mobbdev 1.0.67 → 1.0.74

package/dist/index.mjs

@@ -111,6 +111,7 @@ var IssueLanguage_Enum = /* @__PURE__ */ ((IssueLanguage_Enum2) => {
 })(IssueLanguage_Enum || {});
 var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["AutoEscapeFalse"] = "AUTO_ESCAPE_FALSE";
+  IssueType_Enum2["AvoidIdentityComparisonCachedTypes"] = "AVOID_IDENTITY_COMPARISON_CACHED_TYPES";
   IssueType_Enum2["ClientDomStoredCodeInjection"] = "CLIENT_DOM_STORED_CODE_INJECTION";
   IssueType_Enum2["CmDi"] = "CMDi";
   IssueType_Enum2["CmDiRelativePathCommand"] = "CMDi_relative_path_command";
@@ -146,6 +147,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["InsecureBinderConfiguration"] = "INSECURE_BINDER_CONFIGURATION";
   IssueType_Enum2["InsecureCookie"] = "INSECURE_COOKIE";
   IssueType_Enum2["InsecureRandomness"] = "INSECURE_RANDOMNESS";
+  IssueType_Enum2["InsecureTmpFile"] = "INSECURE_TMP_FILE";
   IssueType_Enum2["InsecureUuidVersion"] = "INSECURE_UUID_VERSION";
   IssueType_Enum2["InsufficientLogging"] = "INSUFFICIENT_LOGGING";
   IssueType_Enum2["JqueryDeprecatedSymbols"] = "JQUERY_DEPRECATED_SYMBOLS";
@@ -158,10 +160,13 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
   IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
   IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
+  IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
   IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
   IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
   IssueType_Enum2["NoEquivalenceMethod"] = "NO_EQUIVALENCE_METHOD";
   IssueType_Enum2["NoLimitsOrThrottling"] = "NO_LIMITS_OR_THROTTLING";
+  IssueType_Enum2["NoReturnInFinally"] = "NO_RETURN_IN_FINALLY";
+  IssueType_Enum2["NoVar"] = "NO_VAR";
   IssueType_Enum2["NullDereference"] = "NULL_DEREFERENCE";
   IssueType_Enum2["OpenRedirect"] = "OPEN_REDIRECT";
   IssueType_Enum2["OverlyBroadCatch"] = "OVERLY_BROAD_CATCH";
@@ -177,6 +182,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["SqlInjection"] = "SQL_Injection";
   IssueType_Enum2["Ssrf"] = "SSRF";
   IssueType_Enum2["StringFormatMisuse"] = "STRING_FORMAT_MISUSE";
+  IssueType_Enum2["SystemExitShouldReraise"] = "SYSTEM_EXIT_SHOULD_RERAISE";
   IssueType_Enum2["SystemInformationLeak"] = "SYSTEM_INFORMATION_LEAK";
   IssueType_Enum2["SystemInformationLeakExternal"] = "SYSTEM_INFORMATION_LEAK_EXTERNAL";
   IssueType_Enum2["TrustBoundaryViolation"] = "TRUST_BOUNDARY_VIOLATION";
@@ -459,10 +465,24 @@ var GetVulByNodesMetadataDocument = `
       vulnerabilityReportIssueTags {
         tag: vulnerability_report_issue_tag_value
       }
-      codeNodes(order_by: {index: desc}, where: {_or: $filters}) {
+      codeNodes(order_by: {index: desc}, where: {_or: $filters}, limit: 1) {
         path
         startLine
       }
+      fpId
+    }
+  }
+}
+    `;
+var GetFalsePositiveDocument = `
+    query getFalsePositive($fpId: uuid!) {
+  getFalsePositive(fpId: $fpId) {
+    ... on FalsePositiveData {
+      extraContext {
+        key
+        value
+      }
+      fixDescription
     }
   }
 }
@@ -693,6 +713,9 @@ function getSdk(client, withWrapper = defaultWrapper) {
     getVulByNodesMetadata(variables, requestHeaders) {
       return withWrapper((wrappedRequestHeaders) => client.request(GetVulByNodesMetadataDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getVulByNodesMetadata", "query", variables);
     },
+    getFalsePositive(variables, requestHeaders) {
+      return withWrapper((wrappedRequestHeaders) => client.request(GetFalsePositiveDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "getFalsePositive", "query", variables);
+    },
     updateScmToken(variables, requestHeaders) {
       return withWrapper((wrappedRequestHeaders) => client.request(UpdateScmTokenDocument, variables, { ...requestHeaders, ...wrappedRequestHeaders }), "updateScmToken", "mutation", variables);
     },
@@ -1146,7 +1169,13 @@ var issueTypeMap = {
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: "String Literals Should not Be Duplicated",
   ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: "Insecure UUID Version",
   ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: "GitHub Actions Shell Injection",
-  ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: "Unsafe Web Thread"
+  ["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: "Modified Default Param",
+  ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: "Unsafe Web Thread",
+  ["NO_VAR" /* NoVar */]: 'Prefer "let" or "const"',
+  ["INSECURE_TMP_FILE" /* InsecureTmpFile */]: "Insecure Temporary File",
+  ["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: "SystemExit Should Reraise",
+  ["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: "No Return in Finally Block",
+  ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types"
 };
 var issueTypeZ = z5.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -1179,6 +1208,22 @@ var issueDescription = {
   ["TEST_CODE" /* TestCode */]: "The flagged code resides in a test-specific path or context. This categorization indicates that **it supports testing scenarios and is isolated from production use**.",
   ["VENDOR_CODE" /* VendorCode */]: "The flagged code originates from a third-party library or dependency maintained externally. This categorization suggests that **the issue lies outside the application\u2019s direct control** and should be addressed by the vendor if necessary."
 };
+function replaceKeysWithValues(fixDescription, extraContext) {
+  let result = fixDescription;
+  extraContext.forEach(({ key, value }) => {
+    result = result.replace(`\${${key}}`, value);
+  });
+  return result;
+}
+function getParsedFalsePositiveMessage(data) {
+  const { fixDescription, extraContext } = data;
+  const containsTemplate = extraContext.some(
+    (context) => fixDescription.includes(`\${${context.key}}`)
+  );
+  const description = containsTemplate ? replaceKeysWithValues(fixDescription, extraContext) : fixDescription;
+  const contextString = containsTemplate ? null : `\`\`\`${extraContext.map(({ value }) => value).join(" ")} \`\`\``;
+  return { description, contextString };
+}
 
 // src/features/analysis/scm/shared/src/validations.ts
 var IssueTypeSettingZ = z6.object({
@@ -1260,7 +1305,9 @@ var ReportQueryResultZ = z7.object({
     }),
     fixesDoneCount: z7.number(),
     fixesInprogressCount: z7.number(),
-    fixesReadyCount: z7.number(),
+    fixesReadyCount: z7.object({
+      aggregate: z7.object({ count: z7.number() })
+    }),
     issueTypes: z7.record(z7.string(), z7.number()).nullable(),
     issueLanguages: z7.record(z7.string(), z7.number()).nullable(),
     fixesCountByEffort: z7.record(z7.string(), z7.number()).nullable(),
@@ -1799,9 +1846,6 @@ import { z as z29 } from "zod";
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
 import Debug8 from "debug";
 
-// src/features/analysis/scm/github/GithubSCMLib.ts
-import { z as z24 } from "zod";
-
 // src/features/analysis/scm/errors.ts
 var InvalidRepoUrlError = class extends Error {
   constructor(m) {
@@ -1830,26 +1874,26 @@ var RepoNoTokenAccessError = class extends Error {
   }
 };
 
-// src/features/analysis/scm/scmSubmit/index.ts
-import { simpleGit } from "simple-git";
-var isValidBranchName = async (branchName) => {
-  const git = simpleGit();
-  try {
-    const res = await git.raw(["check-ref-format", "--branch", branchName]);
-    if (res) {
-      return true;
-    }
-    return false;
-  } catch (e) {
-    return false;
-  }
-};
+// src/features/analysis/scm/ado/constants.ts
+var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
 
-// src/features/analysis/scm/types.ts
-import { z as z14 } from "zod";
+// src/features/analysis/scm/ado/utils.ts
+import querystring from "node:querystring";
+import * as api from "azure-devops-node-api";
+import Debug2 from "debug";
+import { z as z18 } from "zod";
 
-// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
+// src/features/analysis/scm/env.ts
 import { z as z9 } from "zod";
+var EnvVariablesZod = z9.object({
+  GITLAB_API_TOKEN: z9.string().optional(),
+  GITHUB_API_TOKEN: z9.string().optional(),
+  GIT_PROXY_HOST: z9.string()
+});
+var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
+
+// src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
+import { z as z10 } from "zod";
 
 // src/features/analysis/scm/shared/src/fixDetailsData.ts
 var fixDetailsData = {
@@ -2094,7 +2138,13 @@ var fixDetailsData = {
   ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: void 0,
   ["INSECURE_UUID_VERSION" /* InsecureUuidVersion */]: void 0,
   ["GH_ACTIONS_SHELL_INJECTION" /* GhActionsShellInjection */]: void 0,
-  ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: void 0
+  ["MODIFIED_DEFAULT_PARAM" /* ModifiedDefaultParam */]: void 0,
+  ["UNSAFE_WEB_THREAD" /* UnsafeWebThread */]: void 0,
+  ["NO_VAR" /* NoVar */]: void 0,
+  ["INSECURE_TMP_FILE" /* InsecureTmpFile */]: void 0,
+  ["SYSTEM_EXIT_SHOULD_RERAISE" /* SystemExitShouldReraise */]: void 0,
+  ["NO_RETURN_IN_FINALLY" /* NoReturnInFinally */]: void 0,
+  ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -2125,7 +2175,7 @@ var getCommitDescription = ({
   )}**.
 
 `;
-  const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
+  const parseIssueTypeRes = z10.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
       description += `
@@ -2162,22 +2212,24 @@ ${guidances.map(({ guidance }) => `## Additional actions required
 var getCommitIssueDescription = ({
   vendor,
   issueType,
-  irrelevantIssueWithTags
+  irrelevantIssueWithTags,
+  fpDescription
 }) => {
   const issueTypeString = getIssueTypeFriendlyString(issueType);
   let description = `The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 `;
-  const parseIssueTypeRes = z9.nativeEnum(IssueType_Enum).safeParse(issueType);
+  const parseIssueTypeRes = z10.nativeEnum(IssueType_Enum).safeParse(issueType);
   if (issueType && parseIssueTypeRes.success) {
     if (irrelevantIssueWithTags?.[0]?.tag) {
-      description += `
+      description = `
 > [!tip]
+> The following issues reported by ${capitalizeFirstLetter(vendor)} on this PR were found to be irrelevant to your project:
 > ${issueTypeString} - ${lowercaseFirstLetter(getTagTooltip(irrelevantIssueWithTags[0].tag))}.
 > Mobb recommends to ignore this issue, however fix is available if you think differently. 
 
 
 ## Justification
-${issueDescription[irrelevantIssueWithTags[0].tag]}
+${fpDescription ?? issueDescription[irrelevantIssueWithTags[0].tag]}
 `;
     }
     const staticData = fixDetailsData[parseIssueTypeRes.data];
@@ -2191,10 +2243,10 @@ ${staticData.issueDescription}
 };
 
 // src/features/analysis/scm/shared/src/guidances.ts
-import { z as z12 } from "zod";
+import { z as z13 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-import { z as z10 } from "zod";
+import { z as z11 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedFixData/passwordInComment.ts
 var passwordInComment = {
@@ -2370,8 +2422,8 @@ var vulnerabilities8 = {
 var xml_default = vulnerabilities8;
 
 // src/features/analysis/scm/shared/src/storedFixData/index.ts
-var StoredFixDataItemZ = z10.object({
-  guidance: z10.function().returns(z10.string())
+var StoredFixDataItemZ = z11.object({
+  guidance: z11.function().returns(z11.string())
 });
 var languages = {
   ["Java" /* Java */]: java_default,
@@ -2385,7 +2437,7 @@ var languages = {
 };
 
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-import { z as z11 } from "zod";
+import { z as z12 } from "zod";
 
 // src/features/analysis/scm/shared/src/storedQuestionData/csharp/httpOnlyCookie.ts
 var httpOnlyCookie = {
@@ -3584,10 +3636,10 @@ var vulnerabilities14 = {
 var xml_default2 = vulnerabilities14;
 
 // src/features/analysis/scm/shared/src/storedQuestionData/index.ts
-var StoredQuestionDataItemZ = z11.object({
-  content: z11.function().args(z11.any()).returns(z11.string()),
-  description: z11.function().args(z11.any()).returns(z11.string()),
-  guidance: z11.function().args(z11.any()).returns(z11.string())
+var StoredQuestionDataItemZ = z12.object({
+  content: z12.function().args(z12.any()).returns(z12.string()),
+  description: z12.function().args(z12.any()).returns(z12.string()),
+  guidance: z12.function().args(z12.any()).returns(z12.string())
 });
 var languages2 = {
   ["Java" /* Java */]: java_default2,
@@ -3682,9 +3734,9 @@ function getFixGuidances({
   const fixGuidance = storeFixResult.success ? [storeFixResult.data.guidance({ questions, ...extraContext })] : [];
   return libGuidances.concat(fixGuidance).filter((guidance) => !!guidance);
 }
-var IssueTypeAndLanguageZ = z12.object({
-  issueType: z12.nativeEnum(IssueType_Enum),
-  issueLanguage: z12.nativeEnum(IssueLanguage_Enum)
+var IssueTypeAndLanguageZ = z13.object({
+  issueType: z13.nativeEnum(IssueType_Enum),
+  issueLanguage: z13.nativeEnum(IssueLanguage_Enum)
 });
 function getGuidances(args) {
   const safeIssueTypeAndLanguage = IssueTypeAndLanguageZ.safeParse({
@@ -3722,7 +3774,7 @@ function getGuidances(args) {
 }
 
