mobbdev 1.0.210 → 1.0.212

package/dist/index.mjs

@@ -51,7 +51,7 @@ var init_configs = __esm({
     isAutoScan = process.env["AUTO_SCAN"] !== "false";
     MVS_AUTO_FIX_OVERRIDE = process.env["MVS_AUTO_FIX"];
     MCP_AUTO_FIX_DEBUG_MODE = true;
-    MCP_PERIODIC_TRACK_INTERVAL = 60 * 60 * 1e3;
+    MCP_PERIODIC_TRACK_INTERVAL = 24 * 60 * 60 * 1e3;
     MCP_DEFAULT_REST_API_URL = "https://api.mobb.ai/api/rest/mcp/track";
     MCP_SYSTEM_FIND_TIMEOUT_MS = 15 * 60 * 1e3;
   }
@@ -6224,7 +6224,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path17 = [
+      const path18 = [
         prefixPath,
         owner,
         projectName,
@@ -6235,7 +6235,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path17}?${params2}`, origin2).toString();
+      return new URL(`${path18}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -6809,7 +6809,7 @@ function getBitbucketSdk(params) {
       return repoRes.map((repo) => ({
         repoIsPublic: !repo.is_private,
         repoName: repo.name || "unknown repo name",
-        repoOwner: repo.owner?.username || "unknown owner",
+        repoOwner: repo.owner?.["username"] || "unknown owner",
         repoLanguages: repo.language ? [repo.language] : [],
         repoUpdatedAt: repo.updated_on ? repo.updated_on : (/* @__PURE__ */ new Date()).toISOString(),
         repoUrl: repo.links?.html?.href || ""
@@ -7209,10 +7209,10 @@ var BitbucketSCMLib = class extends SCMLib {
   async _getUsernameForAuthUrl() {
     this._validateAccessTokenAndUrl();
     const user = await this.bitbucketSdk.getUser();
-    if (!user.username) {
+    if (!user["username"]) {
       throw new Error("no username found");
     }
-    return user.username;
+    return user["username"];
   }
   async getIsRemoteBranch(branch) {
     this._validateAccessTokenAndUrl();
@@ -7233,7 +7233,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateAccessToken();
     const res = await this.bitbucketSdk.getUser();
-    return z20.string().parse(res.username);
+    return z20.string().parse(res["username"]);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -7564,13 +7564,33 @@ function getGithubSdk(params = {}) {
       const { username, repoUrl } = params2;
       try {
         const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-        const res = await octokit.rest.repos.checkCollaborator({
-          owner,
-          repo,
-          username
-        });
-        if (res.status === 204) {
-          return true;
+        try {
+          const res = await octokit.rest.repos.checkCollaborator({
+            owner,
+            repo,
+            username
+          });
+          if (res.status === 204) {
+            return true;
+          }
+        } catch (collaboratorError) {
+          try {
+            const permissionRes = await octokit.rest.repos.getCollaboratorPermissionLevel({
+              owner,
+              repo,
+              username
+            });
+            if (permissionRes.data.permission !== "none") {
+              return true;
+            }
+          } catch (permissionError) {
+            try {
+              await octokit.rest.repos.get({ owner, repo });
+              return true;
+            } catch (repoError) {
+              return false;
+            }
+          }
         }
       } catch (e) {
         return false;
@@ -7645,6 +7665,9 @@ function getGithubSdk(params = {}) {
       const repos = await octokit.rest.repos.get({ repo, owner });
       return repos.data.default_branch;
     },
+    async getRepository({ owner, repo }) {
+      return octokit.rest.repos.get({ repo, owner });
+    },
     async getGithubReferenceData({
       ref,
       gitHubUrl
@@ -7759,14 +7782,14 @@ function getGithubSdk(params = {}) {
       };
     },
     async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path17 } = params2;
+      const { ref, gitHubUrl, path: path18 } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
       const res = await octokit.graphql(
         GET_BLAME_DOCUMENT,
         {
           owner,
           repo,
-          path: path17,
+          path: path18,
           ref
         }
       );
@@ -7904,11 +7927,12 @@ function getGithubSdk(params = {}) {
       return octokit.request(GET_USER);
     },
     async getPrCommits(params2) {
-      return octokit.rest.pulls.listCommits({
+      const data = await octokit.paginate(octokit.rest.pulls.listCommits, {
         owner: params2.owner,
         repo: params2.repo,
         pull_number: params2.pull_number
       });
+      return { data };
     },
     async getUserRepos() {
       return octokit.rest.repos.listForAuthenticatedUser({
@@ -7929,12 +7953,12 @@ function getGithubSdk(params = {}) {
       });
     },
     async listPRFiles(params2) {
-      return octokit.rest.pulls.listFiles({
+      const data = await octokit.paginate(octokit.rest.pulls.listFiles, {
         owner: params2.owner,
         repo: params2.repo,
-        pull_number: params2.pull_number,
-        per_page: 100
+        pull_number: params2.pull_number
       });
+      return { data };
     }
   };
 }
@@ -8107,11 +8131,11 @@ var GithubSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path17) {
+  async getRepoBlameRanges(ref, path18) {
     this._validateUrl();
     return await this.githubSdk.getGithubBlameRanges({
       ref,
-      path: path17,
+      path: path18,
       gitHubUrl: this.url
     });
   }
@@ -8204,13 +8228,54 @@ var GithubSCMLib = class extends SCMLib {
       commitSha
     });
     const commitTimestamp = commit.commit.committer?.date ? new Date(commit.commit.committer.date) : new Date(commit.commit.author?.date || Date.now());
+    let parentCommits;
+    if (commit.parents && commit.parents.length > 0) {
+      try {
+        parentCommits = await Promise.all(
+          commit.parents.map(async (parent) => {
+            const parentCommit = await this.githubSdk.getCommit({
+              owner,
+              repo,
+              commitSha: parent.sha
+            });
+            const parentTimestamp = parentCommit.data.committer?.date ? new Date(parentCommit.data.committer.date) : new Date(Date.now());
+            return {
+              sha: parent.sha,
+              timestamp: parentTimestamp
+            };
+          })
+        );
+      } catch (error) {
+        console.error("Failed to fetch parent commit timestamps", {
+          error,
+          commitSha,
+          owner,
+          repo
+        });
+        parentCommits = void 0;
+      }
+    }
+    let repositoryCreatedAt;
+    try {
+      const repoData = await this.githubSdk.getRepository({ owner, repo });
+      repositoryCreatedAt = repoData.data.created_at ? new Date(repoData.data.created_at) : void 0;
+    } catch (error) {
+      console.error("Failed to fetch repository creation date", {
+        error,
+        owner,
+        repo
+      });
+      repositoryCreatedAt = void 0;
+    }
     return {
       diff,
       commitTimestamp,
       commitSha: commit.sha,
       authorName: commit.commit.author?.name,
       authorEmail: commit.commit.author?.email,
-      message: commit.commit.message
+      message: commit.commit.message,
+      parentCommits,
+      repositoryCreatedAt
     };
   }
   async getSubmitRequestDiff(submitRequestId) {
@@ -8750,13 +8815,13 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
   const { organization, repoName, projectPath } = parsingResult;
   return { owner: organization, repo: repoName, projectPath };
 }
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path17 }, options) {
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path18 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
   const api2 = getGitBeaker({
     url: gitlabUrl,
     gitlabAuthToken: options?.gitlabAuthToken
   });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path17, ref);
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path18, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
     const oldLineNumber = lineNumber;
@@ -8933,10 +8998,10 @@ var GitlabSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path17) {
+  async getRepoBlameRanges(ref, path18) {
     this._validateUrl();
     return await getGitlabBlameRanges(
-      { ref, path: path17, gitlabUrl: this.url },
+      { ref, path: path18, gitlabUrl: this.url },
       {
         url: this.url,
         gitlabAuthToken: this.accessToken
@@ -10968,7 +11033,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path17,
+    path: path18,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -10983,7 +11048,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path17,
+    path: path18,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -11017,7 +11082,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path17,
+    path: path18,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -11035,7 +11100,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path17,
+    path: path18,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -12779,6 +12844,8 @@ import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import {
   CallToolRequestSchema,
+  GetPromptRequestSchema,
+  ListPromptsRequestSchema,
   ListToolsRequestSchema
 } from "@modelcontextprotocol/sdk/types.js";
 
@@ -12791,8 +12858,8 @@ var WorkspaceService = class {
    * Sets a known workspace path that was discovered through successful validation
    * @param path The validated workspace path to store
    */
-  static setKnownWorkspacePath(path17) {
-    this.knownWorkspacePath = path17;
+  static setKnownWorkspacePath(path18) {
+    this.knownWorkspacePath = path18;
   }
   /**
    * Gets the known workspace path that was previously validated
@@ -14040,10 +14107,10 @@ var getHostInfo = (additionalMcpList) => {
   const ideConfigPaths = /* @__PURE__ */ new Set();
   for (const ide of IDEs) {
     const configPaths = getMCPConfigPaths(ide);
-    configPaths.forEach((path17) => ideConfigPaths.add(path17));
+    configPaths.forEach((path18) => ideConfigPaths.add(path18));
   }
   const uniqueAdditionalPaths = additionalMcpList.filter(
-    (path17) => !ideConfigPaths.has(path17)
+    (path18) => !ideConfigPaths.has(path18)
   );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
@@ -14163,78 +14230,68 @@ init_configs();
 
 // src/mcp/services/McpUsageService/system.ts
 init_configs();
-import { spawn } from "child_process";
+import fs12 from "fs";
 import os4 from "os";
+import path12 from "path";
+var MAX_DEPTH = 2;
+var patterns = ["mcp", "claude"];
+var isFileMatch = (fileName) => {
+  const lowerName = fileName.toLowerCase();
+  return lowerName.endsWith(".json") && patterns.some((p) => lowerName.includes(p.toLowerCase()));
+};
+var safeAccess = async (filePath) => {
+  try {
+    await fs12.promises.access(filePath, fs12.constants.R_OK);
+    return true;
+  } catch {
+    return false;
+  }
+};
+var searchDir = async (dir, depth = 0) => {
+  const results = [];
+  if (depth > MAX_DEPTH) return results;
+  const entries = await fs12.promises.readdir(dir, { withFileTypes: true }).catch(() => []);
+  for (const entry of entries) {
+    const fullPath = path12.join(dir, entry.name);
+    if (entry.isFile() && isFileMatch(entry.name)) {
+      results.push(fullPath);
+    } else if (entry.isDirectory()) {
+      if (await safeAccess(fullPath)) {
+        const subResults = await searchDir(fullPath, depth + 1);
+        results.push(...subResults);
+      }
+    }
+  }
+  return results;
+};
 var findSystemMCPConfigs = async () => {
   try {
+    const home = os4.homedir();
     const platform = os4.platform();
-    let command;
-    let args;
-    if (platform === "win32") {
-      command = "powershell";
-      args = [
-        "-NoProfile",
-        "-Command",
-        "Get-ChildItem -Path $env:USERPROFILE -Recurse -Include *mcp*.json,*claude*.json -ErrorAction SilentlyContinue | ForEach-Object { $_.FullName }"
-      ];
-    } else {
-      const home = os4.homedir();
-      command = "find";
-      args = [
-        home,
-        "-type",
-        "f",
-        "(",
-        "-iname",
-        "*mcp*.json",
-        "-o",
-        "-iname",
-        "*claude*.json",
-        ")"
-      ];
-    }
-    return await new Promise((resolve) => {
-      const child = spawn(command, args, {
-        stdio: ["ignore", "pipe", "pipe"],
-        shell: platform === "win32"
-        // needed for PowerShell
-      });
-      let output = "";
-      let errorOutput = "";
-      const timer = setTimeout(() => {
-        child.kill("SIGTERM");
+    const knownDirs = platform === "win32" ? [
+      path12.join(home, ".cursor"),
+      path12.join(home, "Documents"),
+      path12.join(home, "Downloads")
+    ] : [
+      path12.join(home, ".cursor"),
+      process.env["XDG_CONFIG_HOME"] || path12.join(home, ".config"),
+      path12.join(home, "Documents"),
+      path12.join(home, "Downloads")
+    ];
+    const timeoutPromise = new Promise(
+      (resolve) => setTimeout(() => {
         logWarn(
           `MCP config search timed out after ${MCP_SYSTEM_FIND_TIMEOUT_MS / 1e3}s`
         );
         resolve([]);
-      }, MCP_SYSTEM_FIND_TIMEOUT_MS);
-      child.stdout.on("data", (data) => {
-        output += data.toString();
-      });
-      child.stderr.on("data", (data) => {
-        const msg = data.toString();
-        if (!msg.includes("Operation not permitted") && !msg.includes("Permission denied") && !msg.includes("Access is denied")) {
-          errorOutput += msg;
-        }
-      });
-      child.on("error", (err) => {
-        clearTimeout(timer);
-        logWarn("MCP config search failed to start", { err });
-        resolve([]);
-      });
-      child.on("close", (code) => {
-        clearTimeout(timer);
-        if (code === 0 || output.trim().length > 0) {
-          const files = output.split(/\r?\n/).map((f) => f.trim()).filter(Boolean);
-          resolve(files);
-        } else {
-          if (errorOutput.trim().length > 0) {
-            logWarn("MCP config search finished with warnings", { errorOutput });
-          }
-          resolve([]);
-        }
-      });
-    });
+      }, MCP_SYSTEM_FIND_TIMEOUT_MS)
+    );
+    const searchPromise = Promise.all(
+      knownDirs.map(
+        (dir) => fs12.existsSync(dir) ? searchDir(dir) : Promise.resolve([])
+      )
+    ).then((results) => results.flat());
+    return await Promise.race([timeoutPromise, searchPromise]);
   } catch (err) {
     logWarn("MCP config search unexpected error", { err });
     return [];
@@ -14409,6 +14466,45 @@ var MCP_TOOL_CHECKER = "mcp_checker";
 // src/mcp/core/McpServer.ts
 init_configs();
 
