0) {
+    return [];
   }
-  async verifyApiConnection() {
-    try {
-      await this.getUserInfo();
-    } catch (e) {
-      if (e?.toString().startsWith("FetchError")) {
-        debug13("verify connection failed %o", e);
-        return false;
+  integers.sort((a, b) => a - b);
+  const ranges = integers.reduce(
+    (result, current, index) => {
+      if (index === 0) {
+        return [...result, [current, current]];
       }
-    }
-    return true;
-  }
-  async validateUserToken() {
-    await this.createCommunityUser();
-    let info;
+      const currentRange = result[result.length - 1];
+      const [_start, end] = currentRange;
+      if (current === end + 1) {
+        currentRange[1] = current;
+      } else {
+        result.push([current, current]);
+      }
+      return result;
+    },
+    []
+  );
+  return ranges;
+}
+function deleteAllPreviousComments({
+  comments,
+  scm
+}) {
+  return comments.data.filter((comment) => {
+    return comment.body.includes(MOBB_ICON_IMG);
+  }).map((comment) => {
     try {
-      info = await this.getUserInfo();
+      return scm.deleteComment({ comment_id: comment.id });
     } catch (e) {
-      debug13("verify token failed %o", e);
-      return false;
-    }
-    return info?.email || true;
-  }
-  async getLastOrgAndNamedProject(params) {
-    const me = await this.getUserInfo();
-    const email = me?.email;
-    if (!email) {
-      throw new Error("User email not found");
-    }
-    const { projectName, userDefinedOrganizationId } = params;
-    if (!projectName) {
-      throw new Error("Project name is required");
-    }
-    const orgAndProjectRes = await this._clientSdk.getLastOrgAndNamedProject({
-      email,
-      projectName
-    });
-    if (!orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id) {
-      throw new Error(
-        `The user with email:${email}  is not associated with any organization`
-      );
-    }
-    const organization = orgAndProjectRes.user?.at(0)?.userOrganizationsAndUserOrganizationRoles.map(
-      (org) => org.organization
-    ).filter(
-      (org) => userDefinedOrganizationId ? org.id === userDefinedOrganizationId : true
-    )?.at(0);
-    if (!organization) {
-      throw new Error(
-        `Organization with id:${userDefinedOrganizationId} not found`
-      );
-    }
-    let projectId = organization?.projects?.[0]?.id;
-    if (!projectId) {
-      const createdProject = await this._clientSdk.CreateProject({
-        organizationId: organization.id,
-        projectName: projectName || "My project"
-      });
-      projectId = createdProject.createProject.projectId;
+      debug11("delete comment failed %s", e);
+      return Promise.resolve();
     }
-    if (!projectId) {
-      throw new Error("Project not found");
+  });
+}
+function deleteAllPreviousGeneralPrComments(params) {
+  const { generalPrComments, scm } = params;
+  return generalPrComments.data.filter((comment) => {
+    if (!comment.body) {
+      return false;
     }
-    return {
-      organizationId: organization.id,
-      projectId
-    };
-  }
-  async getEncryptedApiToken(variables) {
-    const res = await this._clientSdk.GetEncryptedApiToken(variables, {
-      // We may have outdated API key in the config storage. Avoid using it for the login request.
-      [API_KEY_HEADER_NAME]: ""
-    });
-    return res?.cli_login_by_pk?.encryptedApiToken || null;
-  }
-  async createCommunityUser() {
+    return comment.body.includes(MOBB_ICON_IMG);
+  }).map((comment) => {
     try {
-      await this._clientSdk.CreateCommunityUser();
+      return scm.deleteGeneralPrComment({ commentId: comment.id });
     } catch (e) {
-      debug13("create community user failed %o", e);
+      debug11("delete comment failed %s", e);
+      return Promise.resolve();
     }
+  });
+}
+async function postIssueComment(params) {
+  const {
+    vulnerabilityReportIssueCodeNode,
+    projectId,
+    analysisId,
+    organizationId,
+    scm,
+    commitSha,
+    pullRequest,
+    scanner,
+    fpDescription
+  } = params;
+  const {
+    path: path17,
+    startLine,
+    vulnerabilityReportIssue: {
+      vulnerabilityReportIssueTags,
+      category,
+      safeIssueType
+    },
+    vulnerabilityReportIssueId
+  } = vulnerabilityReportIssueCodeNode;
+  const irrelevantIssueWithTags = mapCategoryToBucket[category] === "irrelevant" && vulnerabilityReportIssueTags?.length > 0 ? vulnerabilityReportIssueTags : [];
+  const commentRes = await scm.postPrComment({
+    body: `# ${MobbIconMarkdown} Your fix is ready!
+Refresh the page in order to see the changes.`,
+    pull_number: pullRequest,
+    commit_id: commitSha,
+    path: path17,
+    line: startLine
+  });
+  const commentId = commentRes.data.id;
+  const commentBody = buildIssueCommentBody({
+    issueId: vulnerabilityReportIssueId,
+    issueType: safeIssueType,
+    irrelevantIssueWithTags,
+    commentId,
+    commentUrl: commentRes.data.html_url,
+    scanner,
+    projectId,
+    analysisId,
+    organizationId,
+    fpDescription
+  });
+  return await scm.updatePrComment({
+    body: commentBody,
+    comment_id: commentId
+  });
+}
+async function postFixComment(params) {
+  const {
+    vulnerabilityReportIssueCodeNode,
+    projectId,
+    analysisId,
+    organizationId,
+    fixesById,
+    scm,
+    commitSha,
+    pullRequest,
+    scanner
+  } = params;
+  const {
+    path: path17,
+    startLine,
+    vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
+    vulnerabilityReportIssueId
+  } = vulnerabilityReportIssueCodeNode;
+  const irrelevantIssueWithTags = mapCategoryToBucket[category] === "irrelevant" && vulnerabilityReportIssueTags?.length > 0 ? vulnerabilityReportIssueTags : [];
+  const fix = fixesById[fixId];
+  if (!fix || fix.patchAndQuestions.__typename !== "FixData") {
+    throw new Error(`fix ${fixId} not found`);
   }
-  async updateScmToken(args) {
-    const { scmType, url, token, org, refreshToken } = args;
-    const updateScmTokenResult = await this._clientSdk.updateScmToken({
-      scmType,
-      url,
-      token,
-      org,
-      refreshToken
-    });
-    return updateScmTokenResult;
-  }
-  async uploadS3BucketInfo() {
-    const uploadS3BucketInfoResult = await this._clientSdk.uploadS3BucketInfo({
-      fileName: REPORT_DEFAULT_FILE_NAME
+  const {
+    patchAndQuestions: { patch }
+  } = fix;
+  const commentRes = await scm.postPrComment({
+    body: `# ${MobbIconMarkdown} Your fix is ready!