 // src/features/analysis/scm/shared/src/urlParser/urlParser.ts
-import { z as z13 } from "zod";
+import { z as z14 } from "zod";
 var ADO_PREFIX_PATH = "tfs";
 var NAME_REGEX = /[a-z0-9\-_.+]+/i;
 function detectAdoUrl(args) {
@@ -3739,7 +3791,7 @@ function detectAdoUrl(args) {
         scmType: "Ado" /* Ado */,
         organization,
         // project has single repo - repoName === projectName
-        projectName: z13.string().parse(projectName),
+        projectName: z14.string().parse(projectName),
         repoName: projectName,
         prefixPath
       };
@@ -3750,7 +3802,7 @@ function detectAdoUrl(args) {
       return {
         scmType: "Ado" /* Ado */,
         organization,
-        projectName: z13.string().parse(projectName),
+        projectName: z14.string().parse(projectName),
         repoName,
         prefixPath
       };
@@ -3764,7 +3816,7 @@ function detectAdoUrl(args) {
           scmType: "Ado" /* Ado */,
           organization,
           // project has only one repo - repoName === projectName
-          projectName: z13.string().parse(repoName),
+          projectName: z14.string().parse(repoName),
           repoName,
           prefixPath
         };
@@ -3774,7 +3826,7 @@ function detectAdoUrl(args) {
         return {
           scmType: "Ado" /* Ado */,
           organization,
-          projectName: z13.string().parse(projectName),
+          projectName: z14.string().parse(projectName),
           repoName,
           prefixPath
         };
@@ -3900,7 +3952,11 @@ function getIssueUrl({
   return `${appBaseUrl}/organization/${organizationId}/project/${projectId}/report/${analysisId}/issue/${issueId}`;
 }
 
+// src/features/analysis/scm/utils/index.ts
+import { z as z16 } from "zod";
+
 // src/features/analysis/scm/types.ts
+import { z as z15 } from "zod";
 var ReferenceType = /* @__PURE__ */ ((ReferenceType2) => {
   ReferenceType2["BRANCH"] = "BRANCH";
   ReferenceType2["COMMIT"] = "COMMIT";
@@ -3932,14 +3988,13 @@ var scmTypeToScmLibScmType = {
   ["Ado" /* Ado */]: "ADO" /* ADO */,
   ["Bitbucket" /* Bitbucket */]: "BITBUCKET" /* BITBUCKET */
 };
-var GetRefererenceResultZ = z14.object({
-  date: z14.date().optional(),
-  sha: z14.string(),
-  type: z14.nativeEnum(ReferenceType)
+var GetRefererenceResultZ = z15.object({
+  date: z15.date().optional(),
+  sha: z15.string(),
+  type: z15.nativeEnum(ReferenceType)
 });
 
 // src/features/analysis/scm/utils/index.ts
-import { z as z15 } from "zod";
 function getFixUrlWithRedirect(params) {
   const {
     fixId,
@@ -4050,7 +4105,7 @@ function shouldValidateUrl(repoUrl) {
   return repoUrl && isUrlHasPath(repoUrl);
 }
 function isBrokerUrl(url) {
-  return z15.string().uuid().safeParse(new URL(url).host).success;
+  return z16.string().uuid().safeParse(new URL(url).host).success;
 }
 function buildAuthorizedRepoUrl(args) {
   const { url, username, password } = args;
@@ -4086,7 +4141,7 @@ function getCloudScmLibTypeFromUrl(url) {
   return void 0;
 }
 function getScmLibTypeFromScmType(scmType) {
-  const parsedScmType = z15.nativeEnum(ScmType).parse(scmType);
+  const parsedScmType = z16.nativeEnum(ScmType).parse(scmType);
   return scmTypeToScmLibScmType[parsedScmType];
 }
 function getScmConfig({
@@ -4152,162 +4207,6 @@ function getScmConfig({
   };
 }
 
-// src/features/analysis/scm/scm.ts
-var SCMLib = class {
-  constructor(url, accessToken, scmOrg) {
-    __publicField(this, "url");
-    __publicField(this, "accessToken");
-    __publicField(this, "scmOrg");
-    this.accessToken = accessToken;
-    this.url = url;
-    this.scmOrg = scmOrg;
-  }
-  async getUrlWithCredentials() {
-    if (!this.url) {
-      console.error("no url for getUrlWithCredentials()");
-      throw new Error("no url");
-    }
-    const trimmedUrl = this.url.trim().replace(/\/$/, "");
-    const accessToken = this.getAccessToken();
-    if (!accessToken) {
-      return trimmedUrl;
-    }
-    if (this.scmLibType === "ADO" /* ADO */) {
-      const { host, protocol, pathname } = new URL(trimmedUrl);
-      return `${protocol}//${accessToken}@${host}${pathname}`;
-    }
-    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
-    const username = await this._getUsernameForAuthUrl();
-    return buildAuthorizedRepoUrl({
-      url: finalUrl,
-      username,
-      password: accessToken
-    });
-  }
-  getAccessToken() {
-    return this.accessToken || "";
-  }
-  getUrl() {
-    return this.url;
-  }
-  getName() {
-    if (!this.url) {
-      return "";
-    }
-    return this.url.split("/").at(-1) || "";
-  }
-  _validateAccessToken() {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-  }
-  static async getIsValidBranchName(branchName) {
-    return isValidBranchName(branchName);
-  }
-  _validateAccessTokenAndUrl() {
-    this._validateAccessToken();
-    this._validateUrl();
-  }
-  _validateUrl() {
-    if (!this.url) {
-      console.error("no url");
-      throw new InvalidRepoUrlError("no url");
-    }
-  }
-};
-
-// src/features/analysis/scm/github/github.ts
-import { RequestError } from "@octokit/request-error";
-
-// src/features/analysis/scm/constants.ts
-var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
-var MAX_BRANCHES_FETCH = 1e3;
-
-// src/features/analysis/scm/github/consts.ts
-var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
-var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
-var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
-var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
-var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
-var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
-var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
-var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
-var GET_USER = "GET /user";
-var GET_USER_REPOS = "GET /user/repos";
-var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
-var GET_BLAME_DOCUMENT = `
-      query GetBlame(
-        $owner: String!
-        $repo: String!
-        $ref: String!
-        $path: String!
-      ) {
-        repository(name: $repo, owner: $owner) {
-          # branch name
-          object(expression: $ref) {
-            # cast Target to a Commit
-            ... on Commit {
-              # full repo-relative path to blame file
-              blame(path: $path) {
-                ranges {
-                  commit {
-                    author {
-                      user {
-                        name
-                        login
-                      }
-                    }
-                    authoredDate
-                  }
-                  startingLine
-                  endingLine
-                  age
-                }
-              }
-            }
-            
-          }
-        }
-      }
-    `;
-
-// src/features/analysis/scm/github/utils/encrypt_secret.ts
-import sodium from "libsodium-wrappers";
-async function encryptSecret(secret, key) {
-  await sodium.ready;
-  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
-  const binsec = sodium.from_string(secret);
-  const encBytes = sodium.crypto_box_seal(binsec, binkey);
-  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
-}
-
-// src/features/analysis/scm/github/utils/utils.ts
-import { Octokit } from "octokit";
-import { fetch as fetch2, ProxyAgent as ProxyAgent2 } from "undici";
-
-// src/features/analysis/scm/ado/constants.ts
-var DEFUALT_ADO_ORIGIN = scmCloudUrl.Ado;
-
-// src/features/analysis/scm/ado/utils.ts
-import querystring from "node:querystring";
-import * as api from "azure-devops-node-api";
-import Debug2 from "debug";
-import { z as z18 } from "zod";
-
-// src/features/analysis/scm/env.ts
-import { z as z16 } from "zod";
-var EnvVariablesZod = z16.object({
-  GITLAB_API_TOKEN: z16.string().optional(),
-  GITHUB_API_TOKEN: z16.string().optional(),
-  GIT_PROXY_HOST: z16.string()
-});
-var { GITLAB_API_TOKEN, GITHUB_API_TOKEN, GIT_PROXY_HOST } = EnvVariablesZod.parse(process.env);
-
 // src/features/analysis/scm/ado/validation.ts
 import { z as z17 } from "zod";
 var ValidPullRequestStatusZ = z17.union([
@@ -4918,39 +4817,121 @@ async function getAdoRepoList({
 
 // src/features/analysis/scm/ado/AdoSCMLib.ts
 import { setTimeout as setTimeout2 } from "node:timers/promises";
-async function initAdoSdk(params) {
-  const { url, accessToken, scmOrg } = params;
-  const adoClientParams = await getAdoClientParams({
-    tokenOrg: scmOrg,
-    accessToken,
-    url
-  });
-  return getAdoSdk(adoClientParams);
-}
-var AdoSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-    __publicField(this, "_adoSdkPromise");
-    this._adoSdkPromise = initAdoSdk({ accessToken, url, scmOrg });
-  }
-  async getAdoSdk() {
-    if (!this._adoSdkPromise) {
-      console.error("ado sdk was not initialized");
-      throw new InvalidAccessTokenError("ado sdk was not initialized");
+
+// src/features/analysis/scm/scmSubmit/index.ts
+import { simpleGit } from "simple-git";
+var isValidBranchName = async (branchName) => {
+  const git = simpleGit();
+  try {
+    const res = await git.raw(["check-ref-format", "--branch", branchName]);
+    if (res) {
+      return true;
     }
-    return this._adoSdkPromise;
+    return false;
+  } catch (e) {
+    return false;
   }
-  async createSubmitRequest(params) {
-    this._validateAccessTokenAndUrl();
-    for (let i = 0; i < 5; i++) {
-      try {
-        const { targetBranchName, sourceBranchName, title, body } = params;
-        const adoSdk = await this.getAdoSdk();
-        const pullRequestId = await adoSdk.createAdoPullRequest({
-          title,
-          body,
-          targetBranchName,
-          sourceBranchName,
+};
+
+// src/features/analysis/scm/scm.ts
+var SCMLib = class {
+  constructor(url, accessToken, scmOrg) {
+    __publicField(this, "url");
+    __publicField(this, "accessToken");
+    __publicField(this, "scmOrg");
+    this.accessToken = accessToken;
+    this.url = url;
+    this.scmOrg = scmOrg;
+  }
+  async getUrlWithCredentials() {
+    if (!this.url) {
+      console.error("no url for getUrlWithCredentials()");
+      throw new Error("no url");
+    }
+    const trimmedUrl = this.url.trim().replace(/\/$/, "");
+    const accessToken = this.getAccessToken();
+    if (!accessToken) {
+      return trimmedUrl;
+    }
+    if (this.scmLibType === "ADO" /* ADO */) {
+      const { host, protocol, pathname } = new URL(trimmedUrl);
+      return `${protocol}//${accessToken}@${host}${pathname}`;
+    }
+    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
+    const username = await this._getUsernameForAuthUrl();
+    return buildAuthorizedRepoUrl({
+      url: finalUrl,
+      username,
+      password: accessToken
+    });
+  }
+  getAccessToken() {
+    return this.accessToken || "";
+  }
+  getUrl() {
+    return this.url;
+  }
+  getName() {
+    if (!this.url) {
+      return "";
+    }
+    return this.url.split("/").at(-1) || "";
+  }
+  _validateAccessToken() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+  }
+  static async getIsValidBranchName(branchName) {
+    return isValidBranchName(branchName);
+  }
+  _validateAccessTokenAndUrl() {
+    this._validateAccessToken();
+    this._validateUrl();
+  }
+  _validateUrl() {
+    if (!this.url) {
+      console.error("no url");
+      throw new InvalidRepoUrlError("no url");
+    }
+  }
+};
+
+// src/features/analysis/scm/ado/AdoSCMLib.ts
+async function initAdoSdk(params) {
+  const { url, accessToken, scmOrg } = params;
+  const adoClientParams = await getAdoClientParams({
+    tokenOrg: scmOrg,
+    accessToken,
+    url
+  });
+  return getAdoSdk(adoClientParams);
+}
+var AdoSCMLib = class extends SCMLib {
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
+    __publicField(this, "_adoSdkPromise");
+    this._adoSdkPromise = initAdoSdk({ accessToken, url, scmOrg });
+  }
+  async getAdoSdk() {
+    if (!this._adoSdkPromise) {
+      console.error("ado sdk was not initialized");
+      throw new InvalidAccessTokenError("ado sdk was not initialized");
+    }
+    return this._adoSdkPromise;
+  }
+  async createSubmitRequest(params) {
+    this._validateAccessTokenAndUrl();
+    for (let i = 0; i < 5; i++) {
+      try {
+        const { targetBranchName, sourceBranchName, title, body } = params;
+        const adoSdk = await this.getAdoSdk();
+        const pullRequestId = await adoSdk.createAdoPullRequest({
+          title,
+          body,
+          targetBranchName,
+          sourceBranchName,
           repoUrl: this.url
         });
         return String(pullRequestId);
@@ -5662,1408 +5643,1482 @@ var BitbucketSCMLib = class extends SCMLib {
   }
 };
 