+// src/mcp/core/PromptRegistry.ts
+var PromptRegistry = class {
+  constructor() {
+    __publicField(this, "prompts", /* @__PURE__ */ new Map());
+  }
+  registerPrompt(prompt) {
+    if (this.prompts.has(prompt.name)) {
+      logWarn(`Prompt ${prompt.name} is already registered, overwriting`, {
+        promptName: prompt.name
+      });
+    }
+    this.prompts.set(prompt.name, prompt);
+    logDebug(`Prompt registered: ${prompt.name}`, {
+      promptName: prompt.name,
+      description: prompt.description
+    });
+  }
+  getPrompt(name) {
+    return this.prompts.get(name);
+  }
+  getPromptDefinition(name) {
+    return this.prompts.get(name)?.getDefinition();
+  }
+  getAllPrompts() {
+    return Array.from(this.prompts.values()).map(
+      (prompt) => prompt.getDefinition()
+    );
+  }
+  getPromptNames() {
+    return Array.from(this.prompts.keys());
+  }
+  hasPrompt(name) {
+    return this.prompts.has(name);
+  }
+  getPromptCount() {
+    return this.prompts.size;
+  }
+};
+
 // src/mcp/core/ToolRegistry.ts
 var ToolRegistry = class {
   constructor() {
@@ -14451,6 +14547,7 @@ var McpServer = class {
   constructor(config6, govOrgId = "") {
     __publicField(this, "server");
     __publicField(this, "toolRegistry");
+    __publicField(this, "promptRegistry");
     __publicField(this, "isEventHandlersSetup", false);
     __publicField(this, "eventHandlers", /* @__PURE__ */ new Map());
     __publicField(this, "parentProcessCheckInterval");
@@ -14466,11 +14563,13 @@ var McpServer = class {
       },
       {
         capabilities: {
-          tools: {}
+          tools: {},
+          prompts: {}
         }
       }
     );
     this.toolRegistry = new ToolRegistry();
+    this.promptRegistry = new PromptRegistry();
     this.setupHandlers();
     this.setupProcessEventHandlers();
     this.setupParentProcessMonitoring();
@@ -14787,6 +14886,62 @@ var McpServer = class {
       throw error;
     }
   }
+  async handleListPromptsRequest(request) {
+    const mcpCheckerTool = this.toolRegistry.getToolDefinition(MCP_TOOL_CHECKER);
+    if (mcpCheckerTool) {
+      return {
+        prompts: []
+      };
+    }
+    logInfo("Received list_prompts request");
+    logDebug("list_prompts request", {
+      request: JSON.parse(JSON.stringify(request))
+    });
+    const promptDefinitions = this.promptRegistry.getAllPrompts();
+    const response = {
+      prompts: promptDefinitions.map((prompt) => ({
+        name: prompt.name,
+        description: prompt.description,
+        arguments: prompt.arguments
+      }))
+    };
+    logDebug("Returning list_prompts response", { response });
+    return response;
+  }
+  async handleGetPromptRequest(request) {
+    const { name, arguments: args } = request.params;
+    logInfo(`Received get_prompt request for ${name}`);
+    logDebug("get_prompt request", {
+      request: JSON.parse(JSON.stringify(request))
+    });
+    try {
+      const prompt = this.promptRegistry.getPrompt(name);
+      if (!prompt) {
+        const errorMsg = `Unknown prompt: ${name}`;
+        logWarn(errorMsg, {
+          name,
+          availablePrompts: this.promptRegistry.getPromptNames()
+        });
+        throw new Error(errorMsg);
+      }
+      logInfo(`Generating prompt: ${name}`);
+      const response = await prompt.getPrompt(args);
+      logInfo(`Prompt ${name} generated successfully`);
+      logDebug(`Prompt ${name} generated successfully`, {
+        hasMessages: !!response.messages,
+        messageCount: response.messages?.length
+      });
+      return response;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logError(`Error generating prompt ${name}: ${errorMessage}`, {
+        error,
+        promptName: name,
+        args
+      });
+      throw error;
+    }
+  }
   setupHandlers() {
     this.server.setRequestHandler(
       ListToolsRequestSchema,
@@ -14796,12 +14951,24 @@ var McpServer = class {
       CallToolRequestSchema,
       (request) => this.handleCallToolRequest(request)
     );
+    this.server.setRequestHandler(
+      ListPromptsRequestSchema,
+      (request) => this.handleListPromptsRequest(request)
+    );
+    this.server.setRequestHandler(
+      GetPromptRequestSchema,
+      (request) => this.handleGetPromptRequest(request)
+    );
     logInfo("MCP server handlers registered");
   }
   registerTool(tool) {
     this.toolRegistry.registerTool(tool);
     logInfo(`Tool registered: ${tool.name}`);
   }
+  registerPrompt(prompt) {
+    this.promptRegistry.registerPrompt(prompt);
+    logInfo(`Prompt registered: ${prompt.name}`);
+  }
   getParentProcessId() {
     return this.parentPid;
   }
@@ -14865,117 +15032,43 @@ var McpServer = class {
   }
 };
 
-// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
-import { z as z34 } from "zod";
-
-// src/mcp/services/PathValidation.ts
-import fs12 from "fs";
-import path12 from "path";
-async function validatePath(inputPath) {
-  logDebug("Validating MCP path", { inputPath });
-  if (/^\/[a-zA-Z]:\//.test(inputPath)) {
-    inputPath = inputPath.slice(1);
-  }
-  if (inputPath === "." || inputPath === "./") {
-    const workspaceFolderPath = WorkspaceService.getWorkspaceFolderPath();
-    if (workspaceFolderPath) {
-      logDebug("Fallback to workspace folder path", {
-        inputPath,
-        workspaceFolderPaths: [workspaceFolderPath]
-      });
-      WorkspaceService.setKnownWorkspacePath(workspaceFolderPath);
-      logDebug("Stored workspace folder path as known path", {
-        workspaceFolderPath
-      });
-      return {
-        isValid: true,
-        path: workspaceFolderPath
-      };
-    } else {
-      const error = `"." is not a valid path, please provide a full localpath to the repository`;
-      logError(error);
-      return { isValid: false, error, path: inputPath };
-    }
-  }
-  if (inputPath.includes("..")) {
-    const error = `Path contains path traversal patterns: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  const normalizedPath = path12.normalize(inputPath);
-  if (normalizedPath.includes("..")) {
-    const error = `Normalized path contains path traversal patterns: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  let decodedPath;
-  try {
-    decodedPath = decodeURIComponent(inputPath);
-  } catch (err) {
-    const error = `Failed to decode path: ${inputPath}`;
-    logError(error, { err });
-    return { isValid: false, error, path: inputPath };
-  }
-  if (decodedPath.includes("..") || decodedPath !== inputPath) {
-    const error = `Path contains encoded traversal attempts: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  if (inputPath.includes("\0") || inputPath.includes("\0")) {
-    const error = `Path contains dangerous characters: ${inputPath}`;
-    logError(error);
-    return { isValid: false, error, path: inputPath };
-  }
-  logDebug("Path validation successful", { inputPath });
-  logDebug("Checking path existence", { inputPath });
-  try {
-    await fs12.promises.access(inputPath);
-    logDebug("Path exists and is accessible", { inputPath });
-    WorkspaceService.setKnownWorkspacePath(inputPath);
-    logDebug("Stored validated path in WorkspaceService", { inputPath });
-    return { isValid: true, path: inputPath };
-  } catch (error) {
-    const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
-    logError(errorMessage, { error });
-    return { isValid: false, error: errorMessage, path: inputPath };
-  }
-}
+// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
+import { z as z33 } from "zod";
 
-// src/mcp/tools/base/BaseTool.ts
+// src/mcp/prompts/base/BasePrompt.ts
 import { z as z32 } from "zod";
-var BaseTool = class {
+var BasePrompt = class {
   getDefinition() {
     return {
       name: this.name,
-      display_name: this.displayName,
       description: this.description,
-      inputSchema: this.inputSchema
+      arguments: this.arguments
     };
   }
-  async execute(args) {
-    if (this.hasAuthentication) {
-      logDebug(`Authenticating tool: ${this.name}`, { args });
-      const mcpGqlClient = await createAuthenticatedMcpGQLClient();
-      const userInfo = await mcpGqlClient.getUserInfo();
-      logDebug("User authenticated successfully", { userInfo });
+  async getPrompt(args) {
+    let validatedArgs = args;
+    if (this.argumentsValidationSchema) {
+      validatedArgs = this.validateArguments(args);
+      logDebug(`Prompt ${this.name} arguments validation successful`, {
+        validatedArgs
+      });
     }
-    const validatedArgs = this.validateInput(args);
-    logDebug(`Tool ${this.name} input validation successful`, {
-      validatedArgs
-    });
-    logInfo(`Executing tool: ${this.name}`);
-    const result = await this.executeInternal(validatedArgs);
-    logInfo(`Tool ${this.name} executed successfully`);
+    const result = await this.generatePrompt(validatedArgs);
+    logDebug(`Prompt ${this.name} generated successfully`);
     return result;
   }
-  validateInput(args) {
+  validateArguments(args) {
+    if (!this.argumentsValidationSchema) {
+      return args;
+    }
     try {
-      return this.inputValidationSchema.parse(args);
+      const argsToValidate = args === void 0 ? {} : args;
+      return this.argumentsValidationSchema.parse(argsToValidate);
     } catch (error) {
       if (error instanceof z32.ZodError) {
         const errorDetails = error.errors.map((e) => {
           const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
-          const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
+          const message = e.message === "Required" ? `Missing required argument '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
           return message;
         });
         const errorMessage = `Invalid arguments: ${errorDetails.join(", ")}`;
@@ -14984,53 +15077,1786 @@ var BaseTool = class {
       throw error;
     }
   }
-  createSuccessResponse(text) {
+  createUserMessage(text) {
     return {
-      content: [
+      description: this.description,
+      messages: [
         {
-          type: "text",
-          text
+          role: "user",
+          content: {
+            type: "text",
+            text
+          }
         }
       ]
     };
   }
 };
 
-// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
-init_configs();
+// src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
+var CheckForNewVulnerabilitiesArgsSchema = z33.object({
+  path: z33.string().optional()
+});
+var CheckForNewVulnerabilitiesPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "check-for-new-vulnerabilities");
+    __publicField(this, "description", "Guide for enabling continuous security monitoring to detect new vulnerabilities");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to monitor",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", CheckForNewVulnerabilitiesArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Continuous Security Monitoring Setup
 
-// src/mcp/core/prompts.ts
-init_configs();
-function friendlyType(s) {
-  const withoutUnderscores = s.replace(/_/g, " ");
-  const result = withoutUnderscores.replace(/([a-z])([A-Z])/g, "$1 $2");
-  return result.charAt(0).toUpperCase() + result.slice(1);
-}
-var noFixesReturnedForParameters = `No fixes returned for the given offset and limit parameters.
-`;
-var noFixesReturnedForParametersWithGuidance = ({
-  offset,
-  limit,
-  totalCount,
-  currentTool
-}) => `## No Fixes Returned for Current Parameters
+This workflow sets up ongoing security monitoring to detect new vulnerabilities as code changes.
 
