mobbdev 1.0.53 → 1.0.59

package/dist/index.mjs

@@ -25,7 +25,7 @@ import chalk10 from "chalk";
 import yargs from "yargs/yargs";
 
 // src/args/commands/analyze.ts
-import fs5 from "node:fs";
+import fs4 from "node:fs";
 
 // src/commands/index.ts
 import crypto from "node:crypto";
@@ -123,6 +123,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["DefaultRightsInObjDefinition"] = "DEFAULT_RIGHTS_IN_OBJ_DEFINITION";
   IssueType_Enum2["DeprecatedFunction"] = "DEPRECATED_FUNCTION";
   IssueType_Enum2["DosStringBuilder"] = "DOS_STRING_BUILDER";
+  IssueType_Enum2["DuplicatedStrings"] = "DUPLICATED_STRINGS";
   IssueType_Enum2["ErroneousStringCompare"] = "ERRONEOUS_STRING_COMPARE";
   IssueType_Enum2["ErrorCondtionWithoutAction"] = "ERROR_CONDTION_WITHOUT_ACTION";
   IssueType_Enum2["FrameableLoginPage"] = "FRAMEABLE_LOGIN_PAGE";
@@ -144,6 +145,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
   IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
   IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
+  IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
   IssueType_Enum2["InsufficientLogging"] = "INSUFFICIENT_LOGGING";
   IssueType_Enum2["JqueryDeprecatedSymbols"] = "JQUERY_DEPRECATED_SYMBOLS";
   IssueType_Enum2["LeftoverDebugCode"] = "LEFTOVER_DEBUG_CODE";
@@ -221,19 +223,20 @@ var Vulnerability_Report_Issue_State_Enum = /* @__PURE__ */ ((Vulnerability_Repo
   Vulnerability_Report_Issue_State_Enum2["Unsupported"] = "Unsupported";
   return Vulnerability_Report_Issue_State_Enum2;
 })(Vulnerability_Report_Issue_State_Enum || {});
-var Vulnerability_Report_Issue_Tag_Enum = /* @__PURE__ */ ((Vulnerability_Report_Issue_Tag_Enum2) => {
-  Vulnerability_Report_Issue_Tag_Enum2["AutogeneratedCode"] = "AUTOGENERATED_CODE";
-  Vulnerability_Report_Issue_Tag_Enum2["AuxiliaryCode"] = "AUXILIARY_CODE";
-  Vulnerability_Report_Issue_Tag_Enum2["FalsePositive"] = "FALSE_POSITIVE";
-  Vulnerability_Report_Issue_Tag_Enum2["TestCode"] = "TEST_CODE";
-  Vulnerability_Report_Issue_Tag_Enum2["VendorCode"] = "VENDOR_CODE";
-  return Vulnerability_Report_Issue_Tag_Enum2;
+var Vulnerability_Report_Issue_Tag_Enum = /* @__PURE__ */ ((Vulnerability_Report_Issue_Tag_Enum3) => {
+  Vulnerability_Report_Issue_Tag_Enum3["AutogeneratedCode"] = "AUTOGENERATED_CODE";
+  Vulnerability_Report_Issue_Tag_Enum3["AuxiliaryCode"] = "AUXILIARY_CODE";
+  Vulnerability_Report_Issue_Tag_Enum3["FalsePositive"] = "FALSE_POSITIVE";
+  Vulnerability_Report_Issue_Tag_Enum3["TestCode"] = "TEST_CODE";
+  Vulnerability_Report_Issue_Tag_Enum3["VendorCode"] = "VENDOR_CODE";
+  return Vulnerability_Report_Issue_Tag_Enum3;
 })(Vulnerability_Report_Issue_Tag_Enum || {});
 var Vulnerability_Report_Vendor_Enum = /* @__PURE__ */ ((Vulnerability_Report_Vendor_Enum3) => {
   Vulnerability_Report_Vendor_Enum3["Checkmarx"] = "checkmarx";
   Vulnerability_Report_Vendor_Enum3["CheckmarxXml"] = "checkmarxXml";
   Vulnerability_Report_Vendor_Enum3["Codeql"] = "codeql";
   Vulnerability_Report_Vendor_Enum3["Fortify"] = "fortify";
+  Vulnerability_Report_Vendor_Enum3["Opengrep"] = "opengrep";
   Vulnerability_Report_Vendor_Enum3["Semgrep"] = "semgrep";
   Vulnerability_Report_Vendor_Enum3["Snyk"] = "snyk";
   Vulnerability_Report_Vendor_Enum3["Sonarqube"] = "sonarqube";
@@ -411,8 +414,12 @@ var GetVulByNodesMetadataDocument = `
     path
     startLine
     vulnerabilityReportIssue {
-      issueType
+      parsedIssueType
       fixId
+      category
+      vulnerabilityReportIssueTags {
+        tag: vulnerability_report_issue_tag_value
+      }
     }
   }
   fixablePrVuls: vulnerability_report_issue_aggregate(
@@ -436,6 +443,25 @@ var GetVulByNodesMetadataDocument = `
       count
     }
   }
+  irrelevantVulnerabilityReportIssue: vulnerability_report(
+    where: {id: {_eq: $vulnerabilityReportId}}
+  ) {
+    vulnerabilityReportIssues(
+      where: {fixId: {_is_null: true}, _or: [{category: {_eq: "Irrelevant"}}, {category: {_eq: "FalsePositive"}}]}
+    ) {
+      id
+      parsedIssueType
+      fixId
+      category
+      vulnerabilityReportIssueTags {
+        tag: vulnerability_report_issue_tag_value
+      }
+      codeNodes(order_by: {index: desc}, where: {_or: $filters}) {
+        path
+        startLine
+      }
+    }
+  }
 }
     `;
 var UpdateScmTokenDocument = `
@@ -898,7 +924,7 @@ var FixPageFixReportZ = z3.object({
 
 // src/features/analysis/scm/shared/src/types/issue.ts
 var MAX_SOURCE_CODE_FILE_SIZE_IN_BYTES = 1e5;
-var category = {
+var CATEGORY = {
   NoFix: "NoFix",
   Unsupported: "Unsupported",
   Irrelevant: "Irrelevant",
@@ -906,11 +932,11 @@ var category = {
   Fixable: "Fixable"
 };
 var ValidCategoriesZ = z4.union([
-  z4.literal(category.NoFix),
-  z4.literal(category.Unsupported),
-  z4.literal(category.Irrelevant),
-  z4.literal(category.FalsePositive),
-  z4.literal(category.Fixable)
+  z4.literal(CATEGORY.NoFix),
+  z4.literal(CATEGORY.Unsupported),
+  z4.literal(CATEGORY.Irrelevant),
+  z4.literal(CATEGORY.FalsePositive),
+  z4.literal(CATEGORY.Fixable)
 ]);
 var BaseIssuePartsZ = z4.object({
   id: z4.string().uuid(),
@@ -919,6 +945,10 @@ var BaseIssuePartsZ = z4.object({
   createdAt: z4.string(),
   parsedSeverity: ParsedSeverityZ,
   category: ValidCategoriesZ,
+  extraData: z4.object({
+    missing_files: z4.string().array().nullish(),
+    error_files: z4.string().array().nullish()
+  }),
   vulnerabilityReportIssueTags: z4.array(
     z4.object({
       tag: z4.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
@@ -967,13 +997,13 @@ var FalsePositivePartsZ = z4.object({
 });
 var IssuePartsWithFixZ = BaseIssuePartsZ.merge(
   z4.object({
-    category: z4.literal(category.Irrelevant),
+    category: z4.literal(CATEGORY.Irrelevant),
     fix: FixPartsForFixScreenZ.nullish()
   })
 );
 var IssuePartsFpZ = BaseIssuePartsZ.merge(
   z4.object({
-    category: z4.literal(category.FalsePositive),
+    category: z4.literal(CATEGORY.FalsePositive),
     fpId: z4.string().uuid(),
     getFalsePositive: FalsePositivePartsZ
   })
@@ -981,9 +1011,9 @@ var IssuePartsFpZ = BaseIssuePartsZ.merge(
 var GeneralIssueZ = BaseIssuePartsZ.merge(
   z4.object({
     category: z4.union([
-      z4.literal(category.NoFix),
-      z4.literal(category.Unsupported),
-      z4.literal(category.Fixable)
+      z4.literal(CATEGORY.NoFix),
+      z4.literal(CATEGORY.Unsupported),
+      z4.literal(CATEGORY.Fixable)
     ])
   })
 );
@@ -1008,6 +1038,13 @@ var GetIssueScreenDataZ = z4.object({
   issueIndexes: GetIssueIndexesZ
 });
 var IssueBucketZ = z4.enum(["fixable", "irrelevant", "remaining"]);
+var mapCategoryToBucket = {
+  FalsePositive: "irrelevant",
+  Irrelevant: "irrelevant",
+  NoFix: "remaining",
+  Unsupported: "remaining",
+  Fixable: "fixable"
+};
 
 // src/features/analysis/scm/shared/src/types/types.ts
 import { z as z7 } from "zod";
@@ -1102,7 +1139,9 @@ var issueTypeMap = {
   ["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: "Frameable Login Page",
   ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: "Use of Hardcoded Cryptographic Key",
   ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: "Missing SSL MinVersion",
-  ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check"
+  ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check",
+  ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
+  ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version"
 };
 var issueTypeZ = z5.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1112,6 +1151,29 @@ var getIssueTypeFriendlyString = (issueType) => {
   }
   return issueTypeMap[issueTypeZParseRes.data];
 };
+function getTagTooltip(tag) {
+  switch (tag) {
+    case "FALSE_POSITIVE":
+      return "Issue was found to be a false positive";
+    case "TEST_CODE":
+      return "Issue found in test files, not production code";
+    case "VENDOR_CODE":
+      return "Issue is in external libraries or dependencies not owned or maintained by your team";
+    case "AUTOGENERATED_CODE":
+      return "Code created by tools or frameworks, not manually written";
+    case "AUXILIARY_CODE":
+      return "Issue found in supporting files that don\u2019t impact core functionality";
+    default:
+      return tag;
+  }
+}
+var issueDescription = {
+  ["AUTOGENERATED_CODE" /* AutogeneratedCode */]: "The flagged code is generated automatically by tools or frameworks as part of the build or runtime process. This categorization highlights that **the issue resides in non-manual code**, which often requires tool-specific solutions or exemptions.",
+  ["AUXILIARY_CODE" /* AuxiliaryCode */]: "The flagged code is auxiliary or supporting code, such as configuration files, build scripts, or other non-application logic. This categorization indicates that the issue is not directly related to the application\u2019s core functionality.",
+  ["FALSE_POSITIVE" /* FalsePositive */]: "The flagged code **does not represent an actual vulnerability within the application\u2019s context.** This categorization indicates that the issue is either misidentified by the scanner or deemed irrelevant to the application\u2019s functionality.",
+  ["TEST_CODE" /* TestCode */]: "The flagged code resides in a test-specific path or context. This categorization indicates that **it supports testing scenarios and is isolated from production use**.",
+  ["VENDOR_CODE" /* VendorCode */]: "The flagged code originates from a third-party library or dependency maintained externally. This categorization suggests that **the issue lies outside the application\u2019s direct control** and should be addressed by the vendor if necessary."
+};
 
