mobbdev 1.0.65 → 1.0.74

package/dist/index.mjs

@@ -7,7 +7,7 @@ var __export = (target, all) => {
 var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 
 // src/index.ts
-import Debug19 from "debug";
+import Debug20 from "debug";
 import { hideBin } from "yargs/helpers";
 
 // src/types.ts
@@ -111,6 +111,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
 })(IssueLanguage_Enum || {});
 var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
+  IssueType_Enum2["AvoidIdentityComparisonCachedTypes"] = "AVOID_IDENTITY_COMPARISON_CACHED_TYPES";
   IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
   IssueType_Enum2["CmDi"] = "CMDi";
   IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
@@ -146,6 +147,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
   IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
   IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
+  IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
   IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
   IssueType_Enum2["InsufficientLogging"] = "INSUFFICIENT_LOGGING";
   IssueType_Enum2["JqueryDeprecatedSymbols"] = "JQUERY_DEPRECATED_SYMBOLS";
@@ -158,10 +160,13 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
   IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
   IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
+  IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
   IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
   IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
   IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
   IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
+  IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
+  IssueType_Enum2["NoVar"] = "NO_VAR";
   IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
   IssueType_Enum2["OpenRedirect"] = "OPEN_REDIRECT";
   IssueType_Enum2["OverlyBroadCatch"] = "OVERLY_BROAD_CATCH";
@@ -177,6 +182,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["SqlInjection"] = "SQL_Injection";
   IssueType_Enum2["Ssrf"] = "SSRF";
   IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
+  IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
   IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
   IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
   IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
@@ -184,6 +190,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["UncheckedLoopCondition"] = "UNCHECKED_LOOP_CONDITION";
   IssueType_Enum2["UnsafeDeserialization"] = "UNSAFE_DESERIALIZATION";
   IssueType_Enum2["UnsafeTargetBlank"] = "UNSAFE_TARGET_BLANK";
+  IssueType_Enum2["UnsafeWebThread"] = "UNSAFE_WEB_THREAD";
   IssueType_Enum2["UnvalidatedPublicMethodArgument"] = "UNVALIDATED_PUBLIC_METHOD_ARGUMENT";
   IssueType_Enum2["UselessRegexpCharEscape"] = "USELESS_REGEXP_CHAR_ESCAPE";
   IssueType_Enum2["UseOfHardCodedCryptographicKey"] = "USE_OF_HARD_CODED_CRYPTOGRAPHIC_KEY";
@@ -458,10 +465,24 @@ var GetVulByNodesMetadataDocument = `
       vulnerabilityReportIssueTags {
         tag: vulnerability_report_issue_tag_value
       }
-      codeNodes(order_by: {index: desc}, where: {_or: $filters}) {
+      codeNodes(order_by: {index: desc}, where: {_or: $filters}, limit: 1) {
         path
         startLine
       }
+      fpId
+    }
+  }
+}
+    `;
+var GetFalsePositiveDocument = `
+    query getFalsePositive($fpId: uuid!) {
+  getFalsePositive(fpId: $fpId) {
+    ... on FalsePositiveData {
+      extraContext {
+        key
+        value
+      }
+      fixDescription
     }
   }
 }
@@ -692,6 +713,9 @@ function getSdk(client, withWrapper = defaultWrapper) {
     getVulByNodesMetadata(variables, requestHeaders) {
       return withWrapper((wrappedRequestHeaders) => client.request(GetVulByNodesMetadataDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getVulByNodesMetadata", "query", variables);
     },
+    getFalsePositive(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetFalsePositiveDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getFalsePositive", "query", variables);
+    },
     updateScmToken(variables, requestHeaders) {
       return withWrapper((wrappedRequestHeaders) => client.request(UpdateScmTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "updateScmToken", "mutation", variables);
     },
@@ -1144,7 +1168,14 @@ var issueTypeMap = {
   ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: "Missing Websocket Origin Check",
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
   ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version",
-  ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection"
+  ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection",
+  ["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: "Modified Default Param",
+  ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: "Unsafe Web Thread",
+  ["NO_VAR" /* NoVar */]: 'Prefer "let" or "const"',
+  ["INSECURE_TMP_FILE" /* InsecureTmpFile */]: "Insecure Temporary File",
+  ["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: "SystemExit Should Reraise",
+  ["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: "No Return in Finally Block",
+  ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types"
 };
 var issueTypeZ = z5.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1177,6 +1208,22 @@ var issueDescription = {
   ["TEST_CODE" /* TestCode */]: "The flagged code resides in a test-specific path or context. This categorization indicates that **it supports testing scenarios and is isolated from production use**.",
   ["VENDOR_CODE" /* VendorCode */]: "The flagged code originates from a third-party library or dependency maintained externally. This categorization suggests that **the issue lies outside the application\u2019s direct control** and should be addressed by the vendor if necessary."
 };
+function replaceKeysWithValues(fixDescription, extraContext) {
+  let result = fixDescription;
+  extraContext.forEach(({ key, value }) => {
+    result = result.replace(`\${${key}}`, value);
+  });
+  return result;
+}
+function getParsedFalsePositiveMessage(data) {
+  const { fixDescription, extraContext } = data;
+  const containsTemplate = extraContext.some(
+    (context) => fixDescription.includes(`\${${context.key}}`)
+  );
+  const description = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
+  const contextString = containsTemplate ? null : `\`\`\`${extraContext.map(({ value }) => value).join(" ")} \`\`\``;
+  return { description, contextString };
+}
 
 // src/features/analysis/scm/shared/src/validations.ts
 var IssueTypeSettingZ = z6.object({
@@ -1258,7 +1305,9 @@ var ReportQueryResultZ = z7.object({
     }),
     fixesDoneCount: z7.number(),
     fixesInprogressCount: z7.number(),
-    fixesReadyCount: z7.number(),
+    fixesReadyCount: z7.object({
+      aggregate: z7.object({ count: z7.number() })
+    }),
     issueTypes: z7.record(z7.string(), z7.number()).nullable(),
     issueLanguages: z7.record(z7.string(), z7.number()).nullable(),
     fixesCountByEffort: z7.record(z7.string(), z7.number()).nullable(),
@@ -1786,7 +1835,7 @@ var CliError = class extends Error {
 // src/features/analysis/index.ts
 import chalk4 from "chalk";
 import Configstore from "configstore";
-import Debug17 from "debug";
+import Debug18 from "debug";
 import extract from "extract-zip";
 import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
@@ -1797,9 +1846,6 @@ import { z as z29 } from "zod";
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug8 from "debug";
 
-// src/features/analysis/scm/github/GithubSCMLib.ts
-import { z as z24 } from "zod";
-
 // src/features/analysis/scm/errors.ts
 var InvalidRepoUrlError = class extends Error {
   constructor(m) {
@@ -1828,26 +1874,26 @@ var RepoNoTokenAccessError = class extends Error {
   }
 };
 
-// src/features/analysis/scm/scmSubmit/index.ts
-import { simpleGit } from "simple-git";
-var isValidBranchName = async (branchName) => {
-  const git = simpleGit();
-  try {
-    const res = await git.raw(["check-ref-format", "--branch", branchName]);
-    if (res) {
-      return true;
-    }
-    return false;
-  } catch (e) {
-    return false;
-  }
-};
+// src/features/analysis/scm/ado/constants.ts
+var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
 
-// src/features/analysis/scm/types.ts
-import { z as z14 } from "zod";
+// src/features/analysis/scm/ado/utils.ts
+import querystring from "node:querystring";
+import * as api from "azure-devops-node-api";
+import Debug2 from "debug";
+import { z as z18 } from "zod";
 
-// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
+// src/features/analysis/scm/env.ts
 import { z as z9 } from "zod";
+var EnvVariablesZod = z9.object({
+  GITLAB_API_TOKEN: z9.string().optional(),
+  GITHUB_API_TOKEN: z9.string().optional(),
+  GIT_PROXY_HOST: z9.string()
+});
+var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+
+// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
+import { z as z10 } from "zod";
 
 // src/features/analysis/scm/shared/src/fixDetailsData.ts
 var fixDetailsData = {
@@ -2091,7 +2137,14 @@ var fixDetailsData = {
   ["WEBSOCKET_MISSING_ORIGIN_CHECK" /* WebsocketMissingOriginCheck */]: void 0,
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
   ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0,
-  ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0
+  ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0,
+  ["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: void 0,
+  ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: void 0,
+  ["NO_VAR" /* NoVar */]: void 0,
+  ["INSECURE_TMP_FILE" /* InsecureTmpFile */]: void 0,
+  ["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: void 0,
+  ["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: void 0,
+  ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -2122,7 +2175,7 @@ var getCommitDescription = ({
   )}**.
 
 `;
-  const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
+  const parseIssueTypeRes = z10.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
       description += `
@@ -2159,22 +2212,24 @@ ${guidances.map(({ guidance }) => `## Additional actions required
 var getCommitIssueDescription = ({
   vendor,
   issueType,
-  irrelevantIssueWithTags
+  irrelevantIssueWithTags,
+  fpDescription
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
   let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 `;
-  const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
+  const parseIssueTypeRes = z10.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description += `
+      description = `
 > [!tip]
+> The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 > ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
 > Mobb recommends to ignore this issue, however fix is available if you think differently. 
 
 
 ## Justification
-${issueDescription[irrelevantIssueWithTags[0].tag]}
+${fpDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
 `;
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
@@ -2188,10 +2243,10 @@ ${staticData.issueDescription}
 };
 
 // src/features/analysis/scm/shared/src/guidances.ts
-import { z as z12 } from "zod";
+import { z as z13 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-import { z as z10 } from "zod";
+import { z as z11 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
 var passwordInComment = {
@@ -2367,8 +2422,8 @@ var vulnerabilities8 = {
 var xml_default = vulnerabilities8;
 
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-var StoredFixDataItemZ = z10.object({
-  guidance: z10.function().returns(z10.string())
+var StoredFixDataItemZ = z11.object({
+  guidance: z11.function().returns(z11.string())
 });
 var languages = {
   ["Java" /* Java */]: java_default,
@@ -2382,7 +2437,7 @@ var languages = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-import { z as z11 } from "zod";
+import { z as z12 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
 var httpOnlyCookie = {
@@ -3581,10 +3636,10 @@ var vulnerabilities14 = {
 var xml_default2 = vulnerabilities14;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-var StoredQuestionDataItemZ = z11.object({
-  content: z11.function().args(z11.any()).returns(z11.string()),
-  description: z11.function().args(z11.any()).returns(z11.string()),
-  guidance: z11.function().args(z11.any()).returns(z11.string())
+var StoredQuestionDataItemZ = z12.object({
+  content: z12.function().args(z12.any()).returns(z12.string()),
+  description: z12.function().args(z12.any()).returns(z12.string()),
+  guidance: z12.function().args(z12.any()).returns(z12.string())
 });
 var languages2 = {
   ["Java" /* Java */]: java_default2,
@@ -3679,9 +3734,9 @@ function getFixGuidances({
   const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
   return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
 }
-var IssueTypeAndLanguageZ = z12.object({
-  issueType: z12.nativeEnum(IssueType_Enum),
-  issueLanguage: z12.nativeEnum(IssueLanguage_Enum)
+var IssueTypeAndLanguageZ = z13.object({
+  issueType: z13.nativeEnum(IssueType_Enum),
+  issueLanguage: z13.nativeEnum(IssueLanguage_Enum)
 });
 function getGuidances(args) {
   const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
@@ -3719,7 +3774,7 @@ function getGuidances(args) {
 }
 
 // src/features/analysis/scm/shared/src/urlParser/urlParser.ts
-import { z as z13 } from "zod";
+import { z as z14 } from "zod";
 var ADO_PREFIX_PATH = "tfs";
 var NAME_REGEX = /[a-z0-9\-_.+]+/i;
 function detectAdoUrl(args) {
@@ -3736,7 +3791,7 @@ function detectAdoUrl(args) {
         scmType: "Ado" /* Ado */,
         organization,
         // project has single repo - repoName === projectName
-        projectName: z13.string().parse(projectName),
+        projectName: z14.string().parse(projectName),
         repoName: projectName,
         prefixPath
       };
@@ -3747,7 +3802,7 @@ function detectAdoUrl(args) {
       return {
         scmType: "Ado" /* Ado */,
         organization,
-        projectName: z13.string().parse(projectName),
+        projectName: z14.string().parse(projectName),
         repoName,
         prefixPath
       };
@@ -3761,7 +3816,7 @@ function detectAdoUrl(args) {
           scmType: "Ado" /* Ado */,
           organization,
           // project has only one repo - repoName === projectName
-          projectName: z13.string().parse(repoName),
+          projectName: z14.string().parse(repoName),
           repoName,
           prefixPath
         };
@@ -3771,7 +3826,7 @@ function detectAdoUrl(args) {
         return {
           scmType: "Ado" /* Ado */,
           organization,
-          projectName: z13.string().parse(projectName),
+          projectName: z14.string().parse(projectName),
           repoName,
           prefixPath
         };
@@ -3897,7 +3952,11 @@ function getIssueUrl({
   return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/issue/${issueId}`;
 }
 
+// src/features/analysis/scm/utils/index.ts
+import { z as z16 } from "zod";
+
 // src/features/analysis/scm/types.ts
+import { z as z15 } from "zod";
 var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
   ReferenceType2["BRANCH"] = "BRANCH";
   ReferenceType2["COMMIT"] = "COMMIT";
@@ -3929,14 +3988,13 @@ var scmTypeToScmLibScmType = {
   ["Ado" /* Ado */]: "ADO" /* ADO */,
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
-var GetRefererenceResultZ = z14.object({
-  date: z14.date().optional(),
-  sha: z14.string(),
-  type: z14.nativeEnum(ReferenceType)
+var GetRefererenceResultZ = z15.object({
+  date: z15.date().optional(),
+  sha: z15.string(),
+  type: z15.nativeEnum(ReferenceType)
 });
 
 // src/features/analysis/scm/utils/index.ts
-import { z as z15 } from "zod";
 function getFixUrlWithRedirect(params) {
   const {
     fixId,
@@ -4047,7 +4105,7 @@ function shouldValidateUrl(repoUrl) {
   return repoUrl && isUrlHasPath(repoUrl);
 }
 function isBrokerUrl(url) {
-  return z15.string().uuid().safeParse(new URL(url).host).success;
+  return z16.string().uuid().safeParse(new URL(url).host).success;
 }
 function buildAuthorizedRepoUrl(args) {
   const { url, username, password } = args;
@@ -4083,7 +4141,7 @@ function getCloudScmLibTypeFromUrl(url) {
   return void 0;
 }
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z15.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z16.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -4149,162 +4207,6 @@ function getScmConfig({
   };
 }
 