-**\u{1F4C4} Current Request:**
-- **Page:** ${Math.floor(offset / limit) + 1}
-- **Offset:** ${offset}
-- **Limit:** ${limit}
+## Purpose
 
-**\u274C Result:** No fixes returned for the given offset and limit parameters.
+The \`check_for_new_available_fixes\` tool provides:
+- Lightweight background security monitoring
+- Detection of newly introduced vulnerabilities
+- Periodic checks without heavy scanning overhead
+- Notifications when new fixes become available
 
-**\u2139\uFE0F Available Fixes:** ${totalCount} total fixes are available, but your current offset (${offset}) is beyond the available range.
+## When to Use
 
-**\u2705 How to Get the Fixes:**
+Call this tool:
+\u2713 At the end of a coding session
+\u2713 After completing a series of edits
+\u2713 After applying security fixes (to verify no new issues)
+\u2713 Before committing code changes
+\u2713 As part of a continuous security workflow
+\u2713 When setting up a project for security monitoring
 
-To retrieve the available fixes, use one of these approaches:
+## Workflow Steps
 
-1. **Start from the beginning:**
-   \`\`\`
-   offset: 0
+### Step 1: Determine Repository Path
+${args?.path ? `\u2713 Repository path provided: \`${args.path}\`` : `Get the full local path to the git repository to monitor.`}
+
+### Step 2: Call check_for_new_available_fixes
+
+Use the tool with minimal parameters:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}"
+}
+\`\`\`
+
+This tool is designed to be lightweight and non-intrusive.
+
+### Step 3: Interpret Results
+
+The tool will return one of several possible outcomes:
+
+#### New Vulnerabilities Detected
+
+If new security issues are found:
+
+1. **Alert the user promptly:**
+   "\u26A0\uFE0F New security vulnerabilities detected!"
+
+2. **Provide summary:**
+   - Number of new vulnerabilities
+   - Severity breakdown
+   - Files affected
+
+3. **Recommend immediate action:**
+   - For Critical/High: "I recommend reviewing these immediately"
+   - For Medium/Low: "These should be addressed when convenient"
+
+4. **Offer next steps:**
+   - "Would you like to scan and see the details?"
+   - "Should I fetch the available fixes?"
+   - Suggest calling \`scan_and_fix_vulnerabilities\` or \`fetch_available_fixes\`
+
+#### No New Vulnerabilities
+
+"\u2713 Monitoring active. No new security vulnerabilities detected."
+
+Optional follow-up:
+- Confirm monitoring is now enabled
+- Mention that checks will continue periodically
+- Reassure the user their code remains secure
+
+#### Monitoring Enabled
+
+"\u2713 Continuous security monitoring has been enabled for this repository."
+
+Explain what this means:
+- Periodic background checks will run
+- User will be notified of new vulnerabilities
+- No action required from user right now
+
+### Step 4: Handle User Response
+
+**If new vulnerabilities were found:**
+
+Guide the user to take appropriate action:
+
+1. **Immediate threats (Critical/High):**
+   - Strongly recommend scanning now
+   - Offer to fetch and display fixes
+   - Suggest not committing until fixed
+
+2. **Medium priority:**
+   - Add to todo list or backlog
+   - Schedule time to address
+   - Can proceed with current work
+
+3. **Low priority:**
+   - Track for future maintenance
+   - Can be addressed in next refactoring
+   - No immediate action required
+
+**If no issues found:**
+
+- Congratulate the user on maintaining security
+- Remind them monitoring will continue
+- Suggest they can continue their work confidently
+
+### Step 5: Integration into Workflow
+
+This tool should be called **automatically** in certain scenarios:
+
+1. **End-of-session cleanup:**
+   After a user completes a significant amount of work
+
+2. **Post-fix verification:**
+   After applying security fixes to ensure no new issues
+
+3. **Pre-commit hook simulation:**
+   Before suggesting the user commit their changes
+
+4. **Periodic checks:**
+   During long-running IDE sessions (every 15-30 minutes)
+
+## Best Practices
+
+### DO:
+\u2713 Call this tool frequently and automatically
+\u2713 Make it part of your regular workflow
+\u2713 Alert users immediately when issues are found
+\u2713 Provide clear severity context
+\u2713 Offer actionable next steps
+\u2713 Keep the messaging positive and non-alarming
+
+### DON'T:
+\u2717 Make this tool intrusive or annoying
+\u2717 Overwhelm users with constant notifications
+\u2717 Ignore Critical/High severity findings
+\u2717 Forget to explain what monitoring means
+\u2717 Skip this step at the end of sessions
+
+## Monitoring vs. Scanning
+
+It's important to understand the difference:
+
+| Feature | check_for_new_available_fixes | scan_and_fix_vulnerabilities |
+|---------|------------------------------|------------------------------|
+| Purpose | Continuous monitoring | Full security scan |
+| Speed | Very fast | Slower (minutes) |
+| Depth | Lightweight check | Comprehensive analysis |
+| When | Frequently, automatically | On-demand, deliberately |
+| Results | Binary (new issues yes/no) | Detailed vulnerability reports |
+| Resource usage | Minimal | Higher |
+
+**Strategy:** Use monitoring frequently, trigger full scans only when needed.
+
+## Example Usage
+
+### Scenario 1: End of Coding Session
+
+\`\`\`
+AI: "I'm running a final security check on your changes..."
+
+[Calls check_for_new_available_fixes]
+
+AI: "\u2713 All clear! No new security vulnerabilities detected. Your code is safe to commit."
+\`\`\`
+
+### Scenario 2: New Vulnerabilities Found
+
+\`\`\`
+AI: "Running continuous security monitoring..."
+
+[Calls check_for_new_available_fixes]
+
+AI: "\u26A0\uFE0F I detected 2 new security vulnerabilities:
+- 1 High severity
+- 1 Medium severity
+
+Would you like me to run a full scan to see the details and available fixes?"
+
+User: "Yes, please"
+
+[AI proceeds to call scan_and_fix_vulnerabilities]
+\`\`\`
+
+### Scenario 3: After Applying Fixes
+
+\`\`\`
+AI: "I've applied the security fixes. Let me verify no new issues were introduced..."
+
+[Calls check_for_new_available_fixes]
+
+AI: "\u2713 Perfect! The fixes resolved the issues and no new vulnerabilities were introduced. Your code is now more secure."
+\`\`\`
+
+## Silent vs. Announced Monitoring
+
+**Silent monitoring** (recommended for background checks):
+- Call the tool without announcing it
+- Only notify user if issues are found
+- Keeps the experience smooth and non-intrusive
+
+**Announced monitoring** (use when setting up or after significant changes):
+- Tell the user monitoring is running
+- Confirm when monitoring is enabled
+- Provides transparency and confidence
+
+## Technical Details
+
+The tool:
+- Connects to Mobb's backend API
+- Checks for new vulnerability data
+- Compares against last known state
+- Returns summary of new findings
+- Maintains minimal overhead
+
+## Ready to Monitor
+
+Call the \`check_for_new_available_fixes\` tool now${args?.path ? ` for ${args.path}` : ""} to enable continuous security monitoring. This is a best practice that helps catch vulnerabilities early and maintain code security over time.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/FullSecurityAuditPrompt.ts
+import { z as z34 } from "zod";
+var FullSecurityAuditArgsSchema = z34.object({
+  path: z34.string().optional()
+});
+var FullSecurityAuditPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "full-security-audit");
+    __publicField(this, "description", "Complete end-to-end security audit workflow: scan \u2192 review \u2192 fix \u2192 verify \u2192 monitor");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to audit",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", FullSecurityAuditArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Complete Security Audit Workflow
+
+This is a comprehensive, end-to-end security audit process that will scan, review, fix, verify, and set up monitoring for a repository.
+
+## Audit Overview
+
+This workflow includes:
+1. **Initial Assessment** - Understand the repository
+2. **Comprehensive Scan** - Full security analysis
+3. **Issue Review** - Categorize and prioritize vulnerabilities
+4. **Fix Application** - Apply security patches systematically
+5. **Verification** - Confirm fixes work correctly
+6. **Continuous Monitoring** - Set up ongoing security checks
+7. **Final Report** - Document all actions taken
+
+**Estimated Time:** 10-30 minutes depending on repository size and issue count
+
+## Prerequisites
+
+Before starting:
+- Repository should be in a clean git state (or user is aware of uncommitted changes)
+- Tests should be available and passing
+- User has time to review and address issues
+- Backup or branch created (recommended for first-time users)
+
+## Phase 1: Initial Assessment
+
+### Step 1.1: Gather Repository Information
+${args?.path ? `\u2713 Repository path: \`${args.path}\`` : `- Request repository path from user
+- Ask: "What is the full path to the repository you want to audit?"`}
+
+### Step 1.2: Set Expectations
+
+Inform the user:
+
+\`\`\`
+"I'll perform a complete security audit of your repository. This will:
+- Scan all code for security vulnerabilities
+- Identify issues across all severity levels
+- Provide automatic fixes where possible
+- Set up continuous monitoring
+
+This process will take a few minutes. I'll guide you through each step and explain my findings.
+
+Ready to begin?"
+\`\`\`
+
+### Step 1.3: Check Repository Status
+
+Recommend running git status:
+\`\`\`bash
+git status
+\`\`\`
+
+If there are uncommitted changes, suggest:
+- "I see uncommitted changes. Would you like to commit or stash them first?"
+- "We can proceed, but I recommend committing current work first."
+
+## Phase 2: Comprehensive Scan
+
+### Step 2.1: Initial Full Scan
+
+Call \`scan_and_fix_vulnerabilities\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "limit": 10,
+  "maxFiles": 50
+}
+\`\`\`
+
+Larger limits for comprehensive audit.
+
+### Step 2.2: Initial Results Analysis
+
+When results arrive, analyze and present:
+
+1. **Executive Summary:**
+   \`\`\`
+   Security Scan Complete
+   ----------------------
+   Total Vulnerabilities Found: [N]
+
+   By Severity:
+   - \u{1F534} Critical: [N] (immediate action required)
+   - \u{1F7E0} High: [N] (urgent)
+   - \u{1F7E1} Medium: [N] (important)
+   - \u{1F535} Low: [N] (maintenance)
+
+   By Category:
+   - [List top 3-5 vulnerability types found]
+
+   Fixable: [N] vulnerabilities have automatic fixes available
+   \`\`\`
+
+2. **Initial Recommendation:**
+   Based on findings, recommend:
+   - If Critical exists: "Address critical issues immediately"
+   - If mostly High/Medium: "Systematic fix approach recommended"
+   - If only Low: "Good security posture, minor improvements available"
+
+## Phase 3: Issue Review & Prioritization
+
+### Step 3.1: Detailed Issue Presentation
+
+Present issues in priority order:
+
+**For each Critical vulnerability:**
+\`\`\`
+\u{1F534} CRITICAL: [Type]
+Location: [file:line]
+Risk Level: Severe Security Threat
+
+Description: [What the vulnerability is]
+Attack Vector: [How it could be exploited]
+Impact: [What an attacker could do]
+
+Proposed Fix: [Summary of the fix]
+[Show diff/patch preview]
+
+Last modified by: [git blame]
+\`\`\`
+
+Continue for High, Medium, Low...
+
+### Step 3.2: Create Fix Plan
+
+Generate a structured fix plan:
+
+\`\`\`markdown
+## Security Fix Plan
+
+### Phase 1: Critical Fixes (Do First)
+1. [Vulnerability type] in [file]
+2. [Vulnerability type] in [file]
+...
+
+### Phase 2: High Severity Fixes
+1. [Vulnerability type] in [file]
+2. [Vulnerability type] in [file]
+...
+
+### Phase 3: Medium Severity Fixes
+[Can be done in follow-up session]
+
+### Phase 4: Low Severity Fixes
+[Add to maintenance backlog]
+\`\`\`
+
+### Step 3.3: Get User Approval
+
+Ask user how they want to proceed:
+
+"I've identified the security issues and created a fix plan. How would you like to proceed?
+
+1. **Comprehensive Fix** - Fix all Critical and High issues now (recommended)
+2. **Critical Only** - Fix only Critical issues now
+3. **Selective Fix** - Review and choose which fixes to apply
+4. **Report Only** - Generate report without applying fixes (for review)
+
+Recommendation: Option 1 for best security posture."
+
+## Phase 4: Fix Application
+
+Based on user choice, systematically apply fixes:
+
+### Step 4.1: Apply Critical Fixes
+
+For each Critical fix:
+1. Show what will be fixed
+2. Apply the patch
+3. Confirm application: "\u2713 Fixed: [vulnerability] in [file]"
+4. Track progress: "[N/Total] Critical fixes applied"
+
+### Step 4.2: Apply High Severity Fixes
+
+Same process as Critical, but can be done in batches.
+
+### Step 4.3: Handle Fix Failures
+
+If a fix fails to apply:
+1. Note the failure
+2. Show the conflict or error
+3. Mark for manual review
+4. Continue with remaining fixes
+5. Summarize failed fixes at the end
+
+## Phase 5: Verification
+
+### Step 5.1: Verify Patches Applied
+
+Check each modified file:
+\`\`\`bash
+git status
+git diff
+\`\`\`
+
+Confirm:
+- Expected files were modified
+- No unexpected changes
+- No merge conflicts
+
+### Step 5.2: Run Test Suite
+
+If tests exist:
+
+\`\`\`bash
+# Run appropriate test command
+npm test
+# or
+pytest
+# or
+mvn test
+\`\`\`
+
+**If tests pass:**
+"\u2705 All tests passed! Security fixes did not break functionality."
+
+**If tests fail:**
+"\u26A0\uFE0F Some tests are failing after applying fixes:
+[List failing tests]
+
+This could mean:
+1. Tests need to be updated (common for security fixes)
+2. A fix introduced an issue (less common)
+
+Would you like me to:
+1. Review the failing tests
+2. Revert specific fixes
+3. Continue anyway (tests may need updates)"
+
+### Step 5.3: Re-scan for Verification
+
+Call \`scan_and_fix_vulnerabilities\` again with \`rescan: true\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "rescan": true,
+  "limit": 10
+}
+\`\`\`
+
+Compare before/after:
+- Confirm fixed vulnerabilities are gone
+- Check no new vulnerabilities were introduced
+- Verify severity counts decreased as expected
+
+## Phase 6: Continuous Monitoring Setup
+
+### Step 6.1: Enable Monitoring
+
+Call \`check_for_new_available_fixes\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}"
+}
+\`\`\`
+
+### Step 6.2: Explain Monitoring
+
+"\u2705 Continuous security monitoring is now enabled for this repository.
+
+What this means:
+- Periodic background checks for new vulnerabilities
+- Notifications when security issues are detected
+- Ongoing protection as code evolves
+
+This helps maintain the security improvements we just made."
+
+## Phase 7: Final Report
+
+### Step 7.1: Generate Comprehensive Report
+
+Create a detailed report:
+
+\`\`\`markdown
+# Security Audit Report
+Repository: [name/path]
+Date: [date]
+Audited by: Mobb AI Security Assistant
+
+## Executive Summary
+- Total vulnerabilities found: [N]
+- Vulnerabilities fixed: [N]
+- Files modified: [N]
+- Test status: [Pass/Fail/Not Run]
+
+## Vulnerabilities Fixed
+
+### Critical (\u{1F534})
+1. [Type] in [file:line] - FIXED \u2705
+   - Risk: [description]
+   - Fix: [description]
+
+2. [Type] in [file:line] - FIXED \u2705
+   ...
+
+### High (\u{1F7E0})
+[Similar format]
+
+### Medium (\u{1F7E1})
+[List - note which were fixed]
+
+### Low (\u{1F535})
+[List - note which were fixed]
+
+## Files Modified
+- [list all modified files with change descriptions]
+
+## Verification Results
+\u2705 All fixes applied successfully
+\u2705 Tests passing
+\u2705 Re-scan confirms vulnerabilities resolved
+\u2705 No new vulnerabilities introduced
+
+## Remaining Items
+- [N] Medium severity issues (recommended to fix soon)
+- [N] Low severity issues (maintenance backlog)
+
+## Recommendations
+1. Commit these security improvements
+2. Deploy to staging environment for testing
+3. Schedule follow-up for remaining Medium issues
+4. Review security practices to prevent future issues
+5. Keep continuous monitoring enabled
+
+## Next Steps
+1. Review the changes: git diff
+2. Run additional tests if needed
+3. Commit: git add . && git commit -m "Security fixes: addressed [N] critical and high severity vulnerabilities"
+4. Push to remote repository
+5. Deploy with confidence
+
+---
+\u{1F512} Security Level: [Excellent/Good/Fair] (based on remaining issues)
+\`\`\`
+
+### Step 7.2: Provide Next Steps
+
+Give clear guidance:
+
+"## What to do next:
+
+**Immediate (Do now):**
+1. Review the changes made (git diff)
+2. Commit the security fixes
+3. Push to your repository
+
+**Soon (This week):**
+1. Address remaining Medium severity issues ([N] items)
+2. Review security best practices for your framework
+3. Share this report with your team
+
+**Ongoing:**
+1. Continuous monitoring is active
+2. Run security scans after major changes
+3. Keep dependencies updated
+
+**Questions?**
+- Need help with any specific fix?
+- Want to understand a vulnerability better?
+- Need guidance on preventing similar issues?
+
+Ask me anything!"
+
+## Important Guidelines
+
+### Communication Throughout
+
+**Be:**
+- Professional and clear
+- Patient and thorough
+- Encouraging and supportive
+- Transparent about what you're doing
+
+**Tone:**
+- Security issues are serious but fixable
+- Congratulate progress
+- Celebrate improvements
+- Don't blame or shame
+
+### DO:
+\u2705 Follow all phases systematically
+\u2705 Explain each step clearly
+\u2705 Get user approval before major actions
+\u2705 Verify all changes
+\u2705 Provide comprehensive documentation
+\u2705 Enable monitoring
+\u2705 Give clear next steps
+
+### DON'T:
+\u274C Rush through the process
+\u274C Skip verification steps
+\u274C Apply fixes without explanation
+\u274C Forget to check for new issues
+\u274C Leave user without next steps
+\u274C Create alarm - be solution-focused
+
+## Time Management
+
+For large repositories with many issues:
+- Take breaks between phases
+- Offer to pause and resume later
+- Batch fixes appropriately
+- Don't overwhelm the user
+
+Suggest: "We've fixed [N] critical issues. Would you like to continue with High severity, or take a break and resume later?"
+
+## Success Criteria
+
+Audit is successful when:
+\u2705 All Critical vulnerabilities are fixed
+\u2705 Most High severity issues addressed
+\u2705 All fixes verified and tested
+\u2705 No new vulnerabilities introduced
+\u2705 Continuous monitoring enabled
+\u2705 Comprehensive report provided
+\u2705 User understands next steps
+
+## Ready to Begin
+
+This is a comprehensive security audit that will significantly improve the security posture of the repository. Follow each phase carefully, communicate clearly, and celebrate the improvements made.
+
+Begin the audit now${args?.path ? ` for ${args.path}` : ""}.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/ReviewAndFixCriticalPrompt.ts
+import { z as z35 } from "zod";
+var ReviewAndFixCriticalArgsSchema = z35.object({
+  path: z35.string().optional()
+});
+var ReviewAndFixCriticalPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "review-and-fix-critical");
+    __publicField(this, "description", "Focused workflow for identifying and fixing Critical and High severity security vulnerabilities");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to scan and fix",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", ReviewAndFixCriticalArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Critical Security Vulnerabilities - Review and Fix
+
+This is a focused workflow for identifying and addressing Critical and High severity security vulnerabilities that require immediate attention.
+
+## Workflow Purpose
+
+Use this workflow when:
+- Security is a high priority
+- Preparing for production deployment
+- Security audit or compliance review is needed
+- You want to address the most severe issues first
+- Time is limited and you need to focus on critical threats
+
+## Severity Priority
+
+**CRITICAL** \u{1F534}
+- Immediate security risk
+- Can lead to complete system compromise
+- Examples: Remote Code Execution, Authentication Bypass, SQL Injection with data exposure
+- **Action: FIX IMMEDIATELY**
+
+**HIGH** \u{1F7E0}
+- Significant security vulnerability
+- Can lead to data breaches or unauthorized access
+- Examples: XSS attacks, Privilege Escalation, Exposed Sensitive Data
+- **Action: FIX URGENTLY**
+
+Medium and Low severity issues will be noted but not prioritized in this workflow.
+
+## Workflow Steps
+
+### Step 1: Initial Scan
+${args?.path ? `Scanning repository at: \`${args.path}\`` : `Obtain the repository path from the user.`}
+
+Call \`scan_and_fix_vulnerabilities\`:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "limit": 10,
+  "maxFiles": 20
+}
+\`\`\`
+
+Higher limits to ensure we catch all critical issues.
+
+### Step 2: Filter and Present Critical Issues
+
+When results arrive:
+
+1. **Count vulnerabilities by severity:**
+   - Critical count
+   - High count
+   - Medium count (mention but don't focus)
+   - Low count (mention but don't focus)
+
+2. **Present ONLY Critical and High severity issues:**
+
+   For each Critical/High vulnerability:
+
+   \`\`\`
+   \u{1F534} CRITICAL: [Vulnerability Type]
+
+   File: [path/to/file.ext:line]
+   Last modified by: [git blame user]
+
+   Risk: [Explain the security risk in simple terms]
+
+   Proposed Fix:
+   [Show the diff/patch]
+
+   Impact: [What this fix does and why it's necessary]
+   \`\`\`
+
+3. **Provide clear summary:**
+   "Found X critical and Y high severity vulnerabilities that require immediate attention."
+
+### Step 3: Prioritize Fixes
+
+Create a fix priority list:
+
+**Phase 1 - Critical (DO FIRST):**
+- List all Critical issues
+- Sort by risk level
+- Recommend fixing ALL before any High issues
+
+**Phase 2 - High (DO SECOND):**
+- List all High issues
+- Can be addressed after Critical are resolved
+
+**Ask the user:**
+"I recommend we fix these in priority order. Would you like me to:
+1. Apply ALL critical fixes automatically (recommended)
+2. Review each critical fix individually
+3. See the full details before proceeding"
+
+### Step 4: Apply Fixes
+
+Based on user choice:
+
+#### Option 1: Apply All Critical Automatically
+
+\`\`\`
+"I'll apply all [N] critical fixes now. This will modify [X] files."
+
+For each fix:
+1. Apply the patch
+2. Verify it applied successfully
+3. Show brief confirmation: "\u2713 Fixed: [vulnerability type] in [file]"
+
+"All critical fixes applied. Running verification..."
+[Call check_for_new_available_fixes to verify]
+
+"Next, I can address the [N] high severity issues. Continue?"
+\`\`\`
+
+#### Option 2: Review Each Fix Individually
+
+For each Critical fix:
+1. Show the vulnerability details
+2. Show the exact code changes
+3. Explain the security improvement
+4. Ask: "Apply this fix? (yes/no/skip)"
+5. Apply if approved
+6. Move to next
+
+#### Option 3: Provide Full Details First
+
+- Show comprehensive analysis of each vulnerability
+- Include CVE references if available
+- Explain attack vectors
+- Demonstrate how the fix prevents the attack
+- Then proceed to fixing phase
+
+### Step 5: Verification
+
+After applying fixes:
+
+1. **Verify fixes applied correctly:**
+   - Check files were modified
+   - No merge conflicts
+   - Code syntax is valid
+
+2. **Run tests if available:**
+   \`\`\`bash
+   npm test
+   # or
+   pytest
+   # or appropriate test command
+   \`\`\`
+
+3. **Re-scan to confirm:**
+   Call \`scan_and_fix_vulnerabilities\` again with \`rescan: true\`
+
+   Verify:
+   - Critical issues are resolved
+   - No new issues were introduced
+   - High severity count decreased (if those were also fixed)
+
+### Step 6: Summary Report
+
+Provide a comprehensive summary:
+
+\`\`\`markdown
+## Security Fix Summary
+
+### Fixed
+- \u2705 [N] Critical vulnerabilities resolved
+- \u2705 [N] High severity vulnerabilities resolved
+
+### Files Modified
+- [list of modified files]
+
+### Remaining Issues
+- \u26A0\uFE0F [N] Medium severity (can be addressed later)
+- \u2139\uFE0F [N] Low severity (maintenance backlog)
+
+### Recommendations
+1. Run your test suite to ensure functionality
+2. Review the changes before committing
+3. Consider addressing remaining High severity issues
+4. Schedule time for Medium/Low issues
+5. Enable continuous monitoring
+
+### Next Steps
+- Commit these security fixes
+- Deploy to staging for testing
+- Schedule follow-up for remaining issues
+\`\`\`
+
+## Important Guidelines
+
+### Communication Style
+
+**For Critical Issues:**
+- Use urgent but calm language
+- Clearly explain the risk
+- Don't create panic, but convey seriousness
+- Be direct about the need to fix immediately
+
+**For High Issues:**
+- Emphasize importance but not emergency
+- Explain impact on security posture
+- Recommend fixing soon but not necessarily right now
+
+### DO:
+\u2705 Fix ALL Critical issues before moving to High
+\u2705 Explain each vulnerability clearly
+\u2705 Show exact code changes
+\u2705 Verify fixes were applied successfully
+\u2705 Run tests after applying fixes
+\u2705 Create a clear summary of actions taken
+\u2705 Recommend continuous monitoring
+
+### DON'T:
+\u274C Apply fixes without user approval (except if explicitly requested)
+\u274C Minimize the importance of Critical issues
+\u274C Get distracted by Medium/Low issues during this workflow
+\u274C Skip verification steps
+\u274C Forget to check for new issues after applying fixes
+\u274C Rush through explanations
+
+## Example Interaction
+
+\`\`\`
+AI: "Scanning repository for critical security vulnerabilities..."
+
+[Scans]
+
+AI: "\u26A0\uFE0F **Security Alert: Critical Issues Found**
+
+I found 3 critical and 5 high severity vulnerabilities:
+
+\u{1F534} **CRITICAL ISSUES** (Must fix immediately):
+
+1. **SQL Injection** in src/api/users.ts:67
+   - Risk: Attacker can access entire database
+   - Last modified by: john@example.com
+   - Fix: Use parameterized queries
+
+2. **Authentication Bypass** in src/auth/middleware.ts:23
+   - Risk: Unauthorized access to admin functions
+   - Last modified by: jane@example.com
+   - Fix: Validate JWT signature properly
+
+3. **Remote Code Execution** in src/utils/processor.ts:45
+   - Risk: Attacker can execute arbitrary code on server
+   - Last modified by: bob@example.com
+   - Fix: Sanitize eval() input
+
+\u{1F7E0} **HIGH SEVERITY** (Fix urgently):
+[Lists 5 high issues...]
+
