mobbdev 1.0.207 → 1.0.209

package/dist/args/commands/upload_ai_blame.mjs

@@ -28,13 +28,11 @@ var init_env = __esm({
 });
 
 // src/mcp/core/configs.ts
-var MCP_DEFAULT_API_URL, MCP_API_KEY_HEADER_NAME, MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, MCP_DEFAULT_LIMIT, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_PERIODIC_TRACK_INTERVAL, MCP_SYSTEM_FIND_TIMEOUT_MS;
+var MCP_LOGIN_MAX_WAIT, MCP_LOGIN_CHECK_DELAY, MCP_VUL_REPORT_DIGEST_TIMEOUT_MS, MCP_MAX_FILE_SIZE, MCP_PERIODIC_CHECK_INTERVAL, MCP_REPORT_ID_EXPIRATION_MS, MCP_TOOLS_BROWSER_COOLDOWN_MS, isAutoScan, MVS_AUTO_FIX_OVERRIDE, MCP_PERIODIC_TRACK_INTERVAL, MCP_SYSTEM_FIND_TIMEOUT_MS;
 var init_configs = __esm({
   "src/mcp/core/configs.ts"() {
     "use strict";
     init_env();
-    MCP_DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
-    MCP_API_KEY_HEADER_NAME = "x-mobb-key";
     MCP_LOGIN_MAX_WAIT = 2 * 60 * 1e3;
     MCP_LOGIN_CHECK_DELAY = 2 * 1e3;
     MCP_VUL_REPORT_DIGEST_TIMEOUT_MS = 30 * 60 * 1e3;
@@ -42,7 +40,6 @@ var init_configs = __esm({
     MCP_PERIODIC_CHECK_INTERVAL = 15 * 60 * 1e3;
     MCP_REPORT_ID_EXPIRATION_MS = 2 * 60 * 60 * 1e3;
     MCP_TOOLS_BROWSER_COOLDOWN_MS = 24 * 60 * 60 * 1e3;
-    MCP_DEFAULT_LIMIT = 3;
     isAutoScan = process.env["AUTO_SCAN"] !== "false";
     MVS_AUTO_FIX_OVERRIDE = process.env["MVS_AUTO_FIX"];
     MCP_PERIODIC_TRACK_INTERVAL = 60 * 60 * 1e3;
@@ -94,21 +91,18 @@ var init_GitService = __esm({
 // src/args/commands/upload_ai_blame.ts
 import fsPromises2 from "fs/promises";
 import path6 from "path";
-import chalk2 from "chalk";
+import chalk3 from "chalk";
+import Configstore2 from "configstore";
 import { withFile } from "tmp-promise";
-import z27 from "zod";
+import z26 from "zod";
 
-// src/features/analysis/upload-file.ts
+// src/commands/handleMobbLogin.ts
+import crypto from "crypto";
+import os from "os";
+import chalk2 from "chalk";
+import Configstore from "configstore";
 import Debug7 from "debug";
-import fetch3, { File, fileFrom, FormData } from "node-fetch";
-
-// src/features/analysis/graphql/gql.ts
-import fetchOrig from "cross-fetch";
-import Debug6 from "debug";
-import { GraphQLClient } from "graphql-request";
-import { HttpProxyAgent } from "http-proxy-agent";
-import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
-import { v4 as uuidv4 } from "uuid";
+import open from "open";
 
 // src/constants.ts
 import path2 from "path";
@@ -2151,39 +2145,99 @@ var errorMessages = {
 };
 var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
+// src/features/analysis/graphql/gql.ts
+import fetchOrig from "cross-fetch";
+import Debug6 from "debug";
+import { GraphQLClient } from "graphql-request";
+import { HttpProxyAgent } from "http-proxy-agent";
+import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
+import { v4 as uuidv4 } from "uuid";
+
 // src/mcp/core/Errors.ts
-var ApiConnectionError = class extends Error {
-  constructor(message = "Failed to connect to the API") {
+var _ReportDigestError = class _ReportDigestError extends Error {
+  constructor(message, failReason) {
     super(message);
-    this.name = "ApiConnectionError";
+    this.failReason = failReason;
+    this.name = "ReportDigestError";
+    this.failReason = failReason;
   }
-};
-var CliLoginError = class extends Error {
-  constructor(message = "CLI login failed") {
-    super(message);
-    this.name = "CliLoginError";
+  getDisplayMessage() {
+    if (this.failReason?.trim()) {
+      return `\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. ${this.failReason}`;
+    }
+    return _ReportDigestError.defaultMessage;
   }
 };
-var AuthenticationError = class extends Error {
-  constructor(message = "Authentication failed") {
-    super(message);
-    this.name = "AuthenticationError";
-  }
-};
-var FailedToGetApiTokenError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "FailedToGetApiTokenError";
-  }
+__publicField(_ReportDigestError, "defaultMessage", "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format.");
+var ReportDigestError = _ReportDigestError;
+
+// src/types.ts
+var ScanContext = {
+  FULL_SCAN: "FULL_SCAN",
+  BACKGROUND_PERIODIC: "BACKGROUND_PERIODIC",
+  BACKGROUND_INITIAL: "BACKGROUND_INITIAL",
+  USER_REQUEST: "USER_REQUEST",
+  BUGSY: "BUGSY"
 };
 
 // src/utils/keypress.ts
 import readline from "readline";
+async function keypress() {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  return new Promise((resolve) => {
+    rl.question("", (answer) => {
+      rl.close();
+      process.stderr.moveCursor(0, -1);
+      process.stderr.clearLine(1);
+      resolve(answer);
+    });
+  });
+}
 
 // src/utils/spinner.ts
 import {
   createSpinner as _createSpinner
 } from "nanospinner";
+function printToStdError(opts) {
+  if (opts?.text) console.error(opts.text);
+}
+var mockSpinner = {
+  success: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  error: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  warn: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  stop: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  start: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  update: (opts) => {
+    printToStdError(opts);
+    return mockSpinner;
+  },
+  reset: () => mockSpinner,
+  clear: () => mockSpinner,
+  spin: () => mockSpinner
+};
+function Spinner({ ci = false } = {}) {
+  return {
+    createSpinner: (text, options) => ci ? mockSpinner : _createSpinner(text, options)
+  };
+}
 
 // src/utils/check_node_version.ts
 import fs2 from "fs";
@@ -2205,6 +2259,8 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
 
 // src/utils/index.ts
 var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
+var CliError = class extends Error {
+};
 
 // src/features/analysis/scm/utils/index.ts
 import { z as z15 } from "zod";
@@ -4268,6 +4324,9 @@ var BitbucketParseResultZ = z20.object({
 import { setTimeout as setTimeout3 } from "timers/promises";
 import { z as z21 } from "zod";
 
+// src/features/analysis/scm/constants.ts
+var REPORT_DEFAULT_FILE_NAME = "report.json";
+
 // src/features/analysis/scm/index.ts
 init_env();
 
@@ -4503,458 +4562,38 @@ function getProxyAgent(url) {
   }
   return void 0;
 }
-
-// src/features/analysis/upload-file.ts
-var debug8 = Debug7("mobbdev:upload-file");
-async function uploadFile({
-  file,
-  url,
-  uploadKey,
-  uploadFields,
-  logger: logger2
-}) {
-  const logInfo = logger2 || ((_message, _data) => {
-  });
-  logInfo(`FileUpload: upload file start ${url}`);
-  logInfo(`FileUpload: upload fields`, uploadFields);
-  logInfo(`FileUpload: upload key ${uploadKey}`);
-  debug8("upload file start %s", url);
-  debug8("upload fields %o", uploadFields);
-  debug8("upload key %s", uploadKey);
-  const form = new FormData();
-  Object.entries(uploadFields).forEach(([key, value]) => {
-    form.append(key, value);
-  });
-  if (!form.has("key")) {
-    form.append("key", uploadKey);
-  }
-  if (typeof file === "string") {
-    debug8("upload file from path %s", file);
-    logInfo(`FileUpload: upload file from path ${file}`);
-    form.append("file", await fileFrom(file));
-  } else {
-    debug8("upload file from buffer");
-    logInfo(`FileUpload: upload file from buffer`);
-    form.append("file", new File([new Uint8Array(file)], "file"));
-  }
-  const agent = getProxyAgent(url);
-  const response = await fetch3(url, {
-    method: "POST",
-    body: form,
-    agent
-  });
-  if (!response.ok) {
-    debug8("error from S3 %s %s", response.body, response.status);
-    logInfo(`FileUpload: error from S3 ${response.body} ${response.status}`);
-    throw new Error(`Failed to upload the file: ${response.status}`);
-  }
-  debug8("upload file done");
-  logInfo(`FileUpload: upload file done`);
-}
-
-// src/mcp/services/McpGQLClient.ts
-import crypto2 from "crypto";
-import { GraphQLClient as GraphQLClient2 } from "graphql-request";