-// src/features/analysis/scm/scm.ts
-var SCMLib = class {
-  constructor(url, accessToken, scmOrg) {
-    __publicField(this, "url");
-    __publicField(this, "accessToken");
-    __publicField(this, "scmOrg");
-    this.accessToken = accessToken;
-    this.url = url;
-    this.scmOrg = scmOrg;
-  }
-  async getUrlWithCredentials() {
-    if (!this.url) {
-      console.error("no url for getUrlWithCredentials()");
-      throw new Error("no url");
-    }
-    const trimmedUrl = this.url.trim().replace(/\/$/, "");
-    const accessToken = this.getAccessToken();
-    if (!accessToken) {
-      return trimmedUrl;
-    }
-    if (this.scmLibType === "ADO" /* ADO */) {
-      const { host, protocol, pathname } = new URL(trimmedUrl);
-      return `${protocol}//${accessToken}@${host}${pathname}`;
-    }
-    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
-    const username = await this._getUsernameForAuthUrl();
-    return buildAuthorizedRepoUrl({
-      url: finalUrl,
-      username,
-      password: accessToken
-    });
-  }
-  getAccessToken() {
-    return this.accessToken || "";
-  }
-  getUrl() {
-    return this.url;
-  }
-  getName() {
-    if (!this.url) {
-      return "";
-    }
-    return this.url.split("/").at(-1) || "";
-  }
-  _validateAccessToken() {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-  }
-  static async getIsValidBranchName(branchName) {
-    return isValidBranchName(branchName);
-  }
-  _validateAccessTokenAndUrl() {
-    this._validateAccessToken();
-    this._validateUrl();
-  }
-  _validateUrl() {
-    if (!this.url) {
-      console.error("no url");
-      throw new InvalidRepoUrlError("no url");
-    }
-  }
-};
-
-// src/features/analysis/scm/github/github.ts
-import { RequestError } from "@octokit/request-error";
-
-// src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
-var MAX_BRANCHES_FETCH = 1e3;
-
-// src/features/analysis/scm/github/consts.ts
-var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
-var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
-var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
-var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
-var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
-var GET_USER = "GET /user";
-var GET_USER_REPOS = "GET /user/repos";
-var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
-var GET_BLAME_DOCUMENT = `
-      query GetBlame(
-        $owner: String!
-        $repo: String!
-        $ref: String!
-        $path: String!
-      ) {
-        repository(name: $repo, owner: $owner) {
-          # branch name
-          object(expression: $ref) {
-            # cast Target to a Commit
-            ... on Commit {
-              # full repo-relative path to blame file
-              blame(path: $path) {
-                ranges {
-                  commit {
-                    author {
-                      user {
-                        name
-                        login
-                      }
-                    }
-                    authoredDate
-                  }
-                  startingLine
-                  endingLine
-                  age
-                }
-              }
-            }
-            
-          }
-        }
-      }
-    `;
-
-// src/features/analysis/scm/github/utils/encrypt_secret.ts
-import sodium from "libsodium-wrappers";
-async function encryptSecret(secret, key) {
-  await sodium.ready;
-  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
-  const binsec = sodium.from_string(secret);
-  const encBytes = sodium.crypto_box_seal(binsec, binkey);
-  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
-}
-
-// src/features/analysis/scm/github/utils/utils.ts
-import { Octokit } from "octokit";
-import { fetch as fetch2, ProxyAgent as ProxyAgent2 } from "undici";
-
-// src/features/analysis/scm/ado/constants.ts
-var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
-
-// src/features/analysis/scm/ado/utils.ts
-import querystring from "node:querystring";
-import * as api from "azure-devops-node-api";
-import Debug2 from "debug";
-import { z as z18 } from "zod";
-
-// src/features/analysis/scm/env.ts
-import { z as z16 } from "zod";
-var EnvVariablesZod = z16.object({
-  GITLAB_API_TOKEN: z16.string().optional(),
-  GITHUB_API_TOKEN: z16.string().optional(),
-  GIT_PROXY_HOST: z16.string()
-});
-var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
-
 // src/features/analysis/scm/ado/validation.ts
 import { z as z17 } from "zod";
 var ValidPullRequestStatusZ = z17.union([
@@ -4915,36 +4817,118 @@ async function getAdoRepoList({
 
 // src/features/analysis/scm/ado/AdoSCMLib.ts
 import { setTimeout as setTimeout2 } from "node:timers/promises";
-async function initAdoSdk(params) {
-  const { url, accessToken, scmOrg } = params;
-  const adoClientParams = await getAdoClientParams({
-    tokenOrg: scmOrg,
-    accessToken,
-    url
-  });
-  return getAdoSdk(adoClientParams);
-}
-var AdoSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-    __publicField(this, "_adoSdkPromise");
-    this._adoSdkPromise = initAdoSdk({ accessToken, url, scmOrg });
-  }
-  async getAdoSdk() {
-    if (!this._adoSdkPromise) {
-      console.error("ado sdk was not initialized");
-      throw new InvalidAccessTokenError("ado sdk was not initialized");
+
+// src/features/analysis/scm/scmSubmit/index.ts
+import { simpleGit } from "simple-git";
+var isValidBranchName = async (branchName) => {
+  const git = simpleGit();
+  try {
+    const res = await git.raw(["check-ref-format", "--branch", branchName]);
+    if (res) {
+      return true;
     }
-    return this._adoSdkPromise;
+    return false;
+  } catch (e) {
+    return false;
   }
-  async createSubmitRequest(params) {
-    this._validateAccessTokenAndUrl();
-    for (let i = 0; i < 5; i++) {
-      try {
-        const { targetBranchName, sourceBranchName, title, body } = params;
-        const adoSdk = await this.getAdoSdk();
-        const pullRequestId = await adoSdk.createAdoPullRequest({
-          title,
+};
+
+// src/features/analysis/scm/scm.ts
+var SCMLib = class {
+  constructor(url, accessToken, scmOrg) {
+    __publicField(this, "url");
+    __publicField(this, "accessToken");
+    __publicField(this, "scmOrg");
+    this.accessToken = accessToken;
+    this.url = url;
+    this.scmOrg = scmOrg;
+  }
+  async getUrlWithCredentials() {
+    if (!this.url) {
+      console.error("no url for getUrlWithCredentials()");
+      throw new Error("no url");
+    }
+    const trimmedUrl = this.url.trim().replace(/\/$/, "");
+    const accessToken = this.getAccessToken();
+    if (!accessToken) {
+      return trimmedUrl;
+    }
+    if (this.scmLibType === "ADO" /* ADO */) {
+      const { host, protocol, pathname } = new URL(trimmedUrl);
+      return `${protocol}//${accessToken}@${host}${pathname}`;
+    }
+    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
+    const username = await this._getUsernameForAuthUrl();
+    return buildAuthorizedRepoUrl({
+      url: finalUrl,
+      username,
+      password: accessToken
+    });
+  }
+  getAccessToken() {
+    return this.accessToken || "";
+  }
+  getUrl() {
+    return this.url;
+  }
+  getName() {
+    if (!this.url) {
+      return "";
+    }
+    return this.url.split("/").at(-1) || "";
+  }
+  _validateAccessToken() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+  }
+  static async getIsValidBranchName(branchName) {
+    return isValidBranchName(branchName);
+  }
+  _validateAccessTokenAndUrl() {
+    this._validateAccessToken();
+    this._validateUrl();
+  }
+  _validateUrl() {
+    if (!this.url) {
+      console.error("no url");
+      throw new InvalidRepoUrlError("no url");
+    }
+  }
+};
+
+// src/features/analysis/scm/ado/AdoSCMLib.ts
+async function initAdoSdk(params) {
+  const { url, accessToken, scmOrg } = params;
+  const adoClientParams = await getAdoClientParams({
+    tokenOrg: scmOrg,
+    accessToken,
+    url
+  });
+  return getAdoSdk(adoClientParams);
+}
+var AdoSCMLib = class extends SCMLib {
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
+    __publicField(this, "_adoSdkPromise");
+    this._adoSdkPromise = initAdoSdk({ accessToken, url, scmOrg });
+  }
+  async getAdoSdk() {
+    if (!this._adoSdkPromise) {
+      console.error("ado sdk was not initialized");
+      throw new InvalidAccessTokenError("ado sdk was not initialized");
+    }
+    return this._adoSdkPromise;
+  }
+  async createSubmitRequest(params) {
+    this._validateAccessTokenAndUrl();
+    for (let i = 0; i < 5; i++) {
+      try {
+        const { targetBranchName, sourceBranchName, title, body } = params;
+        const adoSdk = await this.getAdoSdk();
+        const pullRequestId = await adoSdk.createAdoPullRequest({
+          title,
           body,
           targetBranchName,
           sourceBranchName,
@@ -5659,787 +5643,175 @@ var BitbucketSCMLib = class extends SCMLib {
   }
 };
 
-// src/features/analysis/scm/gitlab/gitlab.ts
-import querystring3 from "node:querystring";
-import {
-  createRequesterFn
-} from "@gitbeaker/requester-utils";
-import {
-  AccessLevel,
-  Gitlab
-} from "@gitbeaker/rest";
-import Debug4 from "debug";
-import {
-  fetch as undiciFetch,
-  ProxyAgent
-} from "undici";
+// src/features/analysis/scm/constants.ts
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+var MAX_BRANCHES_FETCH = 1e3;
 
-// src/features/analysis/scm/gitlab/types.ts
+// src/features/analysis/scm/github/GithubSCMLib.ts
 import { z as z22 } from "zod";
-var GitlabAuthResultZ = z22.object({
-  access_token: z22.string(),
-  token_type: z22.string(),
-  refresh_token: z22.string()
-});
 