 // src/features/analysis/scm/shared/src/validations.ts
 var IssueTypeSettingZ = z6.object({
@@ -1605,9 +1667,9 @@ var progressMassages = {
 var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
 // src/features/analysis/index.ts
-import fs4 from "node:fs";
+import fs3 from "node:fs";
 import fsPromises from "node:fs/promises";
-import path7 from "node:path";
+import path6 from "node:path";
 import { env as env2 } from "node:process";
 import { pipeline } from "node:stream/promises";
 
@@ -1721,18 +1783,14 @@ import extract from "extract-zip";
 import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
 import open2 from "open";
-import tmp2 from "tmp";
-import { z as z31 } from "zod";
+import tmp from "tmp";
+import { z as z29 } from "zod";
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug8 from "debug";
 
-// src/features/analysis/scm/github/github.ts
-import { RequestError } from "@octokit/request-error";
-
-// src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
-var MAX_BRANCHES_FETCH = 1e3;
+// src/features/analysis/scm/github/GithubSCMLib.ts
+import { z as z24 } from "zod";
 
 // src/features/analysis/scm/errors.ts
 var InvalidRepoUrlError = class extends Error {
@@ -1762,6 +1820,21 @@ var RepoNoTokenAccessError = class extends Error {
   }
 };
 
+// src/features/analysis/scm/scmSubmit/index.ts
+import { simpleGit } from "simple-git";
+var isValidBranchName = async (branchName) => {
+  const git = simpleGit();
+  try {
+    const res = await git.raw(["check-ref-format", "--branch", branchName]);
+    if (res) {
+      return true;
+    }
+    return false;
+  } catch (e) {
+    return false;
+  }
+};
+
 // src/features/analysis/scm/types.ts
 import { z as z14 } from "zod";
 
@@ -2007,13 +2080,20 @@ var fixDetailsData = {
   ["FRAMEABLE_LOGIN_PAGE" /* FrameableLoginPage */]: void 0,
   ["USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY" /* UseOfHardCodedCryptographicKey */]: void 0,
   ["MISSING_SSL_MINVERSION" /* MissingSslMinversion */]: void 0,
-  ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0
+  ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0,
+  ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
+  ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
 function capitalizeFirstLetter(str) {
   return str?.length ? str[0].toUpperCase() + str.slice(1) : "";
 }
+function lowercaseFirstLetter(str) {
+  if (!str)
+    return str;
+  return `${str.charAt(0).toLowerCase()}${str.slice(1)}`;
+}
 var severityToEmoji = {
   ["critical" /* Critical */]: "\u{1F6A8}",
   ["high" /* High */]: "\u{1F6A9}",
@@ -2025,7 +2105,8 @@ var getCommitDescription = ({
   issueType,
   severity,
   guidances,
-  fixUrl
+  fixUrl,
+  irrelevantIssueWithTags
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
   let description = `This change fixes a **${severity} severity** (${severityToEmoji[severity]}) **${issueTypeString}** issue reported by **${capitalizeFirstLetter(
@@ -2035,6 +2116,17 @@ var getCommitDescription = ({
 `;
   const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
+    if (irrelevantIssueWithTags?.[0]?.tag) {
+      description += `
+> [!tip]
+> This issue was found to be irrelevant to your project - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
+> Mobb recommends to ignore this issue, however fix is available if you think differently. 
+
+
+## Justification
+${issueDescription[irrelevantIssueWithTags[0].tag]}
+`;
+    }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
     if (staticData) {
       description += `## Issue description
@@ -2056,6 +2148,36 @@ ${guidances.map(({ guidance }) => `## Additional actions required
   }
   return description;
 };
+var getCommitIssueDescription = ({
+  vendor,
+  issueType,
+  irrelevantIssueWithTags
+}) => {
+  const issueTypeString = getIssueTypeFriendlyString(issueType);
+  let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
+`;
+  const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
+  if (issueType && parseIssueTypeRes.success) {
+    if (irrelevantIssueWithTags?.[0]?.tag) {
+      description += `
+> [!tip]
+> ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
+> Mobb recommends to ignore this issue, however fix is available if you think differently. 
+
+
+## Justification
+${issueDescription[irrelevantIssueWithTags[0].tag]}
+`;
+    }
+    const staticData = fixDetailsData[parseIssueTypeRes.data];
+    if (staticData) {
+      description += `## Issue description
+${staticData.issueDescription}
+`;
+    }
+  }
+  return description;
+};
 
 // src/features/analysis/scm/shared/src/guidances.ts
 import { z as z12 } from "zod";
@@ -2655,6 +2777,15 @@ var confusingNaming = {
   }
 };
 
+// src/features/analysis/scm/shared/src/storedQuestionData/java/duplicatedStrings.ts
+var duplicatedStrings = {
+  constantName: {
+    content: () => "New constant name",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
 // src/features/analysis/scm/shared/src/storedQuestionData/java/erroneousStringCompare.ts
 var erroneousStringCompare = {
   javaVersionGreaterOrEqual17: {
@@ -3051,7 +3182,8 @@ var vulnerabilities11 = {
   ["INSECURE_COOKIE" /* InsecureCookie */]: insecureCookie2,
   ["TRUST_BOUNDARY_VIOLATION" /* TrustBoundaryViolation */]: trustBoundaryViolation2,
   ["LEFTOVER_DEBUG_CODE" /* LeftoverDebugCode */]: leftoverDebugCode,
-  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare
+  ["ERRONEOUS_STRING_COMPARE" /* ErroneousStringCompare */]: erroneousStringCompare,
+  ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings
 };
 var java_default2 = vulnerabilities11;
 
@@ -3749,6 +3881,15 @@ function getFixUrl({
 }) {
   return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/fix/${fixId}`;
 }
+function getIssueUrl({
+  appBaseUrl,
+  issueId,
+  projectId,
+  organizationId,
+  analysisId
+}) {
+  return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/issue/${issueId}`;
+}
 
 // src/features/analysis/scm/types.ts
 var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
@@ -3788,100 +3929,8 @@ var GetRefererenceResultZ = z14.object({
   type: z14.nativeEnum(ReferenceType)
 });
 
-// src/features/analysis/scm/github/consts.ts
-var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
-var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
-var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
-var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
-var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
-var GET_USER = "GET /user";
-var GET_USER_REPOS = "GET /user/repos";
-var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
-var GET_BLAME_DOCUMENT = `
-      query GetBlame(
-        $owner: String!
-        $repo: String!
-        $ref: String!
-        $path: String!
-      ) {
-        repository(name: $repo, owner: $owner) {
-          # branch name
-          object(expression: $ref) {
-            # cast Target to a Commit
-            ... on Commit {
-              # full repo-relative path to blame file
-              blame(path: $path) {
-                ranges {
-                  commit {
-                    author {
-                      user {
-                        name
-                        login
-                      }
-                    }
-                    authoredDate
-                  }
-                  startingLine
-                  endingLine
-                  age
-                }
-              }
-            }
-            
-          }
-        }
-      }
-    `;
-
-// src/features/analysis/scm/github/utils/encrypt_secret.ts
-import sodium from "libsodium-wrappers";
-async function encryptSecret(secret, key) {
-  await sodium.ready;
-  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
-  const binsec = sodium.from_string(secret);
-  const encBytes = sodium.crypto_box_seal(binsec, binkey);
-  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
-}
-
-// src/features/analysis/scm/github/utils/utils.ts
-import { Octokit } from "octokit";
-import { fetch as fetch2, ProxyAgent as ProxyAgent2 } from "undici";
-
-// src/features/analysis/scm/ado/constants.ts
-var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
-
-// src/features/analysis/scm/ado/utils.ts
-import querystring from "node:querystring";
-import * as api from "azure-devops-node-api";
-import Debug2 from "debug";
-import { z as z18 } from "zod";
-
-// src/features/analysis/scm/env.ts
-import { z as z15 } from "zod";
-var EnvVariablesZod = z15.object({
-  GITLAB_API_TOKEN: z15.string().optional(),
-  GITHUB_API_TOKEN: z15.string().optional(),
-  GIT_COMMITTER_EMAIL: z15.string().optional(),
-  GIT_COMMITTER_NAME: z15.string().optional(),
-  GIT_PROXY_HOST: z15.string()
-});
-var {
-  GITLAB_API_TOKEN,
-  GITHUB_API_TOKEN,
-  GIT_PROXY_HOST,
-  GIT_COMMITTER_EMAIL,
-  GIT_COMMITTER_NAME
-} = EnvVariablesZod.parse(process.env);
-
 // src/features/analysis/scm/utils/index.ts
-import { z as z16 } from "zod";
+import { z as z15 } from "zod";
 function getFixUrlWithRedirect(params) {
   const {
     fixId,
@@ -3903,6 +3952,27 @@ function getFixUrlWithRedirect(params) {
     analysisId
   })}?${searchParams.toString()}`;
 }
+function getIssueUrlWithRedirect(params) {
+  const {
+    issueId,
+    projectId,
+    organizationId,
+    analysisId,
+    redirectUrl,
+    appBaseUrl,
+    commentId
+  } = params;
+  const searchParams = new URLSearchParams();
+  searchParams.append("commit_redirect_url", redirectUrl);
+  searchParams.append("comment_id", commentId.toString());
+  return `${getIssueUrl({
+    appBaseUrl,
+    issueId,
+    projectId,
+    organizationId,
+    analysisId
+  })}?${searchParams.toString()}`;
+}
 function getCommitUrl(params) {
   const {
     fixId,
@@ -3924,6 +3994,27 @@ function getCommitUrl(params) {
     analysisId
   })}/commit?${searchParams.toString()}`;
 }
+function getCommitIssueUrl(params) {
+  const {
+    issueId,
+    projectId,
+    organizationId,
+    analysisId,
+    redirectUrl,
+    appBaseUrl,
+    commentId
+  } = params;
+  const searchParams = new URLSearchParams();
+  searchParams.append("redirect_url", redirectUrl);
+  searchParams.append("comment_id", commentId.toString());
+  return `${getIssueUrl({
+    appBaseUrl,
+    issueId,
+    projectId,
+    organizationId,
+    analysisId
+  })}/commit?${searchParams.toString()}`;
+}
 var userNamePattern = /^(https?:\/\/)([^@]+@)?([^/]+\/.+)$/;
 var sshPattern = /^git@([\w.-]+):([\w./-]+)$/;
 function normalizeUrl(repoUrl) {
@@ -3950,7 +4041,7 @@ function shouldValidateUrl(repoUrl) {
   return repoUrl && isUrlHasPath(repoUrl);
 }
 function isBrokerUrl(url) {
-  return z16.string().uuid().safeParse(new URL(url).host).success;
+  return z15.string().uuid().safeParse(new URL(url).host).success;
 }
 function buildAuthorizedRepoUrl(args) {
   const { url, username, password } = args;
@@ -3986,7 +4077,7 @@ function getCloudScmLibTypeFromUrl(url) {
   return void 0;
 }
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z16.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z15.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -4052,67 +4143,223 @@ function getScmConfig({
   };
 }
 