+**Recommendation:** Fix all 3 critical issues immediately. Would you like me to:
+1. Apply ALL critical fixes now (recommended) \u2190 [DEFAULT]
+2. Review each fix individually
+3. See detailed analysis first"
+
+User: "Apply all critical fixes"
+
+AI: "Applying all critical fixes...
+
+\u2713 Fixed: SQL Injection in src/api/users.ts
+\u2713 Fixed: Authentication Bypass in src/auth/middleware.ts
+\u2713 Fixed: Remote Code Execution in src/utils/processor.ts
+
+All critical vulnerabilities resolved! Running verification...
+
+\u2713 Verification complete - no new issues introduced.
+
+3 files modified, 0 critical issues remaining.
+
+Would you like to proceed with fixing the 5 high severity issues?"
+\`\`\`
+
+## Ready to Begin
+
+This workflow focuses exclusively on the most dangerous vulnerabilities. Follow the steps above to systematically eliminate critical security threats from the codebase.
+
+Start by scanning${args?.path ? ` ${args.path}` : " the repository"} and prioritizing Critical and High severity issues.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/ScanRecentChangesPrompt.ts
+import { z as z36 } from "zod";
+var ScanRecentChangesArgsSchema = z36.object({
+  path: z36.string().optional()
+});
+var ScanRecentChangesPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "scan-recent-changes");
+    __publicField(this, "description", "Guide for scanning only recently modified files for new security vulnerabilities");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to scan",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", ScanRecentChangesArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const promptText = `# Scan Recent Changes for Security Issues
+
+This workflow helps you quickly scan only the files that have been recently modified, making security checks fast and targeted.
+
+## When to Use This Workflow
+
+Use this approach when:
+- You've just made code changes and want to check for new vulnerabilities
+- You want a quick security check without scanning the entire repository
+- You're working in a specific area of the codebase
+- You want faster scan results
+- You're doing iterative development and want continuous security feedback
+
+## Workflow Steps
+
+### Step 1: Determine Repository Path
+${args?.path ? `\u2713 Repository path provided: \`${args.path}\`` : `Ask the user for the full local path to the git repository.`}
+
+### Step 2: Call scan_and_fix_vulnerabilities with Recent Changes Flag
+
+Use the \`scan_and_fix_vulnerabilities\` tool with the \`scanRecentlyChangedFiles\` parameter:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "scanRecentlyChangedFiles": true,
+  "limit": 5
+}
+\`\`\`
+
+**Key parameters:**
+- \`scanRecentlyChangedFiles: true\` - Only scans files modified recently
+- \`limit: 5\` - Return up to 5 fixes (adjustable based on user needs)
+
+### Step 3: Present Results
+
+When you receive results:
+
+#### If new vulnerabilities found:
+
+1. **Alert the user:**
+   "\u26A0\uFE0F Security issues detected in recently modified files!"
+
+2. **Provide context:**
+   - Number of new vulnerabilities introduced
+   - Which files are affected
+   - Severity breakdown
+   - Who made the changes (git blame)
+
+3. **Show each vulnerability:**
+   - File and line number
+   - Type of vulnerability
+   - Severity level
+   - Proposed fix with diff preview
+
+4. **Recommend immediate action:**
+   For Critical/High severity:
+   - "I strongly recommend addressing these issues before committing/merging"
+   - "Would you like me to apply the fixes now?"
+
+#### If no vulnerabilities found:
+
+"\u2713 Great! No new security issues detected in your recent changes."
+
+Optional suggestions:
+- Continue with your work
+- Commit your changes
+- Consider enabling continuous monitoring
+
+#### If no recently changed files:
+
+"No recently modified files detected. This could mean:
+- No uncommitted changes exist
+- No files were modified recently
+- The repository has no git history
+
+Would you like to:
+1. Perform a full repository scan instead?
+2. Check the repository status?"
+
+### Step 4: Handle User Decisions
+
+**If user wants to apply fixes:**
+- Confirm each fix before applying
+- Show the exact changes
+- Apply patches sequentially
+- Verify each application succeeded
+- Run tests if available
+
+**If user wants to see more details:**
+- Explain the vulnerability type
+- Show the vulnerable code pattern
+- Explain how the fix improves security
+- Provide references or documentation links
+
+**If user wants to continue without fixing:**
+- Warn about the risks (especially for Critical/High)
+- Suggest creating an issue to track the vulnerability
+- Remind them to fix before merging to production
+
+### Step 5: Post-Scan Recommendations
+
+After handling vulnerabilities:
+
+1. **If fixes were applied:**
+   - Verify the code still works (run tests)
+   - Review the changes
+   - Update commit message to mention security fixes
+   - Consider running a full scan to check for other issues
+
+2. **If fixes were deferred:**
+   - Create tracking issues for the vulnerabilities
+   - Add TODO comments in the code
+   - Schedule time to address them
+
+3. **Enable continuous monitoring:**
+   Call \`check_for_new_available_fixes\`:
+   \`\`\`json
+   {
+     "path": "${args?.path || "<repository-path>"}"
+   }
+   \`\`\`
+
+## Advantages of Scanning Recent Changes
+
+\u2713 **Fast**: Only scans modified files
+\u2713 **Targeted**: Focuses on your current work
+\u2713 **Immediate feedback**: Catch issues before they're committed
+\u2713 **Less overwhelming**: Smaller result set
+\u2713 **Continuous security**: Integrates into development workflow
+
+## Important Notes
+
+### DO:
+\u2713 Run this scan after making changes but before committing
+\u2713 Address Critical/High severity issues immediately
+\u2713 Explain security risks clearly to the user
+\u2713 Offer to apply fixes automatically
+\u2713 Provide context about what changed and why it's vulnerable
+
+### DON'T:
+\u2717 Skip Critical/High severity warnings
+\u2717 Apply fixes without showing the user
+\u2717 Ignore the vulnerability just because the scan is quick
+\u2717 Forget to run tests after applying fixes
+\u2717 Assume all recent changes have vulnerabilities
+
+## Integration with Development Workflow
+
+This scan type integrates well with:
+- **Pre-commit hooks**: Scan before each commit
+- **IDE integration**: Scan on file save or periodically
+- **CI/CD pipelines**: Fast security check in pull requests
+- **Iterative development**: Continuous security feedback
+
+## Example Usage
+
+\`\`\`
+User: "I just added a new API endpoint for user data. Can you check if it's secure?"
+
+AI: "I'll scan your recent changes for security vulnerabilities..."
+
+[Calls scan_and_fix_vulnerabilities with scanRecentlyChangedFiles: true]
+
+AI: "\u26A0\uFE0F Found 1 security issue in your recent changes:
+
+**SQL Injection Vulnerability** (Critical)
+- File: src/api/user-data.ts:34
+- Your new endpoint is vulnerable to SQL injection
+
+The issue is in this code:
+\`\`\`typescript
+const query = \`SELECT * FROM users WHERE id = \${req.params.id}\`
+\`\`\`
+
+Recommended fix: Use parameterized queries
+\`\`\`typescript
+const query = 'SELECT * FROM users WHERE id = $1'
+const result = await db.query(query, [req.params.id])
+\`\`\`
+
+This is a Critical severity issue. I strongly recommend fixing it before committing. Would you like me to apply this fix automatically?"
+\`\`\`
+
+## Ready to Scan
+
+You now have the guidance needed to perform a fast, targeted security scan of recent changes. Follow the workflow above to help users catch security issues early in their development process.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/ScanRepositoryPrompt.ts
+import { z as z37 } from "zod";
+var ScanRepositoryArgsSchema = z37.object({
+  path: z37.string().optional()
+});
+var ScanRepositoryPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "scan-repository");
+    __publicField(this, "description", "Guide for performing an initial security scan of a repository using Mobb tools");
+    __publicField(this, "arguments", [
+      {
+        name: "path",
+        description: "Optional: Full local path to the git repository to scan",
+        required: false
+      }
+    ]);
+    __publicField(this, "argumentsValidationSchema", ScanRepositoryArgsSchema);
+  }
+  async generatePrompt(validatedArgs) {
+    const args = validatedArgs;
+    const pathInfo = args?.path ? `for repository at: ${args.path}` : "for the current repository";
+    const promptText = `# Security Repository Scan Workflow
+
+You are about to perform a security scan ${pathInfo}. Follow this workflow to scan the repository for vulnerabilities and present the findings to the user.
+
+## Workflow Steps
+
+### Step 1: Determine Repository Path
+${args?.path ? `\u2713 Repository path provided: \`${args.path}\`` : `- The user should provide the full local path to the git repository
+- Ask: "What is the full path to the repository you want to scan?"
+- Example: /Users/username/projects/my-app`}
+
+### Step 2: Call scan_and_fix_vulnerabilities Tool
+
+Use the \`scan_and_fix_vulnerabilities\` tool with these parameters:
+
+\`\`\`json
+{
+  "path": "${args?.path || "<repository-path>"}",
+  "limit": 3,
+  "maxFiles": 10
+}
+\`\`\`
+
+**Why these defaults?**
+- \`limit: 3\` - Start with top 3 most severe vulnerabilities
+- \`maxFiles: 10\` - Reasonable initial scan scope
+
+**Optional parameters** (use if user specifies):
+- \`rescan: true\` - Force a fresh scan (if user wants to override cached results)
+- \`scanRecentlyChangedFiles: true\` - Only scan recently modified files (faster)
+
+### Step 3: Process and Present Results
+
+When you receive the scan results:
+
+#### If vulnerabilities are found:
+
+1. **Provide a summary:**
+   - Total number of vulnerabilities found
+   - Breakdown by severity (Critical, High, Medium, Low)
+   - Number of fixes available
+
+2. **Present the top fixes:**
+   - Show each fix with:
+     * Severity level
+     * Vulnerability type (e.g., "SQL Injection", "XSS", "Insecure Dependency")
+     * Affected file(s)
+     * Who last modified the vulnerable code (git blame)
+     * Brief description from the fix
+
+3. **Show the fix preview:**
+   - Display the git diff/patch for each fix
+   - Explain what changes will be made
+   - Highlight the security improvement
+
+4. **Ask for user preference:**
+   - "Would you like to apply these fixes automatically?"
+   - "Would you like to see more vulnerabilities?" (if more exist)
+   - "Would you like to focus on a specific severity level?"
+
+#### If no vulnerabilities are found:
+
+Congratulate the user! Their repository appears to be secure. Suggest:
+- Running periodic scans as code changes
+- Enabling continuous monitoring with \`check_for_new_available_fixes\`
+
+#### If report is expired:
+
+Inform the user that a previous scan is too old. Ask:
+- "A previous scan exists but is outdated. Would you like to run a fresh scan?"
+- If yes, call \`scan_and_fix_vulnerabilities\` with \`rescan: true\`
+
+### Step 4: Handle User Actions
+
+Based on user response:
+
+**If user wants to apply fixes:**
+- Confirm which fixes to apply (all, or specific ones)
+- Apply each fix patch using standard git apply workflow
+- Verify the changes
+- Run tests if available
+- Create a commit with the fixes
+
+**If user wants to see more:**
+- Call \`fetch_available_fixes\` with:
+  \`\`\`json
+  {
+    "path": "${args?.path || "<repository-path>"}",
+    "offset": 3,
+    "limit": 5
+  }
+  \`\`\`
+- Present the additional fixes following the same format
+
+**If user wants to filter by severity:**
+- The results are already sorted by severity (Critical \u2192 High \u2192 Medium \u2192 Low)
+- Explain the severity of issues found
+- Focus on the most critical issues first
+
+### Step 5: Post-Scan Actions
+
+After completing the scan and any fixes:
+
+1. **Summary of actions taken:**
+   - Number of fixes applied
+   - Remaining vulnerabilities (if any)
+   - Files modified
+
+2. **Recommendations:**
+   - Run tests to ensure fixes don't break functionality
+   - Review the changes before committing
+   - Consider addressing remaining Medium/Low severity issues
+   - Set up continuous monitoring
+
+3. **Call monitoring tool:**
+   Call \`check_for_new_available_fixes\` to enable ongoing security monitoring:
+   \`\`\`json
+   {
+     "path": "${args?.path || "<repository-path>"}"
+   }
+   \`\`\`
+
+## Important Reminders
+
+### DO:
+\u2713 Present vulnerabilities clearly with severity context
+\u2713 Ask for user confirmation before applying fixes
+\u2713 Explain what each fix does
+\u2713 Start with critical/high severity issues
+\u2713 Provide clear next steps
+\u2713 Mention git blame information (shows responsibility)
+
+### DON'T:
+\u2717 Apply fixes automatically without user approval
+\u2717 Overwhelm user with all vulnerabilities at once
+\u2717 Skip severity information
+\u2717 Forget to call monitoring tool at the end
+\u2717 Assume the user wants to fix everything immediately
+
+## Error Handling
+
+- **Authentication error**: Guide user to authenticate with Mobb
+- **Path not found**: Verify the path is correct and is a git repository
+- **Scan timeout**: Suggest scanning fewer files or recent changes only
+- **No report found**: This is expected for first-time scans, proceed normally
+
+## Example Conversation Flow
+
+\`\`\`
+AI: "I'll scan your repository for security vulnerabilities. This may take a moment..."
+
+[Calls scan_and_fix_vulnerabilities]
+
+AI: "Scan complete! I found 12 security vulnerabilities:
+- 2 Critical severity
+- 5 High severity
+- 4 Medium severity
+- 1 Low severity
+
+Here are the top 3 most critical issues:
+
+1. **SQL Injection** (Critical)
+   - File: src/database/users.ts:45
+   - Last modified by: john@example.com
+   - Fix: Parameterize SQL query to prevent injection
+
+   [Shows diff preview]
+
+2. **Cross-Site Scripting (XSS)** (Critical)
+   - File: src/components/UserProfile.tsx:122
+   - Last modified by: jane@example.com
+   - Fix: Sanitize user input before rendering
+
+   [Shows diff preview]
+
+3. **Insecure Dependency** (High)
+   - Package: lodash@4.17.15
+   - Fix: Upgrade to lodash@4.17.21 (fixes CVE-2021-23337)
+
+Would you like to:
+1. Apply these fixes automatically
+2. See more vulnerabilities
+3. Focus on specific issues"
+\`\`\`
+
+## Ready to Begin
+
+You now have all the information needed to perform a security scan. Follow the steps above, call the appropriate tools, and guide the user through the process professionally and clearly.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/prompts/SecurityToolsOverviewPrompt.ts
+var SecurityToolsOverviewPrompt = class extends BasePrompt {
+  constructor() {
+    super(...arguments);
+    __publicField(this, "name", "security-tools-overview");
+    __publicField(this, "description", "Provides an overview of available Mobb security tools and guidance on when to use each tool");
+    __publicField(this, "arguments");
+    __publicField(this, "argumentsValidationSchema");
+  }
+  async generatePrompt() {
+    const promptText = `# Mobb Security Tools Overview
+
+You have access to powerful security scanning and auto-fixing tools from Mobb. Here's a comprehensive guide to the available tools and when to use them:
+
+## Available Tools
+
+### 1. **scan_and_fix_vulnerabilities**
+**Purpose:** Scans a local repository for security vulnerabilities and returns automatically-generated fixes.
+
+**When to use:**
+- First-time security scan of a repository
+- Comprehensive security audit needed
+- User explicitly requests a security scan
+- After major code changes or refactoring
+
+**Key features:**
+- Scans the entire repository or specific files
+- Identifies vulnerabilities across multiple categories (XSS, SQL injection, insecure dependencies, etc.)
+- Provides detailed fix information including severity levels
+- Returns git-compatible patches that can be directly applied
+- Shows who last modified vulnerable code (git blame integration)
+
+**Parameters:**
+- \`path\` (required): Full local path to the git repository
+- \`offset\`: Pagination offset for results (default: 0)
+- \`limit\`: Number of fixes to return (default: 3)
+- \`maxFiles\`: Maximum files to scan (default: 10)
+- \`rescan\`: Force a new scan even if recent report exists
+- \`scanRecentlyChangedFiles\`: Only scan recently modified files
+
+**Important notes:**
+- This tool requires authentication
+- Scans may take time for large repositories
+- Results are cached - use \`rescan: true\` to force a fresh scan
+- The tool returns fixes in order of severity (Critical \u2192 High \u2192 Medium \u2192 Low)
+
+### 2. **fetch_available_fixes**
+**Purpose:** Retrieves pre-generated fixes from previous scans without triggering a new scan.
+
+**When to use:**
+- Checking for existing fixes without scanning
+- Retrieving additional fixes from a paginated result set
+- User wants to see more fixes beyond the initial set
+- Fetching fixes for specific files
+
+**Key features:**
+- Fast retrieval of existing fix data
+- No scanning overhead
+- Supports file filtering
+- Pagination for large result sets
+
+**Parameters:**
+- \`path\` (required): Full local path to the git repository
+- \`offset\`: Pagination offset
+- \`limit\`: Number of fixes to return
+- \`fileFilter\`: Filter by specific file path
+- \`fetchFixesFromAnyFile\`: Fetch fixes across all files
+
+**Important notes:**
+- Returns an error if no previous scan exists
+- Does NOT trigger a new scan
+- Use this when you want to avoid re-scanning
+
+### 3. **check_for_new_available_fixes**
+**Purpose:** Monitors code for new security vulnerabilities and notifies when fixes are available.
+
+**When to use:**
+- Continuous security monitoring
+- After completing a series of edits
+- End of a coding session
+- User requests ongoing security checks
+
+**Key features:**
+- Lightweight background checking
+- Detects new vulnerabilities introduced by code changes
+- Non-intrusive monitoring
+
+**Parameters:**
+- \`path\` (required): Full local path to the git repository
+
+**Important notes:**
+- This is typically called automatically at the end of operations
+- Much lighter weight than full scans
+- Part of Mobb's continuous monitoring workflow
+
+## Best Practices
+
+### Tool Selection Guidelines
+
+1. **Starting fresh?** \u2192 Use \`scan_and_fix_vulnerabilities\`
+2. **Already scanned, need more results?** \u2192 Use \`fetch_available_fixes\`
+3. **Continuous monitoring?** \u2192 Use \`check_for_new_available_fixes\`
+
+### User Interaction Patterns
+
+**When to ask for user confirmation:**
+- Before applying fixes automatically
+- Before running a full repository scan (can be time-consuming)
+- Before re-scanning when a recent scan exists
+- When multiple high-severity issues are found
+
+**When to proceed automatically:**
+- Fetching additional fixes from existing scans
+- Running background monitoring checks
+- Displaying vulnerability information
+- Showing fix previews
+
+### Severity Levels
+
+Vulnerabilities are categorized by severity:
+- **CRITICAL**: Immediate action required - severe security risk
+- **HIGH**: Important security issue - should be fixed soon
+- **MEDIUM**: Moderate security concern - fix when feasible
+- **LOW**: Minor security issue - fix during regular maintenance
+
+**Recommended approach:**
+1. Address CRITICAL issues immediately
+2. Review and fix HIGH severity issues
+3. Plan fixes for MEDIUM issues
+4. Address LOW issues during regular maintenance
+
+### Workflow Example
+
+\`\`\`
+1. User opens a repository
+2. Call scan_and_fix_vulnerabilities with default parameters
+3. Review the returned fixes (typically top 3 by severity)
+4. Present fixes to user with severity breakdown
+5. If user wants to see more: call fetch_available_fixes with appropriate offset
+6. When user approves fixes: apply the patches using git apply
+7. After session: call check_for_new_available_fixes for monitoring
+\`\`\`
+
+## Authentication
+
+All tools require authentication via the Mobb API. The tools will handle authentication automatically and prompt if credentials are needed.
+
+## Error Handling
+
+Common scenarios:
+- **No fixes found**: Repository has no vulnerabilities or they're not fixable
+- **Report expired**: Previous scan is too old, need to rescan
+- **No report found**: No previous scan exists, run scan_and_fix_vulnerabilities
+- **Authentication required**: User needs to authenticate with Mobb
+
+## Next Steps
+
+To get started with scanning a repository, use the \`scan-repository\` prompt which will guide you through the scanning workflow.
+
+For a complete security audit workflow, use the \`full-security-audit\` prompt.
+`;
+    return this.createUserMessage(promptText);
+  }
+};
+
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
+import { z as z40 } from "zod";
+
+// src/mcp/services/PathValidation.ts
+import fs13 from "fs";
+import path13 from "path";
+async function validatePath(inputPath) {
+  logDebug("Validating MCP path", { inputPath });
+  if (/^\/[a-zA-Z]:\//.test(inputPath)) {
+    inputPath = inputPath.slice(1);
+  }
+  if (inputPath === "." || inputPath === "./") {
+    const workspaceFolderPath = WorkspaceService.getWorkspaceFolderPath();
+    if (workspaceFolderPath) {
+      logDebug("Fallback to workspace folder path", {
+        inputPath,
+        workspaceFolderPaths: [workspaceFolderPath]
+      });
+      WorkspaceService.setKnownWorkspacePath(workspaceFolderPath);
+      logDebug("Stored workspace folder path as known path", {
+        workspaceFolderPath
+      });
+      return {
+        isValid: true,
+        path: workspaceFolderPath
+      };
+    } else {
+      const error = `"." is not a valid path, please provide a full localpath to the repository`;
+      logError(error);
+      return { isValid: false, error, path: inputPath };
+    }
+  }
+  if (inputPath.includes("..")) {
+    const error = `Path contains path traversal patterns: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  const normalizedPath = path13.normalize(inputPath);
+  if (normalizedPath.includes("..")) {
+    const error = `Normalized path contains path traversal patterns: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  let decodedPath;
+  try {
+    decodedPath = decodeURIComponent(inputPath);
+  } catch (err) {
+    const error = `Failed to decode path: ${inputPath}`;
+    logError(error, { err });
+    return { isValid: false, error, path: inputPath };
+  }
+  if (decodedPath.includes("..") || decodedPath !== inputPath) {
+    const error = `Path contains encoded traversal attempts: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  if (inputPath.includes("\0") || inputPath.includes("\0")) {
+    const error = `Path contains dangerous characters: ${inputPath}`;
+    logError(error);
+    return { isValid: false, error, path: inputPath };
+  }
+  logDebug("Path validation successful", { inputPath });
+  logDebug("Checking path existence", { inputPath });
+  try {
+    await fs13.promises.access(inputPath);
+    logDebug("Path exists and is accessible", { inputPath });
+    WorkspaceService.setKnownWorkspacePath(inputPath);
+    logDebug("Stored validated path in WorkspaceService", { inputPath });
+    return { isValid: true, path: inputPath };
+  } catch (error) {
+    const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
+    logError(errorMessage, { error });
+    return { isValid: false, error: errorMessage, path: inputPath };
+  }
+}
+
+// src/mcp/tools/base/BaseTool.ts
+import { z as z38 } from "zod";
+var BaseTool = class {
+  getDefinition() {
+    return {
+      name: this.name,
+      display_name: this.displayName,
+      description: this.description,
+      inputSchema: this.inputSchema
+    };
+  }
+  async execute(args) {
+    if (this.hasAuthentication) {
+      logDebug(`Authenticating tool: ${this.name}`, { args });
+      const mcpGqlClient = await createAuthenticatedMcpGQLClient();
+      const userInfo = await mcpGqlClient.getUserInfo();
+      logDebug("User authenticated successfully", { userInfo });
+    }
+    const validatedArgs = this.validateInput(args);
+    logDebug(`Tool ${this.name} input validation successful`, {
+      validatedArgs
+    });
+    logInfo(`Executing tool: ${this.name}`);
+    const result = await this.executeInternal(validatedArgs);
+    logInfo(`Tool ${this.name} executed successfully`);
+    return result;
+  }
+  validateInput(args) {
+    try {
+      return this.inputValidationSchema.parse(args);
+    } catch (error) {
+      if (error instanceof z38.ZodError) {
+        const errorDetails = error.errors.map((e) => {
+          const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
+          const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
+          return message;
+        });
+        const errorMessage = `Invalid arguments: ${errorDetails.join(", ")}`;
+        throw new Error(errorMessage);
+      }
+      throw error;
+    }
+  }
+  createSuccessResponse(text) {
+    return {
+      content: [
+        {
+          type: "text",
+          text
+        }
+      ]
+    };
+  }
+};
+
+// src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesService.ts
+init_configs();
+
+// src/mcp/core/prompts.ts
+init_configs();
+function friendlyType(s) {
+  const withoutUnderscores = s.replace(/_/g, " ");
+  const result = withoutUnderscores.replace(/([a-z])([A-Z])/g, "$1 $2");
+  return result.charAt(0).toUpperCase() + result.slice(1);
+}
+var noFixesReturnedForParameters = `No fixes returned for the given offset and limit parameters.
+`;
+var noFixesReturnedForParametersWithGuidance = ({
+  offset,
+  limit,
+  totalCount,
+  currentTool
+}) => `## No Fixes Returned for Current Parameters
+
+**\u{1F4C4} Current Request:**
+- **Page:** ${Math.floor(offset / limit) + 1}
+- **Offset:** ${offset}
+- **Limit:** ${limit}
+
+**\u274C Result:** No fixes returned for the given offset and limit parameters.
+
+**\u2139\uFE0F Available Fixes:** ${totalCount} total fixes are available, but your current offset (${offset}) is beyond the available range.
+
+**\u2705 How to Get the Fixes:**
+
+To retrieve the available fixes, use one of these approaches:
+
+1. **Start from the beginning:**
+   \`\`\`
+   offset: 0
    \`\`\`
 
 2. **Go to the first page:**
@@ -15553,10 +17379,10 @@ If you wish to scan files that were recently changed in your git history call th
 init_FileUtils();
 init_GitService();
 init_configs();
-import fs13 from "fs/promises";
+import fs14 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
-  path: path17,
+  path: path18,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
@@ -15564,17 +17390,17 @@ var getLocalFiles = async ({
   scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
-    path: path17,
+    path: path18,
     maxFileSize,
     maxFiles,
     isAllFilesScan,
     scanRecentlyChangedFiles
   });
   try {
-    const resolvedRepoPath = await fs13.realpath(path17);
+    const resolvedRepoPath = await fs14.realpath(path18);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
-      originalPath: path17
+      originalPath: path18
     });
     const gitService = new GitService(resolvedRepoPath, log);
     const gitValidation = await gitService.validateRepository();
@@ -15587,7 +17413,7 @@ var getLocalFiles = async ({
     if (!gitValidation.isValid || isAllFilesScan) {
       try {
         files = await FileUtils.getLastChangedFiles({
-          dir: path17,
+          dir: path18,
           maxFileSize,
           maxFiles,
           isAllFilesScan
@@ -15651,7 +17477,7 @@ var getLocalFiles = async ({
           absoluteFilePath
         );
         try {
-          const fileStat = await fs13.stat(absoluteFilePath);
+          const fileStat = await fs14.stat(absoluteFilePath);
           return {
             filename: nodePath.basename(absoluteFilePath),
             relativePath,
@@ -15679,23 +17505,23 @@ var getLocalFiles = async ({
     logError(`${scanContext}Unexpected error in getLocalFiles`, {
       error: error instanceof Error ? error.message : String(error),
       stack: error instanceof Error ? error.stack : void 0,
-      path: path17
+      path: path18
     });
     throw error;
   }
 };
 
 // src/mcp/services/LocalMobbFolderService.ts
-import fs14 from "fs";
-import path13 from "path";
-import { z as z33 } from "zod";
+import fs15 from "fs";
+import path14 from "path";
+import { z as z39 } from "zod";
 init_GitService();
 function extractPathFromPatch(patch) {
   const match = patch?.match(/diff --git a\/([^\s]+) b\//);
   return match?.[1] ?? null;
 }
 function parsedIssueTypeRes(issueType) {
-  return z33.nativeEnum(IssueType_Enum).safeParse(issueType);
+  return z39.nativeEnum(IssueType_Enum).safeParse(issueType);
 }
 var LocalMobbFolderService = class {
   /**
@@ -15774,19 +17600,19 @@ var LocalMobbFolderService = class {
           "[LocalMobbFolderService] Non-git repository detected, skipping .gitignore operations"
         );
       }
-      const mobbFolderPath = path13.join(
+      const mobbFolderPath = path14.join(
         this.repoPath,
         this.defaultMobbFolderName
       );
-      if (!fs14.existsSync(mobbFolderPath)) {
+      if (!fs15.existsSync(mobbFolderPath)) {
         logInfo("[LocalMobbFolderService] Creating .mobb folder", {
           mobbFolderPath
         });
-        fs14.mkdirSync(mobbFolderPath, { recursive: true });
+        fs15.mkdirSync(mobbFolderPath, { recursive: true });
       } else {
         logDebug("[LocalMobbFolderService] .mobb folder already exists");
       }
-      const stats = fs14.statSync(mobbFolderPath);
+      const stats = fs15.statSync(mobbFolderPath);
       if (!stats.isDirectory()) {
         throw new Error(`Path exists but is not a directory: ${mobbFolderPath}`);
       }
@@ -15827,13 +17653,13 @@ var LocalMobbFolderService = class {
       logDebug("[LocalMobbFolderService] Git repository validated successfully");
     } else {
       try {
-        const stats = fs14.statSync(this.repoPath);
+        const stats = fs15.statSync(this.repoPath);
         if (!stats.isDirectory()) {
           throw new Error(
             `Path exists but is not a directory: ${this.repoPath}`
           );
         }
-        fs14.accessSync(this.repoPath, fs14.constants.R_OK | fs14.constants.W_OK);
+        fs15.accessSync(this.repoPath, fs15.constants.R_OK | fs15.constants.W_OK);
         logDebug(
           "[LocalMobbFolderService] Non-git directory validated successfully"
         );
@@ -15946,8 +17772,8 @@ var LocalMobbFolderService = class {
         mobbFolderPath,
         baseFileName
       );
-      const filePath = path13.join(mobbFolderPath, uniqueFileName);
-      await fs14.promises.writeFile(filePath, patch, "utf8");
+      const filePath = path14.join(mobbFolderPath, uniqueFileName);
+      await fs15.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
         fileName: uniqueFileName,
@@ -16004,11 +17830,11 @@ var LocalMobbFolderService = class {
    * @returns Unique filename that doesn't conflict with existing files
    */
   getUniqueFileName(folderPath, baseFileName) {
-    const baseName = path13.parse(baseFileName).name;
-    const extension = path13.parse(baseFileName).ext;
+    const baseName = path14.parse(baseFileName).name;
+    const extension = path14.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs14.existsSync(path13.join(folderPath, uniqueFileName))) {
+    while (fs15.existsSync(path14.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -16039,18 +17865,18 @@ var LocalMobbFolderService = class {
     logDebug("[LocalMobbFolderService] Logging patch info", { fixId: fix.id });
     try {
       const mobbFolderPath = await this.getFolder();
-      const patchInfoPath = path13.join(mobbFolderPath, "patchInfo.md");
+      const patchInfoPath = path14.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
-      if (fs14.existsSync(patchInfoPath)) {
-        existingContent = await fs14.promises.readFile(patchInfoPath, "utf8");
+      if (fs15.existsSync(patchInfoPath)) {
+        existingContent = await fs15.promises.readFile(patchInfoPath, "utf8");
         logDebug("[LocalMobbFolderService] Existing patchInfo.md found");
       } else {
         logDebug("[LocalMobbFolderService] Creating new patchInfo.md file");
       }
       const separator = existingContent ? "\n\n================================================================================\n\n" : "";
       const updatedContent = `${markdownContent}${separator}${existingContent}`;
-      await fs14.promises.writeFile(patchInfoPath, updatedContent, "utf8");
+      await fs15.promises.writeFile(patchInfoPath, updatedContent, "utf8");
       logInfo("[LocalMobbFolderService] Patch info logged successfully", {
         patchInfoPath,
         fixId: fix.id,
@@ -16081,7 +17907,7 @@ var LocalMobbFolderService = class {
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const patch = this.extractPatchFromFix(fix);
     const relativePatchedFilePath = patch ? extractPathFromPatch(patch) : null;
-    const patchedFilePath = relativePatchedFilePath ? path13.resolve(this.repoPath, relativePatchedFilePath) : null;
+    const patchedFilePath = relativePatchedFilePath ? path14.resolve(this.repoPath, relativePatchedFilePath) : null;
     const fixIdentifier = savedPatchFileName ? savedPatchFileName.replace(".patch", "") : fix.id;
     let markdown = `# Fix ${fixIdentifier}
 