+Refresh the page in order to see the changes.`,
+    pull_number: pullRequest,
+    commit_id: commitSha,
+    path: path17,
+    line: startLine
+  });
+  const commentId = commentRes.data.id;
+  const commentBody = buildFixCommentBody({
+    fix,
+    issueId: vulnerabilityReportIssueId,
+    irrelevantIssueWithTags,
+    commentId,
+    commentUrl: commentRes.data.html_url,
+    scanner,
+    fixId,
+    projectId,
+    analysisId,
+    organizationId,
+    patch
+  });
+  return await scm.updatePrComment({
+    body: commentBody,
+    comment_id: commentId
+  });
+}
+async function getRelevantVulenrabilitiesFromDiff(params) {
+  const { gqlClient, diff, vulnerabilityReportId } = params;
+  const parsedDiff = parseDiff(diff);
+  const fileHunks = parsedDiff.map((file) => {
+    const fileNumbers = file.chunks.flatMap((chunk) => chunk.changes).filter((change) => change.type === "add").map((_change) => {
+      const change = _change;
+      return change.ln;
     });
-    return uploadS3BucketInfoResult;
-  }
-  async getVulByNodesMetadata({
-    hunks,
+    const lineAddedRanges = calculateRanges(fileNumbers);
+    const fileFilter = {
+      path: z27.string().parse(file.to),
+      ranges: lineAddedRanges.map(([startLine, endLine]) => ({
+        endLine,
+        startLine
+      }))
+    };
+    return fileFilter;
+  });
+  return gqlClient.getVulByNodesMetadata({
+    hunks: fileHunks,
     vulnerabilityReportId
-  }) {
-    const filters = hunks.map((hunk) => {
-      const filter = {
-        path: { _eq: hunk.path },
-        _or: hunk.ranges.flatMap(({ endLine, startLine }) => {
-          return [
-            { startLine: { _gte: startLine, _lte: endLine } },
-            { endLine: { _gte: startLine, _lte: endLine } }
-          ];
-        })
-      };
-      return filter;
+  });
+}
+async function getFixesData(params) {
+  const { gqlClient, fixesId } = params;
+  const { fixes } = await gqlClient.getFixes(fixesId);
+  return keyBy(fixes, "id");
+}
+async function postAnalysisInsightComment(params) {
+  const { prVulenrabilities, pullRequest, scanner, scm } = params;
+  const scanerString = scannerToFriendlyString[scanner];
+  const {
+    totalPrVulnerabilities,
+    vulnerabilitiesOutsidePr,
+    fixablePrVuls,
+    nonFixablePrVuls
+  } = prVulenrabilities;
+  debug11({
+    fixablePrVuls,
+    nonFixablePrVuls,
+    vulnerabilitiesOutsidePr,
+    totalPrVulnerabilities
+  });
+  if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr === 0) {
+    const body = `Awesome! No vulnerabilities were found  by **${scanerString}**`;
+    const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
+${body}`;
+    await scm.postGeneralPrComment({
+      body: noVulsFoundComment,
+      prNumber: pullRequest
     });
-    const getVulByNodesMetadataRes = await this._clientSdk.getVulByNodesMetadata({
-      filters: { _or: filters },
-      vulnerabilityReportId
+    return;
+  }
+  if (totalPrVulnerabilities === 0 && vulnerabilitiesOutsidePr > 0) {
+    const body = `Awesome! No vulnerabilities were found by **${scanerString}** in the changes made as part of this PR.`;
+    const body2 = `Please notice there are issues in this repo that are unrelated to this PR.`;
+    const noVulsFoundComment = `${noVulnerabilitiesFoundTitle}
+${body}
+${body2}`;
+    await scm.postGeneralPrComment({
+      body: noVulsFoundComment,
+      prNumber: pullRequest
     });
-    const parsedGetVulByNodesMetadataRes = GetVulByNodesMetadataZ.parse(
-      getVulByNodesMetadataRes
-    );
-    const uniqueVulByNodesMetadata = parsedGetVulByNodesMetadataRes.vulnerabilityReportIssueCodeNodes.reduce((acc, vulnerabilityReportIssueCodeNode) => {
-      if (acc[vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]) {
-        return acc;
-      }
-      return {
-        ...acc,
-        [vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]: vulnerabilityReportIssueCodeNode
-      };
-    }, {});
-    const nonFixablePrVuls = parsedGetVulByNodesMetadataRes.nonFixablePrVuls.aggregate.count;
-    const fixablePrVuls = parsedGetVulByNodesMetadataRes.fixablePrVuls.aggregate.count;
-    const totalScanVulnerabilities = parsedGetVulByNodesMetadataRes.totalScanVulnerabilities.aggregate.count;
-    const vulnerabilitiesOutsidePr = totalScanVulnerabilities - nonFixablePrVuls - fixablePrVuls;
-    const totalPrVulnerabilities = nonFixablePrVuls + fixablePrVuls;
-    const irrelevantVulnerabilityReportIssues = parsedGetVulByNodesMetadataRes.irrelevantVulnerabilityReportIssue?.[0]?.vulnerabilityReportIssues ?? [];
-    return {
-      vulnerabilityReportIssueCodeNodes: Object.values(
-        uniqueVulByNodesMetadata
-      ),
-      nonFixablePrVuls,
-      fixablePrVuls,
-      totalScanVulnerabilities,
-      vulnerabilitiesOutsidePr,
-      totalPrVulnerabilities,
-      irrelevantVulnerabilityReportIssues
-    };
+    return;
   }
-  async digestVulnerabilityReport({
-    fixReportId,
-    projectId,
-    scanSource,
-    repoUrl,
-    reference,
-    sha,
-    shouldScan
-  }) {
-    const res = await this._clientSdk.DigestVulnerabilityReport({
-      fixReportId,
-      vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
-      projectId,
-      scanSource,
-      repoUrl,
-      reference,
-      sha
+  if (fixablePrVuls === 0 && nonFixablePrVuls > 0) {
+    const title = `# ${MobbIconMarkdown} We couldn't fix the issues detected by **${scanerString}**`;
+    const body = `Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.`;
+    const noFixableVulsComment = `${title}
+${body}
+${contactUsMarkdown}`;
+    await scm.postGeneralPrComment({
+      body: noFixableVulsComment,
+      prNumber: pullRequest
     });
-    if (res.digestVulnerabilityReport.__typename !== "VulnerabilityReport") {
-      throw new Error("Digesting vulnerability report failed");
-    }
-    return res.digestVulnerabilityReport;
+    return;
   }
-  async submitVulnerabilityReport(params) {
-    const {
-      fixReportId,
-      repoUrl,
-      reference,
-      projectId,
-      sha,
-      experimentalEnabled,
-      vulnerabilityReportFileName,
-      pullRequest
-    } = params;
-    return await this._clientSdk.SubmitVulnerabilityReport({
-      fixReportId,
-      repoUrl,
-      reference,
-      vulnerabilityReportFileName,
-      projectId,
-      pullRequest,
-      sha: sha || "",
-      experimentalEnabled: !!experimentalEnabled,
-      scanSource: params.scanSource,
-      scanContext: ScanContext.BUGSY
+  if (fixablePrVuls < nonFixablePrVuls && fixablePrVuls > 0) {
