mobbdev 1.0.211 → 1.0.213

package/dist/args/commands/upload_ai_blame.mjs

@@ -42,7 +42,7 @@ var init_configs = __esm({
     MCP_TOOLS_BROWSER_COOLDOWN_MS = 24 * 60 * 60 * 1e3;
     isAutoScan = process.env["AUTO_SCAN"] !== "false";
     MVS_AUTO_FIX_OVERRIDE = process.env["MVS_AUTO_FIX"];
-    MCP_PERIODIC_TRACK_INTERVAL = 60 * 60 * 1e3;
+    MCP_PERIODIC_TRACK_INTERVAL = 24 * 60 * 60 * 1e3;
     MCP_SYSTEM_FIND_TIMEOUT_MS = 15 * 60 * 1e3;
   }
 });

package/dist/index.mjs

@@ -51,7 +51,7 @@ var init_configs = __esm({
     isAutoScan = process.env["AUTO_SCAN"] !== "false";
     MVS_AUTO_FIX_OVERRIDE = process.env["MVS_AUTO_FIX"];
     MCP_AUTO_FIX_DEBUG_MODE = true;
-    MCP_PERIODIC_TRACK_INTERVAL = 60 * 60 * 1e3;
+    MCP_PERIODIC_TRACK_INTERVAL = 24 * 60 * 60 * 1e3;
     MCP_DEFAULT_REST_API_URL = "https://api.mobb.ai/api/rest/mcp/track";
     MCP_SYSTEM_FIND_TIMEOUT_MS = 15 * 60 * 1e3;
   }
@@ -6224,7 +6224,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path17 = [
+      const path18 = [
         prefixPath,
         owner,
         projectName,
@@ -6235,7 +6235,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path17}?${params2}`, origin2).toString();
+      return new URL(`${path18}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -7782,14 +7782,14 @@ function getGithubSdk(params = {}) {
       };
     },
     async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path17 } = params2;
+      const { ref, gitHubUrl, path: path18 } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
       const res = await octokit.graphql(
         GET_BLAME_DOCUMENT,
         {
           owner,
           repo,
-          path: path17,
+          path: path18,
           ref
         }
       );
@@ -8131,11 +8131,11 @@ var GithubSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path17) {
+  async getRepoBlameRanges(ref, path18) {
     this._validateUrl();
     return await this.githubSdk.getGithubBlameRanges({
       ref,
-      path: path17,
+      path: path18,
       gitHubUrl: this.url
     });
   }
@@ -8815,13 +8815,13 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
   const { organization, repoName, projectPath } = parsingResult;
   return { owner: organization, repo: repoName, projectPath };
 }
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path17 }, options) {
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path18 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
   const api2 = getGitBeaker({
     url: gitlabUrl,
     gitlabAuthToken: options?.gitlabAuthToken
   });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path17, ref);
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path18, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
     const oldLineNumber = lineNumber;
@@ -8998,10 +8998,10 @@ var GitlabSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path17) {
+  async getRepoBlameRanges(ref, path18) {
     this._validateUrl();
     return await getGitlabBlameRanges(
-      { ref, path: path17, gitlabUrl: this.url },
+      { ref, path: path18, gitlabUrl: this.url },
       {
         url: this.url,
         gitlabAuthToken: this.accessToken
@@ -11033,7 +11033,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path17,
+    path: path18,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -11048,7 +11048,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path17,
+    path: path18,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -11082,7 +11082,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path17,
+    path: path18,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -11100,7 +11100,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path17,
+    path: path18,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -12858,8 +12858,8 @@ var WorkspaceService = class {
    * Sets a known workspace path that was discovered through successful validation
    * @param path The validated workspace path to store
    */
-  static setKnownWorkspacePath(path17) {
-    this.knownWorkspacePath = path17;
+  static setKnownWorkspacePath(path18) {
+    this.knownWorkspacePath = path18;
   }
   /**
    * Gets the known workspace path that was previously validated
@@ -14107,10 +14107,10 @@ var getHostInfo = (additionalMcpList) => {
   const ideConfigPaths = /* @__PURE__ */ new Set();
   for (const ide of IDEs) {
     const configPaths = getMCPConfigPaths(ide);
-    configPaths.forEach((path17) => ideConfigPaths.add(path17));
+    configPaths.forEach((path18) => ideConfigPaths.add(path18));
   }
   const uniqueAdditionalPaths = additionalMcpList.filter(
-    (path17) => !ideConfigPaths.has(path17)
+    (path18) => !ideConfigPaths.has(path18)
   );
   for (const ide of IDEs) {
     const cfg = readMCPConfig(ide);
@@ -14230,78 +14230,68 @@ init_configs();
 