-// src/features/analysis/scm/gitlab/gitlab.ts
-import querystring3 from "node:querystring";
-import {
-  createRequesterFn
-} from "@gitbeaker/requester-utils";
-import {
-  AccessLevel,
-  Gitlab
-} from "@gitbeaker/rest";
-import Debug4 from "debug";
-import {
-  fetch as undiciFetch,
-  ProxyAgent
-} from "undici";
+// src/features/analysis/scm/constants.ts
+var MOBB_ICON_IMG = "https://app.mobb.ai/gh-action/Logo_Rounded_Icon.svg";
+var MAX_BRANCHES_FETCH = 1e3;
 
-// src/features/analysis/scm/gitlab/types.ts
+// src/features/analysis/scm/github/GithubSCMLib.ts
 import { z as z22 } from "zod";
-var GitlabAuthResultZ = z22.object({
-  access_token: z22.string(),
-  token_type: z22.string(),
-  refresh_token: z22.string()
-});
 
-// src/features/analysis/scm/gitlab/gitlab.ts
-var debug4 = Debug4("scm:gitlab");
-function removeTrailingSlash2(str) {
-  return str.trim().replace(/\/+$/, "");
+// src/features/analysis/scm/github/github.ts
+import { RequestError } from "@octokit/request-error";
+
+// src/features/analysis/scm/github/consts.ts
+var POST_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var DELETE_COMMENT_PATH = "DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var UPDATE_COMMENT_PATH = "PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var GET_PR_COMMENTS_PATH = "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments";
+var GET_PR_COMMENT_PATH = "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}";
+var REPLY_TO_CODE_REVIEW_COMMENT_PATH = "POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies";
+var GET_PR = "GET /repos/{owner}/{repo}/pulls/{pull_number}";
+var POST_GENERAL_PR_COMMENT = "POST /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var GET_GENERAL_PR_COMMENTS = "GET /repos/{owner}/{repo}/issues/{issue_number}/comments";
+var DELETE_GENERAL_PR_COMMENT = "DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}";
+var CREATE_OR_UPDATE_A_REPOSITORY_SECRET = "PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}";
+var GET_A_REPOSITORY_PUBLIC_KEY = "GET /repos/{owner}/{repo}/actions/secrets/public-key";
+var GET_USER = "GET /user";
+var GET_USER_REPOS = "GET /user/repos";
+var GET_REPO_BRANCHES = "GET /repos/{owner}/{repo}/branches";
+var GET_BLAME_DOCUMENT = `
+      query GetBlame(
+        $owner: String!
+        $repo: String!
+        $ref: String!
+        $path: String!
+      ) {
+        repository(name: $repo, owner: $owner) {
+          # branch name
+          object(expression: $ref) {
+            # cast Target to a Commit
+            ... on Commit {
+              # full repo-relative path to blame file
+              blame(path: $path) {
+                ranges {
+                  commit {
+                    author {
+                      user {
+                        name
+                        login
+                      }
+                    }
+                    authoredDate
+                  }
+                  startingLine
+                  endingLine
+                  age
+                }
+              }
+            }
+            
+          }
+        }
+      }
+    `;
+
+// src/features/analysis/scm/github/utils/encrypt_secret.ts
+import sodium from "libsodium-wrappers";
+async function encryptSecret(secret, key) {
+  await sodium.ready;
+  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL);
+  const binsec = sodium.from_string(secret);
+  const encBytes = sodium.crypto_box_seal(binsec, binkey);
+  return sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL);
 }
-function getRandomGitlabCloudAnonToken() {
-  if (!GITLAB_API_TOKEN || typeof GITLAB_API_TOKEN !== "string") {
-    return void 0;
+
+// src/features/analysis/scm/github/utils/utils.ts
+import { Octokit } from "octokit";
+import { fetch as fetch2, ProxyAgent } from "undici";
+function parseGithubOwnerAndRepo(gitHubUrl) {
+  gitHubUrl = normalizeUrl(gitHubUrl);
+  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
+  if (!parsingResult) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
   }
-  const tokens = GITLAB_API_TOKEN.split(",");
-  return tokens[Math.floor(Math.random() * tokens.length)];
+  const { organization, repoName } = parsingResult;
+  if (!organization || !repoName) {
+    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  }
+  return { owner: organization, repo: repoName };
 }
-function getGitBeaker(options) {
-  const token = options?.gitlabAuthToken ?? getRandomGitlabCloudAnonToken() ?? "";
-  const url = options.url;
-  const host = url ? new URL(url).origin : "https://gitlab.com";
-  if (token?.startsWith("glpat-") || token === "") {
-    return new Gitlab({
-      token,
-      host,
-      requesterFn: createRequesterFn(
-        (_, reqo) => Promise.resolve(reqo),
-        brokerRequestHandler
-      )
+function isGithubOnPrem(url) {
+  if (!url) {
+    return false;
+  }
+  return !url.includes(scmCloudUrl.GitHub);
+}
+function getFetch(url) {
+  if (url && isBrokerUrl(url)) {
+    const dispatcher = new ProxyAgent({
+      uri: GIT_PROXY_HOST,
+      requestTls: {
+        rejectUnauthorized: false
+      }
     });
+    return (input, init) => {
+      return fetch2(input, {
+        ...init,
+        dispatcher
+      });
+    };
   }
-  return new Gitlab({
-    oauthToken: token,
-    host,
-    requesterFn: createRequesterFn(
-      (_, reqo) => Promise.resolve(reqo),
-      brokerRequestHandler
-    )
-  });
+  return fetch2;
 }
-async function gitlabValidateParams({
-  url,
-  accessToken
-}) {
-  try {
-    const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
-    if (accessToken) {
-      await api2.Users.showCurrentUser();
-    }
-    if (url && shouldValidateUrl(url)) {
-      const { projectPath } = parseGitlabOwnerAndRepo(url);
-      await api2.Projects.show(projectPath);
+function getRandomGithubCloudAnonToken() {
+  if (!GITHUB_API_TOKEN || typeof GITHUB_API_TOKEN !== "string") {
+    return void 0;
+  }
+  const tokens = GITHUB_API_TOKEN.split(",");
+  return tokens[Math.floor(Math.random() * tokens.length)];
+}
+function getOctoKit(options) {
+  const token = !options?.auth && !isGithubOnPrem(options?.url) ? getRandomGithubCloudAnonToken() : options?.auth;
+  const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
+  return new Octokit({
+    ...options,
+    auth: token,
+    baseUrl,
+    //GITHUB_API_TOKEN is only defined in the backend and not when running Bugsy as CLI. We want to enable these debug logs in the backend
+    //to debug the performance of these API calls.
+    log: GITHUB_API_TOKEN ? console : void 0,
+    request: {
+      fetch: getFetch(baseUrl)
+    },
+    retry: {
+      enabled: false
+    },
+    throttle: {
+      enabled: false
+    }
+  });
+}
+function isGithubActionActionToken(token) {
+  return token.startsWith("ghs_");
+}
+async function githubValidateParams(url, accessToken) {
+  try {
+    const oktoKit = getOctoKit({ auth: accessToken, url });
+    if (accessToken && !isGithubActionActionToken(accessToken)) {
+      await oktoKit.rest.users.getAuthenticated();
+    }
+    if (url && shouldValidateUrl(url)) {
+      const { owner, repo } = parseGithubOwnerAndRepo(url);
+      await oktoKit.request(GET_REPO_BRANCHES, {
+        owner,
+        repo,
+        per_page: 1
+      });
     }
   } catch (e) {
+    console.log("could not init github scm", e);
     const error = e;
-    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    const description = error.description || `${e}`;
-    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
-      throw new InvalidAccessTokenError(`invalid gitlab access token`);
+    const code = error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    if (code === 401 || code === 403) {
+      throw new InvalidAccessTokenError(`invalid github access token`);
     }
-    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
-      throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
+    if (code === 404) {
+      throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
     }
-    console.log("gitlabValidateParams error", e);
+    console.log("githubValidateParams error", e);
     throw new InvalidRepoUrlError(
-      `cannot access gitlab repo URL: ${url} with the provided access token`
+      `cannot access GH repo URL: ${url} with the provided access token`
     );
   }
 }
-async function getGitlabUsername(url, accessToken) {
-  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
-  const res = await api2.Users.showCurrentUser();
-  return res.username;
-}
-async function getGitlabIsUserCollaborator({
-  accessToken,
-  repoUrl
-}) {
-  try {
-    const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-    const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-    const proj = await api2.Projects.show(projectPath);
-    const groupAccess = proj.permissions?.group_access?.access_level || 0;
-    const projectAccess = proj.permissions?.project_access?.access_level || 0;
-    const accessLevelWithWriteAccess = [
-      AccessLevel.DEVELOPER,
-      AccessLevel.MAINTAINER,
-      AccessLevel.OWNER,
-      AccessLevel.ADMIN
-    ];
-    return accessLevelWithWriteAccess.includes(groupAccess) || accessLevelWithWriteAccess.includes(projectAccess);
-  } catch (e) {
-    return false;
-  }
-}
-var gitlabMergeRequestStatus = {
-  merged: "merged",
-  opened: "opened",
-  closed: "closed"
-};
-async function getGitlabMergeRequestStatus({
-  accessToken,
-  repoUrl,
-  mrNumber
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-  const res = await api2.MergeRequests.show(projectPath, mrNumber);
-  switch (res.state) {
-    case gitlabMergeRequestStatus.merged:
-    case gitlabMergeRequestStatus.opened:
-    case gitlabMergeRequestStatus.closed:
-      return res.state;
-    default:
-      throw new Error(`unknown merge request state ${res.state}`);
-  }
-}
-async function createMarkdownCommentOnPullRequest({
-  markdownComment,
-  accessToken,
-  repoUrl,
-  mrNumber
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-  return api2.MergeRequestNotes.create(projectPath, mrNumber, markdownComment);
-}
-async function getGitlabIsRemoteBranch({
-  accessToken,
-  repoUrl,
-  branch
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-  try {
-    const res = await api2.Branches.show(projectPath, branch);
-    return res.name === branch;
-  } catch (e) {
-    return false;
-  }
-}
-async function getGitlabRepoList(url, accessToken) {
-  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
-  const res = await api2.Projects.all({
-    membership: true,
-    //TODO: a bug in the sorting mechanism of this api call
-    //disallows us to sort by updated_at in descending order
-    //so we have to sort by updated_at in ascending order.
-    //We can wait for the bug to be fixed or call the api
-    //directly with fetch()
-    sort: "asc",
-    orderBy: "updated_at",
-    perPage: 100
-  });
-  return Promise.all(
-    res.map(async (project) => {
-      const proj = await api2.Projects.show(project.id);
-      const owner = proj.namespace.name;
-      const repoLanguages = await api2.Projects.showLanguages(project.id);
-      return {
-        repoName: project.path,
-        repoUrl: project.web_url,
-        repoOwner: owner,
-        repoLanguages: Object.keys(repoLanguages),
-        repoIsPublic: project.visibility === "public",
-        repoUpdatedAt: project.last_activity_at
-      };
-    })
-  );
-}
-async function getGitlabBranchList({
-  accessToken,
-  repoUrl
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
-  try {
-    const res = await api2.Branches.all(projectPath, {
-      //keyset API pagination is not supported by GL for the branch list (at least not the on-prem version)
-      //so for now we stick with the default pagination and just return the first page and limit the results to 1000 entries.
-      //This is a temporary solution until we implement list branches with name search.
-      perPage: MAX_BRANCHES_FETCH,
-      page: 1
-    });
-    res.sort((a, b) => {
-      if (!a.commit?.committed_date || !b.commit?.committed_date) {
-        return 0;
+
+// src/features/analysis/scm/github/github.ts
+function getGithubSdk(params = {}) {
+  const octokit = getOctoKit(params);
+  return {
+    async postPrComment(params2) {
+      return octokit.request(POST_COMMENT_PATH, params2);
+    },
+    async updatePrComment(params2) {
+      return octokit.request(UPDATE_COMMENT_PATH, params2);
+    },
+    async getPrComments(params2) {
+      return octokit.request(GET_PR_COMMENTS_PATH, params2);
+    },
+    async getPrComment(params2) {
+      return octokit.request(GET_PR_COMMENT_PATH, params2);
+    },
+    async deleteComment(params2) {
+      return octokit.request(DELETE_COMMENT_PATH, params2);
+    },
+    async replyToCodeReviewComment(params2) {
+      return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH, params2);
+    },
+    async getPrDiff(params2) {
+      return octokit.request(GET_PR, {
+        ...params2,
+        mediaType: { format: "diff" }
+      });
+    },
+    async getPr(params2) {
+      return octokit.request(GET_PR, { ...params2 });
+    },
+    async createOrUpdateRepositorySecret(params2) {
+      return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params2);
+    },
+    async getRepositoryPublicKey(params2) {
+      return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY, params2);
+    },
+    async postGeneralPrComment(params2) {
+      return octokit.request(POST_GENERAL_PR_COMMENT, params2);
+    },
+    async getGeneralPrComments(params2) {
+      return octokit.request(GET_GENERAL_PR_COMMENTS, params2);
+    },
+    async deleteGeneralPrComment(params2) {
+      return octokit.request(DELETE_GENERAL_PR_COMMENT, params2);
+    },
+    async getGithubUsername() {
+      const res = await octokit.rest.users.getAuthenticated();
+      return res.data.login;
+    },
+    async getGithubIsUserCollaborator(params2) {
+      const { username, repoUrl } = params2;
+      try {
+        const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+        const res = await octokit.rest.repos.checkCollaborator({
+          owner,
+          repo,
+          username
+        });
+        if (res.status === 204) {
+          return true;
+        }
+      } catch (e) {
+        return false;
       }
-      return new Date(b.commit?.committed_date).getTime() - new Date(a.commit?.committed_date).getTime();
-    });