+    const title = `# ${MobbIconMarkdown} We couldn't fix some of the issues detected by **${scanerString}**`;
+    const body = "Mobb Fixer gets better and better every day, but unfortunately your current issues aren't supported yet.";
+    const fixableVulsComment = `${title}
+${body}
+${contactUsMarkdown}`;
+    await scm.postGeneralPrComment({
+      body: fixableVulsComment,
+      prNumber: pullRequest
     });
+    return;
   }
-  async getFixReportState(fixReportId) {
-    const res = await this._clientSdk.FixReportState({ id: fixReportId });
-    return res?.fixReport_by_pk?.state || "Created" /* Created */;
+}
+
+// src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
+var debug12 = Debug11("mobbdev:handle-finished-analysis");
+async function addFixCommentsForPr({
+  analysisId,
+  scm: _scm,
+  gqlClient,
+  scanner
+}) {
+  if (!(_scm instanceof GithubSCMLib)) {
+    return;
   }
-  async waitFixReportInit(fixReportId, includeDigested = false) {
-    const FINAL_STATES = [
-      "Finished" /* Finished */,
-      "Failed" /* Failed */
-    ];
-    let lastState = "Created" /* Created */;
-    let attempts = 100;
-    if (includeDigested) {
-      FINAL_STATES.push("Digested" /* Digested */);
+  const scm = _scm;
+  const getAnalysisRes = await gqlClient.getAnalysis(analysisId);
+  debug12("getAnalysis %o", getAnalysisRes);
+  const {
+    vulnerabilityReport: {
+      projectId,
+      project: {
+        organizationId,
+        organization: { ghFixerNoFixComments }
+      }
     }
-    do {
-      await sleep(REPORT_STATE_CHECK_DELAY);
-      lastState = await this.getFixReportState(fixReportId);
-    } while (!FINAL_STATES.includes(
-      lastState
-      // wait for final the state of the fix report
-    ) && attempts-- > 0);
-    return lastState;
-  }
-  async getVulnerabilityReportPaths(vulnerabilityReportId) {
-    const res = await this._clientSdk.GetVulnerabilityReportPaths({
-      vulnerabilityReportId
-    });
-    return res.vulnerability_report_path.map((p) => p.path);
+  } = getAnalysisRes;
+  if (!getAnalysisRes.repo?.commitSha || !getAnalysisRes.repo.pullRequest) {
+    throw new Error("repo not found");
   }
-  async subscribeToAnalysis(params) {
-    const { callbackStates } = params;
-    return subscribe(
-      GetAnalysisSubscriptionDocument,
-      params.subscribeToAnalysisParams,
-      async (resolve, reject, data) => {
-        if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
-          const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
-          reject(
-            new ReportDigestError(errorMessage, data.analysis?.failReason ?? "")
+  const { commitSha, pullRequest } = getAnalysisRes.repo;
+  const diff = await scm.getPrDiff({ pull_number: pullRequest });
+  const prVulenrabilities = await getRelevantVulenrabilitiesFromDiff({
+    diff,
+    gqlClient,
+    vulnerabilityReportId: getAnalysisRes.vulnerabilityReportId
+  });
+  const {
+    vulnerabilityReportIssueCodeNodes,
+    irrelevantVulnerabilityReportIssues
+  } = prVulenrabilities;
+  const fixesId = vulnerabilityReportIssueCodeNodes.map(
+    ({ vulnerabilityReportIssue: { fixId } }) => fixId
+  );
+  const fixesById = await getFixesData({ fixesId, gqlClient });
+  const [comments, generalPrComments] = await Promise.all([
+    scm.getPrComments({ pull_number: pullRequest }),
+    scm.getGeneralPrComments({ prNumber: pullRequest })
+  ]);
+  await Promise.all([
+    ...deleteAllPreviousComments({ comments, scm }),
+    ...deleteAllPreviousGeneralPrComments({ generalPrComments, scm })
+  ]);
+  await Promise.all(
+    [
+      ...prVulenrabilities.vulnerabilityReportIssueCodeNodes.map(
+        (vulnerabilityReportIssueCodeNode) => {
+          return postFixComment({
+            vulnerabilityReportIssueCodeNode,
+            projectId,
+            analysisId,
+            organizationId,
+            fixesById,
+            scm,
+            pullRequest,
+            scanner,
+            commitSha
+          });
+        }
+      ),
+      ...irrelevantVulnerabilityReportIssues.map(
+        async (vulnerabilityReportIssue) => {
+          let fpDescription = null;
+          if (vulnerabilityReportIssue.fpId) {
+            const fpRes = await gqlClient.getFalsePositive({
+              fpId: vulnerabilityReportIssue.fpId
+            });
+            const parsedFpRes = await FalsePositivePartsZ.parseAsync(
+              fpRes?.getFalsePositive
+            );
+            const { description, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
+            fpDescription = contextString ? `${description}
+
+${contextString}` : description;
+          }
+          return await Promise.all(
+            vulnerabilityReportIssue.codeNodes.map(
+              async (vulnerabilityReportIssueCodeNode) => {
+                return await postIssueComment({
+                  vulnerabilityReportIssueCodeNode: {
+                    path: vulnerabilityReportIssueCodeNode.path,
+                    startLine: vulnerabilityReportIssueCodeNode.startLine,
+                    vulnerabilityReportIssue: {
+                      fixId: "",
+                      safeIssueType: vulnerabilityReportIssue.safeIssueType,
+                      vulnerabilityReportIssueTags: vulnerabilityReportIssue.vulnerabilityReportIssueTags,
+                      category: vulnerabilityReportIssue.category
+                    },
+                    vulnerabilityReportIssueId: vulnerabilityReportIssue.id
+                  },
+                  projectId,
+                  analysisId,
+                  organizationId,
+                  fixesById,
+                  scm,
+                  pullRequest,
+                  scanner,
+                  commitSha,
+                  fpDescription
+                });
+              }
+            )
           );
+        }
+      ),
+      !ghFixerNoFixComments && postAnalysisInsightComment({
+        prVulenrabilities,
+        pullRequest,
+        scanner,
+        scm
+      })
+    ].filter(Boolean)
+  );
+}
+
+// src/features/analysis/auto_pr_handler.ts
+import Debug12 from "debug";
+var debug13 = Debug12("mobbdev:handleAutoPr");
+async function handleAutoPr(params) {
+  const {
+    gqlClient,
+    analysisId,
+    commitDirectly,
+    prId,
+    createSpinner: createSpinner5,
+    createOnePr
+  } = params;
+  const createAutoPrSpinner = createSpinner5(
+    "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
+  ).start();
+  return await gqlClient.subscribeToAnalysis({