-// src/features/analysis/scm/ado/validation.ts
-import { z as z17 } from "zod";
-var ValidPullRequestStatusZ = z17.union([
-  z17.literal(1 /* Active */),
-  z17.literal(2 /* Abandoned */),
-  z17.literal(3 /* Completed */)
-]);
-var AdoAuthResultZ = z17.object({
-  access_token: z17.string().min(1),
-  token_type: z17.string().min(1),
-  refresh_token: z17.string().min(1)
-});
-var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
-  scmOrgs: z17.array(z17.string())
-});
-var profileZ = z17.object({
-  displayName: z17.string(),
-  publicAlias: z17.string().min(1),
-  emailAddress: z17.string(),
-  coreRevision: z17.number(),
-  timeStamp: z17.string(),
-  id: z17.string(),
-  revision: z17.number()
-});
-var accountsZ = z17.object({
-  count: z17.number(),
-  value: z17.array(
-    z17.object({
-      accountId: z17.string(),
-      accountUri: z17.string(),
-      accountName: z17.string()
-    })
-  )
-});
-
-// src/features/analysis/scm/ado/utils.ts
-var debug2 = Debug2("mobbdev:scm:ado");
-function _getPublicAdoClient({
-  orgName,
-  origin: origin2
-}) {
-  const orgUrl = `${origin2}/${orgName}`;
-  const authHandler = api.getPersonalAccessTokenHandler("");
-  authHandler.canHandleAuthentication = () => false;
-  authHandler.prepareRequest = (_options) => {
-    return;
-  };
-  const connection = new api.WebApi(orgUrl, authHandler);
-  return connection;
-}
-function removeTrailingSlash(str) {
-  return str.trim().replace(/\/+$/, "");
-}
-function parseAdoOwnerAndRepo(adoUrl) {
-  adoUrl = removeTrailingSlash(adoUrl);
-  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
-  if (!parsingResult || parsingResult.scmType !== "Ado" /* Ado */) {
-    throw new InvalidUrlPatternError(`
-      : ${adoUrl}`);
-  }
-  const {
+// src/features/analysis/scm/scm.ts
+var SCMLib = class {
+  constructor(url, accessToken, scmOrg) {
+    __publicField(this, "url");
+    __publicField(this, "accessToken");
+    __publicField(this, "scmOrg");
+    this.accessToken = accessToken;
+    this.url = url;
+    this.scmOrg = scmOrg;
+  }
+  async getUrlWithCredentials() {
+    if (!this.url) {
+      console.error("no url for getUrlWithCredentials()");
+      throw new Error("no url");
+    }
+    const trimmedUrl = this.url.trim().replace(/\/$/, "");
+    const accessToken = this.getAccessToken();
+    if (!accessToken) {
+      return trimmedUrl;
+    }
+    if (this.scmLibType === "ADO" /* ADO */) {
+      const { host, protocol, pathname } = new URL(trimmedUrl);
+      return `${protocol}//${accessToken}@${host}${pathname}`;
+    }
+    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
+    const username = await this._getUsernameForAuthUrl();
+    return buildAuthorizedRepoUrl({
+      url: finalUrl,
+      username,
+      password: accessToken
+    });
+  }
+  getAccessToken() {
+    return this.accessToken || "";
+  }
+  getUrl() {
+    return this.url;
+  }
+  getName() {
+    if (!this.url) {
+      return "";
+    }
+    return this.url.split("/").at(-1) || "";
+  }
+  _validateAccessToken() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+  }
+  static async getIsValidBranchName(branchName) {
+    return isValidBranchName(branchName);
+  }
+  _validateAccessTokenAndUrl() {
+    this._validateAccessToken();
+    this._validateUrl();
+  }
+  _validateUrl() {
+    if (!this.url) {
+      console.error("no url");
+      throw new InvalidRepoUrlError("no url");
+    }
+  }
+};
+
+// src/features/analysis/scm/github/github.ts
+import { RequestError } from "@octokit/request-error";
+
+// src/features/analysis/scm/constants.ts
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+var MAX_BRANCHES_FETCH = 1e3;
+
+// src/features/analysis/scm/github/consts.ts
+var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
+var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
+var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
+var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
+var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
+var GET_USER = "GET /user";
+var GET_USER_REPOS = "GET /user/repos";
+var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
+var GET_BLAME_DOCUMENT = `
+      query GetBlame(
+        $owner: String!
+        $repo: String!
+        $ref: String!
+        $path: String!
+      ) {
+        repository(name: $repo, owner: $owner) {
+          # branch name
+          object(expression: $ref) {
+            # cast Target to a Commit
+            ... on Commit {
+              # full repo-relative path to blame file
+              blame(path: $path) {
+                ranges {
+                  commit {
+                    author {
+                      user {
+                        name
+                        login
+                      }
+                    }
+                    authoredDate
+                  }
+                  startingLine
+                  endingLine
+                  age
+                }
+              }
+            }
+            
+          }
+        }
+      }
+    `;
+
+// src/features/analysis/scm/github/utils/encrypt_secret.ts
+import sodium from "libsodium-wrappers";
+async function encryptSecret(secret, key) {
+  await sodium.ready;
+  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
+  const binsec = sodium.from_string(secret);
+  const encBytes = sodium.crypto_box_seal(binsec, binkey);
+  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
+}
+
+// src/features/analysis/scm/github/utils/utils.ts
+import { Octokit } from "octokit";
+import { fetch as fetch2, ProxyAgent as ProxyAgent2 } from "undici";
+
+// src/features/analysis/scm/ado/constants.ts
+var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
+
+// src/features/analysis/scm/ado/utils.ts
+import querystring from "node:querystring";
+import * as api from "azure-devops-node-api";
+import Debug2 from "debug";
+import { z as z18 } from "zod";
+
+// src/features/analysis/scm/env.ts
+import { z as z16 } from "zod";
+var EnvVariablesZod = z16.object({
+  GITLAB_API_TOKEN: z16.string().optional(),
+  GITHUB_API_TOKEN: z16.string().optional(),
+  GIT_PROXY_HOST: z16.string()
+});
+var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+
+// src/features/analysis/scm/ado/validation.ts
+import { z as z17 } from "zod";
+var ValidPullRequestStatusZ = z17.union([
+  z17.literal(1 /* Active */),
+  z17.literal(2 /* Abandoned */),
+  z17.literal(3 /* Completed */)
+]);
+var AdoAuthResultZ = z17.object({
+  access_token: z17.string().min(1),
+  token_type: z17.string().min(1),
+  refresh_token: z17.string().min(1)
+});
+var AdoAuthResultWithOrgsZ = AdoAuthResultZ.extend({
+  scmOrgs: z17.array(z17.string())
+});
+var profileZ = z17.object({
+  displayName: z17.string(),
+  publicAlias: z17.string().min(1),
+  emailAddress: z17.string(),
+  coreRevision: z17.number(),
+  timeStamp: z17.string(),
+  id: z17.string(),
+  revision: z17.number()
+});
+var accountsZ = z17.object({
+  count: z17.number(),
+  value: z17.array(
+    z17.object({
+      accountId: z17.string(),
+      accountUri: z17.string(),
+      accountName: z17.string()
+    })
+  )
+});
+
+// src/features/analysis/scm/ado/utils.ts
+var debug2 = Debug2("mobbdev:scm:ado");
+function _getPublicAdoClient({
+  orgName,
+  origin: origin2
+}) {
+  const orgUrl = `${origin2}/${orgName}`;
+  const authHandler = api.getPersonalAccessTokenHandler("");
+  authHandler.canHandleAuthentication = () => false;
+  authHandler.prepareRequest = (_options) => {
+    return;
+  };
+  const connection = new api.WebApi(orgUrl, authHandler);
+  return connection;
+}
+function removeTrailingSlash(str) {
+  return str.trim().replace(/\/+$/, "");
+}
+function parseAdoOwnerAndRepo(adoUrl) {
+  adoUrl = removeTrailingSlash(adoUrl);
+  const parsingResult = parseScmURL(adoUrl, "Ado" /* Ado */);
+  if (!parsingResult || parsingResult.scmType !== "Ado" /* Ado */) {
+    throw new InvalidUrlPatternError(`
+      : ${adoUrl}`);
+  }
+  const {
     organization,
     repoName,
     projectName,
@@ -4429,7 +4676,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path9 = [
+      const path8 = [
         prefixPath,
         owner,
         projectName,
@@ -4440,7 +4687,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path9}?${params2}`, origin2).toString();
+      return new URL(`${path8}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -4615,246 +4862,53 @@ async function getAdoRepoList({
         ...await getAdoClientParams({
           accessToken,
           tokenOrg: tokenOrg || org,
-          url: void 0
-        }),
-        orgName: org
-      });
-      const gitOrg = await orgApi.getGitApi();
-      const orgRepos = await gitOrg.getRepositories();
-      const repoInfoList = (await Promise.allSettled(
-        orgRepos.map(async (repo) => {
-          if (!repo.name || !repo.remoteUrl || !repo.defaultBranch) {
-            throw new InvalidRepoUrlError("bad repo");
-          }
-          const branch = await gitOrg.getBranch(
-            repo.name,
-            repo.defaultBranch.replace(/^refs\/heads\//, ""),
-            repo.project?.name
-          );
-          return {
-            repoName: repo.name,
-            repoUrl: repo.remoteUrl.replace(
-              /^[hH][tT][tT][pP][sS]:\/\/[^/]+@/,
-              "https://"
-            ),
-            repoOwner: org,
-            repoIsPublic: repo.project?.visibility === 2 /* Public */,
-            repoLanguages: [],
-            repoUpdatedAt: branch.commit?.committer?.date?.toDateString() || repo.project?.lastUpdateTime?.toDateString() || (/* @__PURE__ */ new Date()).toDateString()
-          };
-        })
-      )).reduce((acc, res) => {
-        if (res.status === "fulfilled") {
-          acc.push(res.value);
-        }
-        return acc;
-      }, []);
-      return repoInfoList;
-    })
-  )).reduce((acc, res) => {
-    if (res.status === "fulfilled") {
-      return acc.concat(res.value);
-    }
-    return acc;
-  }, []);
-  return repos;
-}
-
-// src/features/analysis/scm/ado/AdoSCMLib.ts
-import { setTimeout as setTimeout2 } from "node:timers/promises";
-
-// src/features/analysis/scm/scmSubmit/index.ts
-import fs2 from "node:fs/promises";
-import parseDiff from "parse-diff";
-import path4 from "path";
-import { simpleGit } from "simple-git";
-import tmp from "tmp";
-import { z as z20 } from "zod";
-
-// src/features/analysis/scm/scmSubmit/types.ts
-import { z as z19 } from "zod";
-var BaseSubmitToScmMessageZ = z19.object({
-  submitFixRequestId: z19.string().uuid(),
-  fixes: z19.array(
-    z19.object({
-      fixId: z19.string().uuid(),
-      patchesOriginalEncodingBase64: z19.array(z19.string()),
-      patches: z19.array(z19.string())
-    })
-  ),
-  commitHash: z19.string(),
-  repoUrl: z19.string(),
-  mobbUserEmail: z19.string(),
-  extraHeaders: z19.record(z19.string(), z19.string()).default({})
-});
-var submitToScmMessageType = {
-  commitToSameBranch: "commitToSameBranch",
-  submitFixesForDifferentBranch: "submitFixesForDifferentBranch"
-};
-var CommitToSameBranchParamsZ = BaseSubmitToScmMessageZ.merge(
-  z19.object({
-    type: z19.literal(submitToScmMessageType.commitToSameBranch),
-    branch: z19.string(),
-    commitMessages: z19.array(z19.string()),
-    commitDescriptions: z19.array(z19.string().nullish()),
-    githubCommentId: z19.number().nullish(),
-    prId: z19.number().nullish()
-  })
-);
-var SubmitFixesToDifferentBranchParamsZ = z19.object({
-  type: z19.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  submitBranch: z19.string(),
-  baseBranch: z19.string()
-}).merge(BaseSubmitToScmMessageZ);
-var SubmitFixesMessageZ = z19.union([
-  CommitToSameBranchParamsZ,
-  SubmitFixesToDifferentBranchParamsZ
-]);
-var FixResponseArrayZ = z19.array(
-  z19.object({
-    fixId: z19.string().uuid()
-  })
-);
-var SubmitFixesBaseResponseMessageZ = z19.object({
-  mobbUserEmail: z19.string(),
-  submitFixRequestId: z19.string().uuid(),
-  submitBranches: z19.array(
-    z19.object({
-      branchName: z19.string(),
-      fixes: FixResponseArrayZ
-    })
-  ),
-  error: z19.object({
-    type: z19.enum([
-      "InitialRepoAccessError",
-      "PushBranchError",
-      "AllFixesConflictWithTargetBranchError",
-      "InternalFixConflictError",
-      "UnknownError"
-    ]),
-    info: z19.object({
-      message: z19.string(),
-      pushBranchName: z19.string().optional()
-    })
-  }).optional()
-});
-var authorSchemaZ = z19.object({
-  email: z19.string(),
-  name: z19.string()
-}).nullable();
-var summarySchemaZ = z19.object({
-  changes: z19.number(),
-  insertions: z19.number(),
-  deletions: z19.number()
-});
-var GitCommitZ = z19.object({
-  author: authorSchemaZ,
-  branch: z19.string(),
-  commit: z19.string(),
-  root: z19.boolean(),
-  summary: summarySchemaZ
-});
-var SubmitFixesToSameBranchResponseMessageZ = z19.object({
-  type: z19.literal(submitToScmMessageType.commitToSameBranch),
-  githubCommentId: z19.number().nullish(),
-  commits: z19.array(GitCommitZ),
-  prId: z19.number().nullish()
-}).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesToDifferentBranchResponseMessageZ = z19.object({
-  type: z19.literal(submitToScmMessageType.submitFixesForDifferentBranch),
-  githubCommentId: z19.number().optional()
-}).merge(SubmitFixesBaseResponseMessageZ);
-var SubmitFixesResponseMessageZ = z19.discriminatedUnion("type", [
-  SubmitFixesToSameBranchResponseMessageZ,
-  SubmitFixesToDifferentBranchResponseMessageZ
-]);
-
-// src/features/analysis/scm/scmSubmit/index.ts
-var isValidBranchName = async (branchName) => {
-  const git = simpleGit();
-  try {
-    const res = await git.raw(["check-ref-format", "--branch", branchName]);
-    if (res) {
-      return true;
-    }
-    return false;
-  } catch (e) {
-    return false;
-  }
-};
-var FixesZ = z20.array(
-  z20.object({
-    fixId: z20.string(),
-    patchesOriginalEncodingBase64: z20.array(z20.string())
-  })
-).nonempty();
-
-// src/features/analysis/scm/scm.ts
-var SCMLib = class {
-  constructor(url, accessToken, scmOrg) {
-    __publicField(this, "url");
-    __publicField(this, "accessToken");
-    __publicField(this, "scmOrg");
-    this.accessToken = accessToken;
-    this.url = url;
-    this.scmOrg = scmOrg;
-  }
-  async getUrlWithCredentials() {
-    if (!this.url) {
-      console.error("no url for getUrlWithCredentials()");
-      throw new Error("no url");
-    }
-    const trimmedUrl = this.url.trim().replace(/\/$/, "");
-    const accessToken = this.getAccessToken();
-    if (!accessToken) {
-      return trimmedUrl;
-    }
-    if (this.scmLibType === "ADO" /* ADO */) {
-      const { host, protocol, pathname } = new URL(trimmedUrl);
-      return `${protocol}//${accessToken}@${host}${pathname}`;
-    }
-    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
-    const username = await this._getUsernameForAuthUrl();
-    return buildAuthorizedRepoUrl({
-      url: finalUrl,
-      username,
-      password: accessToken
-    });
-  }
-  getAccessToken() {
-    return this.accessToken || "";
-  }
-  getUrl() {
-    return this.url;
-  }
-  getName() {
-    if (!this.url) {
-      return "";
-    }
-    return this.url.split("/").at(-1) || "";
-  }
-  _validateAccessToken() {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-  }
-  static async getIsValidBranchName(branchName) {
-    return isValidBranchName(branchName);
-  }
-  _validateAccessTokenAndUrl() {
-    this._validateAccessToken();
-    this._validateUrl();
-  }
-  _validateUrl() {
-    if (!this.url) {
-      console.error("no url");
-      throw new InvalidRepoUrlError("no url");
+          url: void 0
+        }),
+        orgName: org
+      });
+      const gitOrg = await orgApi.getGitApi();
+      const orgRepos = await gitOrg.getRepositories();
+      const repoInfoList = (await Promise.allSettled(
+        orgRepos.map(async (repo) => {
+          if (!repo.name || !repo.remoteUrl || !repo.defaultBranch) {
+            throw new InvalidRepoUrlError("bad repo");
+          }
+          const branch = await gitOrg.getBranch(
+            repo.name,
+            repo.defaultBranch.replace(/^refs\/heads\//, ""),
+            repo.project?.name
+          );
+          return {
+            repoName: repo.name,
+            repoUrl: repo.remoteUrl.replace(
+              /^[hH][tT][tT][pP][sS]:\/\/[^/]+@/,
+              "https://"
+            ),
+            repoOwner: org,
+            repoIsPublic: repo.project?.visibility === 2 /* Public */,
+            repoLanguages: [],
+            repoUpdatedAt: branch.commit?.committer?.date?.toDateString() || repo.project?.lastUpdateTime?.toDateString() || (/* @__PURE__ */ new Date()).toDateString()
+          };
+        })
+      )).reduce((acc, res) => {
+        if (res.status === "fulfilled") {
+          acc.push(res.value);
+        }
+        return acc;
+      }, []);
+      return repoInfoList;
+    })
+  )).reduce((acc, res) => {
+    if (res.status === "fulfilled") {
+      return acc.concat(res.value);
     }
-  }
-};
+    return acc;
+  }, []);
+  return repos;
+}
 