-    return res.map((branch) => branch.name).slice(0, MAX_BRANCHES_FETCH);
-  } catch (e) {
-    return [];
-  }
-}
-async function createMergeRequest(options) {
-  const { projectPath } = parseGitlabOwnerAndRepo(options.repoUrl);
-  const api2 = getGitBeaker({
-    url: options.repoUrl,
-    gitlabAuthToken: options.accessToken
-  });
-  const res = await api2.MergeRequests.create(
-    projectPath,
-    options.sourceBranchName,
-    options.targetBranchName,
-    options.title,
-    {
-      description: options.body
-    }
-  );
-  return res.iid;
-}
-async function getGitlabMergeRequest({
-  url,
-  prNumber,
-  accessToken
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(url);
-  const api2 = getGitBeaker({
-    url,
-    gitlabAuthToken: accessToken
-  });
-  return await api2.MergeRequests.show(projectPath, prNumber);
-}
-async function getGitlabCommitUrl({
-  url,
-  commitSha,
-  accessToken
-}) {
-  const { projectPath } = parseGitlabOwnerAndRepo(url);
-  const api2 = getGitBeaker({
-    url,
-    gitlabAuthToken: accessToken
-  });
-  return await api2.Commits.show(projectPath, commitSha);
-}
-async function getGitlabRepoDefaultBranch(repoUrl, options) {
-  const api2 = getGitBeaker({
-    url: repoUrl,
-    gitlabAuthToken: options?.gitlabAuthToken
-  });
-  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
-  const project = await api2.Projects.show(projectPath);
-  if (!project.default_branch) {
-    throw new Error("no default branch");
-  }
-  return project.default_branch;
-}
-async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
-  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({
-    url: gitlabUrl,
-    gitlabAuthToken: options?.gitlabAuthToken
-  });
-  const results = await Promise.allSettled([
-    (async () => {
-      const res = await api2.Branches.show(projectPath, ref);
-      return {
-        sha: res.commit.id,
-        type: "BRANCH" /* BRANCH */,
-        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
-      };
-    })(),
-    (async () => {
-      const res = await api2.Commits.show(projectPath, ref);
-      return {
-        sha: res.id,
-        type: "COMMIT" /* COMMIT */,
-        date: res.committed_date ? new Date(res.committed_date) : void 0
-      };
-    })(),
-    (async () => {
-      const res = await api2.Tags.show(projectPath, ref);
+      return false;
+    },
+    async getGithubPullRequestStatus(params2) {
+      const { repoUrl, prNumber } = params2;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      const res = await octokit.rest.pulls.get({
+        owner,
+        repo,
+        pull_number: prNumber
+      });
+      if (res.data.merged) {
+        return "merged";
+      }
+      if (res.data.draft) {
+        return "draft";
+      }
+      return res.data.state;
+    },
+    async createMarkdownCommentOnPullRequest(params2) {
+      const { repoUrl, prNumber, markdownComment } = params2;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      return octokit.rest.issues.createComment({
+        owner,
+        repo,
+        issue_number: prNumber,
+        body: markdownComment
+      });
+    },
+    async getGithubIsRemoteBranch(params2) {
+      const { repoUrl, branch } = params2;
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      try {
+        const res = await octokit.rest.repos.getBranch({
+          owner,
+          repo,
+          branch
+        });
+        return branch === res.data.name;
+      } catch (e) {
+        return false;
+      }
+    },
+    async getGithubRepoList() {
+      try {
+        const githubRepos = await octokit.request(GET_USER_REPOS, {
+          sort: "updated"
+        });
+        return githubRepos.data.map((repo) => ({
+          repoName: repo.name,
+          repoUrl: repo.html_url,
+          repoOwner: repo.owner.login,
+          repoLanguages: repo.language ? [repo.language] : [],
+          repoIsPublic: !repo.private,
+          repoUpdatedAt: repo.updated_at
+        }));
+      } catch (e) {
+        if (e instanceof RequestError && e.status === 401) {
+          return [];
+        }
+        if (e instanceof RequestError && e.status === 404) {
+          return [];
+        }
+        throw e;
+      }
+    },
+    async getGithubRepoDefaultBranch(repoUrl) {
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      const repos = await octokit.rest.repos.get({ repo, owner });
+      return repos.data.default_branch;
+    },
+    async getGithubReferenceData({
+      ref,
+      gitHubUrl
+    }) {
+      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
+      let res;
+      try {
+        res = await Promise.any([
+          this.getBranch({ owner, repo, branch: ref }).then((result) => ({
+            date: result.data.commit.commit.committer?.date ? new Date(result.data.commit.commit.committer?.date) : void 0,
+            type: "BRANCH" /* BRANCH */,
+            sha: result.data.commit.sha
+          })),
+          this.getCommit({ commitSha: ref, repo, owner }).then((commit) => ({
+            date: new Date(commit.data.committer.date),
+            type: "COMMIT" /* COMMIT */,
+            sha: commit.data.sha
+          })),
+          this.getTagDate({ owner, repo, tag: ref }).then((data) => ({
+            date: new Date(data.date),
+            type: "TAG" /* TAG */,
+            sha: data.sha
+          }))
+        ]);
+        return res;
+      } catch (e) {
+        if (e instanceof AggregateError) {
+          throw new RefNotFoundError(`ref: ${ref} does not exist`);
+        }
+        throw e;
+      }
+    },
+    async getBranch({
+      branch,
+      owner,
+      repo
+    }) {
+      return octokit.rest.repos.getBranch({
+        branch,
+        owner,
+        repo
+      });
+    },
+    async getCommit({
+      commitSha,
+      owner,
+      repo
+    }) {
+      return octokit.rest.git.getCommit({
+        repo,
+        owner,
+        commit_sha: commitSha
+      });
+    },
+    async getTagDate({
+      tag,
+      owner,
+      repo
+    }) {
+      const refResponse = await octokit.rest.git.getRef({
+        ref: `tags/${tag}`,
+        owner,
+        repo
+      });
+      const tagSha = refResponse.data.object.sha;
+      if (refResponse.data.object.type === "commit") {
+        const res2 = await octokit.rest.git.getCommit({
+          commit_sha: tagSha,
+          owner,
+          repo
+        });
+        return {
+          date: res2.data.committer.date,
+          sha: res2.data.sha
+        };
+      }
+      const res = await octokit.rest.git.getTag({
+        tag_sha: tagSha,
+        owner,
+        repo
+      });
       return {
-        sha: res.commit.id,
-        type: "TAG" /* TAG */,
-        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
+        date: res.data.tagger.date,
+        sha: res.data.sha
       };
-    })()
-  ]);
-  const [branchRes, commitRes, tagRes] = results;
-  if (tagRes.status === "fulfilled") {
-    return tagRes.value;
-  }
-  if (branchRes.status === "fulfilled") {
-    return branchRes.value;
-  }
-  if (commitRes.status === "fulfilled") {
-    return commitRes.value;
-  }
-  throw new RefNotFoundError(`ref: ${ref} does not exist`);
-}
-function parseGitlabOwnerAndRepo(gitlabUrl) {
-  gitlabUrl = removeTrailingSlash2(gitlabUrl);
-  const parsingResult = parseScmURL(gitlabUrl, "GitLab" /* GitLab */);
-  if (!parsingResult || !parsingResult.repoName) {
-    throw new InvalidUrlPatternError(`invalid gitlab repo Url ${gitlabUrl}`);
-  }
-  const { organization, repoName, projectPath } = parsingResult;
-  return { owner: organization, repo: repoName, projectPath };
-}
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path8 }, options) {
-  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
-  const api2 = getGitBeaker({
-    url: gitlabUrl,
-    gitlabAuthToken: options?.gitlabAuthToken
-  });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path8, ref);
-  let lineNumber = 1;
-  return resp.filter((range) => range.lines).map((range) => {
-    const oldLineNumber = lineNumber;
-    if (!range.lines) {
-      throw new Error("range.lines should not be undefined");
-    }
-    lineNumber += range.lines.length;
-    return {
-      startingLine: oldLineNumber,
-      endingLine: lineNumber - 1,
-      login: range.commit.author_email,
-      email: range.commit.author_email,
-      name: range.commit.author_name
-    };
-  });
-}
-async function processBody(response) {
-  const headers = response.headers;
-  const type2 = headers.get("content-type")?.split(";")[0]?.trim();
-  if (type2 === "application/json") {
-    return await response.json();
-  }
-  return await response.text();
-}
-async function brokerRequestHandler(endpoint, options) {
-  const { prefixUrl, searchParams } = options || {};
-  let baseUrl;
-  if (prefixUrl) baseUrl = prefixUrl.endsWith("/") ? prefixUrl : `${prefixUrl}/`;
-  const url = new URL(endpoint, baseUrl);
-  url.search = searchParams || "";
-  const dispatcher = url && isBrokerUrl(url.href) ? new ProxyAgent({
-    uri: GIT_PROXY_HOST,
-    requestTls: {
-      rejectUnauthorized: false
-    }
-  }) : void 0;
-  const response = await undiciFetch(url, {
-    headers: options?.headers,
-    method: options?.method,
-    body: options?.body ? String(options?.body) : void 0,
-    dispatcher
-  }).catch((e) => {
-    if (e.name === "TimeoutError" || e.name === "AbortError") {
-      throw new Error("Query timeout was reached");
+    },
+    async getGithubBlameRanges(params2) {
+      const { ref, gitHubUrl, path: path8 } = params2;
+      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
+      const res = await octokit.graphql(
+        GET_BLAME_DOCUMENT,
+        {
+          owner,
+          repo,
+          path: path8,
+          ref
+        }
+      );
+      if (!res?.repository?.object?.blame?.ranges) {
+        return [];
+      }
+      return res.repository.object.blame.ranges.map((range) => ({
+        startingLine: range.startingLine,
+        endingLine: range.endingLine,
+        email: range.commit.author.user?.email || "",
+        name: range.commit.author.user?.name || "",
+        login: range.commit.author.user?.login || ""
+      }));
+    },
+    // todo: refactor the name for this function
+    async createPr(params2) {
+      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params2;
+      const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
+      const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
+      const [sourceFilePath, secondFilePath] = filesPaths;
+      const sourceFileContentResponse = await octokit.rest.repos.getContent({
+        owner: sourceOwner,
+        repo: sourceRepo,
+        path: "/" + sourceFilePath
+      });
+      const { data: repository } = await octokit.rest.repos.get({ owner, repo });
+      const defaultBranch = repository.default_branch;
+      const newBranchName = `mobb/workflow-${Date.now()}`;
+      await octokit.rest.git.createRef({
+        owner,
+        repo,
+        ref: `refs/heads/${newBranchName}`,
+        sha: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+      });
+      const decodedContent = Buffer.from(
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        sourceFileContentResponse.data.content,
+        "base64"
+      ).toString("utf-8");
+      const tree = [
+        {
+          path: sourceFilePath,
+          mode: "100644",
+          type: "blob",
+          content: decodedContent
+        }
+      ];
+      if (secondFilePath) {
+        const secondFileContentResponse = await octokit.rest.repos.getContent({
+          owner: sourceOwner,
+          repo: sourceRepo,
+          path: "/" + secondFilePath
+        });
+        const secondDecodedContent = Buffer.from(
+          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+          // @ts-ignore
+          secondFileContentResponse.data.content,
+          "base64"
+        ).toString("utf-8");
+        tree.push({
+          path: secondFilePath,
+          mode: "100644",
+          type: "blob",
+          content: secondDecodedContent
+        });
+      }
+      const createTreeResponse = await octokit.rest.git.createTree({
+        owner,
+        repo,
+        base_tree: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
+        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+        // @ts-ignore
+        tree
+      });
+      const createCommitResponse = await octokit.rest.git.createCommit({
+        owner,
+        repo,
+        message: "Add new yaml file",
+        tree: createTreeResponse.data.sha,
+        parents: [
+          await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
+        ]
+      });
+      await octokit.rest.git.updateRef({
+        owner,
+        repo,
+        ref: `heads/${newBranchName}`,
+        sha: createCommitResponse.data.sha
+      });
+      const createPRResponse = await octokit.rest.pulls.create({
+        owner,
+        repo,
+        title,
+        head: newBranchName,
+        head_repo: sourceRepo,
+        body,
+        base: defaultBranch
+      });
+      return {
+        pull_request_url: createPRResponse.data.html_url
+      };
+    },
+    async getGithubBranchList(repoUrl) {
+      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
+      return octokit.rest.repos.listBranches({
+        owner,
+        repo,
+        per_page: MAX_BRANCHES_FETCH,
+        page: 1
+      });
+    },
+    async createPullRequest(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      return octokit.rest.pulls.create({
+        owner,
+        repo,
+        title: options.title,
+        body: options.body,
+        head: options.sourceBranchName,
+        base: options.targetBranchName,
+        draft: false,
+        maintainer_can_modify: true
+      });
+    },
+    async forkRepo(options) {
+      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
+      const createForkRes = await octokit.rest.repos.createFork({
+        owner,
+        repo,
+        default_branch_only: false
+      });
+      return { url: createForkRes.data.html_url };
+    },
+    async getUserInfo() {
+      return octokit.request(GET_USER);
     }
-    throw e;
-  });
-  if (response.ok)
-    return {
-      body: await processBody(response),
-      headers: Object.fromEntries(response.headers.entries()),
-      status: response.status
-    };
-  throw new Error(`gitbeaker: ${response.statusText}`);
+  };
 }
 