+    subscribeToAnalysisParams: {
+      analysisId
+    },
+    callback: async (analysisId2) => {
+      const autoPrAnalysisRes = await gqlClient.autoPrAnalysis({
+        analysisId: analysisId2,
+        commitDirectly,
+        prId,
+        prStrategy: createOnePr ? "CONDENSE" /* Condense */ : "SPREAD" /* Spread */
+      });
+      debug13("auto pr analysis res %o", autoPrAnalysisRes);
+      if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
+        createAutoPrSpinner.error({
+          text: `\u{1F504} Automatic pull request failed - ${autoPrAnalysisRes.autoPrAnalysis.error}`
+        });
+        return;
+      }
+      if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrSuccess") {
+        const { appliedAutoPrIssueTypes } = autoPrAnalysisRes.autoPrAnalysis;
+        if (appliedAutoPrIssueTypes.length === 0) {
+          createAutoPrSpinner.success({
+            text: "\u{1F504} Automatic pull request did not find any new fixes to open a pull request for"
+          });
           return;
         }
-        if (callbackStates.includes(data.analysis?.state)) {
-          await params.callback(data.analysis.id);
-          resolve(data);
-        }
-      },
-      this._auth.type === "apiKey" ? {
-        apiKey: this._auth.apiKey,
-        type: "apiKey",
-        timeoutInMs: params.timeoutInMs
-      } : {
-        token: this._auth.token,
-        type: "token",
-        timeoutInMs: params.timeoutInMs
+        createAutoPrSpinner.success({
+          text: `\u{1F504} Automatic pull request creation initiated successfully for the following issue types: ${appliedAutoPrIssueTypes}`
+        });
       }
-    );
-  }
-  async getFixReportsByRepoUrl({ repoUrl }) {
-    const res = await this._clientSdk.GetFixReportsByRepoUrl({
-      repoUrl
-    });
-    return res;
-  }
-  async getAnalysis(analysisId) {
-    const res = await this._clientSdk.getAnalysis({
-      analysisId
-    });
-    if (!res.analysis) {
-      throw new Error(`Analysis not found: ${analysisId}`);
+    },
+    callbackStates: ["Finished" /* Finished */]
+  });
+}
+
+// src/features/analysis/git.ts
+init_GitService();
+import Debug13 from "debug";
+var debug14 = Debug13("mobbdev:git");
+async function getGitInfo(srcDirPath) {
+  debug14("getting git info for %s", srcDirPath);
+  const gitService = new GitService(srcDirPath);
+  try {
+    const validationResult = await gitService.validateRepository();
+    if (!validationResult.isValid) {
+      debug14("folder is not a git repo");
+      return {
+        success: false,
+        hash: void 0,
+        reference: void 0,
+        repoUrl: void 0
+      };
     }
-    return res.analysis;
-  }
-  async autoPrAnalysis({
-    analysisId,
-    commitDirectly,
-    prId,
-    prStrategy
-  }) {
-    return this._clientSdk.autoPrAnalysis({
-      analysisId,
-      commitDirectly,
-      prId,
-      prStrategy
-    });
-  }
-  async getFixes(fixIds) {
-    const res = await this._clientSdk.getFixes({
-      filters: { id: { _in: fixIds } }
-    });
-    return res;
-  }
-  async validateRepoUrl(args) {
-    return this._clientSdk.validateRepoUrl(args);
-  }
-  async getReferenceData(args) {
-    return this._clientSdk.gitReference(args);
-  }
-  async getFalsePositive(args) {
-    return this._clientSdk.getFalsePositive(args);
+    const gitInfo2 = await gitService.getGitInfo();
+    return {
+      success: true,
+      ...gitInfo2
+    };
+  } catch (e) {
+    if (e instanceof Error) {
+      debug14("failed to run git %o", e);
+      if (e.message.includes(" spawn ")) {
+        debug14("git cli not installed");
+      } else {
+        throw e;
+      }
+    }
+    throw e;
   }
-};
+}
 
 // src/features/analysis/pack.ts
 init_configs();
 import fs8 from "fs";
 import path7 from "path";
 import AdmZip from "adm-zip";
-import Debug13 from "debug";
+import Debug14 from "debug";
 import { globby } from "globby";
 import { isBinary as isBinary2 } from "istextorbinary";
 import { simpleGit as simpleGit2 } from "simple-git";
 import { parseStringPromise } from "xml2js";
 import { z as z28 } from "zod";
-var debug14 = Debug13("mobbdev:pack");
+var debug15 = Debug14("mobbdev:pack");
 var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z28.object({
   properties: z28.object({
     entry: z28.array(
@@ -11282,7 +11388,7 @@ function getManifestFilesSuffixes() {
   return ["package.json", "pom.xml"];
 }
 async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
-  debug14("pack folder %s", srcDirPath);
+  debug15("pack folder %s", srcDirPath);
   let git = void 0;
   try {
     git = simpleGit2({
@@ -11292,13 +11398,13 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
     });
     await git.status();
   } catch (e) {
-    debug14("failed to run git %o", e);
+    debug15("failed to run git %o", e);
     git = void 0;
     if (e instanceof Error) {
       if (e.message.includes(" spawn ")) {
-        debug14("git cli not installed");
+        debug15("git cli not installed");
       } else if (e.message.includes("not a git repository")) {
-        debug14("folder is not a git repo");
+        debug15("folder is not a git repo");
       } else {
         throw e;
       }
@@ -11313,9 +11419,9 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
     followSymbolicLinks: false,
     dot: true
   });
-  debug14("files found %d", filepaths.length);
+  debug15("files found %d", filepaths.length);
   const zip = new AdmZip();
-  debug14("compressing files");
+  debug15("compressing files");
   for (const filepath of filepaths) {
     const absFilepath = path7.join(srcDirPath, filepath.toString());
     if (!isIncludeAllFiles) {
@@ -11324,26 +11430,26 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
         absFilepath.toString().replaceAll(path7.win32.sep, path7.posix.sep),
         vulnFiles
       )) {
-        debug14("ignoring %s because it is not a vulnerability file", filepath);
+        debug15("ignoring %s because it is not a vulnerability file", filepath);
         continue;
       }
     }
     if (fs8.lstatSync(absFilepath).size > MCP_MAX_FILE_SIZE) {
-      debug14("ignoring %s because the size is > 5MB", filepath);
+      debug15("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
     const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs8.readFileSync(absFilepath);
     if (isBinary2(null, data)) {
-      debug14("ignoring %s because is seems to be a binary file", filepath);
+      debug15("ignoring %s because is seems to be a binary file", filepath);