-// src/features/analysis/scm/gitlab/gitlab.ts
-var debug4 = Debug4("scm:gitlab");
-function removeTrailingSlash2(str) {
-  return str.trim().replace(/\/+$/, "");
+// src/features/analysis/scm/github/github.ts
+import { RequestError } from "@octokit/request-error";
+
+// src/features/analysis/scm/github/consts.ts
+var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
+var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
+var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
+var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
+var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
+var GET_USER = "GET /user";
+var GET_USER_REPOS = "GET /user/repos";
+var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
+var GET_BLAME_DOCUMENT = `
+      query GetBlame(
+        $owner: String!
+        $repo: String!
+        $ref: String!
+        $path: String!
+      ) {
+        repository(name: $repo, owner: $owner) {
+          # branch name
+          object(expression: $ref) {
+            # cast Target to a Commit
+            ... on Commit {
+              # full repo-relative path to blame file
+              blame(path: $path) {
+                ranges {
+                  commit {
+                    author {
+                      user {
+                        name
+                        login
+                      }
+                    }
+                    authoredDate
+                  }
+                  startingLine
+                  endingLine
+                  age
+                }
+              }
+            }
+            
+          }
+        }
+      }
+    `;
+
+// src/features/analysis/scm/github/utils/encrypt_secret.ts
+import sodium from "libsodium-wrappers";
+async function encryptSecret(secret, key) {
+  await sodium.ready;
+  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
+  const binsec = sodium.from_string(secret);
+  const encBytes = sodium.crypto_box_seal(binsec, binkey);
+  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
 }
-function getRandomGitlabCloudAnonToken() {
-  if (!GITLAB_API_TOKEN || typeof GITLAB_API_TOKEN !== "string") {
-    return void 0;
+
+// src/features/analysis/scm/github/utils/utils.ts
+import { Octokit } from "octokit";
+import { fetch as fetch2, ProxyAgent } from "undici";
+function parseGithubOwnerAndRepo(gitHubUrl) {
+  gitHubUrl = normalizeUrl(gitHubUrl);
+  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
+  if (!parsingResult) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
   }
-  const tokens = GITLAB_API_TOKEN.split(",");
-  return tokens[Math.floor(Math.random() * tokens.length)];
-}
-function getGitBeaker(options) {
-  const token = options?.gitlabAuthToken ?? getRandomGitlabCloudAnonToken() ?? "";
-  const url = options.url;
-  const host = url ? new URL(url).origin : "https://gitlab.com";
-  if (token?.startsWith("glpat-") || token === "") {
-    return new Gitlab({
-      token,
-      host,
-      requesterFn: createRequesterFn(
-        (_, reqo) => Promise.resolve(reqo),
-        brokerRequestHandler
-      )
-    });
+  const { organization, repoName } = parsingResult;
+  if (!organization || !repoName) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
   }
-  return new Gitlab({
-    oauthToken: token,
-    host,
-    requesterFn: createRequesterFn(
-      (_, reqo) => Promise.resolve(reqo),
-      brokerRequestHandler
-    )
-  });
+  return { owner: organization, repo: repoName };
 }
-async function gitlabValidateParams({
-  url,
-  accessToken
-}) {
-  try {
-    const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
-    if (accessToken) {
-      await api2.Users.showCurrentUser();
-    }
-    if (url && shouldValidateUrl(url)) {
-      const { projectPath } = parseGitlabOwnerAndRepo(url);
-      await api2.Projects.show(projectPath);
-    }
-  } catch (e) {
-    const error = e;
-    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description = error.description || `${e}`;
-    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
-      throw new InvalidAccessTokenError(`invalid gitlab access token`);
-    }
-    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
-      throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
-    }
-    console.log("gitlabValidateParams error", e);
-    throw new InvalidRepoUrlError(
-      `cannot access gitlab repo URL: ${url} with the provided access token`
-    );
+function isGithubOnPrem(url) {
+  if (!url) {
+    return false;
   }
+  return !url.includes(scmCloudUrl.GitHub);
 }
-async function getGitlabUsername(url, accessToken) {
-  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
-  const res = await api2.Users.showCurrentUser();
-  return res.username;
-}
-async function getGitlabIsUserCollaborator({
-  accessToken,
-  repoUrl
-}) {
-  try {
-    const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-    const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-    const proj = await api2.Projects.show(projectPath);
-    const groupAccess = proj.permissions?.group_access?.access_level || 0;
-    const projectAccess = proj.permissions?.project_access?.access_level || 0;
-    const accessLevelWithWriteAccess = [
-      AccessLevel.DEVELOPER,
-      AccessLevel.MAINTAINER,
-      AccessLevel.OWNER,
-      AccessLevel.ADMIN
-    ];
-    return accessLevelWithWriteAccess.includes(groupAccess) || accessLevelWithWriteAccess.includes(projectAccess);
-  } catch (e) {
-    return false;
-  }
-}
-var gitlabMergeRequestStatus = {
-  merged: "merged",
-  opened: "opened",
-  closed: "closed"
-};
-async function getGitlabMergeRequestStatus({
-  accessToken,
-  repoUrl,
-  mrNumber
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-  const res = await api2.MergeRequests.show(projectPath, mrNumber);
-  switch (res.state) {
-    case gitlabMergeRequestStatus.merged:
-    case gitlabMergeRequestStatus.opened:
-    case gitlabMergeRequestStatus.closed:
-      return res.state;
-    default:
-      throw new Error(`unknown merge request state ${res.state}`);
+function getFetch(url) {
+  if (url && isBrokerUrl(url)) {
+    const dispatcher = new ProxyAgent({
+      uri: GIT_PROXY_HOST,
+      requestTls: {
+        rejectUnauthorized: false
+      }
+    });
+    return (input, init) => {
+      return fetch2(input, {
+        ...init,
+        dispatcher
+      });
+    };
   }
+  return fetch2;
 }
-async function createMarkdownCommentOnPullRequest({
-  markdownComment,
-  accessToken,
-  repoUrl,
-  mrNumber
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-  return api2.MergeRequestNotes.create(projectPath, mrNumber, markdownComment);
-}
-async function getGitlabIsRemoteBranch({
-  accessToken,
-  repoUrl,
-  branch
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-  try {
-    const res = await api2.Branches.show(projectPath, branch);
-    return res.name === branch;
-  } catch (e) {
-    return false;
+function getRandomGithubCloudAnonToken() {
+  if (!GITHUB_API_TOKEN || typeof GITHUB_API_TOKEN !== "string") {
+    return void 0;
   }
+  const tokens = GITHUB_API_TOKEN.split(",");
+  return tokens[Math.floor(Math.random() * tokens.length)];
 }
-async function getGitlabRepoList(url, accessToken) {
-  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
-  const res = await api2.Projects.all({
-    membership: true,
-    //TODO: a bug in the sorting mechanism of this api call
-    //disallows us to sort by updated_at in descending order
-    //so we have to sort by updated_at in ascending order.
-    //We can wait for the bug to be fixed or call the api
-    //directly with fetch()
-    sort: "asc",
-    orderBy: "updated_at",
-    perPage: 100
+function getOctoKit(options) {
+  const token = !options?.auth && !isGithubOnPrem(options?.url) ? getRandomGithubCloudAnonToken() : options?.auth;
+  const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
+  return new Octokit({
+    ...options,
+    auth: token,
+    baseUrl,
+    //GITHUB_API_TOKEN is only defined in the backend and not when running Bugsy as CLI. We want to enable these debug logs in the backend
+    //to debug the performance of these API calls.
+    log: GITHUB_API_TOKEN ? console : void 0,
+    request: {
+      fetch: getFetch(baseUrl)
+    },
+    retry: {
+      enabled: false
+    },
+    throttle: {
+      enabled: false
+    }
   });
-  return Promise.all(
-    res.map(async (project) => {
-      const proj = await api2.Projects.show(project.id);
-      const owner = proj.namespace.name;
-      const repoLanguages = await api2.Projects.showLanguages(project.id);
-      return {
-        repoName: project.path,
-        repoUrl: project.web_url,
-        repoOwner: owner,
-        repoLanguages: Object.keys(repoLanguages),
-        repoIsPublic: project.visibility === "public",
-        repoUpdatedAt: project.last_activity_at
-      };
-    })
-  );
 }
-async function getGitlabBranchList({
-  accessToken,
-  repoUrl
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+function isGithubActionActionToken(token) {
+  return token.startsWith("ghs_");
+}
+async function githubValidateParams(url, accessToken) {
   try {
-    const res = await api2.Branches.all(projectPath, {
-      //keyset API pagination is not supported by GL for the branch list (at least not the on-prem version)
-      //so for now we stick with the default pagination and just return the first page and limit the results to 1000 entries.
-      //This is a temporary solution until we implement list branches with name search.
-      perPage: MAX_BRANCHES_FETCH,
-      page: 1
-    });
-    res.sort((a, b) => {
-      if (!a.commit?.committed_date || !b.commit?.committed_date) {
-        return 0;
-      }
-      return new Date(b.commit?.committed_date).getTime() - new Date(a.commit?.committed_date).getTime();
-    });
-    return res.map((branch) => branch.name).slice(0, MAX_BRANCHES_FETCH);
+    const oktoKit = getOctoKit({ auth: accessToken, url });
+    if (accessToken && !isGithubActionActionToken(accessToken)) {
+      await oktoKit.rest.users.getAuthenticated();
+    }
+    if (url && shouldValidateUrl(url)) {
+      const { owner, repo } = parseGithubOwnerAndRepo(url);
+      await oktoKit.request(GET_REPO_BRANCHES, {
+        owner,
+        repo,
+        per_page: 1
+      });
+    }
   } catch (e) {
-    return [];
-  }
-}
-async function createMergeRequest(options) {
-  const { projectPath } = parseGitlabOwnerAndRepo(options.repoUrl);
-  const api2 = getGitBeaker({
-    url: options.repoUrl,
-    gitlabAuthToken: options.accessToken
-  });
-  const res = await api2.MergeRequests.create(
-    projectPath,
-    options.sourceBranchName,
-    options.targetBranchName,
-    options.title,
-    {
-      description: options.body
+    console.log("could not init github scm", e);
+    const error = e;
+    const code = error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    if (code === 401 || code === 403) {
+      throw new InvalidAccessTokenError(`invalid github access token`);
     }
-  );
-  return res.iid;
-}
-async function getGitlabMergeRequest({
-  url,
-  prNumber,
-  accessToken
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(url);
-  const api2 = getGitBeaker({
-    url,
-    gitlabAuthToken: accessToken
-  });
-  return await api2.MergeRequests.show(projectPath, prNumber);
-}
-async function getGitlabCommitUrl({
-  url,
-  commitSha,
-  accessToken
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(url);
-  const api2 = getGitBeaker({
-    url,
-    gitlabAuthToken: accessToken
-  });
-  return await api2.Commits.show(projectPath, commitSha);
-}
-async function getGitlabRepoDefaultBranch(repoUrl, options) {
-  const api2 = getGitBeaker({
-    url: repoUrl,
-    gitlabAuthToken: options?.gitlabAuthToken
-  });
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const project = await api2.Projects.show(projectPath);
-  if (!project.default_branch) {
-    throw new Error("no default branch");
-  }
-  return project.default_branch;
-}
-async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
-  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({
-    url: gitlabUrl,
-    gitlabAuthToken: options?.gitlabAuthToken
-  });
-  const results = await Promise.allSettled([
-    (async () => {
-      const res = await api2.Branches.show(projectPath, ref);
-      return {
-        sha: res.commit.id,
-        type: "BRANCH" /* BRANCH */,
-        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
-      };
-    })(),
-    (async () => {
-      const res = await api2.Commits.show(projectPath, ref);
-      return {
-        sha: res.id,
-        type: "COMMIT" /* COMMIT */,
-        date: res.committed_date ? new Date(res.committed_date) : void 0
-      };
-    })(),
-    (async () => {
-      const res = await api2.Tags.show(projectPath, ref);
-      return {
-        sha: res.commit.id,
-        type: "TAG" /* TAG */,
-        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
-      };
-    })()
-  ]);
-  const [branchRes, commitRes, tagRes] = results;
-  if (tagRes.status === "fulfilled") {
-    return tagRes.value;
-  }
-  if (branchRes.status === "fulfilled") {
-    return branchRes.value;
-  }
-  if (commitRes.status === "fulfilled") {
-    return commitRes.value;
-  }
-  throw new RefNotFoundError(`ref: ${ref} does not exist`);
-}
-function parseGitlabOwnerAndRepo(gitlabUrl) {
-  gitlabUrl = removeTrailingSlash2(gitlabUrl);
-  const parsingResult = parseScmURL(gitlabUrl, "GitLab" /* GitLab */);
-  if (!parsingResult || !parsingResult.repoName) {
-    throw new InvalidUrlPatternError(`invalid gitlab repo Url ${gitlabUrl}`);
-  }
-  const { organization, repoName, projectPath } = parsingResult;
-  return { owner: organization, repo: repoName, projectPath };
-}
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path8 }, options) {
-  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({
-    url: gitlabUrl,
-    gitlabAuthToken: options?.gitlabAuthToken
-  });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path8, ref);
-  let lineNumber = 1;
-  return resp.filter((range) => range.lines).map((range) => {
-    const oldLineNumber = lineNumber;
-    if (!range.lines) {
-      throw new Error("range.lines should not be undefined");
-    }
-    lineNumber += range.lines.length;
-    return {
-      startingLine: oldLineNumber,
-      endingLine: lineNumber - 1,
-      login: range.commit.author_email,
-      email: range.commit.author_email,
-      name: range.commit.author_name
-    };
-  });
-}
-async function processBody(response) {
-  const headers = response.headers;
-  const type2 = headers.get("content-type")?.split(";")[0]?.trim();
-  if (type2 === "application/json") {
-    return await response.json();
-  }
-  return await response.text();
-}
-async function brokerRequestHandler(endpoint, options) {
-  const { prefixUrl, searchParams } = options || {};
-  let baseUrl;
-  if (prefixUrl) baseUrl = prefixUrl.endsWith("/") ? prefixUrl : `${prefixUrl}/`;
-  const url = new URL(endpoint, baseUrl);
-  url.search = searchParams || "";
-  const dispatcher = url && isBrokerUrl(url.href) ? new ProxyAgent({
-    uri: GIT_PROXY_HOST,
-    requestTls: {
-      rejectUnauthorized: false
-    }
-  }) : void 0;
-  const response = await undiciFetch(url, {
-    headers: options?.headers,
-    method: options?.method,
-    body: options?.body ? String(options?.body) : void 0,
-    dispatcher
-  }).catch((e) => {
-    if (e.name === "TimeoutError" || e.name === "AbortError") {
-      throw new Error("Query timeout was reached");
-    }
-    throw e;
-  });
-  if (response.ok)
-    return {
-      body: await processBody(response),
-      headers: Object.fromEntries(response.headers.entries()),
-      status: response.status
-    };
-  throw new Error(`gitbeaker: ${response.statusText}`);
-}
-
-// src/features/analysis/scm/gitlab/GitlabSCMLib.ts
-var GitlabSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-  }
-  async createSubmitRequest(params) {
-    this._validateAccessTokenAndUrl();
-    const { targetBranchName, sourceBranchName, title, body } = params;
-    return String(
-      await createMergeRequest({
-        title,
-        body,
-        targetBranchName,
-        sourceBranchName,
-        repoUrl: this.url,
-        accessToken: this.accessToken
-      })
-    );
-  }
-  async validateParams() {
-    return gitlabValidateParams({
-      url: this.url,
-      accessToken: this.accessToken
-    });
-  }
-  async getRepoList(_scmOrg) {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-    return getGitlabRepoList(this.url, this.accessToken);
-  }
-  async getBranchList() {
-    this._validateAccessTokenAndUrl();
-    return getGitlabBranchList({
-      accessToken: this.accessToken,
-      repoUrl: this.url
-    });
-  }
-  get scmLibType() {
-    return "GITLAB" /* GITLAB */;
-  }
-  getAuthHeaders() {
-    if (!this.accessToken) {
-      return {};
-    }
-    if (this.accessToken.startsWith("glpat-")) {
-      return {
-        "Private-Token": this.accessToken
-      };
-    } else {
-      return { authorization: `Bearer ${this.accessToken}` };
-    }
-  }
-  getDownloadUrl(sha) {
-    const urlObj = new URL(this.url || "");
-    const ProjectId = encodeURIComponent(
-      urlObj.pathname.replace(/^\//, "").replace(/\/$/, "")
-    );
-    return Promise.resolve(
-      //We are moving away from this form as it doesn't work when using a non-human token (group/project token)
-      //Where as the API zip endpoint works with any token
-      //`${this.url}/-/archive/${sha}/${repoName}-${sha}.zip`
-      `${urlObj.origin}/api/v4/projects/${ProjectId}/repository/archive.zip?sha=${sha}`
-    );
-  }
-  async _getUsernameForAuthUrl() {
-    if (this?.accessToken?.startsWith("glpat-")) {
-      return this.getUsername();
-    } else {
-      return "oauth2";
-    }
-  }
-  async getIsRemoteBranch(branch) {
-    this._validateAccessTokenAndUrl();
-    return getGitlabIsRemoteBranch({
-      accessToken: this.accessToken,
-      repoUrl: this.url,
-      branch
-    });
-  }
-  async getUserHasAccessToRepo() {
-    this._validateAccessTokenAndUrl();
-    return getGitlabIsUserCollaborator({
-      accessToken: this.accessToken,
-      repoUrl: this.url
-    });
-  }
-  async getUsername() {
-    this._validateAccessTokenAndUrl();
-    return getGitlabUsername(this.url, this.accessToken);
-  }
-  async getSubmitRequestStatus(scmSubmitRequestId) {
-    this._validateAccessTokenAndUrl();
-    const state = await getGitlabMergeRequestStatus({
-      accessToken: this.accessToken,
-      repoUrl: this.url,
-      mrNumber: Number(scmSubmitRequestId)
-    });
-    switch (state) {
-      case gitlabMergeRequestStatus.merged:
-        return "merged";
-      case gitlabMergeRequestStatus.opened:
-        return "open";
-      case gitlabMergeRequestStatus.closed:
-        return "closed";
-      default:
-        throw new Error(`unknown state ${state}`);
-    }
-  }
-  async addCommentToSubmitRequest(submitRequestId, comment) {
-    this._validateAccessTokenAndUrl();
-    await createMarkdownCommentOnPullRequest({
-      accessToken: this.accessToken,
-      repoUrl: this.url,
-      mrNumber: Number(submitRequestId),
-      markdownComment: comment
-    });
-  }
-  async getRepoBlameRanges(ref, path8) {
-    this._validateUrl();
-    return await getGitlabBlameRanges(
-      { ref, path: path8, gitlabUrl: this.url },
-      {
-        url: this.url,
-        gitlabAuthToken: this.accessToken
-      }
-    );
-  }
-  async getReferenceData(ref) {
-    this._validateUrl();
-    return await getGitlabReferenceData(
-      { ref, gitlabUrl: this.url },
-      {
-        url: this.url,
-        gitlabAuthToken: this.accessToken
-      }
-    );
-  }
-  async getRepoDefaultBranch() {
-    this._validateUrl();
-    return await getGitlabRepoDefaultBranch(this.url, {
-      url: this.url,
-      gitlabAuthToken: this.accessToken
-    });
-  }
-  async getSubmitRequestUrl(submitRequestUrl) {
-    this._validateAccessTokenAndUrl();
-    const res = await getGitlabMergeRequest({
-      url: this.url,
-      prNumber: submitRequestUrl,
-      accessToken: this.accessToken
-    });
-    return res.web_url;
-  }
-  async getSubmitRequestId(submitRequestUrl) {
-    const match = submitRequestUrl.match(/\/merge_requests\/(\d+)/);
-    return match?.[1] || "";
-  }
-  async getCommitUrl(commitId) {
-    this._validateAccessTokenAndUrl();
-    const res = await getGitlabCommitUrl({
-      url: this.url,
-      commitSha: commitId,
-      accessToken: this.accessToken
-    });
-    return res.web_url;
-  }
-};
-
-// src/features/analysis/scm/scmFactory.ts
-import { z as z23 } from "zod";
-
-// src/features/analysis/scm/StubSCMLib.ts
-var StubSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-  }
-  async getUrlWithCredentials() {
-    console.warn("getUrlWithCredentials() returning empty string");
-    return "";
-  }
-  async createSubmitRequest(_params) {
-    console.warn("createSubmitRequest() returning empty string");
-    return "";
-  }
-  get scmLibType() {
-    console.warn("scmLibType returning GITHUB as default");
-    return "GITHUB" /* GITHUB */;
-  }
-  getAuthHeaders() {
-    console.warn("getAuthHeaders() returning empty object");
-    return {};
-  }
-  async getDownloadUrl(_sha) {
-    console.warn("getDownloadUrl() returning empty string");
-    return "";
-  }
-  async getIsRemoteBranch(_branch) {
-    console.warn("getIsRemoteBranch() returning false");
-    return false;
-  }
-  async validateParams() {
-    console.warn("validateParams() no-op");
-  }
-  async getRepoList(_scmOrg) {
-    console.warn("getRepoList() returning empty array");
-    return [];
-  }
-  async getBranchList() {
-    console.warn("getBranchList() returning empty array");
-    return [];
-  }
-  async getUsername() {
-    console.warn("getUsername() returning empty string");
-    return "";
-  }
-  async getSubmitRequestStatus(_scmSubmitRequestId) {
-    console.warn("getSubmitRequestStatus() returning ERROR");
-    return "error";
-  }
-  async getUserHasAccessToRepo() {
-    console.warn("getUserHasAccessToRepo() returning false");
-    return false;
-  }
-  async getRepoBlameRanges(_ref, _path) {
-    console.warn("getRepoBlameRanges() returning empty array");
-    return [];
-  }
-  async getReferenceData(_ref) {
-    console.warn("getReferenceData() returning null/empty defaults");
-    return {
-      type: "BRANCH" /* BRANCH */,
-      sha: "",
-      date: void 0
-    };
-  }
-  async getRepoDefaultBranch() {
-    console.warn("getRepoDefaultBranch() returning empty string");
-    return "";
-  }
-  async getSubmitRequestUrl(_submitRequestIdNumber) {
-    console.warn("getSubmitRequestUrl() returning empty string");
-    return "";
-  }
-  async getSubmitRequestId(_submitRequestUrl) {
-    console.warn("getSubmitRequestId() returning empty string");
-    return "";
-  }
-  async getCommitUrl(_commitId) {
-    console.warn("getCommitUrl() returning empty string");
-    return "";
-  }
-  async _getUsernameForAuthUrl() {
-    console.warn("_getUsernameForAuthUrl() returning empty string");
-    return "";
-  }
-  async addCommentToSubmitRequest(_submitRequestId, _comment) {
-    console.warn("addCommentToSubmitRequest() no-op");
-  }
-};
-
-// src/features/analysis/scm/scmFactory.ts
-async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false } = {}) {
-  const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
-  try {
-    switch (scmType) {
-      case "GITHUB" /* GITHUB */: {
-        const scm = new GithubSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
-        return scm;
-      }
-      case "GITLAB" /* GITLAB */: {
-        const scm = new GitlabSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
-        return scm;
-      }
-      case "ADO" /* ADO */: {
-        const scm = new AdoSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.getAdoSdk();
-        await scm.validateParams();
-        return scm;
-      }
-      case "BITBUCKET" /* BITBUCKET */: {
-        const scm = new BitbucketSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
-        return scm;
-      }
-    }
-  } catch (e) {
-    if (e instanceof InvalidRepoUrlError && url) {
-      throw new RepoNoTokenAccessError(
-        "no access to repo",
-        scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
-      );
-    }
-    console.error(`error validating scm: ${scmType} `, e);
-    if (propagateExceptions) {
-      throw e;
-    }
-  }
-  return new StubSCMLib(trimmedUrl, void 0, void 0);
-}
-
-// src/features/analysis/scm/github/utils/utils.ts
-function parseGithubOwnerAndRepo(gitHubUrl) {
-  gitHubUrl = normalizeUrl(gitHubUrl);
-  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
-  if (!parsingResult) {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
-  }
-  const { organization, repoName } = parsingResult;
-  if (!organization || !repoName) {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
-  }
-  return { owner: organization, repo: repoName };
-}
-function isGithubOnPrem(url) {
-  if (!url) {
-    return false;
-  }
-  return !url.includes(scmCloudUrl.GitHub);
-}
-function getFetch(url) {
-  if (url && isBrokerUrl(url)) {
-    const dispatcher = new ProxyAgent2({
-      uri: GIT_PROXY_HOST,
-      requestTls: {
-        rejectUnauthorized: false
-      }
-    });
-    return (input, init) => {
-      return fetch2(input, {
-        ...init,
-        dispatcher
-      });
-    };
-  }
-  return fetch2;
-}
-function getRandomGithubCloudAnonToken() {
-  if (!GITHUB_API_TOKEN || typeof GITHUB_API_TOKEN !== "string") {
-    return void 0;
-  }
-  const tokens = GITHUB_API_TOKEN.split(",");
-  return tokens[Math.floor(Math.random() * tokens.length)];
-}
-function getOctoKit(options) {
-  const token = !options?.auth && !isGithubOnPrem(options?.url) ? getRandomGithubCloudAnonToken() : options?.auth;
-  const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
-  return new Octokit({
-    ...options,
-    auth: token,
-    baseUrl,
-    //GITHUB_API_TOKEN is only defined in the backend and not when running Bugsy as CLI. We want to enable these debug logs in the backend
-    //to debug the performance of these API calls.
-    log: GITHUB_API_TOKEN ? console : void 0,
-    request: {
-      fetch: getFetch(baseUrl)
-    },
-    retry: {
-      enabled: false
-    },
-    throttle: {
-      enabled: false
-    }
-  });
-}
-function isGithubActionActionToken(token) {
-  return token.startsWith("ghs_");
-}
-async function githubValidateParams(url, accessToken) {
-  try {
-    const oktoKit = getOctoKit({ auth: accessToken, url });
-    if (accessToken && !isGithubActionActionToken(accessToken)) {
-      await oktoKit.rest.users.getAuthenticated();
-    }
-    if (url && shouldValidateUrl(url)) {
-      const { owner, repo } = parseGithubOwnerAndRepo(url);
-      await oktoKit.request(GET_REPO_BRANCHES, {
-        owner,
-        repo,
-        per_page: 1
-      });
-    }
-  } catch (e) {
-    console.log("could not init github scm", e);
-    const error = e;
-    const code = error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    if (code === 401 || code === 403) {
-      throw new InvalidAccessTokenError(`invalid github access token`);
-    }
-    if (code === 404) {
-      throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
-    }
-    console.log("githubValidateParams error", e);
-    throw new InvalidRepoUrlError(
-      `cannot access GH repo URL: ${url} with the provided access token`
-    );
+    if (code === 404) {
+      throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
+    }
+    console.log("githubValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access GH repo URL: ${url} with the provided access token`
+    );
   }
 }
 