-// src/features/analysis/scm/gitlab/GitlabSCMLib.ts
-var GitlabSCMLib = class extends SCMLib {
+// src/features/analysis/scm/github/GithubSCMLib.ts
+var GithubSCMLib = class extends SCMLib {
+  // we don't always need a url, what's important is that we have an access token
   constructor(url, accessToken, scmOrg) {
     super(url, accessToken, scmOrg);
+    __publicField(this, "githubSdk");
+    this.githubSdk = getGithubSdk({
+      auth: accessToken,
+      url
+    });
   }
   async createSubmitRequest(params) {
     this._validateAccessTokenAndUrl();
     const { targetBranchName, sourceBranchName, title, body } = params;
-    return String(
-      await createMergeRequest({
-        title,
-        body,
-        targetBranchName,
-        sourceBranchName,
-        repoUrl: this.url,
-        accessToken: this.accessToken
-      })
-    );
-  }
-  async validateParams() {
-    return gitlabValidateParams({
-      url: this.url,
-      accessToken: this.accessToken
-    });
-  }
-  async getRepoList(_scmOrg) {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
-    }
-    return getGitlabRepoList(this.url, this.accessToken);
-  }
-  async getBranchList() {
-    this._validateAccessTokenAndUrl();
-    return getGitlabBranchList({
-      accessToken: this.accessToken,
+    const pullRequestResult = await this.githubSdk.createPullRequest({
+      title,
+      body,
+      targetBranchName,
+      sourceBranchName,
       repoUrl: this.url
     });
+    return String(pullRequestResult.data.number);
   }
-  get scmLibType() {
-    return "GITLAB" /* GITLAB */;
-  }
-  getAuthHeaders() {
-    if (!this.accessToken) {
-      return {};
-    }
-    if (this.accessToken.startsWith("glpat-")) {
-      return {
-        "Private-Token": this.accessToken
-      };
-    } else {
-      return { authorization: `Bearer ${this.accessToken}` };
-    }
-  }
-  getDownloadUrl(sha) {
-    const urlObj = new URL(this.url || "");
-    const ProjectId = encodeURIComponent(
-      urlObj.pathname.replace(/^\//, "").replace(/\/$/, "")
-    );
-    return Promise.resolve(
-      //We are moving away from this form as it doesn't work when using a non-human token (group/project token)
-      //Where as the API zip endpoint works with any token
-      //`${this.url}/-/archive/${sha}/${repoName}-${sha}.zip`
-      `${urlObj.origin}/api/v4/projects/${ProjectId}/repository/archive.zip?sha=${sha}`
-    );
-  }
-  async _getUsernameForAuthUrl() {
-    if (this?.accessToken?.startsWith("glpat-")) {
-      return this.getUsername();
-    } else {
-      return "oauth2";
-    }
-  }
-  async getIsRemoteBranch(branch) {
-    this._validateAccessTokenAndUrl();
-    return getGitlabIsRemoteBranch({
-      accessToken: this.accessToken,
-      repoUrl: this.url,
-      branch
-    });
-  }
-  async getUserHasAccessToRepo() {
-    this._validateAccessTokenAndUrl();
-    return getGitlabIsUserCollaborator({
-      accessToken: this.accessToken,
-      repoUrl: this.url
+  async forkRepo(repoUrl) {
+    this._validateAccessToken();
+    return this.githubSdk.forkRepo({
+      repoUrl
     });
   }
-  async getUsername() {
-    this._validateAccessTokenAndUrl();
-    return getGitlabUsername(this.url, this.accessToken);
-  }
-  async getSubmitRequestStatus(scmSubmitRequestId) {
+  async createOrUpdateRepositorySecret(params) {
     this._validateAccessTokenAndUrl();
-    const state = await getGitlabMergeRequestStatus({
-      accessToken: this.accessToken,
-      repoUrl: this.url,
-      mrNumber: Number(scmSubmitRequestId)
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
+    const { key_id, key } = repositoryPublicKeyResponse;
+    const encryptedValue = await encryptSecret(params.value, key);
+    return this.githubSdk.createOrUpdateRepositorySecret({
+      encrypted_value: encryptedValue,
+      secret_name: params.name,
+      key_id,
+      owner,
+      repo
     });
-    switch (state) {
-      case gitlabMergeRequestStatus.merged:
-        return "merged";
-      case gitlabMergeRequestStatus.opened:
-        return "open";
-      case gitlabMergeRequestStatus.closed:
-        return "closed";
-      default:
-        throw new Error(`unknown state ${state}`);
-    }
   }
-  async addCommentToSubmitRequest(submitRequestId, comment) {
-    this._validateAccessTokenAndUrl();
-    await createMarkdownCommentOnPullRequest({
-      accessToken: this.accessToken,
-      repoUrl: this.url,
-      mrNumber: Number(submitRequestId),
-      markdownComment: comment
+  async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
+    const { pull_request_url } = await this.githubSdk.createPr({
+      sourceRepoUrl,
+      filesPaths,
+      userRepoUrl,
+      title,
+      body
     });
+    return { pull_request_url };
   }
-  async getRepoBlameRanges(ref, path8) {
-    this._validateUrl();
-    return await getGitlabBlameRanges(
-      { ref, path: path8, gitlabUrl: this.url },
-      {
-        url: this.url,
-        gitlabAuthToken: this.accessToken
-      }
-    );
-  }
-  async getReferenceData(ref) {
-    this._validateUrl();
-    return await getGitlabReferenceData(
-      { ref, gitlabUrl: this.url },
-      {
-        url: this.url,
-        gitlabAuthToken: this.accessToken
-      }
-    );
-  }
-  async getRepoDefaultBranch() {
-    this._validateUrl();
-    return await getGitlabRepoDefaultBranch(this.url, {
-      url: this.url,
-      gitlabAuthToken: this.accessToken
+  async validateParams() {
+    return githubValidateParams(this.url, this.accessToken);
+  }
+  async postPrComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.postPrComment({
+      ...params,
+      owner,
+      repo
     });
   }
-  async getSubmitRequestUrl(submitRequestUrl) {
+  async updatePrComment(params) {
     this._validateAccessTokenAndUrl();
-    const res = await getGitlabMergeRequest({
-      url: this.url,
-      prNumber: submitRequestUrl,
-      accessToken: this.accessToken
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.updatePrComment({
+      ...params,
+      owner,
+      repo
     });
-    return res.web_url;
   }
-  async getSubmitRequestId(submitRequestUrl) {
-    const match = submitRequestUrl.match(/\/merge_requests\/(\d+)/);
-    return match?.[1] || "";
+  async deleteComment(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteComment({
+      ...params,
+      owner,
+      repo
+    });
   }
-  async getCommitUrl(commitId) {
+  async getPrComments(params) {
     this._validateAccessTokenAndUrl();
-    const res = await getGitlabCommitUrl({
-      url: this.url,
-      commitSha: commitId,
-      accessToken: this.accessToken
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.getPrComments({
+      per_page: 100,
+      ...params,
+      owner,
+      repo
     });
-    return res.web_url;
   }
-};
-
-// src/features/analysis/scm/scmFactory.ts
-import { z as z23 } from "zod";
-
-// src/features/analysis/scm/StubSCMLib.ts
-var StubSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
+  async getPrDiff(params) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const prRes = await this.githubSdk.getPrDiff({
+      ...params,
+      owner,
+      repo
+    });
+    return z22.string().parse(prRes.data);
   }
-  async getUrlWithCredentials() {
-    console.warn("getUrlWithCredentials() returning empty string");
-    return "";
+  async getRepoList(_scmOrg) {
+    this._validateAccessToken();
+    return this.githubSdk.getGithubRepoList();
   }
-  async createSubmitRequest(_params) {
-    console.warn("createSubmitRequest() returning empty string");
-    return "";
+  async getBranchList() {
+    this._validateAccessTokenAndUrl();
+    const branches = await this.githubSdk.getGithubBranchList(this.url);
+    return branches.data.map((branch) => branch.name);
   }
   get scmLibType() {
-    console.warn("scmLibType returning GITHUB as default");
     return "GITHUB" /* GITHUB */;
   }
   getAuthHeaders() {
-    console.warn("getAuthHeaders() returning empty object");
+    if (this.accessToken) {
+      return { authorization: `Bearer ${this.accessToken}` };
+    }
     return {};
   }
-  async getDownloadUrl(_sha) {
-    console.warn("getDownloadUrl() returning empty string");
-    return "";
-  }
-  async getIsRemoteBranch(_branch) {
-    console.warn("getIsRemoteBranch() returning false");
-    return false;
-  }
-  async validateParams() {
-    console.warn("validateParams() no-op");
-  }
-  async getRepoList(_scmOrg) {
-    console.warn("getRepoList() returning empty array");
-    return [];
-  }
-  async getBranchList() {
-    console.warn("getBranchList() returning empty array");
-    return [];
+  getDownloadUrl(sha) {
+    this._validateUrl();
+    const res = parseScmURL(this.url, "GitHub" /* GitHub */);
+    if (!res) {
+      throw new InvalidRepoUrlError("invalid repo url");
+    }
+    const { protocol, hostname, organization, repoName } = res;
+    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
+    return Promise.resolve(downloadUrl);
   }
-  async getUsername() {
-    console.warn("getUsername() returning empty string");
-    return "";
+  async _getUsernameForAuthUrl() {
+    return this.getUsername();
   }
-  async getSubmitRequestStatus(_scmSubmitRequestId) {
-    console.warn("getSubmitRequestStatus() returning ERROR");
-    return "error";
+  async getIsRemoteBranch(branch) {
+    this._validateUrl();
+    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
   }
   async getUserHasAccessToRepo() {
-    console.warn("getUserHasAccessToRepo() returning false");
-    return false;
-  }
-  async getRepoBlameRanges(_ref, _path) {
-    console.warn("getRepoBlameRanges() returning empty array");
-    return [];
-  }
-  async getReferenceData(_ref) {
-    console.warn("getReferenceData() returning null/empty defaults");
-    return {
-      type: "BRANCH" /* BRANCH */,
-      sha: "",
-      date: void 0
-    };
-  }
-  async getRepoDefaultBranch() {
-    console.warn("getRepoDefaultBranch() returning empty string");
-    return "";
-  }
-  async getSubmitRequestUrl(_submitRequestIdNumber) {
-    console.warn("getSubmitRequestUrl() returning empty string");
-    return "";
-  }
-  async getSubmitRequestId(_submitRequestUrl) {
-    console.warn("getSubmitRequestId() returning empty string");
-    return "";
-  }
-  async getCommitUrl(_commitId) {
-    console.warn("getCommitUrl() returning empty string");
-    return "";
-  }
-  async _getUsernameForAuthUrl() {
-    console.warn("_getUsernameForAuthUrl() returning empty string");
-    return "";
+    this._validateAccessTokenAndUrl();
+    const username = await this.getUsername();
+    return this.githubSdk.getGithubIsUserCollaborator({
+      repoUrl: this.url,
+      username
+    });
   }
-  async addCommentToSubmitRequest(_submitRequestId, _comment) {
-    console.warn("addCommentToSubmitRequest() no-op");
+  async getUsername() {
+    this._validateAccessToken();
+    return this.githubSdk.getGithubUsername();
   }
-};
-
-// src/features/analysis/scm/scmFactory.ts
-async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false } = {}) {
-  const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
-  try {
-    switch (scmType) {
-      case "GITHUB" /* GITHUB */: {
-        const scm = new GithubSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
-        return scm;
-      }
-      case "GITLAB" /* GITLAB */: {
-        const scm = new GitlabSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
-        return scm;
-      }
-      case "ADO" /* ADO */: {
-        const scm = new AdoSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.getAdoSdk();
-        await scm.validateParams();
-        return scm;
-      }
-      case "BITBUCKET" /* BITBUCKET */: {
-        const scm = new BitbucketSCMLib(trimmedUrl, accessToken, scmOrg);
-        await scm.validateParams();
-        return scm;
-      }
-    }
-  } catch (e) {
-    if (e instanceof InvalidRepoUrlError && url) {
-      throw new RepoNoTokenAccessError(
-        "no access to repo",
-        scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
-      );
-    }
-    console.error(`error validating scm: ${scmType} `, e);
-    if (propagateExceptions) {
-      throw e;
-    }
+  async getSubmitRequestStatus(scmSubmitRequestId) {
+    this._validateAccessTokenAndUrl();
+    return this.githubSdk.getGithubPullRequestStatus({
+      repoUrl: this.url,
+      prNumber: Number(scmSubmitRequestId)
+    });
   }
-  return new StubSCMLib(trimmedUrl, void 0, void 0);
-}
-
-// src/features/analysis/scm/github/utils/utils.ts
-function parseGithubOwnerAndRepo(gitHubUrl) {
-  gitHubUrl = normalizeUrl(gitHubUrl);
-  const parsingResult = parseScmURL(gitHubUrl, "GitHub" /* GitHub */);
-  if (!parsingResult) {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  async addCommentToSubmitRequest(submitRequestId, comment) {
+    this._validateAccessTokenAndUrl();
+    await this.githubSdk.createMarkdownCommentOnPullRequest({
+      repoUrl: this.url,
+      prNumber: Number(submitRequestId),
+      markdownComment: comment
+    });
   }
-  const { organization, repoName } = parsingResult;
-  if (!organization || !repoName) {
-    throw new InvalidUrlPatternError(`invalid github repo Url ${gitHubUrl}`);
+  async getRepoBlameRanges(ref, path8) {
+    this._validateUrl();
+    return await this.githubSdk.getGithubBlameRanges({
+      ref,
+      path: path8,
+      gitHubUrl: this.url
+    });
   }
-  return { owner: organization, repo: repoName };
-}
-function isGithubOnPrem(url) {
-  if (!url) {
-    return false;
+  async getReferenceData(ref) {
+    this._validateUrl();
+    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
   }
-  return !url.includes(scmCloudUrl.GitHub);
-}
-function getFetch(url) {