 // src/mcp/services/McpUsageService/system.ts
 init_configs();
-import { spawn } from "child_process";
+import fs12 from "fs";
 import os4 from "os";
+import path12 from "path";
+var MAX_DEPTH = 2;
+var patterns = ["mcp", "claude"];
+var isFileMatch = (fileName) => {
+  const lowerName = fileName.toLowerCase();
+  return lowerName.endsWith(".json") && patterns.some((p) => lowerName.includes(p.toLowerCase()));
+};
+var safeAccess = async (filePath) => {
+  try {
+    await fs12.promises.access(filePath, fs12.constants.R_OK);
+    return true;
+  } catch {
+    return false;
+  }
+};
+var searchDir = async (dir, depth = 0) => {
+  const results = [];
+  if (depth > MAX_DEPTH) return results;
+  const entries = await fs12.promises.readdir(dir, { withFileTypes: true }).catch(() => []);
+  for (const entry of entries) {
+    const fullPath = path12.join(dir, entry.name);
+    if (entry.isFile() && isFileMatch(entry.name)) {
+      results.push(fullPath);
+    } else if (entry.isDirectory()) {
+      if (await safeAccess(fullPath)) {
+        const subResults = await searchDir(fullPath, depth + 1);
+        results.push(...subResults);
+      }
+    }
+  }
+  return results;
+};
 var findSystemMCPConfigs = async () => {
   try {
+    const home = os4.homedir();
     const platform = os4.platform();
-    let command;
-    let args;
-    if (platform === "win32") {
-      command = "powershell";
-      args = [
-        "-NoProfile",
-        "-Command",
-        "Get-ChildItem -Path $env:USERPROFILE -Recurse -Include *mcp*.json,*claude*.json -ErrorAction SilentlyContinue | ForEach-Object { $_.FullName }"
-      ];
-    } else {
-      const home = os4.homedir();
-      command = "find";
-      args = [
-        home,
-        "-type",
-        "f",
-        "(",
-        "-iname",
-        "*mcp*.json",
-        "-o",
-        "-iname",
-        "*claude*.json",
-        ")"
-      ];
-    }
-    return await new Promise((resolve) => {
-      const child = spawn(command, args, {
-        stdio: ["ignore", "pipe", "pipe"],
-        shell: platform === "win32"
-        // needed for PowerShell
-      });
-      let output = "";
-      let errorOutput = "";
-      const timer = setTimeout(() => {
-        child.kill("SIGTERM");
+    const knownDirs = platform === "win32" ? [
+      path12.join(home, ".cursor"),
+      path12.join(home, "Documents"),
+      path12.join(home, "Downloads")
+    ] : [
+      path12.join(home, ".cursor"),
+      process.env["XDG_CONFIG_HOME"] || path12.join(home, ".config"),
+      path12.join(home, "Documents"),
+      path12.join(home, "Downloads")
+    ];
+    const timeoutPromise = new Promise(
+      (resolve) => setTimeout(() => {
         logWarn(
           `MCP config search timed out after ${MCP_SYSTEM_FIND_TIMEOUT_MS / 1e3}s`
         );
         resolve([]);
-      }, MCP_SYSTEM_FIND_TIMEOUT_MS);
-      child.stdout.on("data", (data) => {
-        output += data.toString();
-      });
-      child.stderr.on("data", (data) => {
-        const msg = data.toString();
-        if (!msg.includes("Operation not permitted") && !msg.includes("Permission denied") && !msg.includes("Access is denied")) {
-          errorOutput += msg;
-        }
-      });
-      child.on("error", (err) => {
-        clearTimeout(timer);
-        logWarn("MCP config search failed to start", { err });
-        resolve([]);
-      });
-      child.on("close", (code) => {
-        clearTimeout(timer);
-        if (code === 0 || output.trim().length > 0) {
-          const files = output.split(/\r?\n/).map((f) => f.trim()).filter(Boolean);
-          resolve(files);
-        } else {
-          if (errorOutput.trim().length > 0) {
-            logWarn("MCP config search finished with warnings", { errorOutput });
-          }
-          resolve([]);
-        }
-      });
-    });
+      }, MCP_SYSTEM_FIND_TIMEOUT_MS)
+    );
+    const searchPromise = Promise.all(
+      knownDirs.map(
+        (dir) => fs12.existsSync(dir) ? searchDir(dir) : Promise.resolve([])
+      )
+    ).then((results) => results.flat());
+    return await Promise.race([timeoutPromise, searchPromise]);
   } catch (err) {
     logWarn("MCP config search unexpected error", { err });
     return [];
@@ -14897,6 +14887,12 @@ var McpServer = class {
     }
   }
   async handleListPromptsRequest(request) {
+    const mcpCheckerTool = this.toolRegistry.getToolDefinition(MCP_TOOL_CHECKER);
+    if (mcpCheckerTool) {
+      return {
+        prompts: []
+      };
+    }
     logInfo("Received list_prompts request");
     logDebug("list_prompts request", {
       request: JSON.parse(JSON.stringify(request))
@@ -16699,8 +16695,8 @@ For a complete security audit workflow, use the \`full-security-audit\` prompt.