 // src/features/analysis/scm/ado/AdoSCMLib.ts
+import { setTimeout as setTimeout2 } from "node:timers/promises";
 async function initAdoSdk(params) {
   const { url, accessToken, scmOrg } = params;
   const adoClientParams = await getAdoClientParams({
@@ -5049,33 +5103,33 @@ import querystring2 from "node:querystring";
 import * as bitbucketPkgNode from "bitbucket";
 import bitbucketPkg from "bitbucket";
 import Debug3 from "debug";
-import { z as z22 } from "zod";
+import { z as z20 } from "zod";
 
 // src/features/analysis/scm/bitbucket/validation.ts
-import { z as z21 } from "zod";
-var BitbucketAuthResultZ = z21.object({
-  access_token: z21.string(),
-  token_type: z21.string(),
-  refresh_token: z21.string()
+import { z as z19 } from "zod";
+var BitbucketAuthResultZ = z19.object({
+  access_token: z19.string(),
+  token_type: z19.string(),
+  refresh_token: z19.string()
 });
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var debug3 = Debug3("scm:bitbucket");
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z22.object({
-  status: z22.number(),
-  error: z22.object({
-    type: z22.string(),
-    error: z22.object({
-      message: z22.string()
+var TokenExpiredErrorZ = z20.object({
+  status: z20.number(),
+  error: z20.object({
+    type: z20.string(),
+    error: z20.object({
+      message: z20.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
-var BitbucketParseResultZ = z22.object({
-  organization: z22.string(),
-  repoName: z22.string(),
-  hostname: z22.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z20.object({
+  organization: z20.string(),
+  repoName: z20.string(),
+  hostname: z20.literal(BITBUCKET_HOSTNAME)
 });
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
@@ -5136,7 +5190,7 @@ function getBitbucketSdk(params) {
       if (!res.data.values) {
         return [];
       }
-      return res.data.values.filter((branch) => !!branch.name).map((branch) => z22.string().parse(branch.name));
+      return res.data.values.filter((branch) => !!branch.name).map((branch) => z20.string().parse(branch.name));
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
@@ -5251,7 +5305,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: tagRes.data.target?.hash,
         type: "TAG" /* TAG */,
-        date: new Date(z22.string().parse(tagRes.data.target?.date))
+        date: new Date(z20.string().parse(tagRes.data.target?.date))
       });
     },
     async getBranchRef(params2) {
@@ -5259,7 +5313,7 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getBranchRes.target?.hash,
         type: "BRANCH" /* BRANCH */,
-        date: new Date(z22.string().parse(getBranchRes.target?.date))
+        date: new Date(z20.string().parse(getBranchRes.target?.date))
       });
     },
     async getCommitRef(params2) {
@@ -5267,13 +5321,13 @@ function getBitbucketSdk(params) {
       return GetRefererenceResultZ.parse({
         sha: getCommitRes.hash,
         type: "COMMIT" /* COMMIT */,
-        date: new Date(z22.string().parse(getCommitRes.date))
+        date: new Date(z20.string().parse(getCommitRes.date))
       });
     },
     async getDownloadUrl({ url, sha }) {
       this.getReferenceData({ ref: sha, url });
       const repoRes = await this.getRepo({ repoUrl: url });
-      const parsedRepoUrl = z22.string().url().parse(repoRes.links?.html?.href);
+      const parsedRepoUrl = z20.string().url().parse(repoRes.links?.html?.href);
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
@@ -5338,7 +5392,7 @@ async function validateBitbucketParams(params) {
 }
 async function getUsersworkspacesSlugs(bitbucketClient) {
   const res = await bitbucketClient.workspaces.getWorkspaces({});
-  return res.data.values?.map((v) => z22.string().parse(v.slug));
+  return res.data.values?.map((v) => z20.string().parse(v.slug));
 }
 async function getllUsersrepositories(bitbucketClient) {
   const userWorspacesSlugs = await getUsersworkspacesSlugs(bitbucketClient);
@@ -5366,10 +5420,10 @@ async function getRepositoriesByWorkspace(bitbucketClient, { workspaceSlug }) {
 