-  if (url && isBrokerUrl(url)) {
-    const dispatcher = new ProxyAgent2({
-      uri: GIT_PROXY_HOST,
-      requestTls: {
-        rejectUnauthorized: false
-      }
+  async getPrComment(commentId) {
+    this._validateUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getPrComment({
+      repo,
+      owner,
+      comment_id: commentId
     });
-    return (input, init) => {
-      return fetch2(input, {
-        ...init,
-        dispatcher
-      });
-    };
   }
-  return fetch2;
-}
-function getRandomGithubCloudAnonToken() {
-  if (!GITHUB_API_TOKEN || typeof GITHUB_API_TOKEN !== "string") {
-    return void 0;
+  async getRepoDefaultBranch() {
+    this._validateUrl();
+    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
   }
-  const tokens = GITHUB_API_TOKEN.split(",");
-  return tokens[Math.floor(Math.random() * tokens.length)];
-}
-function getOctoKit(options) {
-  const token = !options?.auth && !isGithubOnPrem(options?.url) ? getRandomGithubCloudAnonToken() : options?.auth;
-  const baseUrl = options?.url && isGithubOnPrem(options.url) ? `${new URL(options.url).origin}/api/v3` : void 0;
-  return new Octokit({
-    ...options,
-    auth: token,
-    baseUrl,
-    //GITHUB_API_TOKEN is only defined in the backend and not when running Bugsy as CLI. We want to enable these debug logs in the backend
-    //to debug the performance of these API calls.
-    log: GITHUB_API_TOKEN ? console : void 0,
-    request: {
-      fetch: getFetch(baseUrl)
-    },
-    retry: {
-      enabled: false
-    },
-    throttle: {
-      enabled: false
-    }
-  });
-}
-function isGithubActionActionToken(token) {
-  return token.startsWith("ghs_");
-}
-async function githubValidateParams(url, accessToken) {
-  try {
-    const oktoKit = getOctoKit({ auth: accessToken, url });
-    if (accessToken && !isGithubActionActionToken(accessToken)) {
-      await oktoKit.rest.users.getAuthenticated();
-    }
-    if (url && shouldValidateUrl(url)) {
-      const { owner, repo } = parseGithubOwnerAndRepo(url);
-      await oktoKit.request(GET_REPO_BRANCHES, {
-        owner,
-        repo,
-        per_page: 1
-      });
-    }
-  } catch (e) {
-    console.log("could not init github scm", e);
-    const error = e;
-    const code = error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
-    if (code === 401 || code === 403) {
-      throw new InvalidAccessTokenError(`invalid github access token`);
-    }
-    if (code === 404) {
-      throw new InvalidRepoUrlError(`invalid github repo Url ${url}`);
-    }
-    console.log("githubValidateParams error", e);
-    throw new InvalidRepoUrlError(
-      `cannot access GH repo URL: ${url} with the provided access token`
-    );
+  async getSubmitRequestUrl(submitRequestUrl) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getPrRes = await this.githubSdk.getPr({
+      owner,
+      repo,
+      pull_number: submitRequestUrl
+    });
+    return getPrRes.data.html_url;
   }
-}
-
-// src/features/analysis/scm/github/github.ts
-function getGithubSdk(params = {}) {
-  const octokit = getOctoKit(params);
-  return {
-    async postPrComment(params2) {
-      return octokit.request(POST_COMMENT_PATH, params2);
-    },
-    async updatePrComment(params2) {
-      return octokit.request(UPDATE_COMMENT_PATH, params2);
-    },
-    async getPrComments(params2) {
-      return octokit.request(GET_PR_COMMENTS_PATH, params2);
-    },
-    async getPrComment(params2) {
-      return octokit.request(GET_PR_COMMENT_PATH, params2);
-    },
-    async deleteComment(params2) {
-      return octokit.request(DELETE_COMMENT_PATH, params2);
-    },
-    async replyToCodeReviewComment(params2) {
-      return octokit.request(REPLY_TO_CODE_REVIEW_COMMENT_PATH, params2);
-    },
-    async getPrDiff(params2) {
-      return octokit.request(GET_PR, {
-        ...params2,
-        mediaType: { format: "diff" }
-      });
-    },
-    async getPr(params2) {
-      return octokit.request(GET_PR, { ...params2 });
-    },
-    async createOrUpdateRepositorySecret(params2) {
-      return octokit.request(CREATE_OR_UPDATE_A_REPOSITORY_SECRET, params2);
-    },
-    async getRepositoryPublicKey(params2) {
-      return octokit.request(GET_A_REPOSITORY_PUBLIC_KEY, params2);
-    },
-    async postGeneralPrComment(params2) {
-      return octokit.request(POST_GENERAL_PR_COMMENT, params2);
-    },
-    async getGeneralPrComments(params2) {
-      return octokit.request(GET_GENERAL_PR_COMMENTS, params2);
-    },
-    async deleteGeneralPrComment(params2) {
-      return octokit.request(DELETE_GENERAL_PR_COMMENT, params2);
-    },
-    async getGithubUsername() {
-      const res = await octokit.rest.users.getAuthenticated();
-      return res.data.login;
-    },
-    async getGithubIsUserCollaborator(params2) {
-      const { username, repoUrl } = params2;
-      try {
-        const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-        const res = await octokit.rest.repos.checkCollaborator({
-          owner,
-          repo,
-          username
-        });
-        if (res.status === 204) {
-          return true;
-        }
-      } catch (e) {
-        return false;
-      }
-      return false;
-    },
-    async getGithubPullRequestStatus(params2) {
-      const { repoUrl, prNumber } = params2;
-      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-      const res = await octokit.rest.pulls.get({
-        owner,
-        repo,
-        pull_number: prNumber
-      });
-      if (res.data.merged) {
-        return "merged";
-      }
-      if (res.data.draft) {
-        return "draft";
-      }
-      return res.data.state;
-    },
-    async createMarkdownCommentOnPullRequest(params2) {
-      const { repoUrl, prNumber, markdownComment } = params2;
-      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-      return octokit.rest.issues.createComment({
-        owner,
-        repo,
-        issue_number: prNumber,
-        body: markdownComment
-      });
-    },
-    async getGithubIsRemoteBranch(params2) {
-      const { repoUrl, branch } = params2;
-      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-      try {
-        const res = await octokit.rest.repos.getBranch({
-          owner,
-          repo,
-          branch
-        });
-        return branch === res.data.name;
-      } catch (e) {
-        return false;
-      }
-    },
-    async getGithubRepoList() {
-      try {
-        const githubRepos = await octokit.request(GET_USER_REPOS, {
-          sort: "updated"
-        });
-        return githubRepos.data.map((repo) => ({
-          repoName: repo.name,
-          repoUrl: repo.html_url,
-          repoOwner: repo.owner.login,
-          repoLanguages: repo.language ? [repo.language] : [],
-          repoIsPublic: !repo.private,
-          repoUpdatedAt: repo.updated_at
-        }));
-      } catch (e) {
-        if (e instanceof RequestError && e.status === 401) {
-          return [];
-        }
-        if (e instanceof RequestError && e.status === 404) {
-          return [];
-        }
-        throw e;
-      }
-    },
-    async getGithubRepoDefaultBranch(repoUrl) {
-      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-      const repos = await octokit.rest.repos.get({ repo, owner });
-      return repos.data.default_branch;
-    },
-    async getGithubReferenceData({
-      ref,
-      gitHubUrl
-    }) {
-      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
-      let res;
-      try {
-        res = await Promise.any([
-          this.getBranch({ owner, repo, branch: ref }).then((result) => ({
-            date: result.data.commit.commit.committer?.date ? new Date(result.data.commit.commit.committer?.date) : void 0,
-            type: "BRANCH" /* BRANCH */,
-            sha: result.data.commit.sha
-          })),
-          this.getCommit({ commitSha: ref, repo, owner }).then((commit) => ({
-            date: new Date(commit.data.committer.date),
-            type: "COMMIT" /* COMMIT */,
-            sha: commit.data.sha
-          })),
-          this.getTagDate({ owner, repo, tag: ref }).then((data) => ({
-            date: new Date(data.date),
-            type: "TAG" /* TAG */,
-            sha: data.sha
-          }))
-        ]);
-        return res;
-      } catch (e) {
-        if (e instanceof AggregateError) {
-          throw new RefNotFoundError(`ref: ${ref} does not exist`);
-        }
-        throw e;
-      }
-    },
-    async getBranch({
-      branch,
+  async getSubmitRequestId(submitRequestUrl) {
+    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
+    return match?.[1] || "";
+  }
+  async getCommitUrl(commitId) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const getCommitRes = await this.githubSdk.getCommit({
       owner,
-      repo
-    }) {
-      return octokit.rest.repos.getBranch({
-        branch,
-        owner,
-        repo
-      });
-    },
-    async getCommit({
-      commitSha,
+      repo,
+      commitSha: commitId
+    });
+    return getCommitRes.data.html_url;
+  }
+  async postGeneralPrComment(params) {
+    const { prNumber, body } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.postGeneralPrComment({
+      issue_number: prNumber,
       owner,
-      repo
-    }) {
-      return octokit.rest.git.getCommit({
-        repo,
-        owner,
-        commit_sha: commitSha
-      });
-    },
-    async getTagDate({
-      tag,
+      repo,
+      body
+    });
+  }
+  async getGeneralPrComments(params) {
+    const { prNumber } = params;
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return await this.githubSdk.getGeneralPrComments({
+      issue_number: prNumber,
       owner,
       repo
-    }) {
-      const refResponse = await octokit.rest.git.getRef({
-        ref: `tags/${tag}`,
-        owner,
-        repo
-      });
-      const tagSha = refResponse.data.object.sha;
-      if (refResponse.data.object.type === "commit") {
-        const res2 = await octokit.rest.git.getCommit({
-          commit_sha: tagSha,
-          owner,
-          repo
-        });
-        return {
-          date: res2.data.committer.date,
-          sha: res2.data.sha
-        };
+    });
+  }
+  async deleteGeneralPrComment({
+    commentId
+  }) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    return this.githubSdk.deleteGeneralPrComment({
+      owner,
+      repo,
+      comment_id: commentId
+    });
+  }
+};
+
+// src/features/analysis/scm/gitlab/gitlab.ts
+import querystring3 from "node:querystring";
+import {
+  createRequesterFn
+} from "@gitbeaker/requester-utils";
+import {
+  AccessLevel,
+  Gitlab
+} from "@gitbeaker/rest";
+import Debug4 from "debug";
+import {
+  fetch as undiciFetch,
+  ProxyAgent as ProxyAgent2
+} from "undici";
+
+// src/features/analysis/scm/gitlab/types.ts
+import { z as z23 } from "zod";
+var GitlabAuthResultZ = z23.object({
+  access_token: z23.string(),
+  token_type: z23.string(),
+  refresh_token: z23.string()
+});
+
+// src/features/analysis/scm/gitlab/gitlab.ts
+var debug4 = Debug4("scm:gitlab");
+function removeTrailingSlash2(str) {
+  return str.trim().replace(/\/+$/, "");
+}
+function getRandomGitlabCloudAnonToken() {
+  if (!GITLAB_API_TOKEN || typeof GITLAB_API_TOKEN !== "string") {
+    return void 0;
+  }
+  const tokens = GITLAB_API_TOKEN.split(",");
+  return tokens[Math.floor(Math.random() * tokens.length)];
+}
+function getGitBeaker(options) {
+  const token = options?.gitlabAuthToken ?? getRandomGitlabCloudAnonToken() ?? "";
+  const url = options.url;
+  const host = url ? new URL(url).origin : "https://gitlab.com";
+  if (token?.startsWith("glpat-") || token === "") {
+    return new Gitlab({
+      token,
+      host,
+      requesterFn: createRequesterFn(
+        (_, reqo) => Promise.resolve(reqo),
+        brokerRequestHandler
+      )
+    });
+  }
+  return new Gitlab({
+    oauthToken: token,
+    host,
+    requesterFn: createRequesterFn(
+      (_, reqo) => Promise.resolve(reqo),
+      brokerRequestHandler
+    )
+  });
+}
+async function gitlabValidateParams({
+  url,
+  accessToken
+}) {
+  try {
+    const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
+    if (accessToken) {
+      await api2.Users.showCurrentUser();
+    }
+    if (url && shouldValidateUrl(url)) {
+      const { projectPath } = parseGitlabOwnerAndRepo(url);
+      await api2.Projects.show(projectPath);
+    }
+  } catch (e) {
+    const error = e;
+    const code = error.code || error.status || error.statusCode || error.response?.status || error.response?.statusCode || error.response?.code;
+    const description = error.description || `${e}`;
+    if (code === 401 || code === 403 || description.includes("401") || description.includes("403")) {
+      throw new InvalidAccessTokenError(`invalid gitlab access token`);
+    }
+    if (code === 404 || description.includes("404") || description.includes("Not Found")) {
+      throw new InvalidRepoUrlError(`invalid gitlab repo URL: ${url}`);
+    }
+    console.log("gitlabValidateParams error", e);
+    throw new InvalidRepoUrlError(
+      `cannot access gitlab repo URL: ${url} with the provided access token`
+    );
+  }
+}
+async function getGitlabUsername(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
+  const res = await api2.Users.showCurrentUser();
+  return res.username;
+}
+async function getGitlabIsUserCollaborator({
+  accessToken,
+  repoUrl
+}) {
+  try {
+    const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+    const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+    const proj = await api2.Projects.show(projectPath);
+    const groupAccess = proj.permissions?.group_access?.access_level || 0;
+    const projectAccess = proj.permissions?.project_access?.access_level || 0;
+    const accessLevelWithWriteAccess = [
+      AccessLevel.DEVELOPER,
+      AccessLevel.MAINTAINER,
+      AccessLevel.OWNER,
+      AccessLevel.ADMIN
+    ];
+    return accessLevelWithWriteAccess.includes(groupAccess) || accessLevelWithWriteAccess.includes(projectAccess);
+  } catch (e) {
+    return false;
+  }
+}
+var gitlabMergeRequestStatus = {
+  merged: "merged",
+  opened: "opened",
+  closed: "closed"
+};
+async function getGitlabMergeRequestStatus({
+  accessToken,
+  repoUrl,
+  mrNumber
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  const res = await api2.MergeRequests.show(projectPath, mrNumber);
+  switch (res.state) {
+    case gitlabMergeRequestStatus.merged:
+    case gitlabMergeRequestStatus.opened:
+    case gitlabMergeRequestStatus.closed:
+      return res.state;
+    default:
+      throw new Error(`unknown merge request state ${res.state}`);
+  }
+}
+async function createMarkdownCommentOnPullRequest({
+  markdownComment,
+  accessToken,
+  repoUrl,
+  mrNumber
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  return api2.MergeRequestNotes.create(projectPath, mrNumber, markdownComment);
+}
+async function getGitlabIsRemoteBranch({
+  accessToken,
+  repoUrl,
+  branch
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  try {
+    const res = await api2.Branches.show(projectPath, branch);
+    return res.name === branch;
+  } catch (e) {
+    return false;
+  }
+}
+async function getGitlabRepoList(url, accessToken) {
+  const api2 = getGitBeaker({ url, gitlabAuthToken: accessToken });
+  const res = await api2.Projects.all({
+    membership: true,
+    //TODO: a bug in the sorting mechanism of this api call
+    //disallows us to sort by updated_at in descending order
+    //so we have to sort by updated_at in ascending order.
+    //We can wait for the bug to be fixed or call the api
+    //directly with fetch()
+    sort: "asc",
+    orderBy: "updated_at",
+    perPage: 100
+  });
+  return Promise.all(
+    res.map(async (project) => {
+      const proj = await api2.Projects.show(project.id);
+      const owner = proj.namespace.name;
+      const repoLanguages = await api2.Projects.showLanguages(project.id);
+      return {
+        repoName: project.path,
+        repoUrl: project.web_url,
+        repoOwner: owner,
+        repoLanguages: Object.keys(repoLanguages),
+        repoIsPublic: project.visibility === "public",
+        repoUpdatedAt: project.last_activity_at
+      };
+    })
+  );
+}
+async function getGitlabBranchList({
+  accessToken,
+  repoUrl
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const api2 = getGitBeaker({ url: repoUrl, gitlabAuthToken: accessToken });
+  try {
+    const res = await api2.Branches.all(projectPath, {
+      //keyset API pagination is not supported by GL for the branch list (at least not the on-prem version)
+      //so for now we stick with the default pagination and just return the first page and limit the results to 1000 entries.
+      //This is a temporary solution until we implement list branches with name search.
+      perPage: MAX_BRANCHES_FETCH,
+      page: 1
+    });
+    res.sort((a, b) => {
+      if (!a.commit?.committed_date || !b.commit?.committed_date) {
+        return 0;
       }
-      const res = await octokit.rest.git.getTag({
-        tag_sha: tagSha,
-        owner,
-        repo
-      });
+      return new Date(b.commit?.committed_date).getTime() - new Date(a.commit?.committed_date).getTime();
+    });
+    return res.map((branch) => branch.name).slice(0, MAX_BRANCHES_FETCH);
+  } catch (e) {
+    return [];
+  }
+}
+async function createMergeRequest(options) {
+  const { projectPath } = parseGitlabOwnerAndRepo(options.repoUrl);
+  const api2 = getGitBeaker({
+    url: options.repoUrl,
+    gitlabAuthToken: options.accessToken
+  });
+  const res = await api2.MergeRequests.create(
+    projectPath,
+    options.sourceBranchName,
+    options.targetBranchName,
+    options.title,
+    {
+      description: options.body
+    }
+  );
+  return res.iid;
+}
+async function getGitlabMergeRequest({
+  url,
+  prNumber,
+  accessToken
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(url);
+  const api2 = getGitBeaker({
+    url,
+    gitlabAuthToken: accessToken
+  });
+  return await api2.MergeRequests.show(projectPath, prNumber);
+}
+async function getGitlabCommitUrl({
+  url,
+  commitSha,
+  accessToken
+}) {
+  const { projectPath } = parseGitlabOwnerAndRepo(url);
+  const api2 = getGitBeaker({
+    url,
+    gitlabAuthToken: accessToken
+  });
+  return await api2.Commits.show(projectPath, commitSha);
+}
+async function getGitlabRepoDefaultBranch(repoUrl, options) {
+  const api2 = getGitBeaker({
+    url: repoUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
+  const { projectPath } = parseGitlabOwnerAndRepo(repoUrl);
+  const project = await api2.Projects.show(projectPath);
+  if (!project.default_branch) {
+    throw new Error("no default branch");
+  }
+  return project.default_branch;
+}
+async function getGitlabReferenceData({ ref, gitlabUrl }, options) {
+  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
+  const results = await Promise.allSettled([
+    (async () => {
+      const res = await api2.Branches.show(projectPath, ref);
       return {
-        date: res.data.tagger.date,
-        sha: res.data.sha
+        sha: res.commit.id,
+        type: "BRANCH" /* BRANCH */,
+        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
       };
-    },
-    async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path8 } = params2;
-      const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
-      const res = await octokit.graphql(
-        GET_BLAME_DOCUMENT,
-        {
-          owner,
-          repo,
-          path: path8,
-          ref
-        }
-      );
-      if (!res?.repository?.object?.blame?.ranges) {
-        return [];
-      }
-      return res.repository.object.blame.ranges.map((range) => ({
-        startingLine: range.startingLine,
-        endingLine: range.endingLine,
-        email: range.commit.author.user?.email || "",
-        name: range.commit.author.user?.name || "",
-        login: range.commit.author.user?.login || ""
-      }));
-    },
-    // todo: refactor the name for this function
-    async createPr(params2) {
-      const { sourceRepoUrl, filesPaths, userRepoUrl, title, body } = params2;
-      const { owner: sourceOwner, repo: sourceRepo } = parseGithubOwnerAndRepo(sourceRepoUrl);
-      const { owner, repo } = parseGithubOwnerAndRepo(userRepoUrl);
-      const [sourceFilePath, secondFilePath] = filesPaths;
-      const sourceFileContentResponse = await octokit.rest.repos.getContent({
-        owner: sourceOwner,
-        repo: sourceRepo,
-        path: "/" + sourceFilePath
-      });
-      const { data: repository } = await octokit.rest.repos.get({ owner, repo });
-      const defaultBranch = repository.default_branch;
-      const newBranchName = `mobb/workflow-${Date.now()}`;
-      await octokit.rest.git.createRef({
-        owner,
-        repo,
-        ref: `refs/heads/${newBranchName}`,
-        sha: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-      });
-      const decodedContent = Buffer.from(
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore
-        sourceFileContentResponse.data.content,
-        "base64"
-      ).toString("utf-8");
-      const tree = [
-        {
-          path: sourceFilePath,
-          mode: "100644",
-          type: "blob",
-          content: decodedContent
-        }
-      ];
-      if (secondFilePath) {
-        const secondFileContentResponse = await octokit.rest.repos.getContent({
-          owner: sourceOwner,
-          repo: sourceRepo,
-          path: "/" + secondFilePath
-        });
-        const secondDecodedContent = Buffer.from(
-          // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-          // @ts-ignore
-          secondFileContentResponse.data.content,
-          "base64"
-        ).toString("utf-8");
-        tree.push({
-          path: secondFilePath,
-          mode: "100644",
-          type: "blob",
-          content: secondDecodedContent
-        });
-      }
-      const createTreeResponse = await octokit.rest.git.createTree({
-        owner,
-        repo,
-        base_tree: await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha),
-        // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-        // @ts-ignore
-        tree
-      });
-      const createCommitResponse = await octokit.rest.git.createCommit({
-        owner,
-        repo,
-        message: "Add new yaml file",
-        tree: createTreeResponse.data.sha,
-        parents: [
-          await octokit.rest.git.getRef({ owner, repo, ref: `heads/${defaultBranch}` }).then((response) => response.data.object.sha)
-        ]
-      });
-      await octokit.rest.git.updateRef({
-        owner,
-        repo,
-        ref: `heads/${newBranchName}`,
-        sha: createCommitResponse.data.sha
-      });
-      const createPRResponse = await octokit.rest.pulls.create({
-        owner,
-        repo,
-        title,
-        head: newBranchName,
-        head_repo: sourceRepo,
-        body,
-        base: defaultBranch
-      });
+    })(),
+    (async () => {
+      const res = await api2.Commits.show(projectPath, ref);
       return {
-        pull_request_url: createPRResponse.data.html_url
+        sha: res.id,
+        type: "COMMIT" /* COMMIT */,
+        date: res.committed_date ? new Date(res.committed_date) : void 0
       };
-    },
-    async getGithubBranchList(repoUrl) {
-      const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
-      return octokit.rest.repos.listBranches({
-        owner,
-        repo,
-        per_page: MAX_BRANCHES_FETCH,
-        page: 1
-      });
-    },
-    async createPullRequest(options) {
-      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-      return octokit.rest.pulls.create({
-        owner,
-        repo,
-        title: options.title,
-        body: options.body,
-        head: options.sourceBranchName,
-        base: options.targetBranchName,
-        draft: false,
-        maintainer_can_modify: true
-      });
-    },
-    async forkRepo(options) {
-      const { owner, repo } = parseGithubOwnerAndRepo(options.repoUrl);
-      const createForkRes = await octokit.rest.repos.createFork({
-        owner,
-        repo,
-        default_branch_only: false
-      });
-      return { url: createForkRes.data.html_url };
-    },
-    async getUserInfo() {
-      return octokit.request(GET_USER);
+    })(),
+    (async () => {
+      const res = await api2.Tags.show(projectPath, ref);
+      return {
+        sha: res.commit.id,
+        type: "TAG" /* TAG */,
+        date: res.commit.committed_date ? new Date(res.commit.committed_date) : void 0
+      };
+    })()
+  ]);
+  const [branchRes, commitRes, tagRes] = results;
+  if (tagRes.status === "fulfilled") {
+    return tagRes.value;
+  }
+  if (branchRes.status === "fulfilled") {
+    return branchRes.value;
+  }
+  if (commitRes.status === "fulfilled") {
+    return commitRes.value;
+  }
+  throw new RefNotFoundError(`ref: ${ref} does not exist`);
+}
+function parseGitlabOwnerAndRepo(gitlabUrl) {
+  gitlabUrl = removeTrailingSlash2(gitlabUrl);
+  const parsingResult = parseScmURL(gitlabUrl, "GitLab" /* GitLab */);
+  if (!parsingResult || !parsingResult.repoName) {
+    throw new InvalidUrlPatternError(`invalid gitlab repo Url ${gitlabUrl}`);
+  }
+  const { organization, repoName, projectPath } = parsingResult;
+  return { owner: organization, repo: repoName, projectPath };
+}
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path8 }, options) {
+  const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
+  const api2 = getGitBeaker({
+    url: gitlabUrl,
+    gitlabAuthToken: options?.gitlabAuthToken
+  });
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path8, ref);
+  let lineNumber = 1;
+  return resp.filter((range) => range.lines).map((range) => {
+    const oldLineNumber = lineNumber;
+    if (!range.lines) {
+      throw new Error("range.lines should not be undefined");
     }
-  };
+    lineNumber += range.lines.length;
+    return {
+      startingLine: oldLineNumber,
+      endingLine: lineNumber - 1,
+      login: range.commit.author_email,
+      email: range.commit.author_email,
+      name: range.commit.author_name
+    };
+  });
+}
+async function processBody(response) {
+  const headers = response.headers;
+  const type2 = headers.get("content-type")?.split(";")[0]?.trim();
+  if (type2 === "application/json") {
+    return await response.json();
+  }
+  return await response.text();
+}
+async function brokerRequestHandler(endpoint, options) {
+  const { prefixUrl, searchParams } = options || {};
+  let baseUrl;
+  if (prefixUrl) baseUrl = prefixUrl.endsWith("/") ? prefixUrl : `${prefixUrl}/`;
+  const url = new URL(endpoint, baseUrl);
+  url.search = searchParams || "";
+  const dispatcher = url && isBrokerUrl(url.href) ? new ProxyAgent2({
+    uri: GIT_PROXY_HOST,
+    requestTls: {
+      rejectUnauthorized: false
+    }
+  }) : void 0;
+  const response = await undiciFetch(url, {
+    headers: options?.headers,
+    method: options?.method,
+    body: options?.body ? String(options?.body) : void 0,
+    dispatcher
+  }).catch((e) => {
+    if (e.name === "TimeoutError" || e.name === "AbortError") {
+      throw new Error("Query timeout was reached");
+    }
+    throw e;
+  });
+  if (response.ok)
+    return {
+      body: await processBody(response),
+      headers: Object.fromEntries(response.headers.entries()),
+      status: response.status
+    };
+  throw new Error(`gitbeaker: ${response.statusText}`);
 }
 