 import { z as z40 } from "zod";
 
 // src/mcp/services/PathValidation.ts
-import fs12 from "fs";
-import path12 from "path";
+import fs13 from "fs";
+import path13 from "path";
 async function validatePath(inputPath) {
   logDebug("Validating MCP path", { inputPath });
   if (/^\/[a-zA-Z]:\//.test(inputPath)) {
@@ -16732,7 +16728,7 @@ async function validatePath(inputPath) {
     logError(error);
     return { isValid: false, error, path: inputPath };
   }
-  const normalizedPath = path12.normalize(inputPath);
+  const normalizedPath = path13.normalize(inputPath);
   if (normalizedPath.includes("..")) {
     const error = `Normalized path contains path traversal patterns: ${inputPath}`;
     logError(error);
@@ -16759,7 +16755,7 @@ async function validatePath(inputPath) {
   logDebug("Path validation successful", { inputPath });
   logDebug("Checking path existence", { inputPath });
   try {
-    await fs12.promises.access(inputPath);
+    await fs13.promises.access(inputPath);
     logDebug("Path exists and is accessible", { inputPath });
     WorkspaceService.setKnownWorkspacePath(inputPath);
     logDebug("Stored validated path in WorkspaceService", { inputPath });
@@ -17383,10 +17379,10 @@ If you wish to scan files that were recently changed in your git history call th
 init_FileUtils();
 init_GitService();
 init_configs();
-import fs13 from "fs/promises";
+import fs14 from "fs/promises";
 import nodePath from "path";
 var getLocalFiles = async ({
-  path: path17,
+  path: path18,
   maxFileSize = MCP_MAX_FILE_SIZE,
   maxFiles,
   isAllFilesScan,
@@ -17394,17 +17390,17 @@ var getLocalFiles = async ({
   scanRecentlyChangedFiles
 }) => {
   logDebug(`[${scanContext}] Starting getLocalFiles`, {
-    path: path17,
+    path: path18,
     maxFileSize,
     maxFiles,
     isAllFilesScan,
     scanRecentlyChangedFiles
   });
   try {
-    const resolvedRepoPath = await fs13.realpath(path17);
+    const resolvedRepoPath = await fs14.realpath(path18);
     logDebug(`[${scanContext}] Resolved repository path`, {
       resolvedRepoPath,
-      originalPath: path17
+      originalPath: path18
     });
     const gitService = new GitService(resolvedRepoPath, log);
     const gitValidation = await gitService.validateRepository();
@@ -17417,7 +17413,7 @@ var getLocalFiles = async ({
     if (!gitValidation.isValid || isAllFilesScan) {
       try {
         files = await FileUtils.getLastChangedFiles({
-          dir: path17,
+          dir: path18,
           maxFileSize,
           maxFiles,
           isAllFilesScan
@@ -17481,7 +17477,7 @@ var getLocalFiles = async ({
           absoluteFilePath
         );
         try {
-          const fileStat = await fs13.stat(absoluteFilePath);
+          const fileStat = await fs14.stat(absoluteFilePath);
           return {
             filename: nodePath.basename(absoluteFilePath),
             relativePath,
@@ -17509,15 +17505,15 @@ var getLocalFiles = async ({
     logError(`${scanContext}Unexpected error in getLocalFiles`, {
       error: error instanceof Error ? error.message : String(error),
       stack: error instanceof Error ? error.stack : void 0,
-      path: path17
+      path: path18
     });
     throw error;
   }
 };
 
 // src/mcp/services/LocalMobbFolderService.ts
-import fs14 from "fs";
-import path13 from "path";
+import fs15 from "fs";
+import path14 from "path";
 import { z as z39 } from "zod";
 init_GitService();
 function extractPathFromPatch(patch) {
@@ -17604,19 +17600,19 @@ var LocalMobbFolderService = class {
           "[LocalMobbFolderService] Non-git repository detected, skipping .gitignore operations"
         );
       }
-      const mobbFolderPath = path13.join(