 // src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
 import { setTimeout as setTimeout3 } from "node:timers/promises";
-import { z as z23 } from "zod";
+import { z as z21 } from "zod";
 function getUserAndPassword(token) {
   const [username, password] = token.split(":");
-  const safePasswordAndUsername = z23.object({ username: z23.string(), password: z23.string() }).parse({ username, password });
+  const safePasswordAndUsername = z21.object({ username: z21.string(), password: z21.string() }).parse({ username, password });
   return {
     username: safePasswordAndUsername.username,
     password: safePasswordAndUsername.password
@@ -5441,7 +5495,7 @@ var BitbucketSCMLib = class extends SCMLib {
         return { username, password, authType };
       }
       case "token": {
-        return { authType, token: z23.string().parse(this.accessToken) };
+        return { authType, token: z21.string().parse(this.accessToken) };
       }
       case "public":
         return { authType };
@@ -5455,7 +5509,7 @@ var BitbucketSCMLib = class extends SCMLib {
           ...params,
           repoUrl: this.url
         });
-        return String(z23.number().parse(pullRequestRes.id));
+        return String(z21.number().parse(pullRequestRes.id));
       } catch (e) {
         console.warn(
           `error creating pull request for BB. Try number ${i + 1}`,
@@ -5531,319 +5585,70 @@ var BitbucketSCMLib = class extends SCMLib {
       return res.name === branch;
     } catch (e) {
       return false;
-    }
-  }
-  async getUserHasAccessToRepo() {
-    this._validateAccessTokenAndUrl();
-    return this.bitbucketSdk.getIsUserCollaborator({ repoUrl: this.url });
-  }
-  async getUsername() {
-    this._validateAccessToken();
-    const res = await this.bitbucketSdk.getUser();
-    return z23.string().parse(res.username);
-  }
-  async getSubmitRequestStatus(_scmSubmitRequestId) {
-    this._validateAccessTokenAndUrl();
-    const pullRequestRes = await this.bitbucketSdk.getPullRequest({
-      prNumber: Number(_scmSubmitRequestId),
-      url: this.url
-    });
-    switch (pullRequestRes.state) {
-      case "OPEN":
-        return "open";
-      case "MERGED":
-        return "merged";
-      case "DECLINED":
-        return "closed";
-      default:
-        throw new Error(`unknown state ${pullRequestRes.state} `);
-    }
-  }
-  async getRepoBlameRanges(_ref, _path) {
-    return [];
-  }
-  async getReferenceData(ref) {
-    this._validateUrl();
-    return this.bitbucketSdk.getReferenceData({ url: this.url, ref });
-  }
-  async getRepoDefaultBranch() {
-    this._validateUrl();
-    const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z23.string().parse(repoRes.mainbranch?.name);
-  }
-  getSubmitRequestUrl(submitRequestId) {
-    this._validateUrl();
-    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
-    return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repo_slug}/pull-requests/${submitRequestId}`
-    );
-  }
-  async getSubmitRequestId(submitRequestUrl) {
-    const match = submitRequestUrl.match(/\/pull-requests\/(\d+)/);
-    return match?.[1] || "";
-  }
-  getCommitUrl(commitId) {
-    this._validateUrl();
-    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
-    return Promise.resolve(
-      `https://bitbucket.org/${workspace}/${repo_slug}/commits/${commitId}`
-    );
-  }
-  async addCommentToSubmitRequest(submitRequestId, comment) {
-    this._validateUrl();
-    await this.bitbucketSdk.addCommentToPullRequest({
-      prNumber: Number(submitRequestId),
-      url: this.url,
-      markdownComment: comment
-    });
-  }
-};
-
-// src/features/analysis/scm/github/GithubSCMLib.ts
-import { z as z24 } from "zod";
-var GithubSCMLib = class extends SCMLib {
-  // we don't always need a url, what's important is that we have an access token
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-    __publicField(this, "githubSdk");
-    this.githubSdk = getGithubSdk({
-      auth: accessToken,
-      url
-    });
-  }
-  async createSubmitRequest(params) {
-    this._validateAccessTokenAndUrl();
-    const { targetBranchName, sourceBranchName, title, body } = params;
-    const pullRequestResult = await this.githubSdk.createPullRequest({
-      title,
-      body,
-      targetBranchName,
-      sourceBranchName,
-      repoUrl: this.url
-    });
-    return String(pullRequestResult.data.number);
-  }
-  async forkRepo(repoUrl) {
-    this._validateAccessToken();
-    return this.githubSdk.forkRepo({
-      repoUrl
-    });
-  }
-  async createOrUpdateRepositorySecret(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
-    const { key_id, key } = repositoryPublicKeyResponse;
-    const encryptedValue = await encryptSecret(params.value, key);
-    return this.githubSdk.createOrUpdateRepositorySecret({
-      encrypted_value: encryptedValue,
-      secret_name: params.name,
-      key_id,
-      owner,
-      repo
-    });
-  }
-  async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
-    const { pull_request_url } = await this.githubSdk.createPr({
-      sourceRepoUrl,
-      filesPaths,
-      userRepoUrl,
-      title,
-      body
-    });
-    return { pull_request_url };
-  }
-  async validateParams() {
-    return githubValidateParams(this.url, this.accessToken);
-  }
-  async postPrComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.postPrComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async updatePrComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.updatePrComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async deleteComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async getPrComments(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.getPrComments({
-      per_page: 100,
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async getPrDiff(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const prRes = await this.githubSdk.getPrDiff({
-      ...params,
-      owner,
-      repo
-    });
-    return z24.string().parse(prRes.data);
-  }
-  async getRepoList(_scmOrg) {
-    this._validateAccessToken();
-    return this.githubSdk.getGithubRepoList();
-  }
-  async getBranchList() {
-    this._validateAccessTokenAndUrl();
-    const branches = await this.githubSdk.getGithubBranchList(this.url);
-    return branches.data.map((branch) => branch.name);
-  }
-  get scmLibType() {
-    return "GITHUB" /* GITHUB */;
-  }
-  getAuthHeaders() {
-    if (this.accessToken) {
-      return { authorization: `Bearer ${this.accessToken}` };
-    }
-    return {};
-  }
-  getDownloadUrl(sha) {
-    this._validateUrl();
-    const res = parseScmURL(this.url, "GitHub" /* GitHub */);
-    if (!res) {
-      throw new InvalidRepoUrlError("invalid repo url");
-    }
-    const { protocol, hostname, organization, repoName } = res;
-    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
-    return Promise.resolve(downloadUrl);
-  }
-  async _getUsernameForAuthUrl() {
-    return this.getUsername();
-  }
-  async getIsRemoteBranch(branch) {
-    this._validateUrl();
-    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
+    }
   }
   async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    const username = await this.getUsername();
-    return this.githubSdk.getGithubIsUserCollaborator({
-      repoUrl: this.url,
-      username
-    });
+    return this.bitbucketSdk.getIsUserCollaborator({ repoUrl: this.url });
   }
   async getUsername() {
     this._validateAccessToken();
-    return this.githubSdk.getGithubUsername();
-  }
-  async getSubmitRequestStatus(scmSubmitRequestId) {
-    this._validateAccessTokenAndUrl();
-    return this.githubSdk.getGithubPullRequestStatus({
-      repoUrl: this.url,
-      prNumber: Number(scmSubmitRequestId)
-    });
+    const res = await this.bitbucketSdk.getUser();
+    return z21.string().parse(res.username);
   }
-  async addCommentToSubmitRequest(submitRequestId, comment) {
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
-    await this.githubSdk.createMarkdownCommentOnPullRequest({
-      repoUrl: this.url,
-      prNumber: Number(submitRequestId),
-      markdownComment: comment
+    const pullRequestRes = await this.bitbucketSdk.getPullRequest({
+      prNumber: Number(_scmSubmitRequestId),
+      url: this.url
     });
+    switch (pullRequestRes.state) {
+      case "OPEN":
+        return "open";
+      case "MERGED":
+        return "merged";
+      case "DECLINED":
+        return "closed";
+      default:
+        throw new Error(`unknown state ${pullRequestRes.state} `);
+    }
   }
-  async getRepoBlameRanges(ref, path9) {
-    this._validateUrl();
-    return await this.githubSdk.getGithubBlameRanges({
-      ref,
-      path: path9,
-      gitHubUrl: this.url
-    });
+  async getRepoBlameRanges(_ref, _path) {
+    return [];
   }
   async getReferenceData(ref) {
     this._validateUrl();
-    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
-  }
-  async getPrComment(commentId) {
-    this._validateUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getPrComment({
-      repo,
-      owner,
-      comment_id: commentId
-    });
+    return this.bitbucketSdk.getReferenceData({ url: this.url, ref });
   }
   async getRepoDefaultBranch() {
     this._validateUrl();
-    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
+    const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
+    return z21.string().parse(repoRes.mainbranch?.name);
   }
-  async getSubmitRequestUrl(submitRequestUrl) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getPrRes = await this.githubSdk.getPr({
-      owner,
-      repo,
-      pull_number: submitRequestUrl
-    });
-    return getPrRes.data.html_url;
+  getSubmitRequestUrl(submitRequestId) {
+    this._validateUrl();
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    return Promise.resolve(
+      `https://bitbucket.org/${workspace}/${repo_slug}/pull-requests/${submitRequestId}`
+    );
   }
   async getSubmitRequestId(submitRequestUrl) {
-    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
+    const match = submitRequestUrl.match(/\/pull-requests\/(\d+)/);
     return match?.[1] || "";
   }
-  async getCommitUrl(commitId) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getCommitRes = await this.githubSdk.getCommit({
-      owner,
-      repo,
-      commitSha: commitId
-    });
-    return getCommitRes.data.html_url;
-  }
-  async postGeneralPrComment(params) {
-    const { prNumber, body } = params;
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.postGeneralPrComment({
-      issue_number: prNumber,
-      owner,
-      repo,
-      body
-    });
-  }
-  async getGeneralPrComments(params) {
-    const { prNumber } = params;
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getGeneralPrComments({
-      issue_number: prNumber,
-      owner,
-      repo
-    });
+  getCommitUrl(commitId) {
+    this._validateUrl();
+    const { repo_slug, workspace } = parseBitbucketOrganizationAndRepo(this.url);
+    return Promise.resolve(
+      `https://bitbucket.org/${workspace}/${repo_slug}/commits/${commitId}`
+    );
   }
-  async deleteGeneralPrComment({
-    commentId
-  }) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteGeneralPrComment({
-      owner,
-      repo,
-      comment_id: commentId
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateUrl();
+    await this.bitbucketSdk.addCommentToPullRequest({
+      prNumber: Number(submitRequestId),
+      url: this.url,
+      markdownComment: comment
     });
   }
 };
@@ -5863,11 +5668,11 @@ import {
 } from "undici";
 