@@ -6610,457 +5982,1143 @@ function getGithubSdk(params = {}) {
         throw e;
       }
     },
-    async getBranch({
-      branch,
-      owner,
-      repo
-    }) {
-      return octokit.rest.repos.getBranch({
-        branch,
+    async getBranch({
+      branch,
+      owner,
+      repo
+    }) {
+      return octokit.rest.repos.getBranch({
+        branch,
+        owner,
+        repo
+      });
+    },
+    async getCommit({
+      commitSha,
+      owner,
+      repo
+    }) {
+      return octokit.rest.git.getCommit({
+        repo,
+        owner,
+        commit_sha: commitSha
+      });
+    },
+    async getTagDate({
+      tag,
+      owner,
+      repo
+    }) {
+      const refResponse = await octokit.rest.git.getRef({
+        ref: `tags/${tag}`,
+        owner,
+        repo
+      });
+      const tagSha = refResponse.data.object.sha;
+      if (refResponse.data.object.type === "commit") {
+        const res2 = await octokit.rest.git.getCommit({
+          commit_sha: tagSha,
+          owner,
+          repo
+        });
+        return {
+          date: res2.data.committer.date,
+          sha: res2.data.sha
+        };
+      }
+      const res = await octokit.rest.git.getTag({
+        tag_sha: tagSha,
+        owner,
+        repo
+      });
+      return {
+        date: res.data.tagger.date,
+        sha: res.data.sha
+      };
+    },
+    async getGithubBlameRanges(params2) {
+      const { ref, gitHubUrl, path: path8 } = params2;
+      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
+      const res = await octokit.graphql(
+        GET_BLAME_DOCUMENT,
+        {
+          owner,
+          repo,
+          path: path8,
+          ref
+        }
+      );
+      if (!res?.repository?.object?.blame?.ranges) {
+        return [];
+      }
+      return res.repository.object.blame.ranges.map((range) => ({
+        startingLine: range.startingLine,
+        endingLine: range.endingLine,
+        email: range.commit.author.user?.email || "",
+        name: range.commit.author.user?.name || "",
+        login: range.commit.author.user?.login || ""
+      }));
+    },
+    // todo: refactor the name for this function
+    async createPr(params2) {
+      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params2;
+      const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
+      const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
+      const [sourceFilePath, secondFilePath] = filesPaths;
+      const sourceFileContentResponse = await octokit.rest.repos.getContent({
+        owner: sourceOwner,
+        repo: sourceRepo,
+        path: "/" + sourceFilePath
+      });
+      const { data: repository } = await octokit.rest.repos.get({ owner, repo });
+      const defaultBranch = repository.default_branch;
+      const newBranchName = `mobb/workflow-${Date.now()}`;
+      await octokit.rest.git.createRef({
+        owner,
+        repo,
+        ref: `refs/heads/${newBranchName}`,
+        sha: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+      });
+      const decodedContent = Buffer.from(
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        sourceFileContentResponse.data.content,
+        "base64"
+      ).toString("utf-8");
+      const tree = [
+        {
+          path: sourceFilePath,
+          mode: "100644",
+          type: "blob",
+          content: decodedContent
+        }
+      ];
+      if (secondFilePath) {
+        const secondFileContentResponse = await octokit.rest.repos.getContent({
+          owner: sourceOwner,
+          repo: sourceRepo,
+          path: "/" + secondFilePath
+        });
+        const secondDecodedContent = Buffer.from(
+          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+          // @ts-ignore
+          secondFileContentResponse.data.content,
+          "base64"
+        ).toString("utf-8");
+        tree.push({
+          path: secondFilePath,
+          mode: "100644",
+          type: "blob",
+          content: secondDecodedContent
+        });
+      }
+      const createTreeResponse = await octokit.rest.git.createTree({
+        owner,
+        repo,
+        base_tree: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        tree
+      });
+      const createCommitResponse = await octokit.rest.git.createCommit({
+        owner,
+        repo,
+        message: "Add new yaml file",
+        tree: createTreeResponse.data.sha,
+        parents: [
+          await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+        ]
+      });
+      await octokit.rest.git.updateRef({
+        owner,
+        repo,
+        ref: `heads/${newBranchName}`,
+        sha: createCommitResponse.data.sha
+      });
+      const createPRResponse = await octokit.rest.pulls.create({
+        owner,
+        repo,
+        title,
+        head: newBranchName,
+        head_repo: sourceRepo,
+        body,
+        base: defaultBranch
+      });
+      return {
+        pull_request_url: createPRResponse.data.html_url
+      };
+    },
+    async getGithubBranchList(repoUrl) {
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      return octokit.rest.repos.listBranches({
+        owner,
+        repo,
+        per_page: MAX_BRANCHES_FETCH,
+        page: 1
+      });
+    },
+    async createPullRequest(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      return octokit.rest.pulls.create({
         owner,
-        repo
+        repo,
+        title: options.title,
+        body: options.body,
+        head: options.sourceBranchName,
+        base: options.targetBranchName,
+        draft: false,
+        maintainer_can_modify: true
       });
     },
-    async getCommit({
-      commitSha,
+    async forkRepo(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      const createForkRes = await octokit.rest.repos.createFork({
+        owner,
+        repo,
+        default_branch_only: false
+      });
+      return { url: createForkRes.data.html_url };
+    },
+    async getUserInfo() {
+      return octokit.request(GET_USER);
+    }
+  };
+}
+
+// src/features/analysis/scm/github/GithubSCMLib.ts
+var GithubSCMLib = class extends SCMLib {
+  // we don't always need a url, what's important is that we have an access token
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
+    __publicField(this, "githubSdk");
+    this.githubSdk = getGithubSdk({
+      auth: accessToken,
+      url
+    });
+  }
+  async createSubmitRequest(params) {
+    this._validateAccessTokenAndUrl();
+    const { targetBranchName, sourceBranchName, title, body } = params;
+    const pullRequestResult = await this.githubSdk.createPullRequest({
+      title,
+      body,
+      targetBranchName,
+      sourceBranchName,
+      repoUrl: this.url
+    });
+    return String(pullRequestResult.data.number);
+  }
+  async forkRepo(repoUrl) {
+    this._validateAccessToken();
+    return this.githubSdk.forkRepo({
+      repoUrl
+    });
+  }
+  async createOrUpdateRepositorySecret(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
+    const { key_id, key } = repositoryPublicKeyResponse;
+    const encryptedValue = await encryptSecret(params.value, key);
+    return this.githubSdk.createOrUpdateRepositorySecret({
+      encrypted_value: encryptedValue,
+      secret_name: params.name,
+      key_id,
+      owner,
+      repo
+    });
+  }
+  async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
+    const { pull_request_url } = await this.githubSdk.createPr({
+      sourceRepoUrl,
+      filesPaths,
+      userRepoUrl,
+      title,
+      body
+    });
+    return { pull_request_url };
+  }
+  async validateParams() {
+    return githubValidateParams(this.url, this.accessToken);
+  }
+  async postPrComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.postPrComment({
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async updatePrComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.updatePrComment({
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async deleteComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteComment({
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async getPrComments(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.getPrComments({
+      per_page: 100,
+      ...params,
+      owner,
+      repo
+    });
+  }
+  async getPrDiff(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const prRes = await this.githubSdk.getPrDiff({
+      ...params,
+      owner,
+      repo
+    });
+    return z22.string().parse(prRes.data);
+  }
+  async getRepoList(_scmOrg) {
+    this._validateAccessToken();
+    return this.githubSdk.getGithubRepoList();
+  }
+  async getBranchList() {
+    this._validateAccessTokenAndUrl();
+    const branches = await this.githubSdk.getGithubBranchList(this.url);
+    return branches.data.map((branch) => branch.name);
+  }
+  get scmLibType() {
+    return "GITHUB" /* GITHUB */;
+  }
+  getAuthHeaders() {
+    if (this.accessToken) {
+      return { authorization: `Bearer ${this.accessToken}` };
+    }
+    return {};
+  }
+  getDownloadUrl(sha) {
+    this._validateUrl();
+    const res = parseScmURL(this.url, "GitHub" /* GitHub */);
+    if (!res) {
+      throw new InvalidRepoUrlError("invalid repo url");
+    }
+    const { protocol, hostname, organization, repoName } = res;
+    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
+    return Promise.resolve(downloadUrl);
+  }
+  async _getUsernameForAuthUrl() {
+    return this.getUsername();
+  }
+  async getIsRemoteBranch(branch) {
+    this._validateUrl();
+    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
+  }
+  async getUserHasAccessToRepo() {
+    this._validateAccessTokenAndUrl();
+    const username = await this.getUsername();
+    return this.githubSdk.getGithubIsUserCollaborator({
+      repoUrl: this.url,
+      username
+    });
+  }
+  async getUsername() {
+    this._validateAccessToken();
+    return this.githubSdk.getGithubUsername();
+  }
+  async getSubmitRequestStatus(scmSubmitRequestId) {
+    this._validateAccessTokenAndUrl();
+    return this.githubSdk.getGithubPullRequestStatus({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId)
+    });
+  }
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    await this.githubSdk.createMarkdownCommentOnPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(submitRequestId),
+      markdownComment: comment
+    });
+  }
+  async getRepoBlameRanges(ref, path8) {
+    this._validateUrl();
+    return await this.githubSdk.getGithubBlameRanges({
+      ref,
+      path: path8,
+      gitHubUrl: this.url
+    });
+  }
+  async getReferenceData(ref) {
+    this._validateUrl();
+    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
+  }
+  async getPrComment(commentId) {
+    this._validateUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getPrComment({
+      repo,
+      owner,
+      comment_id: commentId
+    });
+  }
+  async getRepoDefaultBranch() {
+    this._validateUrl();
+    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
+  }
+  async getSubmitRequestUrl(submitRequestUrl) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getPrRes = await this.githubSdk.getPr({
+      owner,
+      repo,
+      pull_number: submitRequestUrl
+    });
+    return getPrRes.data.html_url;
+  }
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
+    return match?.[1] || "";
+  }
+  async getCommitUrl(commitId) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getCommitRes = await this.githubSdk.getCommit({
+      owner,
+      repo,
+      commitSha: commitId
+    });
+    return getCommitRes.data.html_url;
+  }
+  async postGeneralPrComment(params) {
+    const { prNumber, body } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.postGeneralPrComment({
+      issue_number: prNumber,
       owner,
-      repo
-    }) {
-      return octokit.rest.git.getCommit({
-        repo,
-        owner,
-        commit_sha: commitSha
-      });
-    },
-    async getTagDate({
-      tag,
+      repo,
+      body
+    });
+  }
+  async getGeneralPrComments(params) {
+    const { prNumber } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getGeneralPrComments({
+      issue_number: prNumber,
       owner,
       repo
-    }) {
-      const refResponse = await octokit.rest.git.getRef({
-        ref: `tags/${tag}`,
-        owner,
-        repo
-      });
-      const tagSha = refResponse.data.object.sha;
-      if (refResponse.data.object.type === "commit") {
-        const res2 = await octokit.rest.git.getCommit({
-          commit_sha: tagSha,
-          owner,
-          repo
-        });
-        return {
-          date: res2.data.committer.date,
-          sha: res2.data.sha
-        };
+    });
+  }
+  async deleteGeneralPrComment({
+    commentId
+  }) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteGeneralPrComment({
+      owner,
+      repo,
+      comment_id: commentId
+    });
+  }
+};
+
+// src/features/analysis/scm/gitlab/gitlab.ts
+import querystring3 from "node:querystring";
+import {
+  createRequesterFn
+} from "@gitbeaker/requester-utils";
+import {
+  AccessLevel,
+  Gitlab
+} from "@gitbeaker/rest";
+import Debug4 from "debug";
+import {
+  fetch as undiciFetch,
+  ProxyAgent as ProxyAgent2
+} from "undici";
+
+// src/features/analysis/scm/gitlab/types.ts
+import { z as z23 } from "zod";
+var GitlabAuthResultZ = z23.object({
+  access_token: z23.string(),
+  token_type: z23.string(),
+  refresh_token: z23.string()
+});
+
+// src/features/analysis/scm/gitlab/gitlab.ts
+var debug4 = Debug4("scm:gitlab");
+function removeTrailingSlash2(str) {
+  return str.trim().replace(/\/+$/, "");
+}
+function getRandomGitlabCloudAnonToken() {
+  if (!GITLAB_API_TOKEN || typeof GITLAB_API_TOKEN !== "string") {
+    return void 0;
+  }
+  const tokens = GITLAB_API_TOKEN.split(",");
+  return tokens[Math.floor(Math.random() * tokens.length)];
+}
+function getGitBeaker(options) {
+  const token = options?.gitlabAuthToken ?? getRandomGitlabCloudAnonToken() ?? "";
+  const url = options.url;
+  const host = url ? new URL(url).origin : "https://gitlab.com";
+  if (token?.startsWith("glpat-") || token === "") {
+    return new Gitlab({
+      token,
+      host,
+      requesterFn: createRequesterFn(
+        (_, reqo) => Promise.resolve(reqo),
+        brokerRequestHandler
+      )
+    });
+  }
+  return new Gitlab({
+    oauthToken: token,
+    host,
+    requesterFn: createRequesterFn(
+      (_, reqo) => Promise.resolve(reqo),
+      brokerRequestHandler
+    )
+  });
+}
+async function gitlabValidateParams({
+  url,
+  accessToken
+}) {
+  try {
+    const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
+    if (accessToken) {
+      await api2.Users.showCurrentUser();
+    }
+    if (url && shouldValidateUrl(url)) {
+      const { projectPath } = parseGitlabOwnerAndRepo(url);
+      await api2.Projects.show(projectPath);
+    }
+  } catch (e) {
+    const error = e;
+    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
+      throw new InvalidAccessTokenError(`invalid gitlab access token`);
+    }
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
+      throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
+    }
+    console.log("gitlabValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access gitlab repo URL: ${url} with the provided access token`
+    );
+  }
+}
+async function getGitlabUsername(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
+  const res = await api2.Users.showCurrentUser();
+  return res.username;
+}
+async function getGitlabIsUserCollaborator({
+  accessToken,
+  repoUrl
+}) {
+  try {
+    const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+    const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+    const proj = await api2.Projects.show(projectPath);
+    const groupAccess = proj.permissions?.group_access?.access_level || 0;
+    const projectAccess = proj.permissions?.project_access?.access_level || 0;
+    const accessLevelWithWriteAccess = [
+      AccessLevel.DEVELOPER,
+      AccessLevel.MAINTAINER,
+      AccessLevel.OWNER,
+      AccessLevel.ADMIN
+    ];
+    return accessLevelWithWriteAccess.includes(groupAccess) || accessLevelWithWriteAccess.includes(projectAccess);
+  } catch (e) {
+    return false;
+  }
+}
+var gitlabMergeRequestStatus = {
+  merged: "merged",
+  opened: "opened",
+  closed: "closed"
+};
+async function getGitlabMergeRequestStatus({
+  accessToken,
+  repoUrl,
+  mrNumber
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  const res = await api2.MergeRequests.show(projectPath, mrNumber);
+  switch (res.state) {
+    case gitlabMergeRequestStatus.merged:
+    case gitlabMergeRequestStatus.opened:
+    case gitlabMergeRequestStatus.closed:
+      return res.state;
+    default:
+      throw new Error(`unknown merge request state ${res.state}`);
+  }
+}
+async function createMarkdownCommentOnPullRequest({
+  markdownComment,
+  accessToken,
+  repoUrl,
+  mrNumber
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  return api2.MergeRequestNotes.create(projectPath, mrNumber, markdownComment);
+}
+async function getGitlabIsRemoteBranch({
+  accessToken,
+  repoUrl,
+  branch
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  try {
+    const res = await api2.Branches.show(projectPath, branch);
+    return res.name === branch;
+  } catch (e) {
+    return false;
+  }
+}
+async function getGitlabRepoList(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
+  const res = await api2.Projects.all({
+    membership: true,
+    //TODO: a bug in the sorting mechanism of this api call
+    //disallows us to sort by updated_at in descending order
+    //so we have to sort by updated_at in ascending order.
+    //We can wait for the bug to be fixed or call the api
+    //directly with fetch()
+    sort: "asc",
+    orderBy: "updated_at",
+    perPage: 100
+  });
+  return Promise.all(
+    res.map(async (project) => {
+      const proj = await api2.Projects.show(project.id);
+      const owner = proj.namespace.name;
+      const repoLanguages = await api2.Projects.showLanguages(project.id);
+      return {
+        repoName: project.path,
+        repoUrl: project.web_url,
+        repoOwner: owner,
+        repoLanguages: Object.keys(repoLanguages),
+        repoIsPublic: project.visibility === "public",
+        repoUpdatedAt: project.last_activity_at
+      };
+    })
+  );
+}
+async function getGitlabBranchList({
+  accessToken,
+  repoUrl
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  try {
+    const res = await api2.Branches.all(projectPath, {
+      //keyset API pagination is not supported by GL for the branch list (at least not the on-prem version)
+      //so for now we stick with the default pagination and just return the first page and limit the results to 1000 entries.
+      //This is a temporary solution until we implement list branches with name search.
+      perPage: MAX_BRANCHES_FETCH,
+      page: 1
+    });
+    res.sort((a, b) => {
+      if (!a.commit?.committed_date || !b.commit?.committed_date) {
+        return 0;
       }
-      const res = await octokit.rest.git.getTag({
-        tag_sha: tagSha,
-        owner,
-        repo
-      });
+      return new Date(b.commit?.committed_date).getTime() - new Date(a.commit?.committed_date).getTime();
+    });
+    return res.map((branch) => branch.name).slice(0, MAX_BRANCHES_FETCH);
+  } catch (e) {
+    return [];
+  }
+}
+async function createMergeRequest(options) {
+  const { projectPath } = parseGitlabOwnerAndRepo(options.repoUrl);
+  const api2 = getGitBeaker({
+    url: options.repoUrl,
+    gitlabAuthToken: options.accessToken
+  });
+  const res = await api2.MergeRequests.create(
+    projectPath,
+    options.sourceBranchName,
+    options.targetBranchName,
+    options.title,
+    {
+      description: options.body
+    }
+  );
+  return res.iid;
+}
+async function getGitlabMergeRequest({
+  url,
+  prNumber,
+  accessToken
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(url);
+  const api2 = getGitBeaker({
+    url,
+    gitlabAuthToken: accessToken
+  });
+  return await api2.MergeRequests.show(projectPath, prNumber);
+}
+async function getGitlabCommitUrl({
+  url,
+  commitSha,
+  accessToken
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(url);
+  const api2 = getGitBeaker({
+    url,
+    gitlabAuthToken: accessToken
+  });
+  return await api2.Commits.show(projectPath, commitSha);
+}
+async function getGitlabRepoDefaultBranch(repoUrl, options) {
+  const api2 = getGitBeaker({
+    url: repoUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const project = await api2.Projects.show(projectPath);
+  if (!project.default_branch) {
+    throw new Error("no default branch");
+  }
+  return project.default_branch;
+}
+async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
+  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
+  const results = await Promise.allSettled([
+    (async () => {
+      const res = await api2.Branches.show(projectPath, ref);
       return {
-        date: res.data.tagger.date,
-        sha: res.data.sha
+        sha: res.commit.id,
+        type: "BRANCH" /* BRANCH */,
+        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
       };
-    },
-    async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path8 } = params2;
-      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
-      const res = await octokit.graphql(
-        GET_BLAME_DOCUMENT,
-        {
-          owner,
-          repo,
-          path: path8,
-          ref
-        }
-      );
-      if (!res?.repository?.object?.blame?.ranges) {
-        return [];
-      }
-      return res.repository.object.blame.ranges.map((range) => ({
-        startingLine: range.startingLine,
-        endingLine: range.endingLine,
-        email: range.commit.author.user?.email || "",
-        name: range.commit.author.user?.name || "",
-        login: range.commit.author.user?.login || ""
-      }));
-    },
-    // todo: refactor the name for this function
-    async createPr(params2) {
-      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params2;
-      const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
-      const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
-      const [sourceFilePath, secondFilePath] = filesPaths;
-      const sourceFileContentResponse = await octokit.rest.repos.getContent({
-        owner: sourceOwner,
-        repo: sourceRepo,
-        path: "/" + sourceFilePath
-      });
-      const { data: repository } = await octokit.rest.repos.get({ owner, repo });
-      const defaultBranch = repository.default_branch;
-      const newBranchName = `mobb/workflow-${Date.now()}`;
-      await octokit.rest.git.createRef({
-        owner,
-        repo,
-        ref: `refs/heads/${newBranchName}`,
-        sha: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-      });
-      const decodedContent = Buffer.from(
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore
-        sourceFileContentResponse.data.content,
-        "base64"
-      ).toString("utf-8");
-      const tree = [
-        {
-          path: sourceFilePath,
-          mode: "100644",
-          type: "blob",
-          content: decodedContent
-        }
-      ];
-      if (secondFilePath) {
-        const secondFileContentResponse = await octokit.rest.repos.getContent({
-          owner: sourceOwner,
-          repo: sourceRepo,
-          path: "/" + secondFilePath
-        });
-        const secondDecodedContent = Buffer.from(
-          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-          // @ts-ignore
-          secondFileContentResponse.data.content,
-          "base64"
-        ).toString("utf-8");
-        tree.push({
-          path: secondFilePath,
-          mode: "100644",
-          type: "blob",
-          content: secondDecodedContent
-        });
-      }
-      const createTreeResponse = await octokit.rest.git.createTree({
-        owner,
-        repo,
-        base_tree: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore
-        tree
-      });
-      const createCommitResponse = await octokit.rest.git.createCommit({
-        owner,
-        repo,
-        message: "Add new yaml file",
-        tree: createTreeResponse.data.sha,
-        parents: [
-          await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-        ]
-      });
-      await octokit.rest.git.updateRef({
-        owner,
-        repo,
-        ref: `heads/${newBranchName}`,
-        sha: createCommitResponse.data.sha
-      });
-      const createPRResponse = await octokit.rest.pulls.create({
-        owner,
-        repo,
-        title,
-        head: newBranchName,
-        head_repo: sourceRepo,
-        body,
-        base: defaultBranch
-      });
+    })(),
+    (async () => {
+      const res = await api2.Commits.show(projectPath, ref);
       return {
-        pull_request_url: createPRResponse.data.html_url
+        sha: res.id,
+        type: "COMMIT" /* COMMIT */,
+        date: res.committed_date ? new Date(res.committed_date) : void 0
       };
-    },
-    async getGithubBranchList(repoUrl) {
-      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-      return octokit.rest.repos.listBranches({
-        owner,
-        repo,
-        per_page: MAX_BRANCHES_FETCH,
-        page: 1
-      });
-    },
-    async createPullRequest(options) {
-      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-      return octokit.rest.pulls.create({
-        owner,
-        repo,
-        title: options.title,
-        body: options.body,
-        head: options.sourceBranchName,
-        base: options.targetBranchName,
-        draft: false,
-        maintainer_can_modify: true
-      });
-    },
-    async forkRepo(options) {
-      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-      const createForkRes = await octokit.rest.repos.createFork({
-        owner,
-        repo,
-        default_branch_only: false
-      });
-      return { url: createForkRes.data.html_url };
-    },
-    async getUserInfo() {
-      return octokit.request(GET_USER);
+    })(),
+    (async () => {
+      const res = await api2.Tags.show(projectPath, ref);
+      return {
+        sha: res.commit.id,
+        type: "TAG" /* TAG */,
+        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
+      };
+    })()
+  ]);
+  const [branchRes, commitRes, tagRes] = results;
+  if (tagRes.status === "fulfilled") {
+    return tagRes.value;
+  }
+  if (branchRes.status === "fulfilled") {
+    return branchRes.value;
+  }
+  if (commitRes.status === "fulfilled") {
+    return commitRes.value;
+  }
+  throw new RefNotFoundError(`ref: ${ref} does not exist`);
+}
+function parseGitlabOwnerAndRepo(gitlabUrl) {
+  gitlabUrl = removeTrailingSlash2(gitlabUrl);
+  const parsingResult = parseScmURL(gitlabUrl, "GitLab" /* GitLab */);
+  if (!parsingResult || !parsingResult.repoName) {
+    throw new InvalidUrlPatternError(`invalid gitlab repo Url ${gitlabUrl}`);
+  }
+  const { organization, repoName, projectPath } = parsingResult;
+  return { owner: organization, repo: repoName, projectPath };
+}
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path8 }, options) {
+  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path8, ref);
+  let lineNumber = 1;
+  return resp.filter((range) => range.lines).map((range) => {
+    const oldLineNumber = lineNumber;
+    if (!range.lines) {
+      throw new Error("range.lines should not be undefined");
     }
-  };
+    lineNumber += range.lines.length;
+    return {
+      startingLine: oldLineNumber,
+      endingLine: lineNumber - 1,
+      login: range.commit.author_email,
+      email: range.commit.author_email,
+      name: range.commit.author_name
+    };
+  });
+}
+async function processBody(response) {
+  const headers = response.headers;
+  const type2 = headers.get("content-type")?.split(";")[0]?.trim();
+  if (type2 === "application/json") {
+    return await response.json();
+  }
+  return await response.text();
+}
+async function brokerRequestHandler(endpoint, options) {
+  const { prefixUrl, searchParams } = options || {};
+  let baseUrl;
+  if (prefixUrl) baseUrl = prefixUrl.endsWith("/") ? prefixUrl : `${prefixUrl}/`;
+  const url = new URL(endpoint, baseUrl);
+  url.search = searchParams || "";
+  const dispatcher = url && isBrokerUrl(url.href) ? new ProxyAgent2({
+    uri: GIT_PROXY_HOST,
+    requestTls: {
+      rejectUnauthorized: false
+    }
+  }) : void 0;
+  const response = await undiciFetch(url, {
+    headers: options?.headers,
+    method: options?.method,
+    body: options?.body ? String(options?.body) : void 0,
+    dispatcher
+  }).catch((e) => {
+    if (e.name === "TimeoutError" || e.name === "AbortError") {
+      throw new Error("Query timeout was reached");
+    }
+    throw e;
+  });
+  if (response.ok)
+    return {
+      body: await processBody(response),
+      headers: Object.fromEntries(response.headers.entries()),
+      status: response.status
+    };
+  throw new Error(`gitbeaker: ${response.statusText}`);
 }
 