+      const mobbFolderPath = path14.join(
         this.repoPath,
         this.defaultMobbFolderName
       );
-      if (!fs14.existsSync(mobbFolderPath)) {
+      if (!fs15.existsSync(mobbFolderPath)) {
         logInfo("[LocalMobbFolderService] Creating .mobb folder", {
           mobbFolderPath
         });
-        fs14.mkdirSync(mobbFolderPath, { recursive: true });
+        fs15.mkdirSync(mobbFolderPath, { recursive: true });
       } else {
         logDebug("[LocalMobbFolderService] .mobb folder already exists");
       }
-      const stats = fs14.statSync(mobbFolderPath);
+      const stats = fs15.statSync(mobbFolderPath);
       if (!stats.isDirectory()) {
         throw new Error(`Path exists but is not a directory: ${mobbFolderPath}`);
       }
@@ -17657,13 +17653,13 @@ var LocalMobbFolderService = class {
       logDebug("[LocalMobbFolderService] Git repository validated successfully");
     } else {
       try {
-        const stats = fs14.statSync(this.repoPath);
+        const stats = fs15.statSync(this.repoPath);
         if (!stats.isDirectory()) {
           throw new Error(
             `Path exists but is not a directory: ${this.repoPath}`
           );
         }
-        fs14.accessSync(this.repoPath, fs14.constants.R_OK | fs14.constants.W_OK);
+        fs15.accessSync(this.repoPath, fs15.constants.R_OK | fs15.constants.W_OK);
         logDebug(
           "[LocalMobbFolderService] Non-git directory validated successfully"
         );
@@ -17776,8 +17772,8 @@ var LocalMobbFolderService = class {
         mobbFolderPath,
         baseFileName
       );
-      const filePath = path13.join(mobbFolderPath, uniqueFileName);
-      await fs14.promises.writeFile(filePath, patch, "utf8");
+      const filePath = path14.join(mobbFolderPath, uniqueFileName);
+      await fs15.promises.writeFile(filePath, patch, "utf8");
       logInfo("[LocalMobbFolderService] Patch saved successfully", {
         filePath,
         fileName: uniqueFileName,
@@ -17834,11 +17830,11 @@ var LocalMobbFolderService = class {
    * @returns Unique filename that doesn't conflict with existing files
    */
   getUniqueFileName(folderPath, baseFileName) {
-    const baseName = path13.parse(baseFileName).name;
-    const extension = path13.parse(baseFileName).ext;
+    const baseName = path14.parse(baseFileName).name;
+    const extension = path14.parse(baseFileName).ext;
     let uniqueFileName = baseFileName;
     let index = 1;
-    while (fs14.existsSync(path13.join(folderPath, uniqueFileName))) {
+    while (fs15.existsSync(path14.join(folderPath, uniqueFileName))) {
       uniqueFileName = `${baseName}-${index}${extension}`;
       index++;
       if (index > 1e3) {
@@ -17869,18 +17865,18 @@ var LocalMobbFolderService = class {
     logDebug("[LocalMobbFolderService] Logging patch info", { fixId: fix.id });
     try {
       const mobbFolderPath = await this.getFolder();
-      const patchInfoPath = path13.join(mobbFolderPath, "patchInfo.md");
+      const patchInfoPath = path14.join(mobbFolderPath, "patchInfo.md");
       const markdownContent = this.generateFixMarkdown(fix, savedPatchFileName);
       let existingContent = "";
-      if (fs14.existsSync(patchInfoPath)) {
-        existingContent = await fs14.promises.readFile(patchInfoPath, "utf8");
+      if (fs15.existsSync(patchInfoPath)) {
+        existingContent = await fs15.promises.readFile(patchInfoPath, "utf8");
         logDebug("[LocalMobbFolderService] Existing patchInfo.md found");
       } else {
         logDebug("[LocalMobbFolderService] Creating new patchInfo.md file");
       }
       const separator = existingContent ? "\n\n================================================================================\n\n" : "";