 // src/features/analysis/scm/gitlab/types.ts
-import { z as z25 } from "zod";
-var GitlabAuthResultZ = z25.object({
-  access_token: z25.string(),
-  token_type: z25.string(),
-  refresh_token: z25.string()
+import { z as z22 } from "zod";
+var GitlabAuthResultZ = z22.object({
+  access_token: z22.string(),
+  token_type: z22.string(),
+  refresh_token: z22.string()
 });
 
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -6165,13 +5970,13 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
   const { organization, repoName, projectPath } = parsingResult;
   return { owner: organization, repo: repoName, projectPath };
 }
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path9 }, options) {
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path8 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
   const api2 = getGitBeaker({
     url: gitlabUrl,
     gitlabAuthToken: options?.gitlabAuthToken
   });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path9, ref);
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path8, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
     const oldLineNumber = lineNumber;
@@ -6357,10 +6162,10 @@ var GitlabSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path9) {
+  async getRepoBlameRanges(ref, path8) {
     this._validateUrl();
     return await getGitlabBlameRanges(
-      { ref, path: path9, gitlabUrl: this.url },
+      { ref, path: path8, gitlabUrl: this.url },
       {
         url: this.url,
         gitlabAuthToken: this.accessToken
@@ -6409,7 +6214,7 @@ var GitlabSCMLib = class extends SCMLib {
 };
 
 // src/features/analysis/scm/scmFactory.ts
-import { z as z26 } from "zod";
+import { z as z23 } from "zod";
 
 // src/features/analysis/scm/StubSCMLib.ts
 var StubSCMLib = class extends SCMLib {
@@ -6531,7 +6336,7 @@ async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateEx
     if (e instanceof InvalidRepoUrlError && url) {
       throw new RepoNoTokenAccessError(
         "no access to repo",
-        scmLibScmTypeToScmType[z26.nativeEnum(ScmLibScmType).parse(scmType)]
+        scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
       );
     }
     console.error(`error validating scm: ${scmType} `, e);
@@ -6862,14 +6667,14 @@ function getGithubSdk(params = {}) {
       };
     },
     async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path9 } = params2;
+      const { ref, gitHubUrl, path: path8 } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
       const res = await octokit.graphql(
         GET_BLAME_DOCUMENT,
         {
           owner,
           repo,
-          path: path9,
+          path: path8,
           ref
         }
       );
@@ -7010,10 +6815,258 @@ function getGithubSdk(params = {}) {
   };
 }
 
+// src/features/analysis/scm/github/GithubSCMLib.ts
+var GithubSCMLib = class extends SCMLib {
+  // we don't always need a url, what's important is that we have an access token
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
+    __publicField(this, "githubSdk");
+    this.githubSdk = getGithubSdk({
+      auth: accessToken,
+      url
+    });
+  }
+  async createSubmitRequest(params) {
+    this._validateAccessTokenAndUrl();
+    const { targetBranchName, sourceBranchName, title, body } = params;
+    const pullRequestResult = await this.githubSdk.createPullRequest({
+      title,
+      body,
+      targetBranchName,
+      sourceBranchName,
+      repoUrl: this.url
+    });
+    return String(pullRequestResult.data.number);
+  }
+  async forkRepo(repoUrl) {
+    this._validateAccessToken();
+    return this.githubSdk.forkRepo({
+      repoUrl
+    });
+  }
+  async createOrUpdateRepositorySecret(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
+    const { key_id, key } = repositoryPublicKeyResponse;
+    const encryptedValue = await encryptSecret(params.value, key);
+    return this.githubSdk.createOrUpdateRepositorySecret({
+      encrypted_value: encryptedValue,
+      secret_name: params.name,
+      key_id,
+      owner,
+      repo
+    });
+  }
+  async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
+    const { pull_request_url } = await this.githubSdk.createPr({
+      sourceRepoUrl,
+      filesPaths,
+      userRepoUrl,
+      title,
+      body
+    });
+    return { pull_request_url };
+  }
+  async validateParams() {
+    return githubValidateParams(this.url, this.accessToken);
+  }
+  async postPrComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.postPrComment({
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async updatePrComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.updatePrComment({
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async deleteComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteComment({
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async getPrComments(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.getPrComments({
+      per_page: 100,
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async getPrDiff(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const prRes = await this.githubSdk.getPrDiff({
+      ...params,
+      owner,
+      repo
+    });
+    return z24.string().parse(prRes.data);
+  }
+  async getRepoList(_scmOrg) {
+    this._validateAccessToken();
+    return this.githubSdk.getGithubRepoList();
+  }
+  async getBranchList() {
+    this._validateAccessTokenAndUrl();
+    const branches = await this.githubSdk.getGithubBranchList(this.url);
+    return branches.data.map((branch) => branch.name);
+  }
+  get scmLibType() {
+    return "GITHUB" /* GITHUB */;
+  }
+  getAuthHeaders() {
+    if (this.accessToken) {
+      return { authorization: `Bearer ${this.accessToken}` };
+    }
+    return {};
+  }
+  getDownloadUrl(sha) {
+    this._validateUrl();
+    const res = parseScmURL(this.url, "GitHub" /* GitHub */);
+    if (!res) {
+      throw new InvalidRepoUrlError("invalid repo url");
+    }
+    const { protocol, hostname, organization, repoName } = res;
+    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
+    return Promise.resolve(downloadUrl);
+  }
+  async _getUsernameForAuthUrl() {
+    return this.getUsername();
+  }
+  async getIsRemoteBranch(branch) {
+    this._validateUrl();
+    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
+  }
+  async getUserHasAccessToRepo() {
+    this._validateAccessTokenAndUrl();
+    const username = await this.getUsername();
+    return this.githubSdk.getGithubIsUserCollaborator({
+      repoUrl: this.url,
+      username
+    });
+  }
+  async getUsername() {
+    this._validateAccessToken();
+    return this.githubSdk.getGithubUsername();
+  }
+  async getSubmitRequestStatus(scmSubmitRequestId) {
+    this._validateAccessTokenAndUrl();
+    return this.githubSdk.getGithubPullRequestStatus({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId)
+    });
+  }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    await this.githubSdk.createMarkdownCommentOnPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(submitRequestId),
+      markdownComment: comment
+    });
+  }
+  async getRepoBlameRanges(ref, path8) {
+    this._validateUrl();
+    return await this.githubSdk.getGithubBlameRanges({
+      ref,
+      path: path8,
+      gitHubUrl: this.url
+    });
+  }
+  async getReferenceData(ref) {
+    this._validateUrl();
+    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
+  }
+  async getPrComment(commentId) {
+    this._validateUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getPrComment({
+      repo,
+      owner,
+      comment_id: commentId
+    });
+  }
+  async getRepoDefaultBranch() {
+    this._validateUrl();
+    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
+  }
+  async getSubmitRequestUrl(submitRequestUrl) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getPrRes = await this.githubSdk.getPr({
+      owner,
+      repo,
+      pull_number: submitRequestUrl
+    });
+    return getPrRes.data.html_url;
+  }
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
+    return match?.[1] || "";
+  }
+  async getCommitUrl(commitId) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getCommitRes = await this.githubSdk.getCommit({
+      owner,
+      repo,
+      commitSha: commitId
+    });
+    return getCommitRes.data.html_url;
+  }
+  async postGeneralPrComment(params) {
+    const { prNumber, body } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.postGeneralPrComment({
+      issue_number: prNumber,
+      owner,
+      repo,
+      body
+    });
+  }
+  async getGeneralPrComments(params) {
+    const { prNumber } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getGeneralPrComments({
+      issue_number: prNumber,
+      owner,
+      repo
+    });
+  }
+  async deleteGeneralPrComment({
+    commentId
+  }) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteGeneralPrComment({
+      owner,
+      repo,
+      comment_id: commentId
+    });
+  }
+};
+
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
 import Debug7 from "debug";
-import parseDiff2 from "parse-diff";
-import { z as z28 } from "zod";
+import parseDiff from "parse-diff";
+import { z as z26 } from "zod";
 
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -7085,11 +7138,12 @@ var scannerToFriendlyString = {
 