-// src/features/analysis/scm/github/GithubSCMLib.ts
-var GithubSCMLib = class extends SCMLib {
-  // we don't always need a url, what's important is that we have an access token
+// src/features/analysis/scm/gitlab/GitlabSCMLib.ts
+var GitlabSCMLib = class extends SCMLib {
   constructor(url, accessToken, scmOrg) {
     super(url, accessToken, scmOrg);
-    __publicField(this, "githubSdk");
-    this.githubSdk = getGithubSdk({
-      auth: accessToken,
-      url
-    });
   }
   async createSubmitRequest(params) {
     this._validateAccessTokenAndUrl();
     const { targetBranchName, sourceBranchName, title, body } = params;
-    const pullRequestResult = await this.githubSdk.createPullRequest({
-      title,
-      body,
-      targetBranchName,
-      sourceBranchName,
-      repoUrl: this.url
-    });
-    return String(pullRequestResult.data.number);
-  }
-  async forkRepo(repoUrl) {
-    this._validateAccessToken();
-    return this.githubSdk.forkRepo({
-      repoUrl
-    });
-  }
-  async createOrUpdateRepositorySecret(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
-    const { key_id, key } = repositoryPublicKeyResponse;
-    const encryptedValue = await encryptSecret(params.value, key);
-    return this.githubSdk.createOrUpdateRepositorySecret({
-      encrypted_value: encryptedValue,
-      secret_name: params.name,
-      key_id,
-      owner,
-      repo
-    });
-  }
-  async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
-    const { pull_request_url } = await this.githubSdk.createPr({
-      sourceRepoUrl,
-      filesPaths,
-      userRepoUrl,
-      title,
-      body
-    });
-    return { pull_request_url };
+    return String(
+      await createMergeRequest({
+        title,
+        body,
+        targetBranchName,
+        sourceBranchName,
+        repoUrl: this.url,
+        accessToken: this.accessToken
+      })
+    );
   }
   async validateParams() {
-    return githubValidateParams(this.url, this.accessToken);
-  }
-  async postPrComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.postPrComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async updatePrComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.updatePrComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async deleteComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async getPrComments(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.getPrComments({
-      per_page: 100,
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async getPrDiff(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const prRes = await this.githubSdk.getPrDiff({
-      ...params,
-      owner,
-      repo
+    return gitlabValidateParams({
+      url: this.url,
+      accessToken: this.accessToken
     });
-    return z24.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
-    this._validateAccessToken();
-    return this.githubSdk.getGithubRepoList();
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+    return getGitlabRepoList(this.url, this.accessToken);
   }
   async getBranchList() {
     this._validateAccessTokenAndUrl();
-    const branches = await this.githubSdk.getGithubBranchList(this.url);
-    return branches.data.map((branch) => branch.name);
+    return getGitlabBranchList({
+      accessToken: this.accessToken,
+      repoUrl: this.url
+    });
   }
   get scmLibType() {
-    return "GITHUB" /* GITHUB */;
+    return "GITLAB" /* GITLAB */;
   }
   getAuthHeaders() {
-    if (this.accessToken) {
+    if (!this.accessToken) {
+      return {};
+    }
+    if (this.accessToken.startsWith("glpat-")) {
+      return {
+        "Private-Token": this.accessToken
+      };
+    } else {
       return { authorization: `Bearer ${this.accessToken}` };
     }
-    return {};
   }
   getDownloadUrl(sha) {
-    this._validateUrl();
-    const res = parseScmURL(this.url, "GitHub" /* GitHub */);
-    if (!res) {
-      throw new InvalidRepoUrlError("invalid repo url");
-    }
-    const { protocol, hostname, organization, repoName } = res;
-    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
-    return Promise.resolve(downloadUrl);
+    const urlObj = new URL(this.url || "");
+    const ProjectId = encodeURIComponent(
+      urlObj.pathname.replace(/^\//, "").replace(/\/$/, "")
+    );
+    return Promise.resolve(
+      //We are moving away from this form as it doesn't work when using a non-human token (group/project token)
+      //Where as the API zip endpoint works with any token
+      //`${this.url}/-/archive/${sha}/${repoName}-${sha}.zip`
+      `${urlObj.origin}/api/v4/projects/${ProjectId}/repository/archive.zip?sha=${sha}`
+    );
   }
   async _getUsernameForAuthUrl() {
-    return this.getUsername();
+    if (this?.accessToken?.startsWith("glpat-")) {
+      return this.getUsername();
+    } else {
+      return "oauth2";
+    }
   }
   async getIsRemoteBranch(branch) {
-    this._validateUrl();
-    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
+    this._validateAccessTokenAndUrl();
+    return getGitlabIsRemoteBranch({
+      accessToken: this.accessToken,
+      repoUrl: this.url,
+      branch
+    });
   }
   async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    const username = await this.getUsername();
-    return this.githubSdk.getGithubIsUserCollaborator({
-      repoUrl: this.url,
-      username
+    return getGitlabIsUserCollaborator({
+      accessToken: this.accessToken,
+      repoUrl: this.url
     });
   }
   async getUsername() {
-    this._validateAccessToken();
-    return this.githubSdk.getGithubUsername();
+    this._validateAccessTokenAndUrl();
+    return getGitlabUsername(this.url, this.accessToken);
   }
   async getSubmitRequestStatus(scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
-    return this.githubSdk.getGithubPullRequestStatus({
+    const state = await getGitlabMergeRequestStatus({
+      accessToken: this.accessToken,
       repoUrl: this.url,
-      prNumber: Number(scmSubmitRequestId)
+      mrNumber: Number(scmSubmitRequestId)
     });
+    switch (state) {
+      case gitlabMergeRequestStatus.merged:
+        return "merged";
+      case gitlabMergeRequestStatus.opened:
+        return "open";
+      case gitlabMergeRequestStatus.closed:
+        return "closed";
+      default:
+        throw new Error(`unknown state ${state}`);
+    }
   }
   async addCommentToSubmitRequest(submitRequestId, comment) {
     this._validateAccessTokenAndUrl();
-    await this.githubSdk.createMarkdownCommentOnPullRequest({
+    await createMarkdownCommentOnPullRequest({
+      accessToken: this.accessToken,
       repoUrl: this.url,
-      prNumber: Number(submitRequestId),
+      mrNumber: Number(submitRequestId),
       markdownComment: comment
     });
   }
   async getRepoBlameRanges(ref, path8) {
     this._validateUrl();
-    return await this.githubSdk.getGithubBlameRanges({
-      ref,
-      path: path8,
-      gitHubUrl: this.url
-    });
+    return await getGitlabBlameRanges(
+      { ref, path: path8, gitlabUrl: this.url },
+      {
+        url: this.url,
+        gitlabAuthToken: this.accessToken
+      }
+    );
   }
   async getReferenceData(ref) {
     this._validateUrl();
-    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
-  }
-  async getPrComment(commentId) {
-    this._validateUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getPrComment({
-      repo,
-      owner,
-      comment_id: commentId
-    });
+    return await getGitlabReferenceData(
+      { ref, gitlabUrl: this.url },
+      {
+        url: this.url,
+        gitlabAuthToken: this.accessToken
+      }
+    );
   }
   async getRepoDefaultBranch() {
     this._validateUrl();
-    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
+    return await getGitlabRepoDefaultBranch(this.url, {
+      url: this.url,
+      gitlabAuthToken: this.accessToken
+    });
   }
   async getSubmitRequestUrl(submitRequestUrl) {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getPrRes = await this.githubSdk.getPr({
-      owner,
-      repo,
-      pull_number: submitRequestUrl
+    const res = await getGitlabMergeRequest({
+      url: this.url,
+      prNumber: submitRequestUrl,
+      accessToken: this.accessToken
     });
-    return getPrRes.data.html_url;
+    return res.web_url;
   }
   async getSubmitRequestId(submitRequestUrl) {
-    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
+    const match = submitRequestUrl.match(/\/merge_requests\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getCommitRes = await this.githubSdk.getCommit({
-      owner,
-      repo,
-      commitSha: commitId
+    const res = await getGitlabCommitUrl({
+      url: this.url,
+      commitSha: commitId,
+      accessToken: this.accessToken
     });
-    return getCommitRes.data.html_url;
+    return res.web_url;
   }
-  async postGeneralPrComment(params) {
-    const { prNumber, body } = params;
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.postGeneralPrComment({
-      issue_number: prNumber,
-      owner,
-      repo,
-      body
-    });
+};
+
+// src/features/analysis/scm/scmFactory.ts
+import { z as z24 } from "zod";
+
+// src/features/analysis/scm/StubSCMLib.ts
+var StubSCMLib = class extends SCMLib {
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
   }
-  async getGeneralPrComments(params) {
-    const { prNumber } = params;
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getGeneralPrComments({
-      issue_number: prNumber,
-      owner,
-      repo
-    });
+  async getUrlWithCredentials() {
+    console.warn("getUrlWithCredentials() returning empty string");
+    return "";
   }
-  async deleteGeneralPrComment({
-    commentId
-  }) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteGeneralPrComment({
-      owner,
-      repo,
-      comment_id: commentId
-    });
+  async createSubmitRequest(_params) {
+    console.warn("createSubmitRequest() returning empty string");
+    return "";
+  }
+  get scmLibType() {
+    console.warn("scmLibType returning GITHUB as default");
+    return "GITHUB" /* GITHUB */;
+  }
+  getAuthHeaders() {
+    console.warn("getAuthHeaders() returning empty object");
+    return {};
+  }
+  async getDownloadUrl(_sha) {
+    console.warn("getDownloadUrl() returning empty string");
+    return "";
+  }
+  async getIsRemoteBranch(_branch) {
+    console.warn("getIsRemoteBranch() returning false");
+    return false;
+  }
+  async validateParams() {
+    console.warn("validateParams() no-op");
+  }
+  async getRepoList(_scmOrg) {
+    console.warn("getRepoList() returning empty array");
+    return [];
+  }
+  async getBranchList() {
+    console.warn("getBranchList() returning empty array");
+    return [];
+  }
+  async getUsername() {
+    console.warn("getUsername() returning empty string");
+    return "";
+  }
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
+    console.warn("getSubmitRequestStatus() returning ERROR");
+    return "error";
+  }
+  async getUserHasAccessToRepo() {
+    console.warn("getUserHasAccessToRepo() returning false");
+    return false;
+  }
+  async getRepoBlameRanges(_ref, _path) {
+    console.warn("getRepoBlameRanges() returning empty array");
+    return [];
+  }
+  async getReferenceData(_ref) {
+    console.warn("getReferenceData() returning null/empty defaults");
+    return {
+      type: "BRANCH" /* BRANCH */,
+      sha: "",
+      date: void 0
+    };
+  }
+  async getRepoDefaultBranch() {
+    console.warn("getRepoDefaultBranch() returning empty string");
+    return "";
+  }
+  async getSubmitRequestUrl(_submitRequestIdNumber) {
+    console.warn("getSubmitRequestUrl() returning empty string");
+    return "";
+  }
+  async getSubmitRequestId(_submitRequestUrl) {
+    console.warn("getSubmitRequestId() returning empty string");
+    return "";
+  }
+  async getCommitUrl(_commitId) {
+    console.warn("getCommitUrl() returning empty string");
+    return "";
+  }
+  async _getUsernameForAuthUrl() {
+    console.warn("_getUsernameForAuthUrl() returning empty string");
+    return "";
+  }
+  async addCommentToSubmitRequest(_submitRequestId, _comment) {
+    console.warn("addCommentToSubmitRequest() no-op");
   }
 };
 