-import { v4 as uuidv42 } from "uuid";
-init_configs();
-
-// src/mcp/Logger.ts
-import Configstore from "configstore";
-
-// src/mcp/services/WorkspaceService.ts
-var WorkspaceService = class {
-  /**
-   * Sets a known workspace path that was discovered through successful validation
-   * @param path The validated workspace path to store
-   */
-  static setKnownWorkspacePath(path7) {
-    this.knownWorkspacePath = path7;
-  }
-  /**
-   * Gets the known workspace path that was previously validated
-   * @returns The known workspace path or undefined if none stored
-   */
-  static getKnownWorkspacePath() {
-    return this.knownWorkspacePath;
-  }
-  /**
-   * Clears the known workspace path cache
-   */
-  static clearKnownWorkspacePath() {
-    this.knownWorkspacePath = void 0;
-  }
-  /**
-   * Gets the workspace folder path from known path or environment variables
-   * @returns The workspace folder path or undefined if none found
-   */
-  static getWorkspaceFolderPath() {
-    if (this.knownWorkspacePath) {
-      return this.knownWorkspacePath;
-    }
-    const workspaceEnvVars = [
-      "WORKSPACE_FOLDER_PATHS",
-      // Cursor IDE
-      "PWD",
-      // Claude Code and general shell
-      "WORKSPACE_ROOT",
-      // Generic workspace root
-      "PROJECT_ROOT"
-      // Generic project root
-    ];
-    for (const envVar of workspaceEnvVars) {
-      const value = process.env[envVar];
-      if (value?.trim()) {
-        return value.trim();
-      }
-    }
-    return void 0;
-  }
-  ///this should be deleted, use instead the host detection from the McpUsageService
-  /**
-   * Detects the IDE/editor host based on environment variables
-   * @returns The detected IDE host
-   */
-  static getHost() {
-    if (process.env["WORKSPACE_FOLDER_PATHS"]) {
-      return "CURSOR";
-    }
-    if (process.env["VSCODE_IPC_HOOK"] || process.env["VSCODE_PID"] || process.env["TERM_PROGRAM"] === "vscode") {
-      return "VSCODE";
-    }
-    if (process.env["WINDSURF_IPC_HOOK"] || process.env["WINDSURF_PID"] || process.env["TERM_PROGRAM"] === "windsurf") {
-      return "WINDSURF";
-    }
-    if (process.env["CLAUDE_DESKTOP"] || process.env["ANTHROPIC_CLAUDE"]) {
-      return "CLAUDE";
-    }
-    if (process.env["WEBSTORM_VM_OPTIONS"] || process.env["IDEA_VM_OPTIONS"] || process.env["JETBRAINS_IDE"]) {
-      return "WEBSTORM";
-    }
-    return "UNKNOWN";
-  }
-};
-__publicField(WorkspaceService, "knownWorkspacePath");
-
-// src/mcp/Logger.ts
-var MAX_LOGS_SIZE = 1e3;
-var Logger = class {
-  constructor() {
-    __publicField(this, "mobbConfigStore");
-    __publicField(this, "host");
-    __publicField(this, "unknownPathSuffix");
-    __publicField(this, "lastKnownPath", null);
-    this.host = WorkspaceService.getHost();
-    this.unknownPathSuffix = Math.floor(1e3 + Math.random() * 9e3).toString();
-    this.mobbConfigStore = new Configstore("mobb-logs", {});
-    this.mobbConfigStore.set("version", packageJson.version);
-  }
-  /**
-   * Gets the current log path, fetching workspace path dynamically
-   */
-  getCurrentLogPath() {
-    const workspacePath = WorkspaceService.getWorkspaceFolderPath();
-    if (workspacePath) {
-      return `${this.host}:${workspacePath}`;
-    }
-    return `${this.host}:unknown-${this.unknownPathSuffix}`;
-  }
-  /**
-   * Migrates logs from unknown path to known workspace path
-   */
-  migrateLogs(fromPath, toPath) {
-    const existingLogs = this.mobbConfigStore.get(fromPath) ?? [];
-    const targetLogs = this.mobbConfigStore.get(toPath) ?? [];
-    if (existingLogs.length > 0) {
-      const combinedLogs = [...targetLogs, ...existingLogs];
-      const finalLogs = combinedLogs.slice(-MAX_LOGS_SIZE);
-      this.mobbConfigStore.set(toPath, finalLogs);
-      this.mobbConfigStore.delete(fromPath);
-    }
-  }
-  /**
-   * Log a message to the console.
-   * @param message - The message to log.
-   * @param level - The level of the message.
-   * @param data - The data to log.
-   */
-  log(message, level = "info", data) {
-    const currentPath = this.getCurrentLogPath();
-    const workspacePath = WorkspaceService.getWorkspaceFolderPath();
-    if (workspacePath && this.lastKnownPath !== workspacePath) {
-      const unknownPath = `${this.host}:unknown-${this.unknownPathSuffix}`;
-      const knownPath = `${this.host}:${workspacePath}`;
-      if (this.lastKnownPath === null || this.lastKnownPath.includes("unknown-")) {
-        this.migrateLogs(unknownPath, knownPath);
-      }
-      this.lastKnownPath = workspacePath;
-    }
-    const logMessage = {
-      timestamp: (/* @__PURE__ */ new Date()).toISOString(),
-      level,
-      message,
-      data
-    };
-    const logs = this.mobbConfigStore.get(currentPath) ?? [];
-    if (logs.length >= MAX_LOGS_SIZE) {
-      logs.shift();
-    }
-    this.mobbConfigStore.set(currentPath, [...logs, logMessage]);
-  }
-};
-var logger = new Logger();
-var logError = (message, data) => logger.log(message, "error", data);
-var logDebug = (message, data) => logger.log(message, "debug", data);
-var log = logger.log.bind(logger);
-
-// src/mcp/types.ts
-import { z as z26 } from "zod";
-var ScanAndFixVulnerabilitiesToolSchema = z26.object({
-  path: z26.string()
-});
-var VulnerabilityReportIssueTagSchema = z26.object({
-  vulnerability_report_issue_tag_value: z26.nativeEnum(
-    Vulnerability_Report_Issue_Tag_Enum
-  )
-});
-var VulnerabilityReportIssueSchema = z26.object({
-  category: z26.any().optional().nullable(),
-  parsedIssueType: z26.nativeEnum(IssueType_Enum).nullable().optional(),
-  parsedSeverity: z26.nativeEnum(Vulnerability_Severity_Enum).nullable().optional(),
-  vulnerabilityReportIssueTags: z26.array(VulnerabilityReportIssueTagSchema)
-});
-var SharedStateSchema = z26.object({
-  __typename: z26.literal("fix_shared_state").optional(),
-  id: z26.any(),
-  // GraphQL uses `any` type for UUID
-  downloadedBy: z26.array(z26.any().nullable()).optional().nullable()
-});
-var UnstructuredFixExtraContextSchema = z26.object({
-  __typename: z26.literal("UnstructuredFixExtraContext").optional(),
-  key: z26.string(),
-  value: z26.any()
-  // GraphQL JSON type
-});
-var FixExtraContextResponseSchema = z26.object({
-  __typename: z26.literal("FixExtraContextResponse").optional(),
-  extraContext: z26.array(UnstructuredFixExtraContextSchema),
-  fixDescription: z26.string()
-});
-var FixDataSchema = z26.object({
-  __typename: z26.literal("FixData"),
-  patch: z26.string(),
-  patchOriginalEncodingBase64: z26.string(),
-  extraContext: FixExtraContextResponseSchema
-});
-var GetFixNoFixErrorSchema = z26.object({
-  __typename: z26.literal("GetFixNoFixError")
-});
-var PatchAndQuestionsSchema = z26.union([FixDataSchema, GetFixNoFixErrorSchema]);
-var McpFixSchema = z26.object({
-  __typename: z26.literal("fix").optional(),
-  id: z26.any(),
-  // GraphQL uses `any` type for UUID
-  confidence: z26.number(),
-  safeIssueType: z26.string().nullable(),
-  severityText: z26.string().nullable(),
-  gitBlameLogin: z26.string().nullable().optional(),
-  // Optional in GraphQL
-  severityValue: z26.number().nullable(),
-  vulnerabilityReportIssues: z26.array(VulnerabilityReportIssueSchema),
-  sharedState: SharedStateSchema.nullable().optional(),
-  // Optional in GraphQL
-  patchAndQuestions: PatchAndQuestionsSchema,
-  // Additional field added by the client
-  fixUrl: z26.string().optional()
-});
-var FixAggregateSchema = z26.object({
-  __typename: z26.literal("fix_aggregate").optional(),
-  aggregate: z26.object({
-    __typename: z26.literal("fix_aggregate_fields").optional(),
-    count: z26.number()
-  }).nullable()
-});
-var VulnerabilityReportIssueAggregateSchema = z26.object({
-  __typename: z26.literal("vulnerability_report_issue_aggregate").optional(),
-  aggregate: z26.object({
-    __typename: z26.literal("vulnerability_report_issue_aggregate_fields").optional(),