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
 import Debug6 from "debug";
-import { z as z27 } from "zod";
+import { z as z25 } from "zod";
 var debug6 = Debug6("mobbdev:handle-finished-analysis");
 var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
-function buildCommentBody({
+function buildFixCommentBody({
   fix,
+  issueId,
   commentId,
   commentUrl,
   scanner,
@@ -7097,9 +7151,19 @@ function buildCommentBody({
   projectId,
   analysisId,
   organizationId,
-  patch
+  patch,
+  irrelevantIssueWithTags
 }) {
-  const commitUrl = getCommitUrl({
+  const isIrrelevantIssueWithTags = irrelevantIssueWithTags?.[0]?.tag;
+  const commitUrl = isIrrelevantIssueWithTags ? getCommitIssueUrl({
+    appBaseUrl: WEB_APP_URL,
+    issueId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  }) : getCommitUrl({
     appBaseUrl: WEB_APP_URL,
     fixId,
     projectId,
@@ -7108,7 +7172,15 @@ function buildCommentBody({
     redirectUrl: commentUrl,
     commentId
   });
-  const fixUrl = getFixUrlWithRedirect({
+  const fixUrl = isIrrelevantIssueWithTags ? getIssueUrlWithRedirect({
+    appBaseUrl: WEB_APP_URL,
+    issueId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  }) : getFixUrlWithRedirect({
     appBaseUrl: WEB_APP_URL,
     fixId,
     projectId,
@@ -7119,11 +7191,11 @@ function buildCommentBody({
   });
   const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
   const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
-  const validFixParseRes = z27.object({
+  const validFixParseRes = z25.object({
     patchAndQuestions: PatchAndQuestionsZ,
-    safeIssueLanguage: z27.nativeEnum(IssueLanguage_Enum),
-    severityText: z27.nativeEnum(Vulnerability_Severity_Enum),
-    safeIssueType: z27.nativeEnum(IssueType_Enum)
+    safeIssueLanguage: z25.nativeEnum(IssueLanguage_Enum),
+    severityText: z25.nativeEnum(Vulnerability_Severity_Enum),
+    safeIssueType: z25.nativeEnum(IssueType_Enum)
   }).safeParse(fix);
   if (!validFixParseRes.success) {
     debug6(
@@ -7140,7 +7212,8 @@ function buildCommentBody({
       issueType: validFixParseRes.data.safeIssueType,
       issueLanguage: validFixParseRes.data.safeIssueLanguage,
       fixExtraContext: validFixParseRes.data.patchAndQuestions.extraContext
-    })
+    }),
+    irrelevantIssueWithTags
   }) : "";
   const diff = `\`\`\`diff
 ${patch} 
@@ -7154,6 +7227,37 @@ ${getCommitFixButton(
   )}
 ${fixPageLink}`;
 }
+function buildIssueCommentBody({
+  issueId,
+  commentId,
+  commentUrl,
+  scanner,
+  issueType,
+  projectId,
+  analysisId,
+  organizationId,
+  irrelevantIssueWithTags
+}) {
+  const issueUrl = getIssueUrlWithRedirect({
+    appBaseUrl: WEB_APP_URL,
+    issueId,
+    projectId,
+    analysisId,
+    organizationId,
+    redirectUrl: commentUrl,
+    commentId
+  });
+  const title = `# ${MobbIconMarkdown} Irrelevant issues were spotted - no action required \u{1F9F9}`;
+  const subTitle = getCommitIssueDescription({
+    issueType,
+    vendor: scannerToVulnerability_Report_Vendor_Enum[scanner],
+    irrelevantIssueWithTags
+  });
+  const issuePageLink = `[Learn more and fine tune the issue](${issueUrl})`;
+  return `${title}
+${subTitle}
+${issuePageLink}`;
+}
 
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
 var debug7 = Debug7("mobbdev:handle-finished-analysis");
@@ -7211,6 +7315,53 @@ function deleteAllPreviousGeneralPrComments(params) {
     }
   });
 }
+async function postIssueComment(params) {
+  const {
+    vulnerabilityReportIssueCodeNode,
+    projectId,
+    analysisId,
+    organizationId,
+    scm,
+    commitSha,
+    pullRequest,
+    scanner
+  } = params;
+  const {
+    path: path8,
+    startLine,
+    vulnerabilityReportIssue: {
+      vulnerabilityReportIssueTags,
+      category,
+      parsedIssueType
+    },
+    vulnerabilityReportIssueId
+  } = vulnerabilityReportIssueCodeNode;
+  const irrelevantIssueWithTags = mapCategoryToBucket[category] === "irrelevant" && vulnerabilityReportIssueTags?.length > 0 ? vulnerabilityReportIssueTags : [];
+  const commentRes = await scm.postPrComment({
+    body: `# ${MobbIconMarkdown} Your fix is ready!
+Refresh the page in order to see the changes.`,
+    pull_number: pullRequest,
+    commit_id: commitSha,
+    path: path8,
+    line: startLine
+  });
+  const commentId = commentRes.data.id;
+  const commentBody = buildIssueCommentBody({
+    issueId: vulnerabilityReportIssueId,
+    issueType: parsedIssueType,
+    irrelevantIssueWithTags,
+    commentId,
+    commentUrl: commentRes.data.html_url,
+    scanner,
+    projectId,
+    analysisId,
+    organizationId
+  });
+  return await scm.updatePrComment({
+    body: commentBody,
+    comment_id: commentId
+  });
+}
 async function postFixComment(params) {
   const {
     vulnerabilityReportIssueCodeNode,
@@ -7224,10 +7375,12 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path9,
+    path: path8,
     startLine,
-    vulnerabilityReportIssue: { fixId }
+    vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
+    vulnerabilityReportIssueId
   } = vulnerabilityReportIssueCodeNode;
+  const irrelevantIssueWithTags = mapCategoryToBucket[category] === "irrelevant" && vulnerabilityReportIssueTags?.length > 0 ? vulnerabilityReportIssueTags : [];
   const fix = fixesById[fixId];
   if (!fix || fix.patchAndQuestions.__typename !== "FixData") {
     throw new Error(`fix ${fixId} not found`);
@@ -7240,12 +7393,14 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path9,
+    path: path8,
     line: startLine
   });
   const commentId = commentRes.data.id;
-  const commentBody = buildCommentBody({
+  const commentBody = buildFixCommentBody({
     fix,
+    issueId: vulnerabilityReportIssueId,
+    irrelevantIssueWithTags,
     commentId,
     commentUrl: commentRes.data.html_url,
     scanner,
@@ -7288,7 +7443,7 @@ ${summary.join("\n")}`;
 }
 async function getRelevantVulenrabilitiesFromDiff(params) {
   const { gqlClient, diff, vulnerabilityReportId } = params;
-  const parsedDiff = parseDiff2(diff);
+  const parsedDiff = parseDiff(diff);
   const fileHunks = parsedDiff.map((file) => {
     const fileNumbers = file.chunks.flatMap((chunk) => chunk.changes).filter((change) => change.type === "add").map((_change) => {
       const change = _change;
@@ -7296,7 +7451,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z28.string().parse(file.to),
+      path: z26.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -7399,7 +7554,7 @@ async function addFixCommentsForPr({
   gqlClient,
   scanner
 }) {
-  if (_scm instanceof GithubSCMLib === false) {
+  if (!(_scm instanceof GithubSCMLib)) {
     return;
   }
   const scm = _scm;
@@ -7421,7 +7576,10 @@ async function addFixCommentsForPr({
     gqlClient,
     vulnerabilityReportId: getAnalysisRes.vulnerabilityReportId
   });
-  const { vulnerabilityReportIssueCodeNodes } = prVulenrabilities;
+  const {
+    vulnerabilityReportIssueCodeNodes,
+    irrelevantVulnerabilityReportIssues
+  } = prVulenrabilities;
   const fixesId = vulnerabilityReportIssueCodeNodes.map(
     ({ vulnerabilityReportIssue: { fixId } }) => fixId
   );
@@ -7450,6 +7608,33 @@ async function addFixCommentsForPr({
         });
       }
     ),
+    ...irrelevantVulnerabilityReportIssues.map((vulnerabilityReportIssue) => {
+      return vulnerabilityReportIssue.codeNodes.map(
+        (vulnerabilityReportIssueCodeNode) => {
+          return postIssueComment({
+            vulnerabilityReportIssueCodeNode: {
+              path: vulnerabilityReportIssueCodeNode.path,
+              startLine: vulnerabilityReportIssueCodeNode.startLine,
+              vulnerabilityReportIssue: {
+                fixId: "",
+                parsedIssueType: vulnerabilityReportIssue.parsedIssueType,
+                vulnerabilityReportIssueTags: vulnerabilityReportIssue.vulnerabilityReportIssueTags,
+                category: vulnerabilityReportIssue.category
+              },
+              vulnerabilityReportIssueId: vulnerabilityReportIssue.id
+            },
+            projectId,
+            analysisId,
+            organizationId,
+            fixesById,
+            scm,
+            pullRequest,
+            scanner,
+            commitSha
+          });
+        }
+      );
+    }),
     postAnalysisInsightComment({
       prVulenrabilities,
       pullRequest,
@@ -7648,32 +7833,63 @@ function subscribe(query, variables, callback, wsClientOptions) {
 }
 
 // src/features/analysis/graphql/types.ts
-import { z as z29 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z29.object({
-  vulnerabilityReportIssueId: z29.string(),
-  path: z29.string(),
-  startLine: z29.number(),
-  vulnerabilityReportIssue: z29.object({
-    fixId: z29.string()
+import { z as z27 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z27.object({
+  vulnerabilityReportIssueId: z27.string(),
+  path: z27.string(),
+  startLine: z27.number(),
+  vulnerabilityReportIssue: z27.object({
+    fixId: z27.string(),
+    category: ValidCategoriesZ,
+    parsedIssueType: z27.string(),
+    vulnerabilityReportIssueTags: z27.array(
+      z27.object({
+        tag: z27.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+      })
+    )
   })
 });
-var GetVulByNodesMetadataZ = z29.object({
-  vulnerabilityReportIssueCodeNodes: z29.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z29.object({
-    aggregate: z29.object({
-      count: z29.number()
+var VulnerabilityReportIssueNoFixCodeNodeZ = z27.object({
+  vulnerabilityReportIssues: z27.array(
+    z27.object({
+      id: z27.string(),
+      fixId: z27.string().nullable(),
+      category: ValidCategoriesZ,
+      parsedIssueType: z27.string(),
+      codeNodes: z27.array(
+        z27.object({
+          path: z27.string(),
+          startLine: z27.number()
+        })
+      ),
+      vulnerabilityReportIssueTags: z27.array(
+        z27.object({
+          tag: z27.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+        })
+      )
+    })
+  )
+});
+var GetVulByNodesMetadataZ = z27.object({
+  vulnerabilityReportIssueCodeNodes: z27.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z27.object({
+    aggregate: z27.object({
+      count: z27.number()
     })
   }),
-  fixablePrVuls: z29.object({
-    aggregate: z29.object({
-      count: z29.number()
+  fixablePrVuls: z27.object({
+    aggregate: z27.object({
+      count: z27.number()
     })
   }),
-  totalScanVulnerabilities: z29.object({
-    aggregate: z29.object({
-      count: z29.number()
+  totalScanVulnerabilities: z27.object({
+    aggregate: z27.object({
+      count: z27.number()
     })
-  })
+  }),
+  irrelevantVulnerabilityReportIssue: z27.array(
+    VulnerabilityReportIssueNoFixCodeNodeZ
+  )
 });
 