+// src/features/analysis/scm/scmFactory.ts
+async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false } = {}) {
+  const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
+  try {
+    switch (scmType) {
+      case "GITHUB" /* GITHUB */: {
+        const scm = new GithubSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.validateParams();
+        return scm;
+      }
+      case "GITLAB" /* GITLAB */: {
+        const scm = new GitlabSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.validateParams();
+        return scm;
+      }
+      case "ADO" /* ADO */: {
+        const scm = new AdoSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.getAdoSdk();
+        await scm.validateParams();
+        return scm;
+      }
+      case "BITBUCKET" /* BITBUCKET */: {
+        const scm = new BitbucketSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.validateParams();
+        return scm;
+      }
+    }
+  } catch (e) {
+    if (e instanceof InvalidRepoUrlError && url) {
+      throw new RepoNoTokenAccessError(
+        "no access to repo",
+        scmLibScmTypeToScmType[z24.nativeEnum(ScmLibScmType).parse(scmType)]
+      );
+    }
+    console.error(`error validating scm: ${scmType} `, e);
+    if (propagateExceptions) {
+      throw e;
+    }
+  }
+  return new StubSCMLib(trimmedUrl, void 0, void 0);
+}
+
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
 import Debug7 from "debug";
 import parseDiff from "parse-diff";
@@ -7235,7 +7293,8 @@ function buildIssueCommentBody({
   projectId,
   analysisId,
   organizationId,
-  irrelevantIssueWithTags
+  irrelevantIssueWithTags,
+  fpDescription
 }) {
   const issueUrl = getIssueUrlWithRedirect({
     appBaseUrl: WEB_APP_URL,
@@ -7250,9 +7309,10 @@ function buildIssueCommentBody({
   const subTitle = getCommitIssueDescription({
     issueType,
     vendor: scannerToVulnerability_Report_Vendor_Enum[scanner],
-    irrelevantIssueWithTags
+    irrelevantIssueWithTags,
+    fpDescription
   });
-  const issuePageLink = `[Learn more and fine tune the issue](${issueUrl})`;
+  const issuePageLink = `[Learn more about this issue](${issueUrl})`;
   return `${title}
 ${subTitle}
 ${issuePageLink}`;
@@ -7323,7 +7383,8 @@ async function postIssueComment(params) {
     scm,
     commitSha,
     pullRequest,
-    scanner
+    scanner,
+    fpDescription
   } = params;
   const {
     path: path8,
@@ -7354,7 +7415,8 @@ Refresh the page in order to see the changes.`,
     scanner,
     projectId,
     analysisId,
-    organizationId
+    organizationId,
+    fpDescription
   });
   return await scm.updatePrComment({
     body: commentBody,
@@ -7567,33 +7629,49 @@ async function addFixCommentsForPr({
         });
       }
     ),
-    ...irrelevantVulnerabilityReportIssues.map((vulnerabilityReportIssue) => {
-      return vulnerabilityReportIssue.codeNodes.map(
-        (vulnerabilityReportIssueCodeNode) => {
-          return postIssueComment({
-            vulnerabilityReportIssueCodeNode: {
-              path: vulnerabilityReportIssueCodeNode.path,
-              startLine: vulnerabilityReportIssueCodeNode.startLine,
-              vulnerabilityReportIssue: {
-                fixId: "",
-                safeIssueType: vulnerabilityReportIssue.safeIssueType,
-                vulnerabilityReportIssueTags: vulnerabilityReportIssue.vulnerabilityReportIssueTags,
-                category: vulnerabilityReportIssue.category
-              },
-              vulnerabilityReportIssueId: vulnerabilityReportIssue.id
-            },
-            projectId,
-            analysisId,
-            organizationId,
-            fixesById,
-            scm,
-            pullRequest,
-            scanner,
-            commitSha
+    ...irrelevantVulnerabilityReportIssues.map(
+      async (vulnerabilityReportIssue) => {
+        let fpDescription = null;
+        if (vulnerabilityReportIssue.fpId) {
+          const fpRes = await gqlClient.getFalsePositive({
+            fpId: vulnerabilityReportIssue.fpId
           });
+          const parsedFpRes = await FalsePositivePartsZ.parseAsync(
+            fpRes?.getFalsePositive
+          );
+          const { description, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
+          fpDescription = contextString ? `${description}
+
+${contextString}` : description;
         }
-      );
-    }),
+        return vulnerabilityReportIssue.codeNodes.map(
+          (vulnerabilityReportIssueCodeNode) => {
+            return postIssueComment({
+              vulnerabilityReportIssueCodeNode: {
+                path: vulnerabilityReportIssueCodeNode.path,
+                startLine: vulnerabilityReportIssueCodeNode.startLine,
+                vulnerabilityReportIssue: {
+                  fixId: "",
+                  safeIssueType: vulnerabilityReportIssue.safeIssueType,
+                  vulnerabilityReportIssueTags: vulnerabilityReportIssue.vulnerabilityReportIssueTags,
+                  category: vulnerabilityReportIssue.category
+                },
+                vulnerabilityReportIssueId: vulnerabilityReportIssue.id
+              },
+              projectId,
+              analysisId,
+              organizationId,
+              fixesById,
+              scm,
+              pullRequest,
+              scanner,
+              commitSha,
+              fpDescription
+            });
+          }
+        );
+      }
+    ),
     postAnalysisInsightComment({
       prVulenrabilities,
       pullRequest,
@@ -7699,20 +7777,24 @@ async function getGitInfo(srcDirPath) {
 