       continue;
     }
     zip.addFile(filepath.toString(), data);
   }
-  debug14("get zip file buffer");
+  debug15("get zip file buffer");
   return zip.toBuffer();
 }
 async function repackFpr(fprPath) {
-  debug14("repack fpr file %s", fprPath);
+  debug15("repack fpr file %s", fprPath);
   const zipIn = new AdmZip(fprPath);
   const zipOut = new AdmZip();
   const mappingXML = zipIn.readAsText("src-archive/index.xml", "utf-8");
@@ -11358,7 +11464,7 @@ async function repackFpr(fprPath) {
       zipOut.addFile(realPath, buf);
     }
   }
-  debug14("get repacked zip file buffer");
+  debug15("get repacked zip file buffer");
   return zipOut.toBuffer();
 }
 
@@ -11428,8 +11534,8 @@ async function snykArticlePrompt() {
 
 // src/features/analysis/scanners/checkmarx.ts
 import { createRequire } from "module";
-import chalk3 from "chalk";
-import Debug15 from "debug";
+import chalk4 from "chalk";
+import Debug16 from "debug";
 import { existsSync } from "fs";
 import { createSpinner as createSpinner2 } from "nanospinner";
 import { type } from "os";
@@ -11441,7 +11547,7 @@ var cxOperatingSystemSupportMessage = `Your operating system does not support ch
 
 // src/utils/child_process.ts
 import cp from "child_process";
-import Debug14 from "debug";
+import Debug15 from "debug";
 import * as process2 from "process";
 function createFork({ args, processPath, name }, options) {
   const child = cp.fork(processPath, args, {
@@ -11459,7 +11565,7 @@ function createSpawn({ args, processPath, name, cwd }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug21 = Debug14(`mobbdev:${name}`);
+  const debug21 = Debug15(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
@@ -11489,7 +11595,7 @@ function createChildProcess({ childProcess, name }, options) {
 }
 
 // src/features/analysis/scanners/checkmarx.ts
-var debug15 = Debug15("mobbdev:checkmarx");
+var debug16 = Debug16("mobbdev:checkmarx");
 var moduleUrl;
 if (typeof __filename !== "undefined") {
   moduleUrl = __filename;
@@ -11548,14 +11654,14 @@ function validateCheckmarxInstallation() {
   existsSync(getCheckmarxPath());
 }
 async function forkCheckmarx(args, { display }) {
-  debug15("fork checkmarx with args %o %s", args.join(" "), display);
+  debug16("fork checkmarx with args %o %s", args.join(" "), display);
   return createSpawn(
     { args, processPath: getCheckmarxPath(), name: "checkmarx" },
     { display }
   );
 }
 async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectName }, { skipPrompts = false }) {
-  debug15("get checkmarx report start %s %s", reportPath, repositoryRoot);
+  debug16("get checkmarx report start %s %s", reportPath, repositoryRoot);
   const { code: loginCode } = await forkCheckmarx(VALIDATE_COMMAND, {
     display: false
   });
@@ -11594,7 +11700,7 @@ async function throwCheckmarxConfigError() {
   await createSpinner2("\u{1F513} Checkmarx is not configued correctly").start().error();
   throw new CliError(
     `Checkmarx is not configued correctly
- you can configure it by using the ${chalk3.bold(
+ you can configure it by using the ${chalk4.bold(
       "cx configure"
     )} command`
   );
@@ -11602,8 +11708,8 @@ async function throwCheckmarxConfigError() {
 async function validateCheckamxCredentials() {
   console.log(`
         Here's a suggestion for checkmarx configuation: 
-          ${chalk3.bold("AST Base URI:")} https://ast.checkmarx.net
-          ${chalk3.bold("AST Base Auth URI (IAM):")} https://iam.checkmarx.net
+          ${chalk4.bold("AST Base URI:")} https://ast.checkmarx.net
+          ${chalk4.bold("AST Base Auth URI (IAM):")} https://iam.checkmarx.net
   `);
   await forkCheckmarx(CONFIGURE_COMMAND, { display: true });
   const { code: loginCode } = await forkCheckmarx(VALIDATE_COMMAND, {
@@ -11622,11 +11728,11 @@ async function validateCheckamxCredentials() {
 
 // src/features/analysis/scanners/snyk.ts
 import { createRequire as createRequire2 } from "module";
-import chalk4 from "chalk";
-import Debug16 from "debug";
+import chalk5 from "chalk";
+import Debug17 from "debug";
 import { createSpinner as createSpinner3 } from "nanospinner";
-import open from "open";
-var debug16 = Debug16("mobbdev:snyk");
+import open2 from "open";
+var debug17 = Debug17("mobbdev:snyk");
 var moduleUrl2;
 if (typeof __filename !== "undefined") {
   moduleUrl2 = __filename;
@@ -11648,15 +11754,15 @@ if (typeof __filename !== "undefined") {
 var costumeRequire2 = createRequire2(moduleUrl2);
 var SNYK_PATH = costumeRequire2.resolve("snyk/bin/snyk");
 var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-using-snyk/snyk-code/configure-snyk-code#enable-snyk-code";
-debug16("snyk executable path %s", SNYK_PATH);
+debug17("snyk executable path %s", SNYK_PATH);
 async function forkSnyk(args, { display }) {
-  debug16("fork snyk with args %o %s", args, display);
+  debug17("fork snyk with args %o %s", args, display);
   return createFork({ args, processPath: SNYK_PATH, name: "snyk" }, { display });
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
-  debug16("get snyk report start %s %s", reportPath, repoRoot);
-  const config4 = await forkSnyk(["config"], { display: false });
-  const { message: configMessage } = config4;
+  debug17("get snyk report start %s %s", reportPath, repoRoot);
+  const config6 = await forkSnyk(["config"], { display: false });
+  const { message: configMessage } = config6;
   if (!configMessage.includes("api: ")) {
     const snykLoginSpinner = createSpinner3().start();
     if (!skipPrompts) {
@@ -11668,7 +11774,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug16("no token in the config %s", config4);
+    debug17("no token in the config %s", config6);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -11678,16 +11784,16 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     { display: true }
   );
   if (scanOutput.includes("Snyk Code is not supported for org")) {
-    debug16("snyk code is not enabled %s", scanOutput);
+    debug17("snyk code is not enabled %s", scanOutput);
     snykSpinner.error({ text: "\u{1F50D} Snyk configuration needed" });
     const answer = await snykArticlePrompt();
-    debug16("answer %s", answer);
+    debug17("answer %s", answer);
     if (answer) {
-      debug16("opening the browser");
-      await open(SNYK_ARTICLE_URL);
+      debug17("opening the browser");
+      await open2(SNYK_ARTICLE_URL);
     }
     console.log(
-      chalk4.bgBlue(
+      chalk5.bgBlue(
         "\nPlease enable Snyk Code in your Snyk account and try again."