@@ -16423,16 +18249,16 @@ import {
   unlinkSync,
   writeFileSync
 } from "fs";
-import fs15 from "fs/promises";
+import fs16 from "fs/promises";
 import parseDiff2 from "parse-diff";
-import path14 from "path";
+import path15 from "path";
 var PatchApplicationService = class {
   /**
    * Gets the appropriate comment syntax for a file based on its extension
    */
   static getCommentSyntax(filePath) {
-    const ext = path14.extname(filePath).toLowerCase();
-    const basename2 = path14.basename(filePath);
+    const ext = path15.extname(filePath).toLowerCase();
+    const basename2 = path15.basename(filePath);
     const commentMap = {
       // C-style languages (single line comments)
       ".js": "//",
@@ -16635,7 +18461,7 @@ var PatchApplicationService = class {
         }
       );
     }
-    const dirPath = path14.dirname(filePath);
+    const dirPath = path15.dirname(filePath);
     mkdirSync(dirPath, { recursive: true });
     writeFileSync(filePath, finalContent, "utf8");
     return filePath;
@@ -16919,9 +18745,9 @@ var PatchApplicationService = class {
         continue;
       }
       try {
-        const absolutePath = path14.resolve(repositoryPath, targetFile);
+        const absolutePath = path15.resolve(repositoryPath, targetFile);
         if (existsSync2(absolutePath)) {
-          const stats = await fs15.stat(absolutePath);
+          const stats = await fs16.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
           if (fileModTime > scanStartTime) {
             logError(
@@ -16962,7 +18788,7 @@ var PatchApplicationService = class {
     const appliedFixes = [];
     const failedFixes = [];
     const skippedFixes = [];
-    const resolvedRepoPath = await fs15.realpath(repositoryPath);
+    const resolvedRepoPath = await fs16.realpath(repositoryPath);
     logInfo(
       `[${scanContext}] Starting patch application for ${fixes.length} fixes`,
       {
@@ -17110,11 +18936,11 @@ var PatchApplicationService = class {
   }) {
     const sanitizedRepoPath = String(repositoryPath || "").replace("\0", "").replace(/^(\.\.(\/|\\))+/, "");
     const sanitizedTargetFile = String(targetFile || "").replace("\0", "").replace(/^(\.\.(\/|\\))+/, "");
-    const absoluteFilePath = path14.resolve(
+    const absoluteFilePath = path15.resolve(
       sanitizedRepoPath,
       sanitizedTargetFile
     );
-    const relativePath = path14.relative(sanitizedRepoPath, absoluteFilePath);
+    const relativePath = path15.relative(sanitizedRepoPath, absoluteFilePath);
     if (relativePath.startsWith("..")) {
       throw new Error(
         `Security violation: target file ${targetFile} resolves outside repository`
@@ -17148,7 +18974,7 @@ var PatchApplicationService = class {
       fix,
       scanContext
     });
-    appliedFiles.push(path14.relative(repositoryPath, actualPath));
+    appliedFiles.push(path15.relative(repositoryPath, actualPath));
     logDebug(`[${scanContext}] Created new file: ${relativePath}`);
   }
   /**
@@ -17196,7 +19022,7 @@ var PatchApplicationService = class {
         fix,
         scanContext
       });
-      appliedFiles.push(path14.relative(repositoryPath, actualPath));
+      appliedFiles.push(path15.relative(repositoryPath, actualPath));
       logDebug(`[${scanContext}] Modified file: ${relativePath}`);
     }
   }
@@ -17391,8 +19217,8 @@ init_configs();
 