       const updatedContent = `${markdownContent}${separator}${existingContent}`;
-      await fs14.promises.writeFile(patchInfoPath, updatedContent, "utf8");
+      await fs15.promises.writeFile(patchInfoPath, updatedContent, "utf8");
       logInfo("[LocalMobbFolderService] Patch info logged successfully", {
         patchInfoPath,
         fixId: fix.id,
@@ -17911,7 +17907,7 @@ var LocalMobbFolderService = class {
     const timestamp = (/* @__PURE__ */ new Date()).toISOString();
     const patch = this.extractPatchFromFix(fix);
     const relativePatchedFilePath = patch ? extractPathFromPatch(patch) : null;
-    const patchedFilePath = relativePatchedFilePath ? path13.resolve(this.repoPath, relativePatchedFilePath) : null;
+    const patchedFilePath = relativePatchedFilePath ? path14.resolve(this.repoPath, relativePatchedFilePath) : null;
     const fixIdentifier = savedPatchFileName ? savedPatchFileName.replace(".patch", "") : fix.id;
     let markdown = `# Fix ${fixIdentifier}
 
@@ -18253,16 +18249,16 @@ import {
   unlinkSync,
   writeFileSync
 } from "fs";
-import fs15 from "fs/promises";
+import fs16 from "fs/promises";
 import parseDiff2 from "parse-diff";
-import path14 from "path";
+import path15 from "path";
 var PatchApplicationService = class {
   /**
    * Gets the appropriate comment syntax for a file based on its extension
    */
   static getCommentSyntax(filePath) {
-    const ext = path14.extname(filePath).toLowerCase();
-    const basename2 = path14.basename(filePath);
+    const ext = path15.extname(filePath).toLowerCase();
+    const basename2 = path15.basename(filePath);
     const commentMap = {
       // C-style languages (single line comments)
       ".js": "//",
@@ -18465,7 +18461,7 @@ var PatchApplicationService = class {
         }
       );
     }
-    const dirPath = path14.dirname(filePath);
+    const dirPath = path15.dirname(filePath);
     mkdirSync(dirPath, { recursive: true });
     writeFileSync(filePath, finalContent, "utf8");
     return filePath;
@@ -18749,9 +18745,9 @@ var PatchApplicationService = class {
         continue;
       }
       try {
-        const absolutePath = path14.resolve(repositoryPath, targetFile);
+        const absolutePath = path15.resolve(repositoryPath, targetFile);
         if (existsSync2(absolutePath)) {
-          const stats = await fs15.stat(absolutePath);
+          const stats = await fs16.stat(absolutePath);
           const fileModTime = stats.mtime.getTime();
           if (fileModTime > scanStartTime) {
             logError(
@@ -18792,7 +18788,7 @@ var PatchApplicationService = class {
     const appliedFixes = [];
     const failedFixes = [];
     const skippedFixes = [];
-    const resolvedRepoPath = await fs15.realpath(repositoryPath);
+    const resolvedRepoPath = await fs16.realpath(repositoryPath);
     logInfo(
       `[${scanContext}] Starting patch application for ${fixes.length} fixes`,
       {
@@ -18940,11 +18936,11 @@ var PatchApplicationService = class {
   }) {
     const sanitizedRepoPath = String(repositoryPath || "").replace("\0", "").replace(/^(\.\.(\/|\\))+/, "");
     const sanitizedTargetFile = String(targetFile || "").replace("\0", "").replace(/^(\.\.(\/|\\))+/, "");
-    const absoluteFilePath = path14.resolve(
+    const absoluteFilePath = path15.resolve(
       sanitizedRepoPath,
       sanitizedTargetFile
     );
-    const relativePath = path14.relative(sanitizedRepoPath, absoluteFilePath);
+    const relativePath = path15.relative(sanitizedRepoPath, absoluteFilePath);
     if (relativePath.startsWith("..")) {
       throw new Error(
         `Security violation: target file ${targetFile} resolves outside repository`