       )
     );
@@ -11698,9 +11804,9 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
 }
 
 // src/features/analysis/upload-file.ts
-import Debug17 from "debug";
+import Debug18 from "debug";
 import fetch3, { File, fileFrom, FormData } from "node-fetch";
-var debug17 = Debug17("mobbdev:upload-file");
+var debug18 = Debug18("mobbdev:upload-file");
 async function uploadFile({
   file,
   url,
@@ -11713,9 +11819,9 @@ async function uploadFile({
   logInfo2(`FileUpload: upload file start ${url}`);
   logInfo2(`FileUpload: upload fields`, uploadFields);
   logInfo2(`FileUpload: upload key ${uploadKey}`);
-  debug17("upload file start %s", url);
-  debug17("upload fields %o", uploadFields);
-  debug17("upload key %s", uploadKey);
+  debug18("upload file start %s", url);
+  debug18("upload fields %o", uploadFields);
+  debug18("upload key %s", uploadKey);
   const form = new FormData();
   Object.entries(uploadFields).forEach(([key, value]) => {
     form.append(key, value);
@@ -11724,11 +11830,11 @@ async function uploadFile({
     form.append("key", uploadKey);
   }
   if (typeof file === "string") {
-    debug17("upload file from path %s", file);
+    debug18("upload file from path %s", file);
     logInfo2(`FileUpload: upload file from path ${file}`);
     form.append("file", await fileFrom(file));
   } else {
-    debug17("upload file from buffer");
+    debug18("upload file from buffer");
     logInfo2(`FileUpload: upload file from buffer`);
     form.append("file", new File([new Uint8Array(file)], "file"));
   }
@@ -11739,11 +11845,11 @@ async function uploadFile({
     agent
   });
   if (!response.ok) {
-    debug17("error from S3 %s %s", response.body, response.status);
+    debug18("error from S3 %s %s", response.body, response.status);
     logInfo2(`FileUpload: error from S3 ${response.body} ${response.status}`);
     throw new Error(`Failed to upload the file: ${response.status}`);
   }
-  debug17("upload file done");
+  debug18("upload file done");
   logInfo2(`FileUpload: upload file done`);
 }
 
@@ -11778,9 +11884,9 @@ async function downloadRepo({
 }) {
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
-  debug18("download repo %s %s %s", repoUrl, dirname);
+  debug19("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path9.join(dirname, "repo.zip");
-  debug18("download URL: %s auth headers: %o", downloadUrl, authHeaders);
+  debug19("download URL: %s auth headers: %o", downloadUrl, authHeaders);
   const response = await fetch4(downloadUrl, {
     method: "GET",
     headers: {
@@ -11788,9 +11894,9 @@ async function downloadRepo({
     }
   });
   if (!response.ok) {
-    debug18("SCM zipball request failed %s %s", response.body, response.status);
+    debug19("SCM zipball request failed %s %s", response.body, response.status);
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
-    throw new Error(`Can't access ${chalk5.bold(repoUrl)}`);
+    throw new Error(`Can't access ${chalk6.bold(repoUrl)}`);
   }
   const fileWriterStream = fs9.createWriteStream(zipFilePath);
   if (!response.body) {
@@ -11802,7 +11908,7 @@ async function downloadRepo({
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
-  debug18("repo root %s", repoRoot);
+  debug19("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
   return path9.join(dirname, repoRoot);
 }
@@ -11811,9 +11917,9 @@ var getReportUrl = ({
   projectId,
   fixReportId
 }) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
-var debug18 = Debug18("mobbdev:index");
-var config2 = new Configstore(packageJson.name, { apiToken: "" });
-debug18("config %o", config2);
+var debug19 = Debug19("mobbdev:index");
+var config3 = new Configstore2(packageJson.name, { apiToken: "" });
+debug19("config %o", config3);
 async function runAnalysis(params, options) {
   const tmpObj = tmp2.dirSync({
     unsafeCleanup: true
@@ -11958,11 +12064,11 @@ async function _scan(params, { skipPrompts = false } = {}) {
     commitDirectly,
     pullRequest
   } = params;
-  debug18("start %s %s", dirname, repo);
+  debug19("start %s %s", dirname, repo);
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
   let gqlClient = new GQLClient({
-    apiKey: apiKey ?? config2.get("apiToken") ?? "",
+    apiKey: apiKey ?? config3.get("apiToken") ?? "",
     type: "apiKey"
   });
   gqlClient = await handleMobbLogin({
@@ -12032,8 +12138,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     );
   }
   const { sha } = getReferenceDataRes.gitReference;
-  debug18("project id %s", projectId);
-  debug18("default branch %s", reference);
+  debug19("project id %s", projectId);
+  debug19("default branch %s", reference);
   if (command === "scan") {
     reportPath = await getReport(
       {
@@ -12131,11 +12237,11 @@ async function _scan(params, { skipPrompts = false } = {}) {
       fixReportId: reportUploadInfo.fixReportId
     });
     !ci && console.log("You can access the analysis at: \n");
-    console.log(chalk5.bold(reportUrl));