 // src/features/analysis/graphql/gql.ts
 import fetchOrig from "cross-fetch";
-import Debug11 from "debug";
+import Debug12 from "debug";
 import { GraphQLClient } from "graphql-request";
-import { HttpProxyAgent as HttpProxyAgent2 } from "http-proxy-agent";
+import { HttpProxyAgent } from "http-proxy-agent";
 import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
 import { v4 as uuidv4 } from "uuid";
 
 // src/features/analysis/graphql/subscribe.ts
+import Debug11 from "debug";
 import { createClient } from "graphql-ws";
-import { HttpProxyAgent } from "http-proxy-agent";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import WebSocket from "ws";
+var debug11 = Debug11("mobbdev:subscribe");
 var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
 function createWSClient(options) {
-  const proxy = options.url.startsWith("https://") && process.env["HTTPS_PROXY"] ? new HttpsProxyAgent(process.env["HTTPS_PROXY"]) : options.url.startsWith("http://") && process.env["HTTP_PROXY"] ? new HttpProxyAgent(process.env["HTTP_PROXY"]) : null;
+  const proxy = options.url.startsWith("wss://") && process.env["HTTPS_PROXY"] ? new HttpsProxyAgent(process.env["HTTPS_PROXY"]) : options.url.startsWith("ws://") && process.env["HTTP_PROXY"] ? new HttpsProxyAgent(process.env["HTTP_PROXY"]) : null;
+  debug11(
+    `Using proxy: ${proxy ? "yes" : "no"} with url: ${options.url} and with proxy: ${process.env["HTTP_PROXY"]} for the websocket connection`
+  );
   const CustomWebSocket = class extends WebSocket {
     constructor(address, protocols) {
       super(address, protocols, proxy ? { agent: proxy } : void 0);
@@ -7820,6 +7902,7 @@ var VulnerabilityReportIssueNoFixCodeNodeZ = z27.object({
       fixId: z27.string().nullable(),
       category: ValidCategoriesZ,
       safeIssueType: z27.string(),
+      fpId: z27.string().uuid().nullable(),
       codeNodes: z27.array(
         z27.object({
           path: z27.string(),
@@ -7857,7 +7940,7 @@ var GetVulByNodesMetadataZ = z27.object({
 });
 
 // src/features/analysis/graphql/gql.ts
-var debug11 = Debug11("mobbdev:gql");
+var debug12 = Debug12("mobbdev:gql");
 var API_KEY_HEADER_NAME = "x-mobb-key";
 var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
 function getProxyAgent(url) {
@@ -7867,12 +7950,12 @@ function getProxyAgent(url) {
     const isHttps = parsedUrl.protocol === "https:";
     const proxy = isHttps ? HTTPS_PROXY : isHttp ? HTTP_PROXY : null;
     if (proxy) {
-      debug11("Using proxy %s", proxy);
-      debug11("Proxy agent %o", proxy);
-      return isHttps ? new HttpsProxyAgent2(proxy) : new HttpProxyAgent2(proxy);
+      debug12("Using proxy %s", proxy);
+      debug12("Proxy agent %o", proxy);
+      return isHttps ? new HttpsProxyAgent2(proxy) : new HttpProxyAgent(proxy);
     }
   } catch (err) {
-    debug11(`Skipping proxy for ${url}. Reason: ${err.message}`);
+    debug12(`Skipping proxy for ${url}. Reason: ${err.message}`);
   }
   return void 0;
 }
@@ -7887,7 +7970,7 @@ var fetchWithProxy = (url, options = {}) => {
       });
     }
   } catch (err) {
-    debug11(`Skipping proxy for ${url}. Reason: ${err.message}`);
+    debug12(`Skipping proxy for ${url}. Reason: ${err.message}`);
   }
   return fetchOrig(url, options);
 };
@@ -7896,7 +7979,7 @@ var GQLClient = class {
     __publicField(this, "_client");
     __publicField(this, "_clientSdk");
     __publicField(this, "_auth");
-    debug11(`init with  ${args}`);
+    debug12(`init with  ${args}`);
     this._auth = args;
     this._client = new GraphQLClient(API_URL, {
       headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
@@ -7905,7 +7988,7 @@ var GQLClient = class {
       fetch: fetchWithProxy,
       requestMiddleware: (request) => {
         const requestId = uuidv4();
-        debug11(
+        debug12(
           `sending API request with id: ${requestId} and with request: ${request.body}`
         );
         return {
@@ -7935,7 +8018,7 @@ var GQLClient = class {
       await this.getUserInfo();
     } catch (e) {
       if (e?.toString().startsWith("FetchError")) {
-        debug11("verify connection failed %o", e);
+        debug12("verify connection failed %o", e);
         return false;
       }
     }
@@ -7947,7 +8030,7 @@ var GQLClient = class {
     try {
       info = await this.getUserInfo();
     } catch (e) {
-      debug11("verify token failed %o", e);
+      debug12("verify token failed %o", e);
       return false;
     }
     return info?.email || true;
@@ -7991,7 +8074,7 @@ var GQLClient = class {
     try {
       await this._clientSdk.CreateCommunityUser();
     } catch (e) {
-      debug11("create community user failed %o", e);
+      debug12("create community user failed %o", e);
     }
   }
   async updateScmToken(args) {
@@ -8183,19 +8266,22 @@ var GQLClient = class {
   async getReferenceData(args) {
     return this._clientSdk.gitReference(args);
   }
+  async getFalsePositive(args) {
+    return this._clientSdk.getFalsePositive(args);
+  }
 };
 