@@ -18978,7 +18974,7 @@ var PatchApplicationService = class {
       fix,
       scanContext
     });
-    appliedFiles.push(path14.relative(repositoryPath, actualPath));
+    appliedFiles.push(path15.relative(repositoryPath, actualPath));
     logDebug(`[${scanContext}] Created new file: ${relativePath}`);
   }
   /**
@@ -19026,7 +19022,7 @@ var PatchApplicationService = class {
         fix,
         scanContext
       });
-      appliedFiles.push(path14.relative(repositoryPath, actualPath));
+      appliedFiles.push(path15.relative(repositoryPath, actualPath));
       logDebug(`[${scanContext}] Modified file: ${relativePath}`);
     }
   }
@@ -19221,8 +19217,8 @@ init_configs();
 
 // src/mcp/services/FileOperations.ts
 init_FileUtils();
-import fs16 from "fs";
-import path15 from "path";
+import fs17 from "fs";
+import path16 from "path";
 import AdmZip2 from "adm-zip";
 var FileOperations = class {
   /**
@@ -19242,10 +19238,10 @@ var FileOperations = class {
     let packedFilesCount = 0;
     const packedFiles = [];
     const excludedFiles = [];
-    const resolvedRepoPath = path15.resolve(repositoryPath);
+    const resolvedRepoPath = path16.resolve(repositoryPath);
     for (const filepath of fileList) {
-      const absoluteFilepath = path15.join(repositoryPath, filepath);
-      const resolvedFilePath = path15.resolve(absoluteFilepath);
+      const absoluteFilepath = path16.join(repositoryPath, filepath);
+      const resolvedFilePath = path16.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         const reason = "potential path traversal security risk";
         logDebug(`[FileOperations] Skipping ${filepath} due to ${reason}`);
@@ -19292,11 +19288,11 @@ var FileOperations = class {
     fileList,
     repositoryPath
   }) {
-    const resolvedRepoPath = path15.resolve(repositoryPath);
+    const resolvedRepoPath = path16.resolve(repositoryPath);
     const validatedPaths = [];
     for (const filepath of fileList) {
-      const absoluteFilepath = path15.join(repositoryPath, filepath);
-      const resolvedFilePath = path15.resolve(absoluteFilepath);
+      const absoluteFilepath = path16.join(repositoryPath, filepath);
+      const resolvedFilePath = path16.resolve(absoluteFilepath);
       if (!resolvedFilePath.startsWith(resolvedRepoPath)) {
         logDebug(
           `[FileOperations] Rejecting ${filepath} - path traversal attempt detected`
@@ -19304,7 +19300,7 @@ var FileOperations = class {
         continue;
       }
       try {
-        await fs16.promises.access(absoluteFilepath, fs16.constants.R_OK);
+        await fs17.promises.access(absoluteFilepath, fs17.constants.R_OK);
         validatedPaths.push(filepath);
       } catch (error) {
         logDebug(
@@ -19323,8 +19319,8 @@ var FileOperations = class {
     const fileDataArray = [];
     for (const absolutePath of filePaths) {
       try {
-        const content = await fs16.promises.readFile(absolutePath);
-        const relativePath = path15.basename(absolutePath);
+        const content = await fs17.promises.readFile(absolutePath);
+        const relativePath = path16.basename(absolutePath);
         fileDataArray.push({
           relativePath,
           absolutePath,
@@ -19349,7 +19345,7 @@ var FileOperations = class {
     relativeFilepath
   }) {
     try {
-      return await fs16.promises.readFile(absoluteFilepath);
+      return await fs17.promises.readFile(absoluteFilepath);
     } catch (fsError) {
       logError(
         `[FileOperations] Failed to read ${relativeFilepath} from filesystem: ${fsError}`
@@ -19636,14 +19632,14 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
    * since the last scan.