+    console.log(chalk6.bold(reportUrl));
     !skipPrompts && await mobbAnalysisPrompt();
-    !ci && open2(reportUrl);
+    !ci && open3(reportUrl);
     !ci && console.log(
-      chalk5.bgBlue("\n\n  My work here is done for now, see you soon! \u{1F575}\uFE0F\u200D\u2642\uFE0F  ")
+      chalk6.bgBlue("\n\n  My work here is done for now, see you soon! \u{1F575}\uFE0F\u200D\u2642\uFE0F  ")
     );
   }
   async function handleScmIntegration(oldToken, scmAuthUrl2, repoUrl) {
@@ -12152,7 +12258,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     console.log(
       `If the page does not open automatically, kindly access it through ${scmAuthUrl2}.`
     );
-    await open2(scmAuthUrl2);
+    await open3(scmAuthUrl2);
     for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
       const userInfo = await gqlClient.getUserInfo();
       if (!userInfo) {
@@ -12410,7 +12516,6 @@ async function waitForAnaysisAndReviewPr({
 }
 
 // src/commands/index.ts
-var debug19 = Debug19("mobbdev:commands");
 async function review(params, { skipPrompts = true } = {}) {
   const {
     repo,
@@ -12479,11 +12584,11 @@ async function analyze({
     { skipPrompts }
   );
 }
-var config3 = new Configstore2(packageJson.name, { apiToken: "" });
+var config4 = new Configstore3(packageJson.name, { apiToken: "" });
 async function addScmToken(addScmTokenOptions) {
   const { apiKey, token, organization, scmType, url, refreshToken, ci } = addScmTokenOptions;
   let gqlClient = new GQLClient({
-    apiKey: apiKey ?? config3.get("apiToken") ?? "",
+    apiKey: apiKey ?? config4.get("apiToken") ?? "",
     type: "apiKey"
   });
   gqlClient = await handleMobbLogin({
@@ -12537,99 +12642,6 @@ async function showWelcomeMessage(skipPrompts = false) {
   skipPrompts ? await sleep(100) : await sleep(2e3);
   welcome.stop();
 }
-var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
-var LOGIN_CHECK_DELAY = 5 * 1e3;
-var webLoginUrl = `${WEB_APP_URL}/cli-login`;
-var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk6.bgBlue(
-  "press any key to continue"
-)};`;
-async function handleMobbLogin({
-  inGqlClient,
-  apiKey,
-  skipPrompts
-}) {
-  const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
-  const isConnected = await inGqlClient.verifyApiConnection();
-  if (!isConnected) {
-    createSpinner5().start().error({
-      text: "\u{1F513} Connection to Mobb: failed to connect to the Mobb server"
-    });
-    throw new CliError(
-      "Connection to Mobb: failed to connect to the Mobb server"
-    );
-  }
-  createSpinner5().start().success({
-    text: `\u{1F513} Connection to Mobb: succeeded`
-  });
-  const userVerify = await inGqlClient.validateUserToken();
-  if (userVerify) {
-    createSpinner5().start().success({
-      text: `\u{1F513} Login to Mobb succeeded. ${typeof userVerify === "string" ? `Logged in as ${userVerify}` : ""}`
-    });
-    return inGqlClient;
-  } else if (apiKey) {
-    createSpinner5().start().error({
-      text: "\u{1F513} Login to Mobb failed: The provided API key does not match any configured API key on the system"
-    });
-    throw new CliError(
-      "Login to Mobb failed: The provided API key does not match any configured API key on the system"
-    );
-  }
-  const loginSpinner = createSpinner5().start();
-  if (!skipPrompts) {
-    loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
-    await keypress();
-  }
-  loginSpinner.update({
-    text: "\u{1F513} Waiting for Mobb login..."
-  });
-  const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
-    modulusLength: 2048
-  });
-  const loginId = await inGqlClient.createCliLogin({
-    publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
-  });
-  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
-  !skipPrompts && console.log(
-    `If the page does not open automatically, kindly access it through ${browserUrl}.`
-  );
-  await open3(browserUrl);
-  let newApiToken = null;
-  for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
-    const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
-      loginId
-    });
-    loginSpinner.spin();
-    if (encryptedApiToken) {
-      debug19("encrypted API token received %s", encryptedApiToken);
-      newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
-      debug19("API token decrypted");
-      break;
-    }
-    await sleep(LOGIN_CHECK_DELAY);
-  }
-  if (!newApiToken) {
-    loginSpinner.error({
-      text: "Login timeout error"
-    });
-    throw new CliError();
-  }
-  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
-  const loginSuccess = await newGqlClient.validateUserToken();
-  if (loginSuccess) {
-    debug19(`set api token ${newApiToken}`);
-    config3.set("apiToken", newApiToken);
-    loginSpinner.success({
-      text: `\u{1F513} Login to Mobb successful! ${typeof loginSpinner === "string" ? `Logged in as ${loginSuccess}` : ""}`
-    });
-  } else {
-    loginSpinner.error({
-      text: "Something went wrong, API token is invalid."