 // src/features/analysis/pack.ts
 import fs2 from "node:fs";
 import path4 from "node:path";
 import AdmZip from "adm-zip";
-import Debug12 from "debug";
+import Debug13 from "debug";
 import { globby } from "globby";
 import { isBinary } from "istextorbinary";
 import { simpleGit as simpleGit3 } from "simple-git";
 import { parseStringPromise } from "xml2js";
 import { z as z28 } from "zod";
-var debug12 = Debug12("mobbdev:pack");
+var debug13 = Debug13("mobbdev:pack");
 var MAX_FILE_SIZE = 1024 * 1024 * 5;
 var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z28.object({
   properties: z28.object({
@@ -8218,7 +8304,7 @@ function _get_manifest_files_suffixes() {
   return ["package.json", "pom.xml"];
 }
 async function pack(srcDirPath, vulnFiles) {
-  debug12("pack folder %s", srcDirPath);
+  debug13("pack folder %s", srcDirPath);
   let git = void 0;
   try {
     git = simpleGit3({
@@ -8228,13 +8314,13 @@ async function pack(srcDirPath, vulnFiles) {
     });
     await git.status();
   } catch (e) {
-    debug12("failed to run git %o", e);
+    debug13("failed to run git %o", e);
     git = void 0;
     if (e instanceof Error) {
       if (e.message.includes(" spawn ")) {
-        debug12("git cli not installed");
+        debug13("git cli not installed");
       } else if (e.message.includes("not a git repository")) {
-        debug12("folder is not a git repo");
+        debug13("folder is not a git repo");
       } else {
         throw e;
       }
@@ -8249,9 +8335,9 @@ async function pack(srcDirPath, vulnFiles) {
     followSymbolicLinks: false,
     dot: true
   });
-  debug12("files found %d", filepaths.length);
+  debug13("files found %d", filepaths.length);
   const zip = new AdmZip();
-  debug12("compressing files");
+  debug13("compressing files");
   for (const filepath of filepaths) {
     const absFilepath = path4.join(srcDirPath, filepath.toString());
     vulnFiles = vulnFiles.concat(_get_manifest_files_suffixes());
@@ -8259,25 +8345,25 @@ async function pack(srcDirPath, vulnFiles) {
       absFilepath.toString().replaceAll(path4.win32.sep, path4.posix.sep),
       vulnFiles
     )) {
-      debug12("ignoring %s because it is not a vulnerability file", filepath);
+      debug13("ignoring %s because it is not a vulnerability file", filepath);
       continue;
     }
     if (fs2.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
-      debug12("ignoring %s because the size is > 5MB", filepath);
+      debug13("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
     const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs2.readFileSync(absFilepath);
     if (isBinary(null, data)) {
-      debug12("ignoring %s because is seems to be a binary file", filepath);
+      debug13("ignoring %s because is seems to be a binary file", filepath);
       continue;
     }
     zip.addFile(filepath.toString(), data);
   }
-  debug12("get zip file buffer");
+  debug13("get zip file buffer");
   return zip.toBuffer();
 }
 async function repackFpr(fprPath) {
-  debug12("repack fpr file %s", fprPath);
+  debug13("repack fpr file %s", fprPath);
   const zipIn = new AdmZip(fprPath);
   const zipOut = new AdmZip();
   const mappingXML = zipIn.readAsText("src-archive/index.xml", "utf-8");
@@ -8292,7 +8378,7 @@ async function repackFpr(fprPath) {
       zipOut.addFile(realPath, buf);
     }
   }
-  debug12("get repacked zip file buffer");
+  debug13("get repacked zip file buffer");
   return zipOut.toBuffer();
 }
 
@@ -8369,7 +8455,7 @@ var cxOperatingSystemSupportMessage = `Your operating system does not support ch
 
 // src/utils/child_process.ts
 import cp from "node:child_process";
-import Debug13 from "debug";
+import Debug14 from "debug";
 import * as process2 from "process";
 import supportsColor from "supports-color";
 var { stdout: stdout2 } = supportsColor;
@@ -8388,16 +8474,16 @@ function createSpwan({ args, processPath, name }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug19 = Debug13(`mobbdev:${name}`);
+  const debug20 = Debug14(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
     const onData = (chunk) => {
-      debug19(`chunk received from ${name} std ${chunk}`);
+      debug20(`chunk received from ${name} std ${chunk}`);
       out += chunk;
     };
     if (!childProcess || !childProcess?.stdout || !childProcess?.stderr) {
-      debug19(`unable to fork ${name}`);
+      debug20(`unable to fork ${name}`);
       reject(new Error(`unable to fork ${name}`));
     }
     childProcess.stdout?.on("data", onData);
@@ -8407,11 +8493,11 @@ function createChildProcess({ childProcess, name }, options) {
       childProcess.stderr?.pipe(process2.stderr);
     }
     childProcess.on("exit", (code) => {
-      debug19(`${name} exit code ${code}`);
+      debug20(`${name} exit code ${code}`);
       resolve({ message: out, code });
     });
     childProcess.on("error", (err) => {
-      debug19(`${name} error %o`, err);
+      debug20(`${name} error %o`, err);
       reject(err);
     });
   });
@@ -8419,12 +8505,12 @@ function createChildProcess({ childProcess, name }, options) {
 
 // src/features/analysis/scanners/checkmarx.ts
 import chalk2 from "chalk";
-import Debug14 from "debug";
+import Debug15 from "debug";
 import { existsSync } from "fs";
 import { createSpinner as createSpinner2 } from "nanospinner";
 import { type } from "os";
 import path5 from "path";
-var debug13 = Debug14("mobbdev:checkmarx");
+var debug14 = Debug15("mobbdev:checkmarx");
 var require2 = createRequire(import.meta.url);
 var getCheckmarxPath = () => {
   const os2 = type();
@@ -8465,14 +8551,14 @@ function validateCheckmarxInstallation() {
   existsSync(getCheckmarxPath());
 }
 async function forkCheckmarx(args, { display }) {
-  debug13("fork checkmarx with args %o %s", args.join(" "), display);
+  debug14("fork checkmarx with args %o %s", args.join(" "), display);
   return createSpwan(
     { args, processPath: getCheckmarxPath(), name: "checkmarx" },
     { display }
   );
 }
 async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectName }, { skipPrompts = false }) {
-  debug13("get checkmarx report start %s %s", reportPath, repositoryRoot);
+  debug14("get checkmarx report start %s %s", reportPath, repositoryRoot);
   const { code: loginCode } = await forkCheckmarx(VALIDATE_COMMAND, {
     display: false
   });
@@ -8540,20 +8626,20 @@ async function validateCheckamxCredentials() {
 // src/features/analysis/scanners/snyk.ts
 import { createRequire as createRequire2 } from "node:module";
 import chalk3 from "chalk";
-import Debug15 from "debug";
+import Debug16 from "debug";
 import { createSpinner as createSpinner3 } from "nanospinner";
 import open from "open";
-var debug14 = Debug15("mobbdev:snyk");
+var debug15 = Debug16("mobbdev:snyk");
 var require3 = createRequire2(import.meta.url);
 var SNYK_PATH = require3.resolve("snyk/bin/snyk");
 var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-using-snyk/snyk-code/configure-snyk-code#enable-snyk-code";
-debug14("snyk executable path %s", SNYK_PATH);
+debug15("snyk executable path %s", SNYK_PATH);
 async function forkSnyk(args, { display }) {
-  debug14("fork snyk with args %o %s", args, display);
+  debug15("fork snyk with args %o %s", args, display);
   return createFork({ args, processPath: SNYK_PATH, name: "snyk" }, { display });
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
-  debug14("get snyk report start %s %s", reportPath, repoRoot);
+  debug15("get snyk report start %s %s", reportPath, repoRoot);
   const config4 = await forkSnyk(["config"], { display: false });
   const { message: configMessage } = config4;
   if (!configMessage.includes("api: ")) {
@@ -8567,7 +8653,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug14("no token in the config %s", config4);
+    debug15("no token in the config %s", config4);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -8577,12 +8663,12 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     { display: true }
   );
   if (scanOutput.includes("Snyk Code is not supported for org")) {
-    debug14("snyk code is not enabled %s", scanOutput);
+    debug15("snyk code is not enabled %s", scanOutput);
     snykSpinner.error({ text: "\u{1F50D} Snyk configuration needed" });
     const answer = await snykArticlePrompt();
-    debug14("answer %s", answer);
+    debug15("answer %s", answer);
     if (answer) {
-      debug14("opening the browser");
+      debug15("opening the browser");
       await open(SNYK_ARTICLE_URL);
     }
     console.log(
@@ -8597,18 +8683,18 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
 }
 
 // src/features/analysis/upload-file.ts
-import Debug16 from "debug";
+import Debug17 from "debug";
 import fetch3, { File, fileFrom, FormData } from "node-fetch";
-var debug15 = Debug16("mobbdev:upload-file");
+var debug16 = Debug17("mobbdev:upload-file");
 async function uploadFile({
   file,
   url,
   uploadKey,
   uploadFields
 }) {
-  debug15("upload file start %s", url);
-  debug15("upload fields %o", uploadFields);
-  debug15("upload key %s", uploadKey);
+  debug16("upload file start %s", url);
+  debug16("upload fields %o", uploadFields);
+  debug16("upload key %s", uploadKey);
   const form = new FormData();
   Object.entries(uploadFields).forEach(([key, value]) => {
     form.append(key, value);
@@ -8617,10 +8703,10 @@ async function uploadFile({
     form.append("key", uploadKey);
   }
   if (typeof file === "string") {
-    debug15("upload file from path %s", file);
+    debug16("upload file from path %s", file);
     form.append("file", await fileFrom(file));
   } else {
-    debug15("upload file from buffer");
+    debug16("upload file from buffer");
     form.append("file", new File([file], "file"));
   }
   const agent = getProxyAgent(url);
@@ -8630,10 +8716,10 @@ async function uploadFile({
     agent
   });
   if (!response.ok) {
-    debug15("error from S3 %s %s", response.body, response.status);
+    debug16("error from S3 %s %s", response.body, response.status);
     throw new Error(`Failed to upload the file: ${response.status}`);
   }
-  debug15("upload file done");
+  debug16("upload file done");
 }
 
 // src/features/analysis/index.ts
@@ -8667,9 +8753,9 @@ async function downloadRepo({
 }) {
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
-  debug16("download repo %s %s %s", repoUrl, dirname);
+  debug17("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path6.join(dirname, "repo.zip");
-  debug16("download URL: %s auth headers: %o", downloadUrl, authHeaders);
+  debug17("download URL: %s auth headers: %o", downloadUrl, authHeaders);
   const response = await fetch4(downloadUrl, {
     method: "GET",
     headers: {
@@ -8677,7 +8763,7 @@ async function downloadRepo({
     }
   });
   if (!response.ok) {
-    debug16("SCM zipball request failed %s %s", response.body, response.status);
+    debug17("SCM zipball request failed %s %s", response.body, response.status);
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(`Can't access ${chalk4.bold(repoUrl)}`);
   }
@@ -8691,7 +8777,7 @@ async function downloadRepo({
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
-  debug16("repo root %s", repoRoot);
+  debug17("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
   return path6.join(dirname, repoRoot);
 }
@@ -8700,9 +8786,9 @@ var getReportUrl = ({
   projectId,
   fixReportId
 }) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
-var debug16 = Debug17("mobbdev:index");
+var debug17 = Debug18("mobbdev:index");
 var config2 = new Configstore(packageJson.name, { apiToken: "" });
-debug16("config %o", config2);
+debug17("config %o", config2);
 async function runAnalysis(params, options) {
   const tmpObj = tmp.dirSync({
     unsafeCleanup: true
@@ -8846,7 +8932,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     commitDirectly,
     pullRequest
   } = params;
-  debug16("start %s %s", dirname, repo);
+  debug17("start %s %s", dirname, repo);
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
   let gqlClient = new GQLClient({
@@ -8917,8 +9003,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     );
   }
   const { sha } = getReferenceDataRes.gitReference;
-  debug16("project id %s", projectId);
-  debug16("default branch %s", reference);
+  debug17("project id %s", projectId);
+  debug17("default branch %s", reference);
   if (command === "scan") {
     reportPath = await getReport(
       {
@@ -9247,9 +9333,9 @@ async function waitForAnaysisAndReviewPr({
 import chalk5 from "chalk";
 import chalkAnimation from "chalk-animation";
 import Configstore2 from "configstore";
-import Debug18 from "debug";
+import Debug19 from "debug";
 import open3 from "open";
-var debug17 = Debug18("mobbdev:commands");
+var debug18 = Debug19("mobbdev:commands");
 async function review(params, { skipPrompts = true } = {}) {
   const {
     repo,
@@ -9438,9 +9524,9 @@ async function handleMobbLogin({
     });
     loginSpinner.spin();
     if (encryptedApiToken) {
-      debug17("encrypted API token received %s", encryptedApiToken);
+      debug18("encrypted API token received %s", encryptedApiToken);
       newApiToken = crypto.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
-      debug17("API token decrypted");
+      debug18("API token decrypted");
       break;
     }
     await sleep(LOGIN_CHECK_DELAY);
@@ -9454,7 +9540,7 @@ async function handleMobbLogin({
   const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
   const loginSuccess = await newGqlClient.verifyToken();
   if (loginSuccess) {
-    debug17("set api token %s", newApiToken);
+    debug18("set api token %s", newApiToken);
     config3.set("apiToken", newApiToken);
     loginSpinner.success({
       text: `\u{1F513} Login to Mobb successful! ${typeof loginSpinner === "string" ? `Logged in as ${loginSuccess}` : ""}`
@@ -9849,13 +9935,13 @@ var parseArgs = async (args) => {
 };
 
 // src/index.ts
-var debug18 = Debug19("mobbdev:index");
+var debug19 = Debug20("mobbdev:index");
 async function run() {
   return parseArgs(hideBin(process.argv));
 }
 (async () => {
   try {
-    debug18("Bugsy CLI v%s running...", packageJson.version);
+    debug19("Bugsy CLI v%s running...", packageJson.version);
     await run();
     process.exit(0);
   } catch (err) {