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
-import fs16 from "fs";
-import path15 from "path";
+import fs17 from "fs";
+import path16 from "path";
 import AdmZip2 from "adm-zip";
 var FileOperations = class {
   /**
@@ -17412,10 +19238,10 @@ var FileOperations = class {
     let packedFilesCount = 0;
     const packedFiles = [];
     const excludedFiles = [];
-    const resolvedRepoPath = path15.resolve(repositoryPath);
+    const resolvedRepoPath = path16.resolve(repositoryPath);
     for (const filepath of fileList) {
-      const absoluteFilepath = path15.join(repositoryPath, filepath);
-      const resolvedFilePath = path15.resolve(absoluteFilepath);
+      const absoluteFilepath = path16.join(repositoryPath, filepath);
+      const resolvedFilePath = path16.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         const reason = "potential path traversal security risk";
         logDebug(`[FileOperations] Skipping ${filepath} due to ${reason}`);
@@ -17462,11 +19288,11 @@ var FileOperations = class {
     fileList,
     repositoryPath
   }) {
-    const resolvedRepoPath = path15.resolve(repositoryPath);
+    const resolvedRepoPath = path16.resolve(repositoryPath);
     const validatedPaths = [];
     for (const filepath of fileList) {
-      const absoluteFilepath = path15.join(repositoryPath, filepath);
-      const resolvedFilePath = path15.resolve(absoluteFilepath);
+      const absoluteFilepath = path16.join(repositoryPath, filepath);
+      const resolvedFilePath = path16.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         logDebug(
           `[FileOperations] Rejecting ${filepath} - path traversal attempt detected`
@@ -17474,7 +19300,7 @@ var FileOperations = class {
         continue;
       }
       try {
-        await fs16.promises.access(absoluteFilepath, fs16.constants.R_OK);
+        await fs17.promises.access(absoluteFilepath, fs17.constants.R_OK);
         validatedPaths.push(filepath);
       } catch (error) {
         logDebug(
@@ -17493,8 +19319,8 @@ var FileOperations = class {
     const fileDataArray = [];
     for (const absolutePath of filePaths) {
       try {
-        const content = await fs16.promises.readFile(absolutePath);
-        const relativePath = path15.basename(absolutePath);
+        const content = await fs17.promises.readFile(absolutePath);
+        const relativePath = path16.basename(absolutePath);
         fileDataArray.push({
           relativePath,
           absolutePath,
@@ -17519,7 +19345,7 @@ var FileOperations = class {
     relativeFilepath
   }) {
     try {
-      return await fs16.promises.readFile(absoluteFilepath);
+      return await fs17.promises.readFile(absoluteFilepath);
     } catch (fsError) {
       logError(
         `[FileOperations] Failed to read ${relativeFilepath} from filesystem: ${fsError}`
@@ -17806,14 +19632,14 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
    * since the last scan.
    */
   async scanForSecurityVulnerabilities({
-    path: path17,
+    path: path18,
     isAllDetectionRulesScan,
     isAllFilesScan,
     scanContext
   }) {
     this.hasAuthenticationFailed = false;
     logDebug(`[${scanContext}] Scanning for new security vulnerabilities`, {
-      path: path17
+      path: path18
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
@@ -17829,11 +19655,11 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       logDebug(
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
-        { path: path17 }
+        { path: path18 }
       );
       const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
-        path: path17,
+        path: path18,
         isAllFilesScan,
         scanContext,
         scanRecentlyChangedFiles: !isBackgroundScan
@@ -17859,13 +19685,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
       const { fixReportId, projectId } = await scanFiles({
         fileList: filesToScan.map((file) => file.relativePath),
-        repositoryPath: path17,
+        repositoryPath: path18,
         gqlClient: this.gqlClient,
         isAllDetectionRulesScan,
         scanContext
       });
       logInfo(
-        `[${scanContext}] Security scan completed for ${path17} reportId: ${fixReportId} projectId: ${projectId}`
+        `[${scanContext}] Security scan completed for ${path18} reportId: ${fixReportId} projectId: ${projectId}`
       );
       if (isAllFilesScan) {
         return;
@@ -18159,13 +19985,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     return scannedFiles.some((file) => file.relativePath === fixFile);
   }
-  async getFreshFixes({ path: path17 }) {
+  async getFreshFixes({ path: path18 }) {
     const scanContext = ScanContext.USER_REQUEST;
-    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path17 });
-    if (this.path !== path17) {
-      this.path = path17;
+    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path18 });
+    if (this.path !== path18) {
+      this.path = path18;
       this.reset();
-      logInfo(`[${scanContext}] Reset service state for new path`, { path: path17 });
+      logInfo(`[${scanContext}] Reset service state for new path`, { path: path18 });
     }
     try {
       this.gqlClient = await createAuthenticatedMcpGQLClient();
@@ -18183,7 +20009,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       throw error;
     }
-    this.triggerScan({ path: path17, gqlClient: this.gqlClient });
+    this.triggerScan({ path: path18, gqlClient: this.gqlClient });
     let isMvsAutoFixEnabled = null;
     try {
       isMvsAutoFixEnabled = await this.gqlClient.getMvsAutoFixSettings();
@@ -18217,33 +20043,33 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     return noFreshFixesPrompt;
   }
   triggerScan({
-    path: path17,
+    path: path18,
     gqlClient
   }) {
-    if (this.path !== path17) {
-      this.path = path17;
+    if (this.path !== path18) {
+      this.path = path18;
       this.reset();
-      logInfo(`Reset service state for new path in triggerScan`, { path: path17 });
+      logInfo(`Reset service state for new path in triggerScan`, { path: path18 });
     }
     this.gqlClient = gqlClient;
     if (!this.intervalId) {
-      this.startPeriodicScanning(path17);
-      this.executeInitialScan(path17);
-      void this.executeInitialFullScan(path17);
+      this.startPeriodicScanning(path18);
+      this.executeInitialScan(path18);
+      void this.executeInitialFullScan(path18);
     }
   }
-  startPeriodicScanning(path17) {
+  startPeriodicScanning(path18) {
     const scanContext = ScanContext.BACKGROUND_PERIODIC;
     logDebug(
       `[${scanContext}] Starting periodic scan for new security vulnerabilities`,
       {
-        path: path17
+        path: path18
       }
     );
     this.intervalId = setInterval(() => {
-      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path17 });
+      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path18 });
       this.scanForSecurityVulnerabilities({
-        path: path17,
+        path: path18,
         scanContext
       }).catch((error) => {
         logError(`[${scanContext}] Error during periodic security scan`, {
@@ -18252,45 +20078,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  async executeInitialFullScan(path17) {
+  async executeInitialFullScan(path18) {
     const scanContext = ScanContext.FULL_SCAN;
-    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path17 });
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path18 });
     logDebug(`[${scanContext}] Full scan paths scanned`, {
       fullScanPathsScanned: this.fullScanPathsScanned
     });
-    if (this.fullScanPathsScanned.includes(path17)) {
+    if (this.fullScanPathsScanned.includes(path18)) {
       logDebug(`[${scanContext}] Full scan already executed for this path`, {
-        path: path17
+        path: path18
       });
       return;
     }
     configStore.set("fullScanPathsScanned", [
       ...this.fullScanPathsScanned,
-      path17
+      path18
     ]);
     try {
       await this.scanForSecurityVulnerabilities({
-        path: path17,
+        path: path18,
         isAllFilesScan: true,
         isAllDetectionRulesScan: true,
         scanContext: ScanContext.FULL_SCAN
       });
-      if (!this.fullScanPathsScanned.includes(path17)) {
-        this.fullScanPathsScanned.push(path17);
+      if (!this.fullScanPathsScanned.includes(path18)) {
+        this.fullScanPathsScanned.push(path18);
         configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
       }
-      logInfo(`[${scanContext}] Full scan completed`, { path: path17 });
+      logInfo(`[${scanContext}] Full scan completed`, { path: path18 });
     } catch (error) {
       logError(`[${scanContext}] Error during initial full security scan`, {
         error
       });
     }
   }
-  executeInitialScan(path17) {
+  executeInitialScan(path18) {
     const scanContext = ScanContext.BACKGROUND_INITIAL;
-    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path17 });
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path18 });
     this.scanForSecurityVulnerabilities({
-      path: path17,
+      path: path18,
       scanContext: ScanContext.BACKGROUND_INITIAL
     }).catch((error) => {
       logError(`[${scanContext}] Error during initial security scan`, { error });
@@ -18369,8 +20195,8 @@ Example payload:
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z34.object({
-      path: z34.string().describe(
+    __publicField(this, "inputValidationSchema", z40.object({
+      path: z40.string().describe(
         "Full local path to the cloned git repository to check for new available fixes"
       )
     }));
@@ -18387,9 +20213,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path17 = pathValidationResult.path;
+    const path18 = pathValidationResult.path;
     const resultText = await this.newFixesService.getFreshFixes({
-      path: path17
+      path: path18
     });
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
@@ -18400,7 +20226,7 @@ Example payload:
 
 // src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
 init_GitService();
-import { z as z35 } from "zod";
+import { z as z41 } from "zod";
 
 // src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
 init_configs();
@@ -18542,16 +20368,16 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z35.object({
-      path: z35.string().describe(
+    __publicField(this, "inputValidationSchema", z41.object({
+      path: z41.string().describe(
         "Full local path to the cloned git repository to check for available fixes"
       ),
-      offset: z35.number().optional().describe("Optional offset for pagination"),
-      limit: z35.number().optional().describe("Optional maximum number of fixes to return"),
-      fileFilter: z35.array(z35.string()).optional().describe(
+      offset: z41.number().optional().describe("Optional offset for pagination"),
+      limit: z41.number().optional().describe("Optional maximum number of fixes to return"),
+      fileFilter: z41.array(z41.string()).optional().describe(
         "Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
       ),
-      fetchFixesFromAnyFile: z35.boolean().optional().describe(
+      fetchFixesFromAnyFile: z41.boolean().optional().describe(
         "Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
       )
     }));
@@ -18566,8 +20392,8 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path17 = pathValidationResult.path;
-    const gitService = new GitService(path17, log);
+    const path18 = pathValidationResult.path;
+    const gitService = new GitService(path18, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -18620,7 +20446,7 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
 };
 
 // src/mcp/tools/mcpChecker/mcpCheckerTool.ts
-import z36 from "zod";
+import z42 from "zod";
 
 // src/mcp/tools/mcpChecker/mcpCheckerService.ts
 var _McpCheckerService = class _McpCheckerService {
@@ -18681,7 +20507,7 @@ var McpCheckerTool = class extends BaseTool {
     __publicField(this, "displayName", "MCP Checker");
     // A detailed description to guide the LLM on when and how to invoke this tool.
     __publicField(this, "description", "Check the MCP servers running on this IDE against organization policies.");
-    __publicField(this, "inputValidationSchema", z36.object({}));
+    __publicField(this, "inputValidationSchema", z42.object({}));
     __publicField(this, "inputSchema", {
       type: "object",
       properties: {},
@@ -18707,7 +20533,7 @@ var McpCheckerTool = class extends BaseTool {
 };
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
-import z37 from "zod";
+import z43 from "zod";
 init_configs();
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
@@ -18894,17 +20720,17 @@ Example payload:
   "rescan": false
 }`);
     __publicField(this, "hasAuthentication", true);
-    __publicField(this, "inputValidationSchema", z37.object({
-      path: z37.string().describe(
+    __publicField(this, "inputValidationSchema", z43.object({
+      path: z43.string().describe(
         "Full local path to repository to scan and fix vulnerabilities"
       ),
-      offset: z37.number().optional().describe("Optional offset for pagination"),
-      limit: z37.number().optional().describe("Optional maximum number of results to return"),
-      maxFiles: z37.number().optional().describe(
+      offset: z43.number().optional().describe("Optional offset for pagination"),
+      limit: z43.number().optional().describe("Optional maximum number of results to return"),
+      maxFiles: z43.number().optional().describe(
         `Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
       ),
-      rescan: z37.boolean().optional().describe("Optional whether to rescan the repository"),
-      scanRecentlyChangedFiles: z37.boolean().optional().describe(
+      rescan: z43.boolean().optional().describe("Optional whether to rescan the repository"),
+      scanRecentlyChangedFiles: z43.boolean().optional().describe(
         "Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
       )
     }));
@@ -18955,9 +20781,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path17 = pathValidationResult.path;
+    const path18 = pathValidationResult.path;
     const files = await getLocalFiles({
-      path: path17,
+      path: path18,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
       scanContext: ScanContext.USER_REQUEST,
@@ -18977,7 +20803,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: path17,
+        repositoryPath: path18,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
@@ -19032,6 +20858,19 @@ function createMcpServer(govOrgId) {
     const mcpCheckerTool = new McpCheckerTool(govOrgId);
     registerIfEnabled(mcpCheckerTool);
   }
+  logDebug("Registering MCP prompts");
+  const prompts = [
+    new SecurityToolsOverviewPrompt(),
+    new ScanRepositoryPrompt(),
+    new ScanRecentChangesPrompt(),
+    new CheckForNewVulnerabilitiesPrompt(),
+    new ReviewAndFixCriticalPrompt(),
+    new FullSecurityAuditPrompt()
+  ];
+  prompts.forEach((prompt) => {
+    server.registerPrompt(prompt);
+    logDebug(`Registered prompt: ${prompt.name}`);
+  });
   logInfo("MCP server created and configured");
   return server;
 }
@@ -19068,7 +20907,7 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs17 from "fs";
+import fs18 from "fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -19105,7 +20944,7 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs17.existsSync(argv.f)) {
+  if (!fs18.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }
@@ -19179,34 +21018,34 @@ async function addScmTokenHandler(args) {
 
 // src/args/commands/upload_ai_blame.ts
 import fsPromises3 from "fs/promises";
-import path16 from "path";
+import path17 from "path";
 import chalk10 from "chalk";
 import Configstore6 from "configstore";
 import { withFile } from "tmp-promise";
-import z38 from "zod";
-var PromptItemZ = z38.object({
-  type: z38.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
-  attachedFiles: z38.array(
-    z38.object({
-      relativePath: z38.string(),
-      startLine: z38.number().optional()
+import z44 from "zod";
+var PromptItemZ = z44.object({
+  type: z44.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
+  attachedFiles: z44.array(
+    z44.object({
+      relativePath: z44.string(),
+      startLine: z44.number().optional()
     })
   ).optional(),
-  tokens: z38.object({
-    inputCount: z38.number(),
-    outputCount: z38.number()
+  tokens: z44.object({
+    inputCount: z44.number(),
+    outputCount: z44.number()
   }).optional(),
-  text: z38.string().optional(),
-  date: z38.date().optional(),
-  tool: z38.object({
-    name: z38.string(),
-    parameters: z38.string(),
-    result: z38.string(),
-    rawArguments: z38.string().optional(),
-    accepted: z38.boolean().optional()
+  text: z44.string().optional(),
+  date: z44.date().optional(),
+  tool: z44.object({
+    name: z44.string(),
+    parameters: z44.string(),
+    result: z44.string(),
+    rawArguments: z44.string().optional(),
+    accepted: z44.boolean().optional()
   }).optional()
 });
-var PromptItemArrayZ = z38.array(PromptItemZ);
+var PromptItemArrayZ = z44.array(PromptItemZ);
 function uploadAiBlameBuilder(args) {
   return args.option("prompt", {
     type: "string",
@@ -19281,8 +21120,8 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       throw new Error(errorMsg);
     }
     sessions.push({
-      promptFileName: path16.basename(promptPath),
-      inferenceFileName: path16.basename(inferencePath),
+      promptFileName: path17.basename(promptPath),
+      inferenceFileName: path17.basename(inferencePath),
       aiResponseAt: responseTimes[i] || nowIso,
       model: models[i],
       toolName: tools[i]