    */
   async scanForSecurityVulnerabilities({
-    path: path17,
+    path: path18,
     isAllDetectionRulesScan,
     isAllFilesScan,
     scanContext
   }) {
     this.hasAuthenticationFailed = false;
     logDebug(`[${scanContext}] Scanning for new security vulnerabilities`, {
-      path: path17
+      path: path18
     });
     if (!this.gqlClient) {
       logInfo(`[${scanContext}] No GQL client found, skipping scan`);
@@ -19659,11 +19655,11 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       logDebug(
         `[${scanContext}] Connected to the API, assembling list of files to scan`,
-        { path: path17 }
+        { path: path18 }
       );
       const isBackgroundScan = scanContext === ScanContext.BACKGROUND_INITIAL || scanContext === ScanContext.BACKGROUND_PERIODIC;
       const files = await getLocalFiles({
-        path: path17,
+        path: path18,
         isAllFilesScan,
         scanContext,
         scanRecentlyChangedFiles: !isBackgroundScan
@@ -19689,13 +19685,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
       const { fixReportId, projectId } = await scanFiles({
         fileList: filesToScan.map((file) => file.relativePath),
-        repositoryPath: path17,
+        repositoryPath: path18,
         gqlClient: this.gqlClient,
         isAllDetectionRulesScan,
         scanContext
       });
       logInfo(
-        `[${scanContext}] Security scan completed for ${path17} reportId: ${fixReportId} projectId: ${projectId}`
+        `[${scanContext}] Security scan completed for ${path18} reportId: ${fixReportId} projectId: ${projectId}`
       );
       if (isAllFilesScan) {
         return;
@@ -19989,13 +19985,13 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     });
     return scannedFiles.some((file) => file.relativePath === fixFile);
   }
-  async getFreshFixes({ path: path17 }) {
+  async getFreshFixes({ path: path18 }) {
     const scanContext = ScanContext.USER_REQUEST;
-    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path17 });
-    if (this.path !== path17) {
-      this.path = path17;
+    logDebug(`[${scanContext}] Getting fresh fixes`, { path: path18 });
+    if (this.path !== path18) {
+      this.path = path18;
       this.reset();
-      logInfo(`[${scanContext}] Reset service state for new path`, { path: path17 });
+      logInfo(`[${scanContext}] Reset service state for new path`, { path: path18 });
     }
     try {
       this.gqlClient = await createAuthenticatedMcpGQLClient();
@@ -20013,7 +20009,7 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       }
       throw error;
     }
-    this.triggerScan({ path: path17, gqlClient: this.gqlClient });
+    this.triggerScan({ path: path18, gqlClient: this.gqlClient });
     let isMvsAutoFixEnabled = null;
     try {
       isMvsAutoFixEnabled = await this.gqlClient.getMvsAutoFixSettings();
@@ -20047,33 +20043,33 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
     return noFreshFixesPrompt;
   }
   triggerScan({
-    path: path17,
+    path: path18,
     gqlClient
   }) {
-    if (this.path !== path17) {
-      this.path = path17;
+    if (this.path !== path18) {
+      this.path = path18;
       this.reset();
-      logInfo(`Reset service state for new path in triggerScan`, { path: path17 });
+      logInfo(`Reset service state for new path in triggerScan`, { path: path18 });
     }
     this.gqlClient = gqlClient;
     if (!this.intervalId) {
-      this.startPeriodicScanning(path17);
-      this.executeInitialScan(path17);
-      void this.executeInitialFullScan(path17);
+      this.startPeriodicScanning(path18);
+      this.executeInitialScan(path18);
+      void this.executeInitialFullScan(path18);
     }
   }
-  startPeriodicScanning(path17) {
+  startPeriodicScanning(path18) {
     const scanContext = ScanContext.BACKGROUND_PERIODIC;
     logDebug(
       `[${scanContext}] Starting periodic scan for new security vulnerabilities`,
       {
-        path: path17
+        path: path18
       }
     );
     this.intervalId = setInterval(() => {
-      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path17 });
+      logDebug(`[${scanContext}] Triggering periodic security scan`, { path: path18 });
       this.scanForSecurityVulnerabilities({
-        path: path17,
+        path: path18,
         scanContext
       }).catch((error) => {
         logError(`[${scanContext}] Error during periodic security scan`, {
@@ -20082,45 +20078,45 @@ var _CheckForNewAvailableFixesService = class _CheckForNewAvailableFixesService
       });
     }, MCP_PERIODIC_CHECK_INTERVAL);
   }
-  async executeInitialFullScan(path17) {
+  async executeInitialFullScan(path18) {
     const scanContext = ScanContext.FULL_SCAN;
-    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path17 });