-    });
-    throw new CliError();
-  }
-  return newGqlClient;
-}
 
 // src/args/validation.ts
 import chalk7 from "chalk";
@@ -12771,7 +12783,7 @@ import {
 } from "@modelcontextprotocol/sdk/types.js";
 
 // src/mcp/Logger.ts
-import Configstore3 from "configstore";
+import Configstore4 from "configstore";
 
 // src/mcp/services/WorkspaceService.ts
 var WorkspaceService = class {
@@ -12857,7 +12869,7 @@ var Logger = class {
     __publicField(this, "lastKnownPath", null);
     this.host = WorkspaceService.getHost();
     this.unknownPathSuffix = Math.floor(1e3 + Math.random() * 9e3).toString();
-    this.mobbConfigStore = new Configstore3("mobb-logs", {});
+    this.mobbConfigStore = new Configstore4("mobb-logs", {});
     this.mobbConfigStore.set("version", packageJson.version);
   }
   /**
@@ -13055,7 +13067,7 @@ var GetLatestReportByRepoUrlResponseSchema = z31.object({
 });
 
 // src/mcp/services/ConfigStoreService.ts
-import Configstore4 from "configstore";
+import Configstore5 from "configstore";
 init_configs();
 function createConfigStore(defaultValues = { apiToken: "" }) {
   const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
@@ -13067,7 +13079,7 @@ function createConfigStore(defaultValues = { apiToken: "" }) {
     domain = API_URL2.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/:\d+$/, "");
   }
   const sanitizedDomain = domain.replace(/\./g, "_");
-  return new Configstore4(
+  return new Configstore5(
     `${packageJson.name}-${sanitizedDomain}`,
     defaultValues
   );
@@ -13884,34 +13896,34 @@ var readConfigFile = (filePath) => {
     return null;
   }
 };
-var mergeConfigIntoResult = (config4, mergedConfig) => {
-  if (config4?.projects) {
+var mergeConfigIntoResult = (config6, mergedConfig) => {
+  if (config6?.projects) {
     const allMcpServers = {};
-    for (const projectPath in config4.projects) {
-      const project = config4.projects[projectPath];
+    for (const projectPath in config6.projects) {
+      const project = config6.projects[projectPath];
       if (project?.mcpServers) {
         Object.assign(allMcpServers, project.mcpServers);
       }
     }
     mergedConfig.mcpServers = { ...mergedConfig.mcpServers, ...allMcpServers };
   }
-  if (config4?.mcpServers) {
+  if (config6?.mcpServers) {
     mergedConfig.mcpServers = {
       ...mergedConfig.mcpServers,
-      ...config4.mcpServers
+      ...config6.mcpServers
     };
   }
-  if (config4?.servers) {
-    mergedConfig.servers = { ...mergedConfig.servers, ...config4.servers };
+  if (config6?.servers) {
+    mergedConfig.servers = { ...mergedConfig.servers, ...config6.servers };
   }
 };
 var readMCPConfig = (hostName) => {
   const configPaths = getMCPConfigPaths(hostName);
   const mergedConfig = {};
   for (const configPath of configPaths) {
-    const config4 = readConfigFile(configPath);
-    if (config4) {
-      mergeConfigIntoResult(config4, mergedConfig);
+    const config6 = readConfigFile(configPath);
+    if (config6) {
+      mergeConfigIntoResult(config6, mergedConfig);
     }
   }
   return Object.keys(mergedConfig).length > 0 ? mergedConfig : null;
@@ -14038,10 +14050,10 @@ var getHostInfo = (additionalMcpList) => {
     if (cfg) allConfigs[ide] = cfg;
   }
   for (const additionalPath of uniqueAdditionalPaths) {
-    const config4 = readConfigFile(additionalPath);
-    if (!config4) continue;
+    const config6 = readConfigFile(additionalPath);
+    if (!config6) continue;
     const mergedConfig = {};
-    mergeConfigIntoResult(config4, mergedConfig);
+    mergeConfigIntoResult(config6, mergedConfig);
     if (Object.keys(mergedConfig).length > 0) {
       allConfigs["system"] = mergedConfig;
     }
@@ -14109,7 +14121,7 @@ var getHostInfo = (additionalMcpList) => {
     }
   }
   for (const { ide, name, command, isRunning } of servers) {
-    const config4 = allConfigs[ide] || null;
+    const config6 = allConfigs[ide] || null;
     const ideName = ide.charAt(0).toUpperCase() + ide.slice(1) || "Unknown";
     let ideVersion = "Unknown";
     const platform = os3.platform();
@@ -14126,8 +14138,8 @@ var getHostInfo = (additionalMcpList) => {
       }
     }
     let mcpConfigObj = {};
-    if (config4) {
-      const allServers = config4.mcpServers || config4.servers || {};
+    if (config6) {
+      const allServers = config6.mcpServers || config6.servers || {};
       if (name in allServers && allServers[name]) {
         mcpConfigObj = allServers[name];
       }
@@ -14436,7 +14448,7 @@ var ToolRegistry = class {
 
 // src/mcp/core/McpServer.ts
 var McpServer = class {
-  constructor(config4, govOrgId = "") {
+  constructor(config6, govOrgId = "") {
     __publicField(this, "server");
     __publicField(this, "toolRegistry");
     __publicField(this, "isEventHandlersSetup", false);
@@ -14449,8 +14461,8 @@ var McpServer = class {
     this.mcpUsageService = govOrgId ? new McpUsageService(govOrgId) : null;
     this.server = new Server(
       {
-        name: config4.name,
-        version: config4.version
+        name: config6.name,
+        version: config6.version
       },
       {
         capabilities: {
@@ -14464,7 +14476,7 @@ var McpServer = class {
     this.setupParentProcessMonitoring();
     logInfo("MCP server instance created");
     logDebug("MCP server instance config", {
-      config: config4,
+      config: config6,
       parentPid: this.parentPid
     });
   }
@@ -19169,6 +19181,7 @@ async function addScmTokenHandler(args) {
 import fsPromises3 from "fs/promises";
 import path16 from "path";
 import chalk10 from "chalk";
+import Configstore6 from "configstore";
 import { withFile } from "tmp-promise";
 import z38 from "zod";
 var PromptItemZ = z38.object({
@@ -19223,6 +19236,18 @@ function uploadAiBlameBuilder(args) {
     describe: chalk10.bold("Tool/IDE name(s) (optional, one per session)")
   }).strict();
 }
+var config5 = new Configstore6(packageJson.name, { apiToken: "" });
+async function getAuthenticatedGQLClientForIdeExtension() {
+  let gqlClient = new GQLClient({
+    apiKey: config5.get("apiToken") ?? "",
+    type: "apiKey"
+  });
+  gqlClient = await handleMobbLogin({
+    inGqlClient: gqlClient,
+    skipPrompts: true
+  });
+  return gqlClient;
+}
 async function uploadAiBlameHandler(args, exitOnError = true) {
   const prompts = args.prompt || [];
   const inferences = args.inference || [];
@@ -19263,8 +19288,10 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: tools[i]
     });
   }
-  const gqlClient = await createAuthenticatedMcpGQLClient();
-  const initRes = await gqlClient.uploadAIBlameInferencesInitRaw({ sessions });
+  const authenticatedClient = await getAuthenticatedGQLClientForIdeExtension();
+  const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
+    sessions
+  });
   const uploadSessions = initRes.uploadAIBlameInferencesInit?.uploadSessions ?? [];
   if (uploadSessions.length !== sessions.length) {
     const errorMsg = "Init failed to return expected number of sessions";
@@ -19302,7 +19329,7 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: s.toolName
     };
   });
-  const finRes = await gqlClient.finalizeAIBlameInferencesUploadRaw({
+  const finRes = await authenticatedClient.finalizeAIBlameInferencesUploadRaw({
     sessions: finalizeSessions
   });
   const status = finRes?.finalizeAIBlameInferencesUpload?.status;