-    count: z26.number()
-  }).nullable()
-});
-var RepoSchema = z26.object({
-  __typename: z26.literal("repo").optional(),
-  originalUrl: z26.string()
-});
-var ProjectSchema = z26.object({
-  id: z26.any(),
-  // GraphQL uses `any` type for UUID
-  organizationId: z26.any()
-  // GraphQL uses `any` type for UUID
-});
-var VulnerabilityReportSchema = z26.object({
-  scanDate: z26.any().nullable(),
-  // GraphQL uses `any` type for timestamp
-  vendor: z26.string(),
-  // GraphQL generates as string, not enum
-  projectId: z26.any().optional(),
-  // GraphQL uses `any` type for UUID
-  project: ProjectSchema,
-  totalVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema,
-  notFixableVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema
-});
-var FixReportSummarySchema = z26.object({
-  __typename: z26.literal("fixReport").optional(),
-  id: z26.any(),
-  // GraphQL uses `any` type for UUID
-  createdOn: z26.any(),
-  // GraphQL uses `any` type for timestamp
-  repo: RepoSchema.nullable(),
-  issueTypes: z26.any().nullable(),
-  // GraphQL uses `any` type for JSON
-  CRITICAL: FixAggregateSchema,
-  HIGH: FixAggregateSchema,
-  MEDIUM: FixAggregateSchema,
-  LOW: FixAggregateSchema,
-  fixes: z26.array(McpFixSchema),
-  userFixes: z26.array(McpFixSchema).optional(),
-  // Present in some responses but can be omitted
-  filteredFixesCount: FixAggregateSchema,
-  totalFixesCount: FixAggregateSchema,
-  vulnerabilityReport: VulnerabilityReportSchema
-});
-var ExpiredReportSchema = z26.object({
-  __typename: z26.literal("fixReport").optional(),
-  id: z26.any(),
-  // GraphQL uses `any` type for UUID
-  expirationOn: z26.any().nullable()
-  // GraphQL uses `any` type for timestamp
-});
-var GetLatestReportByRepoUrlResponseSchema = z26.object({
-  __typename: z26.literal("query_root").optional(),
-  fixReport: z26.array(FixReportSummarySchema),
-  expiredReport: z26.array(ExpiredReportSchema)
-});
-
-// src/mcp/services/ConfigStoreService.ts
-import Configstore2 from "configstore";
-init_configs();
-function createConfigStore(defaultValues = { apiToken: "" }) {
-  const API_URL2 = process.env["API_URL"] || MCP_DEFAULT_API_URL;
-  let domain = "";
+var fetchWithProxy = (url, options = {}) => {
   try {
-    const url = new URL(API_URL2);
-    domain = url.hostname;
-  } catch (e) {
-    domain = API_URL2.replace(/^https?:\/\//, "").replace(/\/.*$/, "").replace(/:\d+$/, "");
-  }
-  const sanitizedDomain = domain.replace(/\./g, "_");
-  return new Configstore2(
-    `${packageJson.name}-${sanitizedDomain}`,
-    defaultValues
-  );
-}
-function getConfigStore() {
-  return createConfigStore();
-}
-var configStore = getConfigStore();
-
-// src/mcp/services/McpAuthService.ts
-import crypto from "crypto";
-import os from "os";
-import open from "open";
-init_configs();
-var McpAuthService = class {
-  constructor(client) {
-    __publicField(this, "client");
-    __publicField(this, "lastBrowserOpenTime", 0);
-    this.client = client;
-  }
-  /**
-   * Opens a browser window for authentication
-   * @param url URL to open in browser
-   * @param isBackgoundCall Whether this is called from tools context
-   */
-  async openBrowser(url, isBackgoundCall) {
-    if (isBackgoundCall) {
-      const now = Date.now();
-      if (now - this.lastBrowserOpenTime < MCP_TOOLS_BROWSER_COOLDOWN_MS) {
-        logDebug(`browser cooldown active, skipping open for ${url}`);
-        return;
-      }
-    }
-    logDebug(`opening browser url ${url}`);
-    await open(url);
-    this.lastBrowserOpenTime = Date.now();
-  }
-  /**
-   * Handles the complete authentication flow
-   * @param isBackgoundCall Whether this is called from tools context
-   * @returns Authenticated API token
-   */
-  async authenticate(isBackgoundCall = false) {
-    const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
-      modulusLength: 2048
-    });
-    logDebug("creating cli login");
-    const loginId = await this.client.createCliLogin({
-      publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
-    });
-    if (!loginId) {
-      throw new CliLoginError("Error: createCliLogin failed");
-    }
-    logDebug(`cli login created ${loginId}`);
-    const webLoginUrl = `${WEB_APP_URL}/mvs-login`;
-    const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
-    await this.openBrowser(browserUrl, isBackgoundCall);
-    logDebug(`waiting for login to complete`);
-    let newApiToken = null;
-    for (let i = 0; i < MCP_LOGIN_MAX_WAIT / MCP_LOGIN_CHECK_DELAY; i++) {
-      const encryptedApiToken = await this.client.getEncryptedApiToken({
-        loginId
+    const agent = getProxyAgent(url.toString());
+    if (agent) {
+      return fetchOrig(url, {
+        ...options,
+        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
+        agent
       });
-      if (encryptedApiToken) {
-        logDebug("encrypted API token received");
-        newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
-        logDebug("API token decrypted");
-        break;
-      }
-      await sleep(MCP_LOGIN_CHECK_DELAY);
-    }
-    if (!newApiToken) {
-      throw new FailedToGetApiTokenError(
-        "Error: failed to get encrypted api token"
-      );
-    }
-    const verifyClient = new McpGQLClient({
-      apiKey: newApiToken,
-      type: "apiKey"
-    });
-    const loginSuccess = await verifyClient.validateUserToken();
-    if (!loginSuccess) {
-      throw new AuthenticationError("Invalid API token");
     }
-    return newApiToken;
+  } catch (err) {
+    debug7(`Skipping proxy for ${url}. Reason: ${err.message}`);
   }
+  return fetchOrig(url, options);
 };
-
-// src/mcp/services/McpGQLClient.ts
-var McpGQLClient = class {
+var GQLClient = class {
   constructor(args) {
-    __publicField(this, "client");
-    __publicField(this, "clientSdk");
+    __publicField(this, "_client");
+    __publicField(this, "_clientSdk");
     __publicField(this, "_auth");
-    __publicField(this, "currentUser", null);
-    __publicField(this, "apiUrl");
+    debug7(`init with  ${args}`);
     this._auth = args;
-    this.apiUrl = process.env["API_URL"] || MCP_DEFAULT_API_URL;
-    logDebug(`[GraphQL] Creating graphql client with api url ${this.apiUrl}`, {
-      args
-    });
-    this.client = new GraphQLClient2(this.apiUrl, {
-      headers: args.type === "apiKey" ? { [MCP_API_KEY_HEADER_NAME]: args.apiKey || "" } : {
+    this._client = new GraphQLClient(API_URL, {
+      headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
+      fetch: fetchWithProxy,
       requestMiddleware: (request) => {
-        const requestId = uuidv42();
+        const requestId = uuidv4();
+        debug7(
+          `sending API request with id: ${requestId} and with request: ${request.body}`
+        );
         return {
           ...request,
           headers: {
@@ -4964,654 +4603,521 @@ var McpGQLClient = class {
         };
       }
     });
-    this.clientSdk = getSdk(this.client);
-  }
-  getErrorContext() {
-    return {
-      endpoint: this.apiUrl,
-      apiKey: this._auth.type === "apiKey" ? this._auth.apiKey : "",
-      headers: {
-        [MCP_API_KEY_HEADER_NAME]: this._auth.type === "apiKey" ? "[REDACTED]" : "undefined",
-        "x-hasura-request-id": "[DYNAMIC]"
-      }
-    };
+    this._clientSdk = getSdk(this._client);
   }
-  async uploadAIBlameInferencesInitRaw(variables) {
-    return await this.clientSdk.UploadAIBlameInferencesInit(variables);
+  async getUserInfo() {
+    const { me } = await this._clientSdk.Me();
+    return me;
   }
-  async finalizeAIBlameInferencesUploadRaw(variables) {
-    return await this.clientSdk.FinalizeAIBlameInferencesUpload(variables);
+  async createCliLogin(variables) {
+    const res = await this._clientSdk.CreateCliLogin(variables, {
+      // We may have outdated API key in the config storage. Avoid using it for the login request.
+      [API_KEY_HEADER_NAME]: ""
+    });
+    return res.insert_cli_login_one?.id || "";
   }
-  async isApiEndpointReachable() {
+  async verifyApiConnection() {
     try {
-      logDebug("[GraphQL] Calling Me query for API connection verification");
-      const result = await this.getUserInfo();
-      logDebug("[GraphQL] Me query successful", { result });
-      return true;
+      await this.getUserInfo();
     } catch (e) {
-      const error = e;
-      logDebug(`[GraphQL] API connection verification failed`, { error });
-      if (error?.toString().includes("FetchError")) {
-        logError("[GraphQL] API connection verification failed", { error });
+      if (e?.toString().startsWith("FetchError")) {
+        debug7("verify connection failed %o", e);
         return false;
       }
     }
     return true;
   }
-  /**
-   * Verifies both API endpoint reachability and user authentication
-   * @returns true if both API is reachable and user is authenticated
-   */
-  async verifyApiConnection() {
-    const isReachable = await this.isApiEndpointReachable();
-    if (!isReachable) {
-      return false;
-    }
+  async validateUserToken() {
+    await this.createCommunityUser();
+    let info;
     try {
-      await this.validateUserToken();
-      return true;
+      info = await this.getUserInfo();
     } catch (e) {
-      logError("User token validation failed", { error: e });
+      debug7("verify token failed %o", e);
       return false;
     }
+    return info?.email || true;
   }
-  async uploadS3BucketInfo() {
-    try {
-      logDebug("[GraphQL] Calling uploadS3BucketInfo mutation");
-      const result = await this.clientSdk.uploadS3BucketInfo({
-        fileName: "report.json"
-      });
-      logDebug("[GraphQL] uploadS3BucketInfo successful", { result });
-      return result;
-    } catch (e) {
-      logError("[GraphQL] uploadS3BucketInfo failed", {
-        error: e,
-        ...this.getErrorContext()
-      });
-      throw e;
+  async getLastOrgAndNamedProject(params) {
+    const me = await this.getUserInfo();
+    const email = me?.email;
+    if (!email) {
+      throw new Error("User email not found");
     }
-  }
-  async getAnalysis(analysisId) {
-    try {
-      logDebug("[GraphQL] Calling getAnalysis query", { analysisId });
-      const res = await this.clientSdk.getAnalysis({
-        analysisId
-      });
-      logDebug("[GraphQL] getAnalysis successful", { result: res });
-      if (!res.analysis) {
-        throw new Error(`Analysis not found: ${analysisId}`);
-      }
-      return res.analysis;
-    } catch (e) {
-      logError("[GraphQL] getAnalysis failed", {
-        error: e,
-        analysisId,
-        ...this.getErrorContext()
-      });
-      throw e;
+    const { projectName, userDefinedOrganizationId } = params;
+    if (!projectName) {
+      throw new Error("Project name is required");
     }
-  }
-  async submitVulnerabilityReport(variables) {
-    try {
-      logDebug("[GraphQL] Calling SubmitVulnerabilityReport mutation", {
-        variables
-      });
-      const result = await this.clientSdk.SubmitVulnerabilityReport(variables);
-      logDebug("[GraphQL] SubmitVulnerabilityReport successful", { result });
-      return result;
-    } catch (e) {
-      logError("[GraphQL] SubmitVulnerabilityReport failed", {
-        error: e,
-        variables,
-        ...this.getErrorContext()
-      });
-      throw e;
+    const orgAndProjectRes = await this._clientSdk.getLastOrgAndNamedProject({
+      email,
+      projectName
+    });
+    if (!orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id) {
+      throw new Error(
+        `The user with email:${email}  is not associated with any organization`
+      );
     }
-  }
-  async subscribeToGetAnalysis(params) {
-    const { scanContext } = params;
-    try {
-      logDebug(`[${scanContext}] GraphQL: Starting GetAnalysis subscription`, {
-        params: params.subscribeToAnalysisParams
-      });
-      const { callbackStates } = params;
-      const result = await subscribe(
-        GetAnalysisSubscriptionDocument,
-        params.subscribeToAnalysisParams,
-        async (resolve, reject, data) => {
-          logDebug(
-            `[${scanContext}] GraphQL: GetAnalysis subscription data received ${data.analysis?.state}`,
-            { data }
-          );
-          if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
-            const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
-            logError(`[${scanContext}] GraphQL: Analysis failed`, {
-              analysisId: data.analysis?.id,
-              state: data.analysis?.state,
-              failReason: data.analysis?.failReason,
-              ...this.getErrorContext()
-            });
-            reject(new Error(errorMessage));
-            return;
-          }
-          if (callbackStates.includes(data.analysis?.state)) {
-            logDebug(
-              `[${scanContext}] GraphQL: Analysis state matches callback states: ${data.analysis.state}`,
-              {
-                analysisId: data.analysis.id,
-                state: data.analysis.state,
-                callbackStates
-              }
-            );
-            await params.callback(data.analysis.id);
-            resolve(data);
-          }
-        },
-        this._auth.type === "apiKey" ? {
-          apiKey: this._auth.apiKey,
-          type: "apiKey",
-          timeoutInMs: params.timeoutInMs
-        } : {
-          token: this._auth.token,
-          type: "token",
-          timeoutInMs: params.timeoutInMs
-        }
+    const organization = orgAndProjectRes.user?.at(0)?.userOrganizationsAndUserOrganizationRoles.map(
+      (org) => org.organization
+    ).filter(
+      (org) => userDefinedOrganizationId ? org.id === userDefinedOrganizationId : true
+    )?.at(0);
+    if (!organization) {
+      throw new Error(
+        `Organization with id:${userDefinedOrganizationId} not found`
       );
-      logDebug(`[${scanContext}] GraphQL: GetAnalysis subscription completed`, {
-        result
-      });
-      return result;
-    } catch (e) {
-      logError(`[${scanContext}] GraphQL: GetAnalysis subscription failed`, {
-        error: e,
-        params: params.subscribeToAnalysisParams,
-        ...this.getErrorContext()
-      });
-      throw e;
     }
-  }
-  async getProjectId() {
-    try {
-      const me = await this.getUserInfo();
-      if (!me) {
-        throw new Error("User not found");
-      }
-      const userEmail = me.email;
-      if (!userEmail) {
-        throw new Error("User email not found");
-      }
-      const shortEmailHash = crypto2.createHash("sha256").update(userEmail).digest("hex").slice(0, 8).toUpperCase();
-      const projectName = `MCP Scans ${shortEmailHash}`;
-      logDebug("[GraphQL] Calling getLastOrgAndNamedProject query", {
-        projectName
-      });
-      const orgAndProjectRes = await this.clientSdk.getLastOrgAndNamedProject({
-        email: userEmail,
-        projectName
-      });
-      logDebug("[GraphQL] getLastOrgAndNamedProject successful", {
-        result: orgAndProjectRes
-      });
-      if (!orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.id) {
-        throw new Error(
-          `The user with email:${userEmail}  is not associated with any organization`
-        );
-      }
-      const organization = orgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization;
-      const projectId = organization?.projects?.[0]?.id;
-      if (projectId) {
-        logDebug("[GraphQL] Found existing project", {
-          projectId,
-          projectName
-        });
-        return projectId;
-      }
-      logDebug("[GraphQL] Project not found, creating new project", {
+    let projectId = organization?.projects?.[0]?.id;
+    if (!projectId) {
+      const createdProject = await this._clientSdk.CreateProject({
         organizationId: organization.id,
-        projectName
-      });
-      try {
-        const createdProject = await this.clientSdk.CreateProject({
-          organizationId: organization.id,
-          projectName
-        });
-        logDebug("[GraphQL] CreateProject successful", {
-          result: createdProject
-        });
-        return createdProject.createProject.projectId;
-      } catch (createError) {
-        const errorMessage = createError instanceof Error ? createError.message : String(createError);
-        const isConstraintViolation = errorMessage.includes(
-          "duplicate key value violates unique constraint"
-        ) && errorMessage.includes("project_name_organization_id_key");
-        if (isConstraintViolation) {
-          logDebug(
-            "[GraphQL] Project creation failed due to constraint violation, retrying fetch",
-            {
-              organizationId: organization.id,
-              projectName,
-              error: errorMessage
-            }
-          );
-          const retryOrgAndProjectRes = await this.clientSdk.getLastOrgAndNamedProject({
-            email: userEmail,
-            projectName
-          });
-          const retryProjectId = retryOrgAndProjectRes.user?.[0]?.userOrganizationsAndUserOrganizationRoles?.[0]?.organization?.projects?.[0]?.id;
-          if (retryProjectId) {
-            logDebug(
-              "[GraphQL] Successfully found existing project after constraint violation",
-              {
-                projectId: retryProjectId,
-                projectName
-              }
-            );
-            return retryProjectId;
-          }
-          logError(
-            "[GraphQL] Failed to find project even after constraint violation retry",
-            {
-              organizationId: organization.id,
-              projectName,
-              retryResult: retryOrgAndProjectRes
-            }
-          );
-        }
-        throw createError;
-      }
-    } catch (e) {
-      logError("[GraphQL] getProjectId failed", {
-        error: e,
-        ...this.getErrorContext()
+        projectName: projectName || "My project"
       });
-      throw e;
+      projectId = createdProject.createProject.projectId;
     }
-  }
-  async getUserInfo() {
-    const { me } = await this.clientSdk.Me();
-    this.currentUser = me;
-    return me;
-  }
-  getCurrentUser() {
-    return this.currentUser;
-  }
-  async validateUserToken() {
-    logDebug("[GraphQL] Validating user token");
-    try {
-      await this.clientSdk.CreateCommunityUser();
-      const info = await this.getUserInfo();
-      logDebug("[GraphQL] User token validated successfully");
-      return info?.email || true;
-    } catch (e) {
-      logError("[GraphQL] User token validation failed");
-      return false;
-    }
-  }
-  async createCliLogin(variables) {
-    try {
-      const res = await this.clientSdk.CreateCliLogin(variables, {
-        // We may have outdated API key in the config storage. Avoid using it for the login request.
-        [MCP_API_KEY_HEADER_NAME]: ""
-      });
-      const loginId = res.insert_cli_login_one?.id || "";
-      if (!loginId) {
-        logError("[GraphQL] Create cli login failed - no login ID returned");
-        return "";
-      }
-      return loginId;
-    } catch (e) {
-      logError("[GraphQL] Create cli login failed", { error: e });
-      return "";
+    if (!projectId) {
+      throw new Error("Project not found");
     }
+    return {
+      organizationId: organization.id,
+      projectId
+    };
   }
   async getEncryptedApiToken(variables) {
+    const res = await this._clientSdk.GetEncryptedApiToken(variables, {
+      // We may have outdated API key in the config storage. Avoid using it for the login request.
+      [API_KEY_HEADER_NAME]: ""
+    });
+    return res?.cli_login_by_pk?.encryptedApiToken || null;
+  }
+  async createCommunityUser() {
     try {
-      const res = await this.clientSdk.GetEncryptedApiToken(variables, {
-        // We may have outdated API key in the config storage. Avoid using it for the login request.
-        [MCP_API_KEY_HEADER_NAME]: ""
-      });
-      return res?.cli_login_by_pk?.encryptedApiToken || null;
+      await this._clientSdk.CreateCommunityUser();
     } catch (e) {
-      logError("[GraphQL] Get encrypted api token failed", { error: e });
-      return null;
-    }
-  }
-  generateFixUrl({
-    fixId,
-    organizationId,
-    projectId,
-    reportId
-  }) {
-    if (!organizationId || !projectId || !reportId) {
-      return void 0;
-    }
-    const appBaseUrl = this.apiUrl.replace("/v1/graphql", "").replace("api.", "");
-    return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${reportId}/fix/${fixId}`;
-  }
-  mergeUserAndSystemFixes({
-    reportData,
-    limit
-  }) {
-    if (!reportData) return [];
-    const reportMetadata = {
-      id: reportData.id,
-      organizationId: reportData.vulnerabilityReport?.project?.organizationId,
-      projectId: reportData.vulnerabilityReport?.projectId
-    };
-    const { userFixes = [], fixes = [] } = reportData;
-    const fixMap = /* @__PURE__ */ new Map();
-    for (const fix of userFixes) {
-      if (fix.id) {
-        const fixWithUrl = {
-          ...fix,
-          fixUrl: this.generateFixUrl({
-            fixId: fix.id,
-            organizationId: reportMetadata?.organizationId,
-            projectId: reportMetadata?.projectId,
-            reportId: reportMetadata?.id
-          })
-        };
-        fixMap.set(fix.id, fixWithUrl);
-      }
-    }
-    for (const fix of fixes) {
-      if (fix.id && !fixMap.has(fix.id)) {
-        const fixWithUrl = {
-          ...fix,
-          fixUrl: this.generateFixUrl({
-            fixId: fix.id,
-            organizationId: reportMetadata?.organizationId,
-            projectId: reportMetadata?.projectId,
-            reportId: reportMetadata?.id
-          })
-        };
-        fixMap.set(fix.id, fixWithUrl);
-      }
+      debug7("create community user failed %o", e);
     }
-    return Array.from(fixMap.values()).slice(0, limit);
   }
-  async updateFixesDownloadStatus(fixIds) {
-    if (fixIds.length > 0) {
-      const resUpdate = await this.clientSdk.updateDownloadedFixData({
-        fixIds,
-        source: "MCP" /* Mcp */
-      });
-      logDebug("[GraphQL] updateFixesDownloadStatus successful", {
-        result: resUpdate,
-        fixIds
-      });
-    } else {
-      logDebug("[GraphQL] No fixes found to update download status");
-    }
-  }
-  async updateAutoAppliedFixesStatus(fixIds) {
-    if (fixIds.length > 0) {
-      const resUpdate = await this.clientSdk.updateDownloadedFixData({
-        fixIds,
-        source: "AUTO_MVS" /* AutoMvs */
-      });
-      logDebug("[GraphQL] updateAutoAppliedFixesStatus successful", {
-        result: resUpdate,
-        fixIds,
-        note: "Auto-applied via MVS automation"
-      });
-    } else {
-      logDebug("[GraphQL] No auto-applied fixes to update status");
-    }
+  async updateScmToken(args) {
+    const { scmType, url, token, org, refreshToken } = args;
+    const updateScmTokenResult = await this._clientSdk.updateScmToken({
+      scmType,
+      url,
+      token,
+      org,
+      refreshToken
+    });
+    return updateScmTokenResult;
   }
-  async getMvsAutoFixSettings() {
-    try {
-      const envOverride = process.env["MVS_AUTO_FIX"];
-      if (envOverride !== void 0) {
-        const overrideValue = envOverride.toLowerCase() === "true";
-        logDebug("[Environment] Using MVS_AUTO_FIX override", {
-          envValue: envOverride,
-          resolvedValue: overrideValue
-        });
-        return overrideValue;
-      }
-      const userInfo = await this.getUserInfo();
-      if (!userInfo?.email) {
-        throw new Error("User email not found");
-      }
-      logDebug("[GraphQL] Calling GetUserMvsAutoFix query", {
-        userEmail: userInfo.email
-      });
-      const result = await this.clientSdk.GetUserMvsAutoFix({
-        userEmail: userInfo.email
-      });
-      logDebug("[GraphQL] GetUserMvsAutoFix successful", { result });
-      return result.user_email_notification_settings?.[0]?.mvs_auto_fix ?? true;
-    } catch (e) {
-      logError("[GraphQL] GetUserMvsAutoFix failed", {
-        error: e,
-        ...this.getErrorContext()
-      });
-      throw e;
-    }
+  async uploadS3BucketInfo() {
+    const uploadS3BucketInfoResult = await this._clientSdk.uploadS3BucketInfo({
+      fileName: REPORT_DEFAULT_FILE_NAME
+    });
+    return uploadS3BucketInfoResult;
   }
-  async getLatestReportByRepoUrl({
-    repoUrl,
-    limit = MCP_DEFAULT_LIMIT,
-    offset = 0,
-    fileFilter
+  async getVulByNodesMetadata({
+    hunks,
+    vulnerabilityReportId
   }) {
-    try {
-      logDebug("[GraphQL] Calling GetLatestReportByRepoUrl query", {
-        repoUrl,
-        limit,
-        offset,
-        fileFilter
-      });
-      let currentUserEmail = "%@%";
-      try {
-        const userInfo = await this.getUserInfo();
-        if (userInfo?.email) {
-          currentUserEmail = `%${userInfo.email}%`;
-        }
-      } catch (err) {
-        logDebug("[GraphQL] Failed to get user email, using default pattern", {
-          error: err
-        });
-      }
-      const filters = {};
-      if (fileFilter && fileFilter.length > 0) {
-        filters["vulnerabilityReportIssues"] = {
-          codeNodes: { path: { _in: fileFilter } }
-        };
+    const filters = hunks.map((hunk) => {
+      const filter = {
+        path: { _eq: hunk.path },
+        _or: hunk.ranges.flatMap(({ endLine, startLine }) => {
+          return [
+            { startLine: { _gte: startLine, _lte: endLine } },
+            { endLine: { _gte: startLine, _lte: endLine } }
+          ];
+        })
+      };
+      return filter;
+    });
+    const getVulByNodesMetadataRes = await this._clientSdk.getVulByNodesMetadata({
+      filters: { _or: filters },
+      vulnerabilityReportId
+    });
+    const parsedGetVulByNodesMetadataRes = GetVulByNodesMetadataZ.parse(
+      getVulByNodesMetadataRes
+    );
+    const uniqueVulByNodesMetadata = parsedGetVulByNodesMetadataRes.vulnerabilityReportIssueCodeNodes.reduce((acc, vulnerabilityReportIssueCodeNode) => {
+      if (acc[vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]) {
+        return acc;
       }
-      const resp = await this.clientSdk.GetLatestReportByRepoUrl({
-        repoUrl,
-        limit,
-        offset,
-        currentUserEmail,
-        filters
-      });
-      logDebug("[GraphQL] GetLatestReportByRepoUrl successful", {
-        result: resp,
-        reportCount: resp.fixReport?.length || 0
-      });
-      const latestReport = resp.fixReport?.[0] && FixReportSummarySchema.parse(resp.fixReport?.[0]);
-      const fixes = this.mergeUserAndSystemFixes({
-        reportData: latestReport,
-        limit
-      });
       return {
-        fixReport: latestReport ? {
-          ...latestReport,
-          fixes
-        } : null,
-        expiredReport: resp.expiredReport?.[0] || null
+        ...acc,
+        [vulnerabilityReportIssueCodeNode.vulnerabilityReportIssueId]: vulnerabilityReportIssueCodeNode
       };
-    } catch (e) {
-      logError("[GraphQL] GetLatestReportByRepoUrl failed", {
-        error: e,
-        repoUrl,
-        ...this.getErrorContext()
-      });
-      throw e;
-    }
+    }, {});
+    const nonFixablePrVuls = parsedGetVulByNodesMetadataRes.nonFixablePrVuls.aggregate.count;
+    const fixablePrVuls = parsedGetVulByNodesMetadataRes.fixablePrVuls.aggregate.count;
+    const totalScanVulnerabilities = parsedGetVulByNodesMetadataRes.totalScanVulnerabilities.aggregate.count;
+    const vulnerabilitiesOutsidePr = totalScanVulnerabilities - nonFixablePrVuls - fixablePrVuls;
+    const totalPrVulnerabilities = nonFixablePrVuls + fixablePrVuls;
+    const irrelevantVulnerabilityReportIssues = parsedGetVulByNodesMetadataRes.irrelevantVulnerabilityReportIssue?.[0]?.vulnerabilityReportIssues ?? [];
+    return {
+      vulnerabilityReportIssueCodeNodes: Object.values(
+        uniqueVulByNodesMetadata
+      ),
+      nonFixablePrVuls,
+      fixablePrVuls,
+      totalScanVulnerabilities,
+      vulnerabilitiesOutsidePr,
+      totalPrVulnerabilities,
+      irrelevantVulnerabilityReportIssues
+    };
   }
-  async getReportFixesPaginated({
-    reportId,
-    limit = MCP_DEFAULT_LIMIT,
-    offset = 0,
-    issueType,
-    severity,
-    fileFilter
+  async digestVulnerabilityReport({
+    fixReportId,
+    projectId,
+    scanSource,
+    repoUrl,
+    reference,
+    sha,
+    shouldScan
   }) {
-    const filters = {};
-    if (issueType && issueType.length > 0) {
-      filters["safeIssueType"] = { _in: issueType };
-    }
-    if (severity && severity.length > 0) {
-      filters["severityText"] = { _in: severity };
+    const res = await this._clientSdk.DigestVulnerabilityReport({
+      fixReportId,
+      vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
+      projectId,
+      scanSource,
+      repoUrl,
+      reference,
+      sha
+    });
+    if (res.digestVulnerabilityReport.__typename !== "VulnerabilityReport") {
+      throw new Error("Digesting vulnerability report failed");
     }
-    if (fileFilter && fileFilter.length > 0) {
-      filters["vulnerabilityReportIssues"] = {
-        codeNodes: { path: { _in: fileFilter } }
-      };
+    return res.digestVulnerabilityReport;
+  }
+  async submitVulnerabilityReport(params) {
+    const {
+      fixReportId,
+      repoUrl,
+      reference,
+      projectId,
+      sha,
+      experimentalEnabled,
+      vulnerabilityReportFileName,
+      pullRequest
+    } = params;
+    return await this._clientSdk.SubmitVulnerabilityReport({
+      fixReportId,
+      repoUrl,
+      reference,
+      vulnerabilityReportFileName,
+      projectId,
+      pullRequest,
+      sha: sha || "",
+      experimentalEnabled: !!experimentalEnabled,
+      scanSource: params.scanSource,
+      scanContext: ScanContext.BUGSY
+    });
+  }
+  async getFixReportState(fixReportId) {
+    const res = await this._clientSdk.FixReportState({ id: fixReportId });
+    return res?.fixReport_by_pk?.state || "Created" /* Created */;
+  }
+  async waitFixReportInit(fixReportId, includeDigested = false) {
+    const FINAL_STATES = [
+      "Finished" /* Finished */,
+      "Failed" /* Failed */
+    ];
+    let lastState = "Created" /* Created */;
+    let attempts = 100;
+    if (includeDigested) {
+      FINAL_STATES.push("Digested" /* Digested */);
     }
-    try {
-      logDebug("[GraphQL] Calling GetReportFixes query", {
-        reportId,
-        limit,
-        offset,
-        filters,
-        issueType,
-        severity,
-        fileFilter
-      });
-      let currentUserEmail = "%@%";
-      try {
-        const userInfo = await this.getUserInfo();
-        if (userInfo?.email) {
-          currentUserEmail = `%${userInfo.email}%`;
+    do {
+      await sleep(REPORT_STATE_CHECK_DELAY);
+      lastState = await this.getFixReportState(fixReportId);
+    } while (!FINAL_STATES.includes(
+      lastState
+      // wait for final the state of the fix report
+    ) && attempts-- > 0);
+    return lastState;
+  }
+  async getVulnerabilityReportPaths(vulnerabilityReportId) {
+    const res = await this._clientSdk.GetVulnerabilityReportPaths({
+      vulnerabilityReportId
+    });
+    return res.vulnerability_report_path.map((p) => p.path);
+  }
+  async subscribeToAnalysis(params) {
+    const { callbackStates } = params;
+    return subscribe(
+      GetAnalysisSubscriptionDocument,
+      params.subscribeToAnalysisParams,
+      async (resolve, reject, data) => {
+        if (!data.analysis?.state || data.analysis?.state === "Failed" /* Failed */) {
+          const errorMessage = data.analysis?.failReason || `Analysis failed with id: ${data.analysis?.id}`;
+          reject(
+            new ReportDigestError(errorMessage, data.analysis?.failReason ?? "")
+          );
+          return;
         }
-      } catch (err) {
-        logDebug("[GraphQL] Failed to get user email, using default pattern", {
-          error: err
-        });
-      }
-      const res = await this.clientSdk.GetReportFixes({
-        reportId,
-        limit,
-        offset,
-        filters,
-        currentUserEmail
-      });
-      logDebug("[GraphQL] GetReportFixes successful", {
-        result: res,
-        fixCount: res.fixReport?.[0]?.fixes?.length || 0,
-        totalCount: res.fixReport?.[0]?.filteredFixesCount?.aggregate?.count || 0
-      });
-      if (res.fixReport.length === 0) {
-        return null;
+        if (callbackStates.includes(data.analysis?.state)) {
+          await params.callback(data.analysis.id);
+          resolve(data);
+        }
+      },
+      this._auth.type === "apiKey" ? {
+        apiKey: this._auth.apiKey,
+        type: "apiKey",
+        timeoutInMs: params.timeoutInMs
+      } : {
+        token: this._auth.token,
+        type: "token",
+        timeoutInMs: params.timeoutInMs
       }
-      const latestReport = FixReportSummarySchema.parse(res.fixReport?.[0]);
-      const fixes = this.mergeUserAndSystemFixes({
-        reportData: latestReport,
-        limit
-      });
-      logDebug("[GraphQL] GetReportFixes response parsed", { fixes });
-      return {
-        fixes,
-        totalCount: res.fixReport?.[0]?.filteredFixesCount?.aggregate?.count || 0,
-        expiredReport: res.expiredReport?.[0] || null,
-        fixReport: res.fixReport?.[0] ? {
-          id: res.fixReport[0].id,
-          organizationId: res.fixReport[0].vulnerabilityReport?.project?.organizationId,
-          projectId: res.fixReport[0].vulnerabilityReport?.projectId
-        } : void 0
-      };
-    } catch (e) {
-      logError("[GraphQL] GetReportFixes failed", {
-        error: e,
-        reportId,
-        ...this.getErrorContext()
-      });
-      throw e;
+    );
+  }
+  async getFixReportsByRepoUrl({ repoUrl }) {
+    const res = await this._clientSdk.GetFixReportsByRepoUrl({
+      repoUrl
+    });
+    return res;
+  }
+  async getAnalysis(analysisId) {
+    const res = await this._clientSdk.getAnalysis({
+      analysisId
+    });
+    if (!res.analysis) {
+      throw new Error(`Analysis not found: ${analysisId}`);
     }
+    return res.analysis;
+  }
+  async autoPrAnalysis({
+    analysisId,
+    commitDirectly,
+    prId,
+    prStrategy
+  }) {
+    return this._clientSdk.autoPrAnalysis({
+      analysisId,
+      commitDirectly,
+      prId,
+      prStrategy
+    });
+  }
+  async getFixes(fixIds) {
+    const res = await this._clientSdk.getFixes({
+      filters: { id: { _in: fixIds } }
+    });
+    return res;
+  }
+  async validateRepoUrl(args) {
+    return this._clientSdk.validateRepoUrl(args);
+  }
+  async getReferenceData(args) {
+    return this._clientSdk.gitReference(args);
+  }
+  async getFalsePositive(args) {
+    return this._clientSdk.getFalsePositive(args);
+  }
+  async uploadAIBlameInferencesInitRaw(variables) {
+    return await this._clientSdk.UploadAIBlameInferencesInit(variables);
+  }
+  async finalizeAIBlameInferencesUploadRaw(variables) {
+    return await this._clientSdk.FinalizeAIBlameInferencesUpload(variables);
   }
 };
-async function createAuthenticatedMcpGQLClient({
-  isBackgroundCall = false
-} = {}) {
-  logDebug("[GraphQL] Getting config", {
-    apiToken: configStore.get("apiToken")
+
+// src/commands/handleMobbLogin.ts
+var debug8 = Debug7("mobbdev:commands");
+var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
+var LOGIN_CHECK_DELAY = 5 * 1e3;
+var webLoginUrl = `${WEB_APP_URL}/cli-login`;
+var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk2.bgBlue(
+  "press any key to continue"
+)};`;
+var config2 = new Configstore(packageJson.name, { apiToken: "" });
+async function handleMobbLogin({
+  inGqlClient,
+  apiKey,
+  skipPrompts
+}) {
+  const { createSpinner } = Spinner({ ci: skipPrompts });
+  const isConnected = await inGqlClient.verifyApiConnection();
+  if (!isConnected) {
+    createSpinner().start().error({
+      text: "\u{1F513} Connection to Mobb: failed to connect to the Mobb server"
+    });
+    throw new CliError(
+      "Connection to Mobb: failed to connect to the Mobb server"
+    );
+  }
+  createSpinner().start().success({
+    text: `\u{1F513} Connection to Mobb: succeeded`
   });
-  const initialClient = new McpGQLClient({
-    apiKey: process.env["MOBB_API_KEY"] || process.env["API_KEY"] || // fallback for backward compatibility
-    configStore.get("apiToken") || "",
-    type: "apiKey"
+  const userVerify = await inGqlClient.validateUserToken();
+  if (userVerify) {
+    createSpinner().start().success({
+      text: `\u{1F513} Login to Mobb succeeded. ${typeof userVerify === "string" ? `Logged in as ${userVerify}` : ""}`
+    });
+    return inGqlClient;
+  } else if (apiKey) {
+    createSpinner().start().error({
+      text: "\u{1F513} Login to Mobb failed: The provided API key does not match any configured API key on the system"
+    });
+    throw new CliError(
+      "Login to Mobb failed: The provided API key does not match any configured API key on the system"
+    );
+  }
+  const loginSpinner = createSpinner().start();
+  if (!skipPrompts) {
+    loginSpinner.update({ text: MOBB_LOGIN_REQUIRED_MSG });
+    await keypress();
+  }
+  loginSpinner.update({
+    text: "\u{1F513} Waiting for Mobb login..."
+  });
+  const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", {
+    modulusLength: 2048
+  });
+  const loginId = await inGqlClient.createCliLogin({
+    publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
   });
-  const isApiEndpointReachable = await initialClient.isApiEndpointReachable();
-  logDebug("[GraphQL] API connection status", { isApiEndpointReachable });
-  if (!isApiEndpointReachable) {
-    throw new ApiConnectionError("Error: failed to reach Mobb GraphQL endpoint");
+  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+  !skipPrompts && console.log(
+    `If the page does not open automatically, kindly access it through ${browserUrl}.`
+  );
+  await open(browserUrl);
+  let newApiToken = null;
+  for (let i = 0; i < LOGIN_MAX_WAIT / LOGIN_CHECK_DELAY; i++) {
+    const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
+      loginId
+    });
+    loginSpinner.spin();
+    if (encryptedApiToken) {
+      debug8("encrypted API token received %s", encryptedApiToken);
+      newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
+      debug8("API token decrypted");
+      break;
+    }
+    await sleep(LOGIN_CHECK_DELAY);
   }
-  logDebug("[GraphQL] Validating user token");
-  const userVerify = await initialClient.validateUserToken();
-  if (userVerify) {
-    return initialClient;
+  if (!newApiToken) {
+    loginSpinner.error({
+      text: "Login timeout error"
+    });
+    throw new CliError();
+  }
+  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
+  const loginSuccess = await newGqlClient.validateUserToken();
+  if (loginSuccess) {
+    debug8(`set api token ${newApiToken}`);
+    config2.set("apiToken", newApiToken);
+    loginSpinner.success({
+      text: `\u{1F513} Login to Mobb successful! ${typeof loginSpinner === "string" ? `Logged in as ${loginSuccess}` : ""}`
+    });
+  } else {
+    loginSpinner.error({
+      text: "Something went wrong, API token is invalid."
+    });
+    throw new CliError();
+  }
+  return newGqlClient;
+}
+
+// src/features/analysis/upload-file.ts
+import Debug8 from "debug";
+import fetch3, { File, fileFrom, FormData } from "node-fetch";
+var debug9 = Debug8("mobbdev:upload-file");
+async function uploadFile({
+  file,
+  url,
+  uploadKey,
+  uploadFields,
+  logger
+}) {
+  const logInfo = logger || ((_message, _data) => {
+  });
+  logInfo(`FileUpload: upload file start ${url}`);
+  logInfo(`FileUpload: upload fields`, uploadFields);
+  logInfo(`FileUpload: upload key ${uploadKey}`);
+  debug9("upload file start %s", url);
+  debug9("upload fields %o", uploadFields);
+  debug9("upload key %s", uploadKey);
+  const form = new FormData();
+  Object.entries(uploadFields).forEach(([key, value]) => {
+    form.append(key, value);
+  });
+  if (!form.has("key")) {
+    form.append("key", uploadKey);
+  }
+  if (typeof file === "string") {
+    debug9("upload file from path %s", file);
+    logInfo(`FileUpload: upload file from path ${file}`);
+    form.append("file", await fileFrom(file));
+  } else {
+    debug9("upload file from buffer");
+    logInfo(`FileUpload: upload file from buffer`);
+    form.append("file", new File([new Uint8Array(file)], "file"));
+  }
+  const agent = getProxyAgent(url);
+  const response = await fetch3(url, {
+    method: "POST",
+    body: form,
+    agent
+  });
+  if (!response.ok) {
+    debug9("error from S3 %s %s", response.body, response.status);
+    logInfo(`FileUpload: error from S3 ${response.body} ${response.status}`);
+    throw new Error(`Failed to upload the file: ${response.status}`);
   }
-  const authService = new McpAuthService(initialClient);
-  const newApiToken = await authService.authenticate(isBackgroundCall);
-  configStore.set("apiToken", newApiToken);
-  return new McpGQLClient({ apiKey: newApiToken, type: "apiKey" });
+  debug9("upload file done");
+  logInfo(`FileUpload: upload file done`);
 }
 
 // src/args/commands/upload_ai_blame.ts
-var PromptItemZ = z27.object({
-  type: z27.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
-  attachedFiles: z27.array(
-    z27.object({
-      relativePath: z27.string(),
-      startLine: z27.number().optional()
+var PromptItemZ = z26.object({
+  type: z26.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
+  attachedFiles: z26.array(
+    z26.object({
+      relativePath: z26.string(),
+      startLine: z26.number().optional()
     })
   ).optional(),
-  tokens: z27.object({
-    inputCount: z27.number(),
-    outputCount: z27.number()
+  tokens: z26.object({
+    inputCount: z26.number(),
+    outputCount: z26.number()
   }).optional(),
-  text: z27.string().optional(),
-  date: z27.date().optional(),
-  tool: z27.object({
-    name: z27.string(),
-    parameters: z27.string(),
-    result: z27.string(),
-    rawArguments: z27.string().optional(),
-    accepted: z27.boolean().optional()
+  text: z26.string().optional(),
+  date: z26.date().optional(),
+  tool: z26.object({
+    name: z26.string(),
+    parameters: z26.string(),
+    result: z26.string(),
+    rawArguments: z26.string().optional(),
+    accepted: z26.boolean().optional()
   }).optional()
 });
-var PromptItemArrayZ = z27.array(PromptItemZ);
+var PromptItemArrayZ = z26.array(PromptItemZ);
 function uploadAiBlameBuilder(args) {
   return args.option("prompt", {
     type: "string",
     array: true,
     demandOption: true,
-    describe: chalk2.bold("Path(s) to prompt artifact(s) (one per session)")
+    describe: chalk3.bold("Path(s) to prompt artifact(s) (one per session)")
   }).option("inference", {
     type: "string",
     array: true,
     demandOption: true,
-    describe: chalk2.bold(
+    describe: chalk3.bold(
       "Path(s) to inference artifact(s) (one per session)"
     )
   }).option("ai-response-at", {
     type: "string",
     array: true,
-    describe: chalk2.bold(
+    describe: chalk3.bold(
       "ISO timestamp(s) for AI response (one per session, defaults to now)"
     )
   }).option("model", {
     type: "string",
     array: true,
-    describe: chalk2.bold("AI model name(s) (optional, one per session)")
+    describe: chalk3.bold("AI model name(s) (optional, one per session)")
   }).option("tool-name", {
     type: "string",
     array: true,
-    describe: chalk2.bold("Tool/IDE name(s) (optional, one per session)")
+    describe: chalk3.bold("Tool/IDE name(s) (optional, one per session)")
   }).strict();
 }
 async function uploadAiBlameHandlerFromExtension(args) {
@@ -5639,6 +5145,18 @@ async function uploadAiBlameHandlerFromExtension(args) {
     });
   });
 }
+var config3 = new Configstore2(packageJson.name, { apiToken: "" });
+async function getAuthenticatedGQLClientForIdeExtension() {
+  let gqlClient = new GQLClient({
+    apiKey: config3.get("apiToken") ?? "",
+    type: "apiKey"
+  });
+  gqlClient = await handleMobbLogin({
+    inGqlClient: gqlClient,
+    skipPrompts: true
+  });
+  return gqlClient;
+}
 async function uploadAiBlameHandler(args, exitOnError = true) {
   const prompts = args.prompt || [];
   const inferences = args.inference || [];
@@ -5647,7 +5165,7 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
   const responseTimes = args.aiResponseAt || args["ai-response-at"] || [];
   if (prompts.length !== inferences.length) {
     const errorMsg = "prompt and inference must have the same number of entries";
-    console.error(chalk2.red(errorMsg));
+    console.error(chalk3.red(errorMsg));
     if (exitOnError) {
       process.exit(1);
     }
@@ -5665,7 +5183,7 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       ]);
     } catch {
       const errorMsg = `File not found for session ${i + 1}`;
-      console.error(chalk2.red(errorMsg));
+      console.error(chalk3.red(errorMsg));
       if (exitOnError) {
         process.exit(1);
       }
@@ -5679,12 +5197,14 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: tools[i]
     });
   }
-  const gqlClient = await createAuthenticatedMcpGQLClient();
-  const initRes = await gqlClient.uploadAIBlameInferencesInitRaw({ sessions });
+  const authenticatedClient = await getAuthenticatedGQLClientForIdeExtension();
+  const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
+    sessions
+  });
   const uploadSessions = initRes.uploadAIBlameInferencesInit?.uploadSessions ?? [];
   if (uploadSessions.length !== sessions.length) {
     const errorMsg = "Init failed to return expected number of sessions";
-    console.error(chalk2.red(errorMsg));
+    console.error(chalk3.red(errorMsg));
     if (exitOnError) {
       process.exit(1);
     }
@@ -5718,21 +5238,22 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: s.toolName
     };
   });
-  const finRes = await gqlClient.finalizeAIBlameInferencesUploadRaw({
+  const finRes = await authenticatedClient.finalizeAIBlameInferencesUploadRaw({
     sessions: finalizeSessions
   });
   const status = finRes?.finalizeAIBlameInferencesUpload?.status;
   if (status !== "OK") {
     const errorMsg = finRes?.finalizeAIBlameInferencesUpload?.error || "unknown error";
-    console.error(chalk2.red(errorMsg));
+    console.error(chalk3.red(errorMsg));
     if (exitOnError) {
       process.exit(1);
     }
     throw new Error(errorMsg);
   }
-  console.log(chalk2.green("AI Blame uploads finalized successfully"));
+  console.log(chalk3.green("AI Blame uploads finalized successfully"));
 }
 export {
+  getAuthenticatedGQLClientForIdeExtension,
   uploadAiBlameBuilder,
   uploadAiBlameHandler,
   uploadAiBlameHandlerFromExtension