+    logDebug(`[${scanContext}] Triggering initial full security scan`, { path: path18 });
     logDebug(`[${scanContext}] Full scan paths scanned`, {
       fullScanPathsScanned: this.fullScanPathsScanned
     });
-    if (this.fullScanPathsScanned.includes(path17)) {
+    if (this.fullScanPathsScanned.includes(path18)) {
       logDebug(`[${scanContext}] Full scan already executed for this path`, {
-        path: path17
+        path: path18
       });
       return;
     }
     configStore.set("fullScanPathsScanned", [
       ...this.fullScanPathsScanned,
-      path17
+      path18
     ]);
     try {
       await this.scanForSecurityVulnerabilities({
-        path: path17,
+        path: path18,
         isAllFilesScan: true,
         isAllDetectionRulesScan: true,
         scanContext: ScanContext.FULL_SCAN
       });
-      if (!this.fullScanPathsScanned.includes(path17)) {
-        this.fullScanPathsScanned.push(path17);
+      if (!this.fullScanPathsScanned.includes(path18)) {
+        this.fullScanPathsScanned.push(path18);
         configStore.set("fullScanPathsScanned", this.fullScanPathsScanned);
       }
-      logInfo(`[${scanContext}] Full scan completed`, { path: path17 });
+      logInfo(`[${scanContext}] Full scan completed`, { path: path18 });
     } catch (error) {
       logError(`[${scanContext}] Error during initial full security scan`, {
         error
       });
     }
   }
-  executeInitialScan(path17) {
+  executeInitialScan(path18) {
     const scanContext = ScanContext.BACKGROUND_INITIAL;
-    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path17 });
+    logDebug(`[${scanContext}] Triggering initial security scan`, { path: path18 });
     this.scanForSecurityVulnerabilities({
-      path: path17,
+      path: path18,
       scanContext: ScanContext.BACKGROUND_INITIAL
     }).catch((error) => {
       logError(`[${scanContext}] Error during initial security scan`, { error });
@@ -20217,9 +20213,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path17 = pathValidationResult.path;
+    const path18 = pathValidationResult.path;
     const resultText = await this.newFixesService.getFreshFixes({
-      path: path17
+      path: path18
     });
     logInfo("CheckForNewAvailableFixesTool execution completed", {
       resultText
@@ -20396,8 +20392,8 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path17 = pathValidationResult.path;
-    const gitService = new GitService(path17, log);
+    const path18 = pathValidationResult.path;
+    const gitService = new GitService(path18, log);
     const gitValidation = await gitService.validateRepository();
     if (!gitValidation.isValid) {
       throw new Error(`Invalid git repository: ${gitValidation.error}`);
@@ -20785,9 +20781,9 @@ Example payload:
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const path17 = pathValidationResult.path;
+    const path18 = pathValidationResult.path;
     const files = await getLocalFiles({
-      path: path17,
+      path: path18,
       maxFileSize: MCP_MAX_FILE_SIZE,
       maxFiles: args.maxFiles,
       scanContext: ScanContext.USER_REQUEST,
@@ -20807,7 +20803,7 @@ Example payload:
     try {
       const fixResult = await this.vulnerabilityFixService.processVulnerabilities({
         fileList: files.map((file) => file.relativePath),
-        repositoryPath: path17,
+        repositoryPath: path18,
         offset: args.offset,
         limit: args.limit,
         isRescan: args.rescan || !!args.maxFiles
@@ -20911,7 +20907,7 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs17 from "fs";
+import fs18 from "fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -20948,7 +20944,7 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs17.existsSync(argv.f)) {
+  if (!fs18.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }
@@ -21022,7 +21018,7 @@ async function addScmTokenHandler(args) {
 
 // src/args/commands/upload_ai_blame.ts
 import fsPromises3 from "fs/promises";
-import path16 from "path";
+import path17 from "path";
 import chalk10 from "chalk";
 import Configstore6 from "configstore";
 import { withFile } from "tmp-promise";
@@ -21124,8 +21120,8 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       throw new Error(errorMsg);
     }
     sessions.push({
-      promptFileName: path16.basename(promptPath),
-      inferenceFileName: path16.basename(inferencePath),
+      promptFileName: path17.basename(promptPath),
+      inferenceFileName: path17.basename(inferencePath),
       aiResponseAt: responseTimes[i] || nowIso,
       model: models[i],
       toolName: tools[i]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.0.211",
+  "version": "1.0.213",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",