 // src/features/analysis/graphql/gql.ts
@@ -7825,6 +8041,7 @@ var GQLClient = class {
     const totalScanVulnerabilities = parsedGetVulByNodesMetadataRes.totalScanVulnerabilities.aggregate.count;
     const vulnerabilitiesOutsidePr = totalScanVulnerabilities - nonFixablePrVuls - fixablePrVuls;
     const totalPrVulnerabilities = nonFixablePrVuls + fixablePrVuls;
+    const irrelevantVulnerabilityReportIssues = parsedGetVulByNodesMetadataRes.irrelevantVulnerabilityReportIssue?.[0]?.vulnerabilityReportIssues ?? [];
     return {
       vulnerabilityReportIssueCodeNodes: Object.values(
         uniqueVulByNodesMetadata
@@ -7833,7 +8050,8 @@ var GQLClient = class {
       fixablePrVuls,
       totalScanVulnerabilities,
       vulnerabilitiesOutsidePr,
-      totalPrVulnerabilities
+      totalPrVulnerabilities,
+      irrelevantVulnerabilityReportIssues
     };
   }
   async digestVulnerabilityReport({
@@ -7961,24 +8179,24 @@ var GQLClient = class {
 };
 
 // src/features/analysis/pack.ts
-import fs3 from "node:fs";
-import path5 from "node:path";
+import fs2 from "node:fs";
+import path4 from "node:path";
 import AdmZip from "adm-zip";
 import Debug12 from "debug";
 import { globby } from "globby";
 import { isBinary } from "istextorbinary";
 import { simpleGit as simpleGit3 } from "simple-git";
 import { parseStringPromise } from "xml2js";
-import { z as z30 } from "zod";
+import { z as z28 } from "zod";
 var debug12 = Debug12("mobbdev:pack");
 var MAX_FILE_SIZE = 1024 * 1024 * 5;
-var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z30.object({
-  properties: z30.object({
-    entry: z30.array(
-      z30.object({
-        _: z30.string(),
-        $: z30.object({
-          key: z30.string()
+var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z28.object({
+  properties: z28.object({
+    entry: z28.array(
+      z28.object({
+        _: z28.string(),
+        $: z28.object({
+          key: z28.string()
         })
       })
     )
@@ -8028,20 +8246,20 @@ async function pack(srcDirPath, vulnFiles) {
   const zip = new AdmZip();
   debug12("compressing files");
   for (const filepath of filepaths) {
-    const absFilepath = path5.join(srcDirPath, filepath.toString());
+    const absFilepath = path4.join(srcDirPath, filepath.toString());
     vulnFiles = vulnFiles.concat(_get_manifest_files_suffixes());
     if (!endsWithAny(
-      absFilepath.toString().replaceAll(path5.win32.sep, path5.posix.sep),
+      absFilepath.toString().replaceAll(path4.win32.sep, path4.posix.sep),
       vulnFiles
     )) {
       debug12("ignoring %s because it is not a vulnerability file", filepath);
       continue;
     }
-    if (fs3.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
+    if (fs2.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
       debug12("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
-    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs3.readFileSync(absFilepath);
+    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs2.readFileSync(absFilepath);
     if (isBinary(null, data)) {
       debug12("ignoring %s because is seems to be a binary file", filepath);
       continue;
@@ -8198,7 +8416,7 @@ import Debug14 from "debug";
 import { existsSync } from "fs";
 import { createSpinner as createSpinner2 } from "nanospinner";
 import { type } from "os";
-import path6 from "path";
+import path5 from "path";
 var debug13 = Debug14("mobbdev:checkmarx");
 var require2 = createRequire(import.meta.url);
 var getCheckmarxPath = () => {
@@ -8258,9 +8476,9 @@ async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectN
     await startCheckmarxConfigationPrompt();
     await validateCheckamxCredentials();
   }
-  const extension = path6.extname(reportPath);
-  const filePath = path6.dirname(reportPath);
-  const fileName = path6.basename(reportPath, extension);
+  const extension = path5.extname(reportPath);
+  const filePath = path5.dirname(reportPath);
+  const fileName = path5.basename(reportPath, extension);
   const checkmarxCommandArgs = getCheckmarxCommandArgs({
     repoPath: repositoryRoot,
     branch,
@@ -8442,7 +8660,7 @@ async function downloadRepo({
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
   debug16("download repo %s %s %s", repoUrl, dirname);
-  const zipFilePath = path7.join(dirname, "repo.zip");
+  const zipFilePath = path6.join(dirname, "repo.zip");
   debug16("download URL: %s auth headers: %o", downloadUrl, authHeaders);
   const response = await fetch4(downloadUrl, {
     method: "GET",
@@ -8455,19 +8673,19 @@ async function downloadRepo({
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(`Can't access ${chalk4.bold(repoUrl)}`);
   }
-  const fileWriterStream = fs4.createWriteStream(zipFilePath);
+  const fileWriterStream = fs3.createWriteStream(zipFilePath);
   if (!response.body) {
     throw new Error("Response body is empty");
   }
   await pipeline(response.body, fileWriterStream);
   await extract(zipFilePath, { dir: dirname });
-  const repoRoot = fs4.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
+  const repoRoot = fs3.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
   debug16("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
-  return path7.join(dirname, repoRoot);
+  return path6.join(dirname, repoRoot);
 }
 var getReportUrl = ({
   organizationId,
@@ -8478,7 +8696,7 @@ var debug16 = Debug17("mobbdev:index");
 var config2 = new Configstore(packageJson.name, { apiToken: "" });
 debug16("config %o", config2);
 async function runAnalysis(params, options) {
-  const tmpObj = tmp2.dirSync({
+  const tmpObj = tmp.dirSync({
     unsafeCleanup: true
   });
   try {
@@ -8577,7 +8795,7 @@ async function getReport(params, { skipPrompts }) {
     authHeaders: scm.getAuthHeaders(),
     downloadUrl
   });
-  const reportPath = path7.join(dirname, "report.json");
+  const reportPath = path6.join(dirname, "report.json");
   switch (scanner) {
     case "snyk":
       await getSnykReport(reportPath, repositoryRoot, { skipPrompts });
@@ -8737,7 +8955,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z31.string().parse(repo),
+      repoUrl: z29.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: "report.json",
@@ -8764,6 +8982,15 @@ async function _scan(params, { skipPrompts = false } = {}) {
     });
   }
   await askToOpenAnalysis();
+  if (command === "review") {
+    await waitForAnaysisAndReviewPr({
+      repo,
+      githubActionToken,
+      analysisId: reportUploadInfo.fixReportId,
+      scanner,
+      gqlClient
+    });
+  }
   return reportUploadInfo.fixReportId;
   async function askToOpenAnalysis() {
     if (!repoUploadInfo || !reportUploadInfo) {
@@ -8856,7 +9083,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     const zippingSpinner = createSpinner5("\u{1F4E6} Zipping repo").start();
     let zipBuffer;
     let gitInfo = { success: false };
-    if (srcFileStatus.isFile() && path7.extname(srcPath).toLowerCase() === ".fpr") {
+    if (srcFileStatus.isFile() && path6.extname(srcPath).toLowerCase() === ".fpr") {
       zipBuffer = await repackFpr(srcPath);
     } else {
       gitInfo = await getGitInfo(srcPath);
@@ -8892,34 +9119,12 @@ async function _scan(params, { skipPrompts = false } = {}) {
         }
       });
       if (command === "review") {
-        const params2 = z31.object({
-          repo: z31.string().url(),
-          githubActionToken: z31.string()
-        }).parse({ repo, githubActionToken });
-        const scm = await createScmLib(
-          {
-            url: params2.repo,
-            accessToken: params2.githubActionToken,
-            scmOrg: "",
-            scmType: "GITHUB" /* GITHUB */
-          },
-          {
-            propagateExceptions: true
-          }
-        );
-        await gqlClient.subscribeToAnalysis({
-          subscribeToAnalysisParams: {
-            analysisId: reportUploadInfo.fixReportId
-          },
-          callback: (analysisId) => {
-            return addFixCommentsForPr({
-              analysisId,
-              gqlClient,
-              scm,
-              scanner: z31.nativeEnum(SCANNERS).parse(scanner)
-            });
-          },
-          callbackStates: ["Finished" /* Finished */]
+        await waitForAnaysisAndReviewPr({
+          repo,
+          githubActionToken,
+          analysisId: reportUploadInfo.fixReportId,
+          scanner,
+          gqlClient
         });
       }
     } catch (e) {
@@ -8991,6 +9196,43 @@ async function _digestReport({
     throw e;
   }
 }
+async function waitForAnaysisAndReviewPr({
+  repo,
+  githubActionToken,
+  analysisId,
+  scanner,
+  gqlClient
+}) {
+  const params = z29.object({
+    repo: z29.string().url(),
+    githubActionToken: z29.string()
+  }).parse({ repo, githubActionToken });
+  const scm = await createScmLib(
+    {
+      url: params.repo,
+      accessToken: params.githubActionToken,
+      scmOrg: "",
+      scmType: "GITHUB" /* GITHUB */
+    },
+    {
+      propagateExceptions: true
+    }
+  );
+  await gqlClient.subscribeToAnalysis({
+    subscribeToAnalysisParams: {
+      analysisId
+    },
+    callback: (analysisId2) => {
+      return addFixCommentsForPr({
+        analysisId: analysisId2,
+        gqlClient,
+        scm,
+        scanner: z29.nativeEnum(SCANNERS).parse(scanner)
+      });
+    },
+    callbackStates: ["Finished" /* Finished */]
+  });
+}
 
 // src/commands/index.ts
 import chalk5 from "chalk";
@@ -9302,8 +9544,8 @@ var scmTokenOption = {
 
 // src/args/validation.ts
 import chalk7 from "chalk";
-import path8 from "path";
-import { z as z32 } from "zod";
+import path7 from "path";
+import { z as z30 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -9320,11 +9562,11 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z32.string({
+var UrlZ = z30.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z32.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z30.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -9346,7 +9588,7 @@ function validateRepoUrl(args) {
 }
 var supportExtensions = [".json", ".xml", ".fpr", ".sarif"];
 function validateReportFileFormat(reportFile) {
-  if (!supportExtensions.includes(path8.extname(reportFile))) {
+  if (!supportExtensions.includes(path7.extname(reportFile))) {
     throw new CliError(
       `
 ${chalk7.bold(
@@ -9389,7 +9631,7 @@ function analyzeBuilder(yargs2) {
   ).help();
 }
 function validateAnalyzeOptions(argv) {
-  if (!fs5.existsSync(argv.f)) {
+  if (!fs4.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk8.bold(argv.f)}`);
   }
@@ -9421,7 +9663,7 @@ async function analyzeHandler(args) {
 }
 
 // src/args/commands/review.ts
-import fs6 from "node:fs";
+import fs5 from "node:fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -9451,14 +9693,14 @@ function reviewBuilder(yargs2) {
       "Path to the repository folder with the source code"
     ),
     type: "string",
-    demandOption: true
+    demandOption: false
   }).example(
     "npx mobbdev@latest review -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>  --ch <pr_last_commit>   --pr <pr_number> --ref <pr_branch_name>  --api-key <api_key> --src-path <your_repo_path>",
     "add fixes to your pr"
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs6.existsSync(argv.f)) {
+  if (!fs5.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }