mobbdev 1.0.209 → 1.0.211

package/dist/index.mjs

@@ -6809,7 +6809,7 @@ function getBitbucketSdk(params) {
       return repoRes.map((repo) => ({
         repoIsPublic: !repo.is_private,
         repoName: repo.name || "unknown repo name",
-        repoOwner: repo.owner?.username || "unknown owner",
+        repoOwner: repo.owner?.["username"] || "unknown owner",
         repoLanguages: repo.language ? [repo.language] : [],
         repoUpdatedAt: repo.updated_on ? repo.updated_on : (/* @__PURE__ */ new Date()).toISOString(),
         repoUrl: repo.links?.html?.href || ""
@@ -7209,10 +7209,10 @@ var BitbucketSCMLib = class extends SCMLib {
   async _getUsernameForAuthUrl() {
     this._validateAccessTokenAndUrl();
     const user = await this.bitbucketSdk.getUser();
-    if (!user.username) {
+    if (!user["username"]) {
       throw new Error("no username found");
     }
-    return user.username;
+    return user["username"];
   }
   async getIsRemoteBranch(branch) {
     this._validateAccessTokenAndUrl();
@@ -7233,7 +7233,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateAccessToken();
     const res = await this.bitbucketSdk.getUser();
-    return z20.string().parse(res.username);
+    return z20.string().parse(res["username"]);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -7564,13 +7564,33 @@ function getGithubSdk(params = {}) {
       const { username, repoUrl } = params2;
       try {
         const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-        const res = await octokit.rest.repos.checkCollaborator({
-          owner,
-          repo,
-          username
-        });
-        if (res.status === 204) {
-          return true;
+        try {
+          const res = await octokit.rest.repos.checkCollaborator({
+            owner,
+            repo,
+            username
+          });
+          if (res.status === 204) {
+            return true;
+          }
+        } catch (collaboratorError) {
+          try {
+            const permissionRes = await octokit.rest.repos.getCollaboratorPermissionLevel({
+              owner,
+              repo,
+              username
+            });
+            if (permissionRes.data.permission !== "none") {
+              return true;
+            }
+          } catch (permissionError) {
+            try {
+              await octokit.rest.repos.get({ owner, repo });
+              return true;
+            } catch (repoError) {
+              return false;
+            }
+          }
         }
       } catch (e) {
         return false;
@@ -7645,6 +7665,9 @@ function getGithubSdk(params = {}) {
       const repos = await octokit.rest.repos.get({ repo, owner });
       return repos.data.default_branch;
     },
+    async getRepository({ owner, repo }) {
+      return octokit.rest.repos.get({ repo, owner });
+    },
     async getGithubReferenceData({
       ref,
       gitHubUrl
@@ -7904,11 +7927,12 @@ function getGithubSdk(params = {}) {
       return octokit.request(GET_USER);
     },
     async getPrCommits(params2) {
-      return octokit.rest.pulls.listCommits({
+      const data = await octokit.paginate(octokit.rest.pulls.listCommits, {
         owner: params2.owner,
         repo: params2.repo,
         pull_number: params2.pull_number
       });
+      return { data };
     },
     async getUserRepos() {
       return octokit.rest.repos.listForAuthenticatedUser({
@@ -7929,12 +7953,12 @@ function getGithubSdk(params = {}) {
       });
     },
     async listPRFiles(params2) {
-      return octokit.rest.pulls.listFiles({
+      const data = await octokit.paginate(octokit.rest.pulls.listFiles, {
         owner: params2.owner,
         repo: params2.repo,
-        pull_number: params2.pull_number,
-        per_page: 100
+        pull_number: params2.pull_number
       });
+      return { data };
     }
   };
 }
@@ -8204,13 +8228,54 @@ var GithubSCMLib = class extends SCMLib {
       commitSha
     });
     const commitTimestamp = commit.commit.committer?.date ? new Date(commit.commit.committer.date) : new Date(commit.commit.author?.date || Date.now());
+    let parentCommits;
+    if (commit.parents && commit.parents.length > 0) {
+      try {
+        parentCommits = await Promise.all(
+          commit.parents.map(async (parent) => {
+            const parentCommit = await this.githubSdk.getCommit({
+              owner,
+              repo,
+              commitSha: parent.sha
+            });
+            const parentTimestamp = parentCommit.data.committer?.date ? new Date(parentCommit.data.committer.date) : new Date(Date.now());
+            return {
+              sha: parent.sha,
+              timestamp: parentTimestamp
+            };
+          })
+        );
+      } catch (error) {
+        console.error("Failed to fetch parent commit timestamps", {
+          error,
+          commitSha,
+          owner,
+          repo
+        });
+        parentCommits = void 0;
+      }
+    }
+    let repositoryCreatedAt;
+    try {
+      const repoData = await this.githubSdk.getRepository({ owner, repo });
+      repositoryCreatedAt = repoData.data.created_at ? new Date(repoData.data.created_at) : void 0;
+    } catch (error) {
+      console.error("Failed to fetch repository creation date", {
+        error,
+        owner,
+        repo
+      });
+      repositoryCreatedAt = void 0;
+    }
     return {
       diff,
       commitTimestamp,
       commitSha: commit.sha,
       authorName: commit.commit.author?.name,
       authorEmail: commit.commit.author?.email,
-      message: commit.commit.message
+      message: commit.commit.message,
+      parentCommits,
+      repositoryCreatedAt
     };
   }
   async getSubmitRequestDiff(submitRequestId) {
@@ -12779,6 +12844,8 @@ import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import {
   CallToolRequestSchema,
+  GetPromptRequestSchema,
+  ListPromptsRequestSchema,
   ListToolsRequestSchema
 } from "@modelcontextprotocol/sdk/types.js";
 
@@ -14409,6 +14476,45 @@ var MCP_TOOL_CHECKER = "mcp_checker";
 // src/mcp/core/McpServer.ts
 init_configs();
 
+// src/mcp/core/PromptRegistry.ts
+var PromptRegistry = class {
+  constructor() {
+    __publicField(this, "prompts", /* @__PURE__ */ new Map());
+  }
+  registerPrompt(prompt) {
+    if (this.prompts.has(prompt.name)) {
+      logWarn(`Prompt ${prompt.name} is already registered, overwriting`, {
+        promptName: prompt.name
+      });
+    }
+    this.prompts.set(prompt.name, prompt);
+    logDebug(`Prompt registered: ${prompt.name}`, {
+      promptName: prompt.name,
+      description: prompt.description
+    });
+  }
+  getPrompt(name) {
+    return this.prompts.get(name);
+  }
+  getPromptDefinition(name) {
+    return this.prompts.get(name)?.getDefinition();
+  }
+  getAllPrompts() {
+    return Array.from(this.prompts.values()).map(
+      (prompt) => prompt.getDefinition()
+    );
+  }
+  getPromptNames() {
+    return Array.from(this.prompts.keys());
+  }
+  hasPrompt(name) {
+    return this.prompts.has(name);
+  }
+  getPromptCount() {
+    return this.prompts.size;
+  }
+};
+
 // src/mcp/core/ToolRegistry.ts
 var ToolRegistry = class {
   constructor() {
@@ -14451,6 +14557,7 @@ var McpServer = class {
   constructor(config6, govOrgId = "") {
     __publicField(this, "server");
     __publicField(this, "toolRegistry");
+    __publicField(this, "promptRegistry");
     __publicField(this, "isEventHandlersSetup", false);
     __publicField(this, "eventHandlers", /* @__PURE__ */ new Map());
     __publicField(this, "parentProcessCheckInterval");
@@ -14466,11 +14573,13 @@ var McpServer = class {
       },
       {
         capabilities: {
-          tools: {}
+          tools: {},
+          prompts: {}
         }
       }
     );
     this.toolRegistry = new ToolRegistry();
+    this.promptRegistry = new PromptRegistry();
     this.setupHandlers();
     this.setupProcessEventHandlers();
     this.setupParentProcessMonitoring();
@@ -14787,6 +14896,56 @@ var McpServer = class {
       throw error;
     }
   }
+  async handleListPromptsRequest(request) {
+    logInfo("Received list_prompts request");
+    logDebug("list_prompts request", {
+      request: JSON.parse(JSON.stringify(request))
+    });
+    const promptDefinitions = this.promptRegistry.getAllPrompts();
+    const response = {
+      prompts: promptDefinitions.map((prompt) => ({
+        name: prompt.name,
+        description: prompt.description,
+        arguments: prompt.arguments
+      }))
+    };
+    logDebug("Returning list_prompts response", { response });
+    return response;
+  }
+  async handleGetPromptRequest(request) {
+    const { name, arguments: args } = request.params;
+    logInfo(`Received get_prompt request for ${name}`);
+    logDebug("get_prompt request", {
+      request: JSON.parse(JSON.stringify(request))
+    });
+    try {
+      const prompt = this.promptRegistry.getPrompt(name);
+      if (!prompt) {
+        const errorMsg = `Unknown prompt: ${name}`;
+        logWarn(errorMsg, {
+          name,
+          availablePrompts: this.promptRegistry.getPromptNames()
+        });
+        throw new Error(errorMsg);
+      }
+      logInfo(`Generating prompt: ${name}`);
+      const response = await prompt.getPrompt(args);
+      logInfo(`Prompt ${name} generated successfully`);
+      logDebug(`Prompt ${name} generated successfully`, {
+        hasMessages: !!response.messages,
+        messageCount: response.messages?.length
+      });
+      return response;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logError(`Error generating prompt ${name}: ${errorMessage}`, {
+        error,
+        promptName: name,
+        args
+      });
+      throw error;
+    }
+  }
   setupHandlers() {
     this.server.setRequestHandler(
       ListToolsRequestSchema,
@@ -14796,12 +14955,24 @@ var McpServer = class {
       CallToolRequestSchema,
       (request) => this.handleCallToolRequest(request)
     );
+    this.server.setRequestHandler(
+      ListPromptsRequestSchema,
+      (request) => this.handleListPromptsRequest(request)
+    );
+    this.server.setRequestHandler(
+      GetPromptRequestSchema,
+      (request) => this.handleGetPromptRequest(request)
+    );
     logInfo("MCP server handlers registered");
   }
   registerTool(tool) {
     this.toolRegistry.registerTool(tool);
     logInfo(`Tool registered: ${tool.name}`);
   }
+  registerPrompt(prompt) {
+    this.promptRegistry.registerPrompt(prompt);
+    logInfo(`Prompt registered: ${prompt.name}`);
+  }
   getParentProcessId() {
     return this.parentPid;
   }
@@ -14865,117 +15036,43 @@ var McpServer = class {
   }
 };
 
-// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
-import { z as z34 } from "zod";
-
-// src/mcp/services/PathValidation.ts
-import fs12 from "fs";
-import path12 from "path";
-async function validatePath(inputPath) {
-  logDebug("Validating MCP path", { inputPath });
-  if (/^\/[a-zA-Z]:\//.test(inputPath)) {
-    inputPath = inputPath.slice(1);
-  }
-  if (inputPath === "." || inputPath === "./") {
-    const workspaceFolderPath = WorkspaceService.getWorkspaceFolderPath();
-    if (workspaceFolderPath) {
-      logDebug("Fallback to workspace folder path", {
-        inputPath,
-        workspaceFolderPaths: [workspaceFolderPath]
-      });
-      WorkspaceService.setKnownWorkspacePath(workspaceFolderPath);
-      logDebug("Stored workspace folder path as known path", {
-        workspaceFolderPath
-      });
-      return {
-        isValid: true,
-        path: workspaceFolderPath
-      };
-    } else {
-      const error = `"." is not a valid path, please provide a full localpath to the repository`;
-      logError(error);
-      return { isValid: false, error, path: inputPath };
-    }
-  }
-  if (inputPath.includes("..")) {
-    const error = `Path contains path traversal patterns: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  const normalizedPath = path12.normalize(inputPath);
-  if (normalizedPath.includes("..")) {
-    const error = `Normalized path contains path traversal patterns: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  let decodedPath;
-  try {
-    decodedPath = decodeURIComponent(inputPath);
-  } catch (err) {
-    const error = `Failed to decode path: ${inputPath}`;
-    logError(error, { err });
-    return { isValid: false, error, path: inputPath };
-  }
-  if (decodedPath.includes("..") || decodedPath !== inputPath) {
-    const error = `Path contains encoded traversal attempts: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  if (inputPath.includes("\0") || inputPath.includes("\0")) {
-    const error = `Path contains dangerous characters: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  logDebug("Path validation successful", { inputPath });
-  logDebug("Checking path existence", { inputPath });
-  try {
-    await fs12.promises.access(inputPath);
-    logDebug("Path exists and is accessible", { inputPath });
-    WorkspaceService.setKnownWorkspacePath(inputPath);
-    logDebug("Stored validated path in WorkspaceService", { inputPath });
-    return { isValid: true, path: inputPath };
-  } catch (error) {
-    const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
-    logError(errorMessage, { error });
-    return { isValid: false, error: errorMessage, path: inputPath };
-  }
-}
+// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
+import { z as z33 } from "zod";
 
-// src/mcp/tools/base/BaseTool.ts
+// src/mcp/prompts/base/BasePrompt.ts
 import { z as z32 } from "zod";
-var BaseTool = class {
+var BasePrompt = class {
   getDefinition() {
     return {
       name: this.name,
-      display_name: this.displayName,
       description: this.description,
-      inputSchema: this.inputSchema
+      arguments: this.arguments
     };
   }
-  async execute(args) {
-    if (this.hasAuthentication) {
-      logDebug(`Authenticating tool: ${this.name}`, { args });
-      const mcpGqlClient = await createAuthenticatedMcpGQLClient();
-      const userInfo = await mcpGqlClient.getUserInfo();
-      logDebug("User authenticated successfully", { userInfo });
+  async getPrompt(args) {
+    let validatedArgs = args;
+    if (this.argumentsValidationSchema) {
+      validatedArgs = this.validateArguments(args);
+      logDebug(`Prompt ${this.name} arguments validation successful`, {
+        validatedArgs
+      });
     }
-    const validatedArgs = this.validateInput(args);
-    logDebug(`Tool ${this.name} input validation successful`, {
-      validatedArgs
-    });
-    logInfo(`Executing tool: ${this.name}`);
-    const result = await this.executeInternal(validatedArgs);
-    logInfo(`Tool ${this.name} executed successfully`);
+    const result = await this.generatePrompt(validatedArgs);
+    logDebug(`Prompt ${this.name} generated successfully`);
     return result;
   }
-  validateInput(args) {
+  validateArguments(args) {
+    if (!this.argumentsValidationSchema) {
+      return args;
+    }
     try {
-      return this.inputValidationSchema.parse(args);
+      const argsToValidate = args === void 0 ? {} : args;
+      return this.argumentsValidationSchema.parse(argsToValidate);
     } catch (error) {
       if (error instanceof z32.ZodError) {
         const errorDetails = error.errors.map((e) => {
           const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
-          const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
+          const message = e.message === "Required" ? `Missing required argument '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
           return message;
         });
         const errorMessage = `Invalid arguments: ${errorDetails.join(", ")}`;
@@ -14984,84 +15081,1817 @@ var BaseTool = class {
       throw error;
     }
   }
-  createSuccessResponse(text) {
+  createUserMessage(text) {
     return {
-      content: [
+      description: this.description,
+      messages: [
         {
-          type: "text",
-          text
+          role: "user",
+          content: {
+            type: "text",
+            text
+          }
         }
       ]
     };
   }
 };
 
-// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
-init_configs();
+// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
+var CheckForNewVulnerabilitiesArgsSchema = z33.object({
+  path: z33.string().optional()
+});
+var CheckForNewVulnerabilitiesPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "check-for-new-vulnerabilities");
+    __publicField(this, "description", "Guide for enabling continuous security monitoring to detect new vulnerabilities");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to monitor",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", CheckForNewVulnerabilitiesArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Continuous Security Monitoring Setup
 
-// src/mcp/core/prompts.ts
-init_configs();
-function friendlyType(s) {
-  const withoutUnderscores = s.replace(/_/g, " ");
-  const result = withoutUnderscores.replace(/([a-z])([A-Z])/g, "$1 $2");
-  return result.charAt(0).toUpperCase() + result.slice(1);
+This workflow sets up ongoing security monitoring to detect new vulnerabilities as code changes.
+
+## Purpose
+
+The \`check_for_new_available_fixes\` tool provides:
+- Lightweight background security monitoring
+- Detection of newly introduced vulnerabilities
+- Periodic checks without heavy scanning overhead
+- Notifications when new fixes become available
+
+## When to Use
+
+Call this tool:
+\u2713 At the end of a coding session
+\u2713 After completing a series of edits
+\u2713 After applying security fixes (to verify no new issues)
+\u2713 Before committing code changes
+\u2713 As part of a continuous security workflow
+\u2713 When setting up a project for security monitoring
+
+## Workflow Steps
+
+### Step 1: Determine Repository Path
+${args?.path ? `\u2713 Repository path provided: \`${args.path}\`` : `Get the full local path to the git repository to monitor.`}
+
+### Step 2: Call check_for_new_available_fixes
+
+Use the tool with minimal parameters:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}"
 }
-var noFixesReturnedForParameters = `No fixes returned for the given offset and limit parameters.
-`;
-var noFixesReturnedForParametersWithGuidance = ({
-  offset,
-  limit,
-  totalCount,
-  currentTool
-}) => `## No Fixes Returned for Current Parameters
+\`\`\`
 
-**\u{1F4C4} Current Request:**
-- **Page:** ${Math.floor(offset / limit) + 1}
-- **Offset:** ${offset}
-- **Limit:** ${limit}
+This tool is designed to be lightweight and non-intrusive.
 
-**\u274C Result:** No fixes returned for the given offset and limit parameters.
+### Step 3: Interpret Results
 
-**\u2139\uFE0F Available Fixes:** ${totalCount} total fixes are available, but your current offset (${offset}) is beyond the available range.
+The tool will return one of several possible outcomes:
 
-**\u2705 How to Get the Fixes:**
+#### New Vulnerabilities Detected
 
-To retrieve the available fixes, use one of these approaches:
+If new security issues are found:
 
-1. **Start from the beginning:**
-   \`\`\`
-   offset: 0
-   \`\`\`
+1. **Alert the user promptly:**
+   "\u26A0\uFE0F New security vulnerabilities detected!"
 
-2. **Go to the first page:**
-   \`\`\`
-   offset: 0
-   limit: ${limit}
-   \`\`\`
+2. **Provide summary:**
+   - Number of new vulnerabilities
+   - Severity breakdown
+   - Files affected
 
-3. **Get all fixes at once:**
-   \`\`\`
-   offset: 0
-   limit: ${totalCount}
-   \`\`\`
+3. **Recommend immediate action:**
+   - For Critical/High: "I recommend reviewing these immediately"
+   - For Medium/Low: "These should be addressed when convenient"
 
-**\u{1F4CB} Valid offset range:** 0 to ${Math.max(0, totalCount - 1)}
+4. **Offer next steps:**
+   - "Would you like to scan and see the details?"
+   - "Should I fetch the available fixes?"
+   - Suggest calling \`scan_and_fix_vulnerabilities\` or \`fetch_available_fixes\`
 
-### \u26A0\uFE0F CRITICAL INSTRUCTION FOR AI AGENTS \u26A0\uFE0F
+#### No New Vulnerabilities
 
-**DO NOT AUTOMATICALLY FETCH FIXES WITHOUT EXPLICIT USER REQUEST**
+"\u2713 Monitoring active. No new security vulnerabilities detected."
 
-- **DO NOT** run the \`${currentTool}\` tool again on your own
-- **ONLY** fetch fixes if the user explicitly asks for them
-- **WAIT** for the user to specifically request fixes before proceeding
+Optional follow-up:
+- Confirm monitoring is now enabled
+- Mention that checks will continue periodically
+- Reassure the user their code remains secure
 
-If the user wants to fetch the fixes, they should explicitly ask you to run the \`${currentTool}\` tool again with the corrected parameters.
-`;
-var applyFixesPrompt = ({
-  fixes,
-  hasMore,
-  totalCount,
-  nextOffset,
+#### Monitoring Enabled
+
+"\u2713 Continuous security monitoring has been enabled for this repository."
+
+Explain what this means:
+- Periodic background checks will run
+- User will be notified of new vulnerabilities
+- No action required from user right now
+
+### Step 4: Handle User Response
+
+**If new vulnerabilities were found:**
+
+Guide the user to take appropriate action:
+
+1. **Immediate threats (Critical/High):**
+   - Strongly recommend scanning now
+   - Offer to fetch and display fixes
+   - Suggest not committing until fixed
+
+2. **Medium priority:**
+   - Add to todo list or backlog
+   - Schedule time to address
+   - Can proceed with current work
+
+3. **Low priority:**
+   - Track for future maintenance
+   - Can be addressed in next refactoring
+   - No immediate action required
+
+**If no issues found:**
+
+- Congratulate the user on maintaining security
+- Remind them monitoring will continue
+- Suggest they can continue their work confidently
+
+### Step 5: Integration into Workflow
+
+This tool should be called **automatically** in certain scenarios:
+
+1. **End-of-session cleanup:**
+   After a user completes a significant amount of work
+
+2. **Post-fix verification:**
+   After applying security fixes to ensure no new issues
+
+3. **Pre-commit hook simulation:**
+   Before suggesting the user commit their changes
+
+4. **Periodic checks:**
+   During long-running IDE sessions (every 15-30 minutes)
+
+## Best Practices
+
+### DO:
+\u2713 Call this tool frequently and automatically
+\u2713 Make it part of your regular workflow
+\u2713 Alert users immediately when issues are found
+\u2713 Provide clear severity context
+\u2713 Offer actionable next steps
+\u2713 Keep the messaging positive and non-alarming
+
+### DON'T:
+\u2717 Make this tool intrusive or annoying
+\u2717 Overwhelm users with constant notifications
+\u2717 Ignore Critical/High severity findings
+\u2717 Forget to explain what monitoring means
+\u2717 Skip this step at the end of sessions
+
+## Monitoring vs. Scanning
+
+It's important to understand the difference:
+
+| Feature | check_for_new_available_fixes | scan_and_fix_vulnerabilities |
+|---------|------------------------------|------------------------------|
+| Purpose | Continuous monitoring | Full security scan |
+| Speed | Very fast | Slower (minutes) |
+| Depth | Lightweight check | Comprehensive analysis |
+| When | Frequently, automatically | On-demand, deliberately |
+| Results | Binary (new issues yes/no) | Detailed vulnerability reports |
+| Resource usage | Minimal | Higher |
+
+**Strategy:** Use monitoring frequently, trigger full scans only when needed.
+
+## Example Usage
+
+### Scenario 1: End of Coding Session
+
+\`\`\`
+AI: "I'm running a final security check on your changes..."
+
+[Calls check_for_new_available_fixes]
+
+AI: "\u2713 All clear! No new security vulnerabilities detected. Your code is safe to commit."
+\`\`\`
+
+### Scenario 2: New Vulnerabilities Found
+
+\`\`\`
+AI: "Running continuous security monitoring..."
+
+[Calls check_for_new_available_fixes]
+
+AI: "\u26A0\uFE0F I detected 2 new security vulnerabilities:
+- 1 High severity
+- 1 Medium severity
+
+Would you like me to run a full scan to see the details and available fixes?"
+
+User: "Yes, please"
+
+[AI proceeds to call scan_and_fix_vulnerabilities]
+\`\`\`
+
+### Scenario 3: After Applying Fixes
+
+\`\`\`
+AI: "I've applied the security fixes. Let me verify no new issues were introduced..."
+
+[Calls check_for_new_available_fixes]
+
+AI: "\u2713 Perfect! The fixes resolved the issues and no new vulnerabilities were introduced. Your code is now more secure."
+\`\`\`
+
+## Silent vs. Announced Monitoring
+
+**Silent monitoring** (recommended for background checks):
+- Call the tool without announcing it
+- Only notify user if issues are found
+- Keeps the experience smooth and non-intrusive
+
+**Announced monitoring** (use when setting up or after significant changes):
+- Tell the user monitoring is running
+- Confirm when monitoring is enabled
+- Provides transparency and confidence
+
+## Technical Details
+
+The tool:
+- Connects to Mobb's backend API
+- Checks for new vulnerability data
+- Compares against last known state
+- Returns summary of new findings
+- Maintains minimal overhead
+
+## Ready to Monitor
+
+Call the \`check_for_new_available_fixes\` tool now${args?.path ? ` for ${args.path}` : ""} to enable continuous security monitoring. This is a best practice that helps catch vulnerabilities early and maintain code security over time.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/FullSecurityAuditPrompt.ts
+import { z as z34 } from "zod";
+var FullSecurityAuditArgsSchema = z34.object({
+  path: z34.string().optional()
+});
+var FullSecurityAuditPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "full-security-audit");
+    __publicField(this, "description", "Complete end-to-end security audit workflow: scan \u2192 review \u2192 fix \u2192 verify \u2192 monitor");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to audit",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", FullSecurityAuditArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Complete Security Audit Workflow
+
+This is a comprehensive, end-to-end security audit process that will scan, review, fix, verify, and set up monitoring for a repository.
+
+## Audit Overview
+
+This workflow includes:
+1. **Initial Assessment** - Understand the repository
+2. **Comprehensive Scan** - Full security analysis
+3. **Issue Review** - Categorize and prioritize vulnerabilities
+4. **Fix Application** - Apply security patches systematically
+5. **Verification** - Confirm fixes work correctly
+6. **Continuous Monitoring** - Set up ongoing security checks
+7. **Final Report** - Document all actions taken
+
+**Estimated Time:** 10-30 minutes depending on repository size and issue count
+
+## Prerequisites
+
+Before starting:
+- Repository should be in a clean git state (or user is aware of uncommitted changes)
+- Tests should be available and passing
+- User has time to review and address issues
+- Backup or branch created (recommended for first-time users)
+
+## Phase 1: Initial Assessment
+
+### Step 1.1: Gather Repository Information
+${args?.path ? `\u2713 Repository path: \`${args.path}\`` : `- Request repository path from user
+- Ask: "What is the full path to the repository you want to audit?"`}
+
+### Step 1.2: Set Expectations
+
+Inform the user:
+
+\`\`\`
+"I'll perform a complete security audit of your repository. This will:
+- Scan all code for security vulnerabilities
+- Identify issues across all severity levels
+- Provide automatic fixes where possible
+- Set up continuous monitoring
+
+This process will take a few minutes. I'll guide you through each step and explain my findings.
+
+Ready to begin?"
+\`\`\`
+
+### Step 1.3: Check Repository Status
+
+Recommend running git status:
+\`\`\`bash
+git status
+\`\`\`
+
+If there are uncommitted changes, suggest:
+- "I see uncommitted changes. Would you like to commit or stash them first?"
+- "We can proceed, but I recommend committing current work first."
+
+## Phase 2: Comprehensive Scan
+
+### Step 2.1: Initial Full Scan
+
+Call \`scan_and_fix_vulnerabilities\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "limit": 10,
+  "maxFiles": 50
+}
+\`\`\`
+
+Larger limits for comprehensive audit.
+
+### Step 2.2: Initial Results Analysis
+
+When results arrive, analyze and present:
+
+1. **Executive Summary:**
+   \`\`\`
+   Security Scan Complete
+   ----------------------
+   Total Vulnerabilities Found: [N]
+
+   By Severity:
+   - \u{1F534} Critical: [N] (immediate action required)
+   - \u{1F7E0} High: [N] (urgent)
+   - \u{1F7E1} Medium: [N] (important)
+   - \u{1F535} Low: [N] (maintenance)
+
+   By Category:
+   - [List top 3-5 vulnerability types found]
+
+   Fixable: [N] vulnerabilities have automatic fixes available
+   \`\`\`
+
+2. **Initial Recommendation:**
+   Based on findings, recommend:
+   - If Critical exists: "Address critical issues immediately"
+   - If mostly High/Medium: "Systematic fix approach recommended"
+   - If only Low: "Good security posture, minor improvements available"
+
+## Phase 3: Issue Review & Prioritization
+
+### Step 3.1: Detailed Issue Presentation
+
+Present issues in priority order:
+
+**For each Critical vulnerability:**
+\`\`\`
+\u{1F534} CRITICAL: [Type]
+Location: [file:line]
+Risk Level: Severe Security Threat
+
+Description: [What the vulnerability is]
+Attack Vector: [How it could be exploited]
+Impact: [What an attacker could do]
+
+Proposed Fix: [Summary of the fix]
+[Show diff/patch preview]
+
+Last modified by: [git blame]
+\`\`\`
+
+Continue for High, Medium, Low...
+
+### Step 3.2: Create Fix Plan
+
+Generate a structured fix plan:
+
+\`\`\`markdown
+## Security Fix Plan
+
+### Phase 1: Critical Fixes (Do First)
+1. [Vulnerability type] in [file]
+2. [Vulnerability type] in [file]
+...
+
+### Phase 2: High Severity Fixes
+1. [Vulnerability type] in [file]
+2. [Vulnerability type] in [file]
+...
+
+### Phase 3: Medium Severity Fixes
+[Can be done in follow-up session]
+
+### Phase 4: Low Severity Fixes
+[Add to maintenance backlog]
+\`\`\`
+
+### Step 3.3: Get User Approval
+
+Ask user how they want to proceed:
+
+"I've identified the security issues and created a fix plan. How would you like to proceed?
+
+1. **Comprehensive Fix** - Fix all Critical and High issues now (recommended)
+2. **Critical Only** - Fix only Critical issues now
+3. **Selective Fix** - Review and choose which fixes to apply
+4. **Report Only** - Generate report without applying fixes (for review)
+
+Recommendation: Option 1 for best security posture."
+
+## Phase 4: Fix Application
+
+Based on user choice, systematically apply fixes:
+
+### Step 4.1: Apply Critical Fixes
+
+For each Critical fix:
+1. Show what will be fixed
+2. Apply the patch
+3. Confirm application: "\u2713 Fixed: [vulnerability] in [file]"
+4. Track progress: "[N/Total] Critical fixes applied"
+
+### Step 4.2: Apply High Severity Fixes
+
+Same process as Critical, but can be done in batches.
+
+### Step 4.3: Handle Fix Failures
+
+If a fix fails to apply:
+1. Note the failure
+2. Show the conflict or error
+3. Mark for manual review
+4. Continue with remaining fixes
+5. Summarize failed fixes at the end
+
+## Phase 5: Verification
+
+### Step 5.1: Verify Patches Applied
+
+Check each modified file:
+\`\`\`bash
+git status
+git diff
+\`\`\`
+
+Confirm:
+- Expected files were modified
+- No unexpected changes
+- No merge conflicts
+
+### Step 5.2: Run Test Suite
+
+If tests exist:
+
+\`\`\`bash
+# Run appropriate test command
+npm test
+# or
+pytest
+# or
+mvn test
+\`\`\`
+
+**If tests pass:**
+"\u2705 All tests passed! Security fixes did not break functionality."
+
+**If tests fail:**
+"\u26A0\uFE0F Some tests are failing after applying fixes:
+[List failing tests]
+
+This could mean:
+1. Tests need to be updated (common for security fixes)
+2. A fix introduced an issue (less common)
+
+Would you like me to:
+1. Review the failing tests
+2. Revert specific fixes
+3. Continue anyway (tests may need updates)"
+
+### Step 5.3: Re-scan for Verification
+
+Call \`scan_and_fix_vulnerabilities\` again with \`rescan: true\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "rescan": true,
+  "limit": 10
+}
+\`\`\`
+
+Compare before/after:
+- Confirm fixed vulnerabilities are gone
+- Check no new vulnerabilities were introduced
+- Verify severity counts decreased as expected
+
+## Phase 6: Continuous Monitoring Setup
+
+### Step 6.1: Enable Monitoring
+
+Call \`check_for_new_available_fixes\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}"
+}
+\`\`\`
+
+### Step 6.2: Explain Monitoring
+
+"\u2705 Continuous security monitoring is now enabled for this repository.
+
+What this means:
+- Periodic background checks for new vulnerabilities
+- Notifications when security issues are detected
+- Ongoing protection as code evolves
+
+This helps maintain the security improvements we just made."
+
+## Phase 7: Final Report
+
+### Step 7.1: Generate Comprehensive Report
+
+Create a detailed report:
+
+\`\`\`markdown
+# Security Audit Report
+Repository: [name/path]
+Date: [date]
+Audited by: Mobb AI Security Assistant
+
+## Executive Summary
+- Total vulnerabilities found: [N]
+- Vulnerabilities fixed: [N]
+- Files modified: [N]
+- Test status: [Pass/Fail/Not Run]
+
+## Vulnerabilities Fixed
+
+### Critical (\u{1F534})
+1. [Type] in [file:line] - FIXED \u2705
+   - Risk: [description]
+   - Fix: [description]
+
+2. [Type] in [file:line] - FIXED \u2705
+   ...
+
+### High (\u{1F7E0})
+[Similar format]
+
+### Medium (\u{1F7E1})
+[List - note which were fixed]
+
+### Low (\u{1F535})
+[List - note which were fixed]
+
+## Files Modified
+- [list all modified files with change descriptions]
+
+## Verification Results
+\u2705 All fixes applied successfully
+\u2705 Tests passing
+\u2705 Re-scan confirms vulnerabilities resolved
+\u2705 No new vulnerabilities introduced
+
+## Remaining Items
+- [N] Medium severity issues (recommended to fix soon)
+- [N] Low severity issues (maintenance backlog)
+
+## Recommendations
+1. Commit these security improvements
+2. Deploy to staging environment for testing
+3. Schedule follow-up for remaining Medium issues
+4. Review security practices to prevent future issues
+5. Keep continuous monitoring enabled
+
+## Next Steps
+1. Review the changes: git diff
+2. Run additional tests if needed
+3. Commit: git add . && git commit -m "Security fixes: addressed [N] critical and high severity vulnerabilities"
+4. Push to remote repository
+5. Deploy with confidence
+
+---
+\u{1F512} Security Level: [Excellent/Good/Fair] (based on remaining issues)
+\`\`\`
+
+### Step 7.2: Provide Next Steps
+
+Give clear guidance:
+
+"## What to do next:
+
+**Immediate (Do now):**
+1. Review the changes made (git diff)
+2. Commit the security fixes
+3. Push to your repository
+
+**Soon (This week):**
+1. Address remaining Medium severity issues ([N] items)
+2. Review security best practices for your framework
+3. Share this report with your team
+
+**Ongoing:**
+1. Continuous monitoring is active
+2. Run security scans after major changes
+3. Keep dependencies updated
+
+**Questions?**
+- Need help with any specific fix?
+- Want to understand a vulnerability better?
+- Need guidance on preventing similar issues?
+
+Ask me anything!"
+
+## Important Guidelines
+
+### Communication Throughout
+
+**Be:**
+- Professional and clear
+- Patient and thorough
+- Encouraging and supportive
+- Transparent about what you're doing
+
+**Tone:**
+- Security issues are serious but fixable
+- Congratulate progress
+- Celebrate improvements
+- Don't blame or shame
+
+### DO:
+\u2705 Follow all phases systematically
+\u2705 Explain each step clearly
+\u2705 Get user approval before major actions
+\u2705 Verify all changes
+\u2705 Provide comprehensive documentation
+\u2705 Enable monitoring
+\u2705 Give clear next steps
+
+### DON'T:
+\u274C Rush through the process
+\u274C Skip verification steps
+\u274C Apply fixes without explanation
+\u274C Forget to check for new issues
+\u274C Leave user without next steps
+\u274C Create alarm - be solution-focused
+
+## Time Management
+
+For large repositories with many issues:
+- Take breaks between phases
+- Offer to pause and resume later
+- Batch fixes appropriately
+- Don't overwhelm the user
+
+Suggest: "We've fixed [N] critical issues. Would you like to continue with High severity, or take a break and resume later?"
+
+## Success Criteria
+
+Audit is successful when:
+\u2705 All Critical vulnerabilities are fixed
+\u2705 Most High severity issues addressed
+\u2705 All fixes verified and tested
+\u2705 No new vulnerabilities introduced
+\u2705 Continuous monitoring enabled
+\u2705 Comprehensive report provided
+\u2705 User understands next steps
+
+## Ready to Begin
+
+This is a comprehensive security audit that will significantly improve the security posture of the repository. Follow each phase carefully, communicate clearly, and celebrate the improvements made.
+
+Begin the audit now${args?.path ? ` for ${args.path}` : ""}.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/ReviewAndFixCriticalPrompt.ts
+import { z as z35 } from "zod";
+var ReviewAndFixCriticalArgsSchema = z35.object({
+  path: z35.string().optional()
+});
+var ReviewAndFixCriticalPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "review-and-fix-critical");
+    __publicField(this, "description", "Focused workflow for identifying and fixing Critical and High severity security vulnerabilities");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to scan and fix",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", ReviewAndFixCriticalArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Critical Security Vulnerabilities - Review and Fix
+
+This is a focused workflow for identifying and addressing Critical and High severity security vulnerabilities that require immediate attention.
+
+## Workflow Purpose
+
+Use this workflow when:
+- Security is a high priority
+- Preparing for production deployment
+- Security audit or compliance review is needed
+- You want to address the most severe issues first
+- Time is limited and you need to focus on critical threats
+
+## Severity Priority
+
+**CRITICAL** \u{1F534}
+- Immediate security risk
+- Can lead to complete system compromise
+- Examples: Remote Code Execution, Authentication Bypass, SQL Injection with data exposure
+- **Action: FIX IMMEDIATELY**
+
+**HIGH** \u{1F7E0}
+- Significant security vulnerability
+- Can lead to data breaches or unauthorized access
+- Examples: XSS attacks, Privilege Escalation, Exposed Sensitive Data
+- **Action: FIX URGENTLY**
+
+Medium and Low severity issues will be noted but not prioritized in this workflow.
+
+## Workflow Steps
+
+### Step 1: Initial Scan
+${args?.path ? `Scanning repository at: \`${args.path}\`` : `Obtain the repository path from the user.`}
+
+Call \`scan_and_fix_vulnerabilities\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "limit": 10,
+  "maxFiles": 20
+}
+\`\`\`
+
+Higher limits to ensure we catch all critical issues.
+
+### Step 2: Filter and Present Critical Issues
+
+When results arrive:
+
+1. **Count vulnerabilities by severity:**
+   - Critical count
+   - High count
+   - Medium count (mention but don't focus)
+   - Low count (mention but don't focus)
+
+2. **Present ONLY Critical and High severity issues:**
+
+   For each Critical/High vulnerability:
+
+   \`\`\`
+   \u{1F534} CRITICAL: [Vulnerability Type]
+
+   File: [path/to/file.ext:line]
+   Last modified by: [git blame user]
+
+   Risk: [Explain the security risk in simple terms]
+
+   Proposed Fix:
+   [Show the diff/patch]
+
+   Impact: [What this fix does and why it's necessary]
+   \`\`\`
+
+3. **Provide clear summary:**
+   "Found X critical and Y high severity vulnerabilities that require immediate attention."
+
+### Step 3: Prioritize Fixes
+
+Create a fix priority list:
+
+**Phase 1 - Critical (DO FIRST):**
+- List all Critical issues
+- Sort by risk level
+- Recommend fixing ALL before any High issues
+
+**Phase 2 - High (DO SECOND):**
+- List all High issues
+- Can be addressed after Critical are resolved
+
+**Ask the user:**
+"I recommend we fix these in priority order. Would you like me to:
+1. Apply ALL critical fixes automatically (recommended)
+2. Review each critical fix individually
+3. See the full details before proceeding"
+
+### Step 4: Apply Fixes
+
+Based on user choice:
+
+#### Option 1: Apply All Critical Automatically
+
+\`\`\`
+"I'll apply all [N] critical fixes now. This will modify [X] files."
+
+For each fix:
+1. Apply the patch
+2. Verify it applied successfully
+3. Show brief confirmation: "\u2713 Fixed: [vulnerability type] in [file]"
+
+"All critical fixes applied. Running verification..."
+[Call check_for_new_available_fixes to verify]
+
+"Next, I can address the [N] high severity issues. Continue?"
+\`\`\`
+
+#### Option 2: Review Each Fix Individually
+
+For each Critical fix:
+1. Show the vulnerability details
+2. Show the exact code changes
+3. Explain the security improvement
+4. Ask: "Apply this fix? (yes/no/skip)"
+5. Apply if approved
+6. Move to next
+
+#### Option 3: Provide Full Details First
+
+- Show comprehensive analysis of each vulnerability
+- Include CVE references if available
+- Explain attack vectors
+- Demonstrate how the fix prevents the attack
+- Then proceed to fixing phase
+
+### Step 5: Verification
+
+After applying fixes:
+
+1. **Verify fixes applied correctly:**
+   - Check files were modified
+   - No merge conflicts
+   - Code syntax is valid
+
+2. **Run tests if available:**
+   \`\`\`bash
+   npm test
+   # or
+   pytest
+   # or appropriate test command
+   \`\`\`
+
+3. **Re-scan to confirm:**
+   Call \`scan_and_fix_vulnerabilities\` again with \`rescan: true\`
+
+   Verify:
+   - Critical issues are resolved
+   - No new issues were introduced
+   - High severity count decreased (if those were also fixed)
+
+### Step 6: Summary Report
+
+Provide a comprehensive summary:
+
+\`\`\`markdown
+## Security Fix Summary
+
+### Fixed
+- \u2705 [N] Critical vulnerabilities resolved
+- \u2705 [N] High severity vulnerabilities resolved
+
+### Files Modified
+- [list of modified files]
+
+### Remaining Issues
+- \u26A0\uFE0F [N] Medium severity (can be addressed later)
+- \u2139\uFE0F [N] Low severity (maintenance backlog)
+
+### Recommendations
+1. Run your test suite to ensure functionality
+2. Review the changes before committing
+3. Consider addressing remaining High severity issues
+4. Schedule time for Medium/Low issues
+5. Enable continuous monitoring
+
+### Next Steps
+- Commit these security fixes
+- Deploy to staging for testing
+- Schedule follow-up for remaining issues
+\`\`\`
+
+## Important Guidelines
+
+### Communication Style
+
+**For Critical Issues:**
+- Use urgent but calm language
+- Clearly explain the risk
+- Don't create panic, but convey seriousness
+- Be direct about the need to fix immediately
+
+**For High Issues:**
+- Emphasize importance but not emergency
+- Explain impact on security posture
+- Recommend fixing soon but not necessarily right now
+
+### DO:
+\u2705 Fix ALL Critical issues before moving to High
+\u2705 Explain each vulnerability clearly
+\u2705 Show exact code changes
+\u2705 Verify fixes were applied successfully
+\u2705 Run tests after applying fixes
+\u2705 Create a clear summary of actions taken
+\u2705 Recommend continuous monitoring
+
+### DON'T:
+\u274C Apply fixes without user approval (except if explicitly requested)
+\u274C Minimize the importance of Critical issues
+\u274C Get distracted by Medium/Low issues during this workflow
+\u274C Skip verification steps
+\u274C Forget to check for new issues after applying fixes
+\u274C Rush through explanations
+
+## Example Interaction
+
+\`\`\`
+AI: "Scanning repository for critical security vulnerabilities..."
+
+[Scans]
+
+AI: "\u26A0\uFE0F **Security Alert: Critical Issues Found**
+
+I found 3 critical and 5 high severity vulnerabilities:
+
+\u{1F534} **CRITICAL ISSUES** (Must fix immediately):
+
+1. **SQL Injection** in src/api/users.ts:67
+   - Risk: Attacker can access entire database
+   - Last modified by: john@example.com
+   - Fix: Use parameterized queries
+
+2. **Authentication Bypass** in src/auth/middleware.ts:23
+   - Risk: Unauthorized access to admin functions
+   - Last modified by: jane@example.com
+   - Fix: Validate JWT signature properly
+
+3. **Remote Code Execution** in src/utils/processor.ts:45
+   - Risk: Attacker can execute arbitrary code on server
+   - Last modified by: bob@example.com
+   - Fix: Sanitize eval() input
+
+\u{1F7E0} **HIGH SEVERITY** (Fix urgently):
+[Lists 5 high issues...]
+
+**Recommendation:** Fix all 3 critical issues immediately. Would you like me to:
+1. Apply ALL critical fixes now (recommended) \u2190 [DEFAULT]
+2. Review each fix individually
+3. See detailed analysis first"
+
+User: "Apply all critical fixes"
+
+AI: "Applying all critical fixes...
+
+\u2713 Fixed: SQL Injection in src/api/users.ts
+\u2713 Fixed: Authentication Bypass in src/auth/middleware.ts
+\u2713 Fixed: Remote Code Execution in src/utils/processor.ts
+
+All critical vulnerabilities resolved! Running verification...
+
+\u2713 Verification complete - no new issues introduced.
+
+3 files modified, 0 critical issues remaining.
+
+Would you like to proceed with fixing the 5 high severity issues?"
+\`\`\`
+
+## Ready to Begin
+
+This workflow focuses exclusively on the most dangerous vulnerabilities. Follow the steps above to systematically eliminate critical security threats from the codebase.
+
+Start by scanning${args?.path ? ` ${args.path}` : " the repository"} and prioritizing Critical and High severity issues.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/ScanRecentChangesPrompt.ts
+import { z as z36 } from "zod";
+var ScanRecentChangesArgsSchema = z36.object({
+  path: z36.string().optional()
+});
+var ScanRecentChangesPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "scan-recent-changes");
+    __publicField(this, "description", "Guide for scanning only recently modified files for new security vulnerabilities");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to scan",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", ScanRecentChangesArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Scan Recent Changes for Security Issues
+
+This workflow helps you quickly scan only the files that have been recently modified, making security checks fast and targeted.
+
+## When to Use This Workflow
+
+Use this approach when:
+- You've just made code changes and want to check for new vulnerabilities
+- You want a quick security check without scanning the entire repository
+- You're working in a specific area of the codebase
+- You want faster scan results
+- You're doing iterative development and want continuous security feedback
+
+## Workflow Steps
+
+### Step 1: Determine Repository Path
+${args?.path ? `\u2713 Repository path provided: \`${args.path}\`` : `Ask the user for the full local path to the git repository.`}
+
+### Step 2: Call scan_and_fix_vulnerabilities with Recent Changes Flag
+
+Use the \`scan_and_fix_vulnerabilities\` tool with the \`scanRecentlyChangedFiles\` parameter:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "scanRecentlyChangedFiles": true,
+  "limit": 5
+}
+\`\`\`
+
+**Key parameters:**
+- \`scanRecentlyChangedFiles: true\` - Only scans files modified recently
+- \`limit: 5\` - Return up to 5 fixes (adjustable based on user needs)
+
+### Step 3: Present Results
+
+When you receive results:
+
+#### If new vulnerabilities found:
+
+1. **Alert the user:**
+   "\u26A0\uFE0F Security issues detected in recently modified files!"
+
+2. **Provide context:**
+   - Number of new vulnerabilities introduced
+   - Which files are affected
+   - Severity breakdown
+   - Who made the changes (git blame)
+
+3. **Show each vulnerability:**
+   - File and line number
+   - Type of vulnerability
+   - Severity level
+   - Proposed fix with diff preview
+
+4. **Recommend immediate action:**
+   For Critical/High severity:
+   - "I strongly recommend addressing these issues before committing/merging"
+   - "Would you like me to apply the fixes now?"
+
+#### If no vulnerabilities found:
+
+"\u2713 Great! No new security issues detected in your recent changes."
+
+Optional suggestions:
+- Continue with your work
+- Commit your changes
+- Consider enabling continuous monitoring
+
+#### If no recently changed files:
+
+"No recently modified files detected. This could mean:
+- No uncommitted changes exist
+- No files were modified recently
+- The repository has no git history
+
+Would you like to:
+1. Perform a full repository scan instead?
+2. Check the repository status?"
+
+### Step 4: Handle User Decisions
+
+**If user wants to apply fixes:**
+- Confirm each fix before applying
+- Show the exact changes
+- Apply patches sequentially
+- Verify each application succeeded
+- Run tests if available
+
+**If user wants to see more details:**
+- Explain the vulnerability type
+- Show the vulnerable code pattern
+- Explain how the fix improves security
+- Provide references or documentation links
+
+**If user wants to continue without fixing:**
+- Warn about the risks (especially for Critical/High)
+- Suggest creating an issue to track the vulnerability
+- Remind them to fix before merging to production
+
+### Step 5: Post-Scan Recommendations
+
+After handling vulnerabilities:
+
+1. **If fixes were applied:**
+   - Verify the code still works (run tests)
+   - Review the changes
+   - Update commit message to mention security fixes
+   - Consider running a full scan to check for other issues
+
+2. **If fixes were deferred:**
+   - Create tracking issues for the vulnerabilities
+   - Add TODO comments in the code
+   - Schedule time to address them
+
+3. **Enable continuous monitoring:**
+   Call \`check_for_new_available_fixes\`:
+   \`\`\`json
+   {
+     "path": "${args?.path || "<repository-path>"}"
+   }
+   \`\`\`
+
+## Advantages of Scanning Recent Changes
+
+\u2713 **Fast**: Only scans modified files
+\u2713 **Targeted**: Focuses on your current work
+\u2713 **Immediate feedback**: Catch issues before they're committed
+\u2713 **Less overwhelming**: Smaller result set
+\u2713 **Continuous security**: Integrates into development workflow
+
+## Important Notes
+
+### DO:
+\u2713 Run this scan after making changes but before committing
+\u2713 Address Critical/High severity issues immediately
+\u2713 Explain security risks clearly to the user
+\u2713 Offer to apply fixes automatically
+\u2713 Provide context about what changed and why it's vulnerable
+
+### DON'T:
+\u2717 Skip Critical/High severity warnings
+\u2717 Apply fixes without showing the user
+\u2717 Ignore the vulnerability just because the scan is quick
+\u2717 Forget to run tests after applying fixes
+\u2717 Assume all recent changes have vulnerabilities
+
+## Integration with Development Workflow
+
+This scan type integrates well with:
+- **Pre-commit hooks**: Scan before each commit
+- **IDE integration**: Scan on file save or periodically
+- **CI/CD pipelines**: Fast security check in pull requests
+- **Iterative development**: Continuous security feedback
+
+## Example Usage
+
+\`\`\`
+User: "I just added a new API endpoint for user data. Can you check if it's secure?"
+
+AI: "I'll scan your recent changes for security vulnerabilities..."
+
+[Calls scan_and_fix_vulnerabilities with scanRecentlyChangedFiles: true]
+
+AI: "\u26A0\uFE0F Found 1 security issue in your recent changes:
+
+**SQL Injection Vulnerability** (Critical)
+- File: src/api/user-data.ts:34
+- Your new endpoint is vulnerable to SQL injection
+
+The issue is in this code:
+\`\`\`typescript
+const query = \`SELECT * FROM users WHERE id = \${req.params.id}\`
+\`\`\`
+
+Recommended fix: Use parameterized queries
+\`\`\`typescript
+const query = 'SELECT * FROM users WHERE id = $1'
+const result = await db.query(query, [req.params.id])
+\`\`\`
+
+This is a Critical severity issue. I strongly recommend fixing it before committing. Would you like me to apply this fix automatically?"
+\`\`\`
+
+## Ready to Scan
+
+You now have the guidance needed to perform a fast, targeted security scan of recent changes. Follow the workflow above to help users catch security issues early in their development process.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/ScanRepositoryPrompt.ts
+import { z as z37 } from "zod";
+var ScanRepositoryArgsSchema = z37.object({
+  path: z37.string().optional()
+});
+var ScanRepositoryPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "scan-repository");
+    __publicField(this, "description", "Guide for performing an initial security scan of a repository using Mobb tools");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to scan",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", ScanRepositoryArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const pathInfo = args?.path ? `for repository at: ${args.path}` : "for the current repository";
+    const promptText = `# Security Repository Scan Workflow
+
+You are about to perform a security scan ${pathInfo}. Follow this workflow to scan the repository for vulnerabilities and present the findings to the user.
+
+## Workflow Steps
+
+### Step 1: Determine Repository Path
+${args?.path ? `\u2713 Repository path provided: \`${args.path}\`` : `- The user should provide the full local path to the git repository
+- Ask: "What is the full path to the repository you want to scan?"
+- Example: /Users/username/projects/my-app`}
+
+### Step 2: Call scan_and_fix_vulnerabilities Tool
+
+Use the \`scan_and_fix_vulnerabilities\` tool with these parameters:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "limit": 3,
+  "maxFiles": 10
+}
+\`\`\`
+
+**Why these defaults?**
+- \`limit: 3\` - Start with top 3 most severe vulnerabilities
+- \`maxFiles: 10\` - Reasonable initial scan scope
+
+**Optional parameters** (use if user specifies):
+- \`rescan: true\` - Force a fresh scan (if user wants to override cached results)
+- \`scanRecentlyChangedFiles: true\` - Only scan recently modified files (faster)
+
+### Step 3: Process and Present Results
+
+When you receive the scan results:
+
+#### If vulnerabilities are found:
+
+1. **Provide a summary:**
+   - Total number of vulnerabilities found
+   - Breakdown by severity (Critical, High, Medium, Low)
+   - Number of fixes available
+
+2. **Present the top fixes:**
+   - Show each fix with:
+     * Severity level
+     * Vulnerability type (e.g., "SQL Injection", "XSS", "Insecure Dependency")
+     * Affected file(s)
+     * Who last modified the vulnerable code (git blame)
+     * Brief description from the fix
+
+3. **Show the fix preview:**
+   - Display the git diff/patch for each fix
+   - Explain what changes will be made
+   - Highlight the security improvement
+
+4. **Ask for user preference:**
+   - "Would you like to apply these fixes automatically?"
+   - "Would you like to see more vulnerabilities?" (if more exist)
+   - "Would you like to focus on a specific severity level?"
+
+#### If no vulnerabilities are found:
+
+Congratulate the user! Their repository appears to be secure. Suggest:
+- Running periodic scans as code changes
+- Enabling continuous monitoring with \`check_for_new_available_fixes\`
+
+#### If report is expired:
+
+Inform the user that a previous scan is too old. Ask:
+- "A previous scan exists but is outdated. Would you like to run a fresh scan?"
+- If yes, call \`scan_and_fix_vulnerabilities\` with \`rescan: true\`
+
+### Step 4: Handle User Actions
+
+Based on user response:
+
+**If user wants to apply fixes:**
+- Confirm which fixes to apply (all, or specific ones)
+- Apply each fix patch using standard git apply workflow
+- Verify the changes
+- Run tests if available
+- Create a commit with the fixes
+
+**If user wants to see more:**
+- Call \`fetch_available_fixes\` with:
+  \`\`\`json
+  {
+    "path": "${args?.path || "<repository-path>"}",
+    "offset": 3,
+    "limit": 5
+  }
+  \`\`\`
+- Present the additional fixes following the same format
+
+**If user wants to filter by severity:**
+- The results are already sorted by severity (Critical \u2192 High \u2192 Medium \u2192 Low)
+- Explain the severity of issues found
+- Focus on the most critical issues first
+
+### Step 5: Post-Scan Actions
+
+After completing the scan and any fixes:
+
+1. **Summary of actions taken:**
+   - Number of fixes applied
+   - Remaining vulnerabilities (if any)
+   - Files modified
+
+2. **Recommendations:**
+   - Run tests to ensure fixes don't break functionality
+   - Review the changes before committing
+   - Consider addressing remaining Medium/Low severity issues
+   - Set up continuous monitoring
+
+3. **Call monitoring tool:**
+   Call \`check_for_new_available_fixes\` to enable ongoing security monitoring:
+   \`\`\`json
+   {
+     "path": "${args?.path || "<repository-path>"}"
+   }
+   \`\`\`
+
+## Important Reminders
+
+### DO:
+\u2713 Present vulnerabilities clearly with severity context
+\u2713 Ask for user confirmation before applying fixes
+\u2713 Explain what each fix does
+\u2713 Start with critical/high severity issues
+\u2713 Provide clear next steps
+\u2713 Mention git blame information (shows responsibility)
+
+### DON'T:
+\u2717 Apply fixes automatically without user approval
+\u2717 Overwhelm user with all vulnerabilities at once
+\u2717 Skip severity information
+\u2717 Forget to call monitoring tool at the end
+\u2717 Assume the user wants to fix everything immediately
+
+## Error Handling
+
+- **Authentication error**: Guide user to authenticate with Mobb
+- **Path not found**: Verify the path is correct and is a git repository
+- **Scan timeout**: Suggest scanning fewer files or recent changes only
+- **No report found**: This is expected for first-time scans, proceed normally
+
+## Example Conversation Flow
+
+\`\`\`
+AI: "I'll scan your repository for security vulnerabilities. This may take a moment..."
+
+[Calls scan_and_fix_vulnerabilities]
+
+AI: "Scan complete! I found 12 security vulnerabilities:
+- 2 Critical severity
+- 5 High severity
+- 4 Medium severity
+- 1 Low severity
+
+Here are the top 3 most critical issues:
+
+1. **SQL Injection** (Critical)
+   - File: src/database/users.ts:45
+   - Last modified by: john@example.com
+   - Fix: Parameterize SQL query to prevent injection
+
+   [Shows diff preview]
+
+2. **Cross-Site Scripting (XSS)** (Critical)
+   - File: src/components/UserProfile.tsx:122
+   - Last modified by: jane@example.com
+   - Fix: Sanitize user input before rendering
+
+   [Shows diff preview]
+
+3. **Insecure Dependency** (High)
+   - Package: lodash@4.17.15
+   - Fix: Upgrade to lodash@4.17.21 (fixes CVE-2021-23337)
+
+Would you like to:
+1. Apply these fixes automatically
+2. See more vulnerabilities
+3. Focus on specific issues"
+\`\`\`
+
+## Ready to Begin
+
+You now have all the information needed to perform a security scan. Follow the steps above, call the appropriate tools, and guide the user through the process professionally and clearly.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/SecurityToolsOverviewPrompt.ts
+var SecurityToolsOverviewPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "security-tools-overview");
+    __publicField(this, "description", "Provides an overview of available Mobb security tools and guidance on when to use each tool");
+    __publicField(this, "arguments");
+    __publicField(this, "argumentsValidationSchema");
+  }
+  async generatePrompt() {
+    const promptText = `# Mobb Security Tools Overview
+
+You have access to powerful security scanning and auto-fixing tools from Mobb. Here's a comprehensive guide to the available tools and when to use them:
+
+## Available Tools
+
+### 1. **scan_and_fix_vulnerabilities**
+**Purpose:** Scans a local repository for security vulnerabilities and returns automatically-generated fixes.
+
+**When to use:**
+- First-time security scan of a repository
+- Comprehensive security audit needed
+- User explicitly requests a security scan
+- After major code changes or refactoring
+
+**Key features:**
+- Scans the entire repository or specific files
+- Identifies vulnerabilities across multiple categories (XSS, SQL injection, insecure dependencies, etc.)
+- Provides detailed fix information including severity levels
+- Returns git-compatible patches that can be directly applied
+- Shows who last modified vulnerable code (git blame integration)
+
+**Parameters:**
+- \`path\` (required): Full local path to the git repository
+- \`offset\`: Pagination offset for results (default: 0)
+- \`limit\`: Number of fixes to return (default: 3)
+- \`maxFiles\`: Maximum files to scan (default: 10)
+- \`rescan\`: Force a new scan even if recent report exists
+- \`scanRecentlyChangedFiles\`: Only scan recently modified files
+
+**Important notes:**
+- This tool requires authentication
+- Scans may take time for large repositories
+- Results are cached - use \`rescan: true\` to force a fresh scan
+- The tool returns fixes in order of severity (Critical \u2192 High \u2192 Medium \u2192 Low)
+
+### 2. **fetch_available_fixes**
+**Purpose:** Retrieves pre-generated fixes from previous scans without triggering a new scan.
+
+**When to use:**
+- Checking for existing fixes without scanning
+- Retrieving additional fixes from a paginated result set
+- User wants to see more fixes beyond the initial set
+- Fetching fixes for specific files
+
+**Key features:**
+- Fast retrieval of existing fix data
+- No scanning overhead
+- Supports file filtering
+- Pagination for large result sets
+
+**Parameters:**
+- \`path\` (required): Full local path to the git repository
+- \`offset\`: Pagination offset
+- \`limit\`: Number of fixes to return
+- \`fileFilter\`: Filter by specific file path
+- \`fetchFixesFromAnyFile\`: Fetch fixes across all files
+
+**Important notes:**
+- Returns an error if no previous scan exists
+- Does NOT trigger a new scan
+- Use this when you want to avoid re-scanning
+
+### 3. **check_for_new_available_fixes**
+**Purpose:** Monitors code for new security vulnerabilities and notifies when fixes are available.
+
+**When to use:**
+- Continuous security monitoring
+- After completing a series of edits
+- End of a coding session
+- User requests ongoing security checks
+
+**Key features:**
+- Lightweight background checking
+- Detects new vulnerabilities introduced by code changes
+- Non-intrusive monitoring
+
+**Parameters:**
+- \`path\` (required): Full local path to the git repository
+
+**Important notes:**
+- This is typically called automatically at the end of operations
+- Much lighter weight than full scans
+- Part of Mobb's continuous monitoring workflow
+
+## Best Practices
+
+### Tool Selection Guidelines
+
+1. **Starting fresh?** \u2192 Use \`scan_and_fix_vulnerabilities\`
+2. **Already scanned, need more results?** \u2192 Use \`fetch_available_fixes\`
+3. **Continuous monitoring?** \u2192 Use \`check_for_new_available_fixes\`
+
+### User Interaction Patterns
+
+**When to ask for user confirmation:**
+- Before applying fixes automatically
+- Before running a full repository scan (can be time-consuming)
+- Before re-scanning when a recent scan exists
+- When multiple high-severity issues are found
+
+**When to proceed automatically:**
+- Fetching additional fixes from existing scans
+- Running background monitoring checks
+- Displaying vulnerability information
+- Showing fix previews
+
+### Severity Levels
+
+Vulnerabilities are categorized by severity:
+- **CRITICAL**: Immediate action required - severe security risk
+- **HIGH**: Important security issue - should be fixed soon
+- **MEDIUM**: Moderate security concern - fix when feasible
+- **LOW**: Minor security issue - fix during regular maintenance
+
+**Recommended approach:**
+1. Address CRITICAL issues immediately
+2. Review and fix HIGH severity issues
+3. Plan fixes for MEDIUM issues
+4. Address LOW issues during regular maintenance
+
+### Workflow Example
+
+\`\`\`
+1. User opens a repository
+2. Call scan_and_fix_vulnerabilities with default parameters
+3. Review the returned fixes (typically top 3 by severity)
+4. Present fixes to user with severity breakdown
+5. If user wants to see more: call fetch_available_fixes with appropriate offset
+6. When user approves fixes: apply the patches using git apply
+7. After session: call check_for_new_available_fixes for monitoring
+\`\`\`
+
+## Authentication
+
+All tools require authentication via the Mobb API. The tools will handle authentication automatically and prompt if credentials are needed.
+
+## Error Handling
+
+Common scenarios:
+- **No fixes found**: Repository has no vulnerabilities or they're not fixable
+- **Report expired**: Previous scan is too old, need to rescan
+- **No report found**: No previous scan exists, run scan_and_fix_vulnerabilities
+- **Authentication required**: User needs to authenticate with Mobb
+
+## Next Steps
+
+To get started with scanning a repository, use the \`scan-repository\` prompt which will guide you through the scanning workflow.
+
+For a complete security audit workflow, use the \`full-security-audit\` prompt.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
+import { z as z40 } from "zod";
+
+// src/mcp/services/PathValidation.ts
+import fs12 from "fs";
+import path12 from "path";
+async function validatePath(inputPath) {
+  logDebug("Validating MCP path", { inputPath });
+  if (/^\/[a-zA-Z]:\//.test(inputPath)) {
+    inputPath = inputPath.slice(1);
+  }
+  if (inputPath === "." || inputPath === "./") {
+    const workspaceFolderPath = WorkspaceService.getWorkspaceFolderPath();
+    if (workspaceFolderPath) {
+      logDebug("Fallback to workspace folder path", {
+        inputPath,
+        workspaceFolderPaths: [workspaceFolderPath]
+      });
+      WorkspaceService.setKnownWorkspacePath(workspaceFolderPath);
+      logDebug("Stored workspace folder path as known path", {
+        workspaceFolderPath
+      });
+      return {
+        isValid: true,
+        path: workspaceFolderPath
+      };
+    } else {
+      const error = `"." is not a valid path, please provide a full localpath to the repository`;
+      logError(error);
+      return { isValid: false, error, path: inputPath };
+    }
+  }
+  if (inputPath.includes("..")) {
+    const error = `Path contains path traversal patterns: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  const normalizedPath = path12.normalize(inputPath);
+  if (normalizedPath.includes("..")) {
+    const error = `Normalized path contains path traversal patterns: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  let decodedPath;
+  try {
+    decodedPath = decodeURIComponent(inputPath);
+  } catch (err) {
+    const error = `Failed to decode path: ${inputPath}`;
+    logError(error, { err });
+    return { isValid: false, error, path: inputPath };
+  }
+  if (decodedPath.includes("..") || decodedPath !== inputPath) {
+    const error = `Path contains encoded traversal attempts: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  if (inputPath.includes("\0") || inputPath.includes("\0")) {
+    const error = `Path contains dangerous characters: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  logDebug("Path validation successful", { inputPath });
+  logDebug("Checking path existence", { inputPath });
+  try {
+    await fs12.promises.access(inputPath);
+    logDebug("Path exists and is accessible", { inputPath });
+    WorkspaceService.setKnownWorkspacePath(inputPath);
+    logDebug("Stored validated path in WorkspaceService", { inputPath });
+    return { isValid: true, path: inputPath };
+  } catch (error) {
+    const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
+    logError(errorMessage, { error });
+    return { isValid: false, error: errorMessage, path: inputPath };
+  }
+}
+
+// src/mcp/tools/base/BaseTool.ts
+import { z as z38 } from "zod";
+var BaseTool = class {
+  getDefinition() {
+    return {
+      name: this.name,
+      display_name: this.displayName,
+      description: this.description,
+      inputSchema: this.inputSchema
+    };
+  }
+  async execute(args) {
+    if (this.hasAuthentication) {
+      logDebug(`Authenticating tool: ${this.name}`, { args });
+      const mcpGqlClient = await createAuthenticatedMcpGQLClient();
+      const userInfo = await mcpGqlClient.getUserInfo();
+      logDebug("User authenticated successfully", { userInfo });
+    }
+    const validatedArgs = this.validateInput(args);
+    logDebug(`Tool ${this.name} input validation successful`, {
+      validatedArgs
+    });
+    logInfo(`Executing tool: ${this.name}`);
+    const result = await this.executeInternal(validatedArgs);
+    logInfo(`Tool ${this.name} executed successfully`);
+    return result;
+  }
+  validateInput(args) {
+    try {
+      return this.inputValidationSchema.parse(args);
+    } catch (error) {
+      if (error instanceof z38.ZodError) {
+        const errorDetails = error.errors.map((e) => {
+          const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
+          const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
+          return message;
+        });
+        const errorMessage = `Invalid arguments: ${errorDetails.join(", ")}`;
+        throw new Error(errorMessage);
+      }
+      throw error;
+    }
+  }
+  createSuccessResponse(text) {
+    return {
+      content: [
+        {
+          type: "text",
+          text
+        }
+      ]
+    };
+  }
+};
+
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
+init_configs();
+
+// src/mcp/core/prompts.ts
+init_configs();
+function friendlyType(s) {
+  const withoutUnderscores = s.replace(/_/g, " ");
+  const result = withoutUnderscores.replace(/([a-z])([A-Z])/g, "$1 $2");
+  return result.charAt(0).toUpperCase() + result.slice(1);
+}
+var noFixesReturnedForParameters = `No fixes returned for the given offset and limit parameters.
+`;
+var noFixesReturnedForParametersWithGuidance = ({
+  offset,
+  limit,
+  totalCount,
+  currentTool
+}) => `## No Fixes Returned for Current Parameters
+
+**\u{1F4C4} Current Request:**
+- **Page:** ${Math.floor(offset / limit) + 1}
+- **Offset:** ${offset}
+- **Limit:** ${limit}
+
+**\u274C Result:** No fixes returned for the given offset and limit parameters.
+
+**\u2139\uFE0F Available Fixes:** ${totalCount} total fixes are available, but your current offset (${offset}) is beyond the available range.
+
+**\u2705 How to Get the Fixes:**
+
+To retrieve the available fixes, use one of these approaches:
+
+1. **Start from the beginning:**
+   \`\`\`
+   offset: 0
+   \`\`\`
+
+2. **Go to the first page:**
+   \`\`\`
+   offset: 0
+   limit: ${limit}
+   \`\`\`
+
+3. **Get all fixes at once:**
+   \`\`\`
+   offset: 0
+   limit: ${totalCount}
+   \`\`\`
+
+**\u{1F4CB} Valid offset range:** 0 to ${Math.max(0, totalCount - 1)}
+
+### \u26A0\uFE0F CRITICAL INSTRUCTION FOR AI AGENTS \u26A0\uFE0F
+
+**DO NOT AUTOMATICALLY FETCH FIXES WITHOUT EXPLICIT USER REQUEST**
+
+- **DO NOT** run the \`${currentTool}\` tool again on your own
+- **ONLY** fetch fixes if the user explicitly asks for them
+- **WAIT** for the user to specifically request fixes before proceeding
+
+If the user wants to fetch the fixes, they should explicitly ask you to run the \`${currentTool}\` tool again with the corrected parameters.
+`;
+var applyFixesPrompt = ({
+  fixes,
+  hasMore,
+  totalCount,
+  nextOffset,
   shownCount,
   currentTool,
   offset,
@@ -15688,14 +17518,14 @@ var getLocalFiles = async ({
 // src/mcp/services/LocalMobbFolderService.ts
 import fs14 from "fs";
 import path13 from "path";
-import { z as z33 } from "zod";
+import { z as z39 } from "zod";
 init_GitService();
 function extractPathFromPatch(patch) {
   const match = patch?.match(/diff --git a\/([^\s]+) b\//);
   return match?.[1] ?? null;
 }
 function parsedIssueTypeRes(issueType) {
-  return z33.nativeEnum(IssueType_Enum).safeParse(issueType);
+  return z39.nativeEnum(IssueType_Enum).safeParse(issueType);
 }
 var LocalMobbFolderService = class {
   /**
@@ -18369,8 +20199,8 @@ Example payload:
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z34.object({
-      path: z34.string().describe(
+    __publicField(this, "inputValidationSchema", z40.object({
+      path: z40.string().describe(
         "Full local path to the cloned git repository to check for new available fixes"
       )
     }));
@@ -18400,7 +20230,7 @@ Example payload:
 
 // src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
 init_GitService();
-import { z as z35 } from "zod";
+import { z as z41 } from "zod";
 
 // src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
 init_configs();
@@ -18542,16 +20372,16 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z35.object({
-      path: z35.string().describe(
+    __publicField(this, "inputValidationSchema", z41.object({
+      path: z41.string().describe(
         "Full local path to the cloned git repository to check for available fixes"
       ),
-      offset: z35.number().optional().describe("Optional offset for pagination"),
-      limit: z35.number().optional().describe("Optional maximum number of fixes to return"),
-      fileFilter: z35.array(z35.string()).optional().describe(
+      offset: z41.number().optional().describe("Optional offset for pagination"),
+      limit: z41.number().optional().describe("Optional maximum number of fixes to return"),
+      fileFilter: z41.array(z41.string()).optional().describe(
         "Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
       ),
-      fetchFixesFromAnyFile: z35.boolean().optional().describe(
+      fetchFixesFromAnyFile: z41.boolean().optional().describe(
         "Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
       )
     }));
@@ -18620,7 +20450,7 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
 };
 
 // src/mcp/tools/mcpChecker/mcpCheckerTool.ts
-import z36 from "zod";
+import z42 from "zod";
 
 // src/mcp/tools/mcpChecker/mcpCheckerService.ts
 var _McpCheckerService = class _McpCheckerService {
@@ -18681,7 +20511,7 @@ var McpCheckerTool = class extends BaseTool {
     __publicField(this, "displayName", "MCP Checker");
     // A detailed description to guide the LLM on when and how to invoke this tool.
     __publicField(this, "description", "Check the MCP servers running on this IDE against organization policies.");
-    __publicField(this, "inputValidationSchema", z36.object({}));
+    __publicField(this, "inputValidationSchema", z42.object({}));
     __publicField(this, "inputSchema", {
       type: "object",
       properties: {},
@@ -18707,7 +20537,7 @@ var McpCheckerTool = class extends BaseTool {
 };
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
-import z37 from "zod";
+import z43 from "zod";
 init_configs();
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
@@ -18894,17 +20724,17 @@ Example payload:
   "rescan": false
 }`);
     __publicField(this, "hasAuthentication", true);
-    __publicField(this, "inputValidationSchema", z37.object({
-      path: z37.string().describe(
+    __publicField(this, "inputValidationSchema", z43.object({
+      path: z43.string().describe(
         "Full local path to repository to scan and fix vulnerabilities"
       ),
-      offset: z37.number().optional().describe("Optional offset for pagination"),
-      limit: z37.number().optional().describe("Optional maximum number of results to return"),
-      maxFiles: z37.number().optional().describe(
+      offset: z43.number().optional().describe("Optional offset for pagination"),
+      limit: z43.number().optional().describe("Optional maximum number of results to return"),
+      maxFiles: z43.number().optional().describe(
         `Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
       ),
-      rescan: z37.boolean().optional().describe("Optional whether to rescan the repository"),
-      scanRecentlyChangedFiles: z37.boolean().optional().describe(
+      rescan: z43.boolean().optional().describe("Optional whether to rescan the repository"),
+      scanRecentlyChangedFiles: z43.boolean().optional().describe(
         "Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
       )
     }));
@@ -19032,6 +20862,19 @@ function createMcpServer(govOrgId) {
     const mcpCheckerTool = new McpCheckerTool(govOrgId);
     registerIfEnabled(mcpCheckerTool);
   }
+  logDebug("Registering MCP prompts");
+  const prompts = [
+    new SecurityToolsOverviewPrompt(),
+    new ScanRepositoryPrompt(),
+    new ScanRecentChangesPrompt(),
+    new CheckForNewVulnerabilitiesPrompt(),
+    new ReviewAndFixCriticalPrompt(),
+    new FullSecurityAuditPrompt()
+  ];
+  prompts.forEach((prompt) => {
+    server.registerPrompt(prompt);
+    logDebug(`Registered prompt: ${prompt.name}`);
+  });
   logInfo("MCP server created and configured");
   return server;
 }
@@ -19183,30 +21026,30 @@ import path16 from "path";
 import chalk10 from "chalk";
 import Configstore6 from "configstore";
 import { withFile } from "tmp-promise";
-import z38 from "zod";
-var PromptItemZ = z38.object({
-  type: z38.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
-  attachedFiles: z38.array(
-    z38.object({
-      relativePath: z38.string(),
-      startLine: z38.number().optional()
+import z44 from "zod";
+var PromptItemZ = z44.object({
+  type: z44.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
+  attachedFiles: z44.array(
+    z44.object({
+      relativePath: z44.string(),
+      startLine: z44.number().optional()
     })
   ).optional(),
-  tokens: z38.object({
-    inputCount: z38.number(),
-    outputCount: z38.number()
+  tokens: z44.object({
+    inputCount: z44.number(),
+    outputCount: z44.number()
   }).optional(),
-  text: z38.string().optional(),
-  date: z38.date().optional(),
-  tool: z38.object({
-    name: z38.string(),
-    parameters: z38.string(),
-    result: z38.string(),
-    rawArguments: z38.string().optional(),
-    accepted: z38.boolean().optional()
+  text: z44.string().optional(),
+  date: z44.date().optional(),
+  tool: z44.object({
+    name: z44.string(),
+    parameters: z44.string(),
+    result: z44.string(),
+    rawArguments: z44.string().optional(),
+    accepted: z44.boolean().optional()
   }).optional()
 });
-var PromptItemArrayZ = z38.array(PromptItemZ);
+var PromptItemArrayZ = z44.array(PromptItemZ);
 function uploadAiBlameBuilder(args) {
   return args.option("prompt", {
     type: "string",