-// src/features/analysis/scm/github/GithubSCMLib.ts
-var GithubSCMLib = class extends SCMLib {
-  // we don't always need a url, what's important is that we have an access token
+// src/features/analysis/scm/gitlab/GitlabSCMLib.ts
+var GitlabSCMLib = class extends SCMLib {
   constructor(url, accessToken, scmOrg) {
     super(url, accessToken, scmOrg);
-    __publicField(this, "githubSdk");
-    this.githubSdk = getGithubSdk({
-      auth: accessToken,
-      url
-    });
   }
   async createSubmitRequest(params) {
     this._validateAccessTokenAndUrl();
     const { targetBranchName, sourceBranchName, title, body } = params;
-    const pullRequestResult = await this.githubSdk.createPullRequest({
-      title,
-      body,
-      targetBranchName,
-      sourceBranchName,
-      repoUrl: this.url
-    });
-    return String(pullRequestResult.data.number);
-  }
-  async forkRepo(repoUrl) {
-    this._validateAccessToken();
-    return this.githubSdk.forkRepo({
-      repoUrl
-    });
-  }
-  async createOrUpdateRepositorySecret(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const { data: repositoryPublicKeyResponse } = await this.githubSdk.getRepositoryPublicKey({ owner, repo });
-    const { key_id, key } = repositoryPublicKeyResponse;
-    const encryptedValue = await encryptSecret(params.value, key);
-    return this.githubSdk.createOrUpdateRepositorySecret({
-      encrypted_value: encryptedValue,
-      secret_name: params.name,
-      key_id,
-      owner,
-      repo
-    });
-  }
-  async createPullRequestWithNewFile(sourceRepoUrl, filesPaths, userRepoUrl, title, body) {
-    const { pull_request_url } = await this.githubSdk.createPr({
-      sourceRepoUrl,
-      filesPaths,
-      userRepoUrl,
-      title,
-      body
-    });
-    return { pull_request_url };
+    return String(
+      await createMergeRequest({
+        title,
+        body,
+        targetBranchName,
+        sourceBranchName,
+        repoUrl: this.url,
+        accessToken: this.accessToken
+      })
+    );
   }
   async validateParams() {
-    return githubValidateParams(this.url, this.accessToken);
-  }
-  async postPrComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.postPrComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async updatePrComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.updatePrComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async deleteComment(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteComment({
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async getPrComments(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.getPrComments({
-      per_page: 100,
-      ...params,
-      owner,
-      repo
-    });
-  }
-  async getPrDiff(params) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const prRes = await this.githubSdk.getPrDiff({
-      ...params,
-      owner,
-      repo
+    return gitlabValidateParams({
+      url: this.url,
+      accessToken: this.accessToken
     });
-    return z24.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
-    this._validateAccessToken();
-    return this.githubSdk.getGithubRepoList();
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+    return getGitlabRepoList(this.url, this.accessToken);
   }
   async getBranchList() {
     this._validateAccessTokenAndUrl();
-    const branches = await this.githubSdk.getGithubBranchList(this.url);
-    return branches.data.map((branch) => branch.name);
+    return getGitlabBranchList({
+      accessToken: this.accessToken,
+      repoUrl: this.url
+    });
   }
   get scmLibType() {
-    return "GITHUB" /* GITHUB */;
+    return "GITLAB" /* GITLAB */;
   }
   getAuthHeaders() {
-    if (this.accessToken) {
+    if (!this.accessToken) {
+      return {};
+    }
+    if (this.accessToken.startsWith("glpat-")) {
+      return {
+        "Private-Token": this.accessToken
+      };
+    } else {
       return { authorization: `Bearer ${this.accessToken}` };
     }
-    return {};
   }
   getDownloadUrl(sha) {
-    this._validateUrl();
-    const res = parseScmURL(this.url, "GitHub" /* GitHub */);
-    if (!res) {
-      throw new InvalidRepoUrlError("invalid repo url");
-    }
-    const { protocol, hostname, organization, repoName } = res;
-    const downloadUrl = isGithubOnPrem(this.url) ? `${protocol}//${hostname}/api/v3/repos/${organization}/${repoName}/zipball/${sha}` : `https://api.${hostname}/repos/${organization}/${repoName}/zipball/${sha}`;
-    return Promise.resolve(downloadUrl);
+    const urlObj = new URL(this.url || "");
+    const ProjectId = encodeURIComponent(
+      urlObj.pathname.replace(/^\//, "").replace(/\/$/, "")
+    );
+    return Promise.resolve(
+      //We are moving away from this form as it doesn't work when using a non-human token (group/project token)
+      //Where as the API zip endpoint works with any token
+      //`${this.url}/-/archive/${sha}/${repoName}-${sha}.zip`
+      `${urlObj.origin}/api/v4/projects/${ProjectId}/repository/archive.zip?sha=${sha}`
+    );
   }
   async _getUsernameForAuthUrl() {
-    return this.getUsername();
+    if (this?.accessToken?.startsWith("glpat-")) {
+      return this.getUsername();
+    } else {
+      return "oauth2";
+    }
   }
   async getIsRemoteBranch(branch) {
-    this._validateUrl();
-    return this.githubSdk.getGithubIsRemoteBranch({ branch, repoUrl: this.url });
+    this._validateAccessTokenAndUrl();
+    return getGitlabIsRemoteBranch({
+      accessToken: this.accessToken,
+      repoUrl: this.url,
+      branch
+    });
   }
   async getUserHasAccessToRepo() {
     this._validateAccessTokenAndUrl();
-    const username = await this.getUsername();
-    return this.githubSdk.getGithubIsUserCollaborator({
-      repoUrl: this.url,
-      username
+    return getGitlabIsUserCollaborator({
+      accessToken: this.accessToken,
+      repoUrl: this.url
     });
   }
   async getUsername() {
-    this._validateAccessToken();
-    return this.githubSdk.getGithubUsername();
+    this._validateAccessTokenAndUrl();
+    return getGitlabUsername(this.url, this.accessToken);
   }
   async getSubmitRequestStatus(scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
-    return this.githubSdk.getGithubPullRequestStatus({
+    const state = await getGitlabMergeRequestStatus({
+      accessToken: this.accessToken,
       repoUrl: this.url,
-      prNumber: Number(scmSubmitRequestId)
+      mrNumber: Number(scmSubmitRequestId)
     });
+    switch (state) {
+      case gitlabMergeRequestStatus.merged:
+        return "merged";
+      case gitlabMergeRequestStatus.opened:
+        return "open";
+      case gitlabMergeRequestStatus.closed:
+        return "closed";
+      default:
+        throw new Error(`unknown state ${state}`);
+    }
   }
   async addCommentToSubmitRequest(submitRequestId, comment) {
     this._validateAccessTokenAndUrl();
-    await this.githubSdk.createMarkdownCommentOnPullRequest({
+    await createMarkdownCommentOnPullRequest({
+      accessToken: this.accessToken,
       repoUrl: this.url,
-      prNumber: Number(submitRequestId),
+      mrNumber: Number(submitRequestId),
       markdownComment: comment
     });
   }
   async getRepoBlameRanges(ref, path8) {
     this._validateUrl();
-    return await this.githubSdk.getGithubBlameRanges({
-      ref,
-      path: path8,
-      gitHubUrl: this.url
-    });
+    return await getGitlabBlameRanges(
+      { ref, path: path8, gitlabUrl: this.url },
+      {
+        url: this.url,
+        gitlabAuthToken: this.accessToken
+      }
+    );
   }
   async getReferenceData(ref) {
     this._validateUrl();
-    return this.githubSdk.getGithubReferenceData({ ref, gitHubUrl: this.url });
-  }
-  async getPrComment(commentId) {
-    this._validateUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getPrComment({
-      repo,
-      owner,
-      comment_id: commentId
-    });
+    return await getGitlabReferenceData(
+      { ref, gitlabUrl: this.url },
+      {
+        url: this.url,
+        gitlabAuthToken: this.accessToken
+      }
+    );
   }
   async getRepoDefaultBranch() {
     this._validateUrl();
-    return await this.githubSdk.getGithubRepoDefaultBranch(this.url);
+    return await getGitlabRepoDefaultBranch(this.url, {
+      url: this.url,
+      gitlabAuthToken: this.accessToken
+    });
   }
   async getSubmitRequestUrl(submitRequestUrl) {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getPrRes = await this.githubSdk.getPr({
-      owner,
-      repo,
-      pull_number: submitRequestUrl
+    const res = await getGitlabMergeRequest({
+      url: this.url,
+      prNumber: submitRequestUrl,
+      accessToken: this.accessToken
     });
-    return getPrRes.data.html_url;
+    return res.web_url;
   }
   async getSubmitRequestId(submitRequestUrl) {
-    const match = submitRequestUrl.match(/\/pull\/(\d+)/);
+    const match = submitRequestUrl.match(/\/merge_requests\/(\d+)/);
     return match?.[1] || "";
   }
   async getCommitUrl(commitId) {
     this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    const getCommitRes = await this.githubSdk.getCommit({
-      owner,
-      repo,
-      commitSha: commitId
+    const res = await getGitlabCommitUrl({
+      url: this.url,
+      commitSha: commitId,
+      accessToken: this.accessToken
     });
-    return getCommitRes.data.html_url;
+    return res.web_url;
   }
-  async postGeneralPrComment(params) {
-    const { prNumber, body } = params;
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.postGeneralPrComment({
-      issue_number: prNumber,
-      owner,
-      repo,
-      body
-    });
+};
+
+// src/features/analysis/scm/scmFactory.ts
+import { z as z24 } from "zod";
+
+// src/features/analysis/scm/StubSCMLib.ts
+var StubSCMLib = class extends SCMLib {
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
   }
-  async getGeneralPrComments(params) {
-    const { prNumber } = params;
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return await this.githubSdk.getGeneralPrComments({
-      issue_number: prNumber,
-      owner,
-      repo
-    });
+  async getUrlWithCredentials() {
+    console.warn("getUrlWithCredentials() returning empty string");
+    return "";
   }
-  async deleteGeneralPrComment({
-    commentId
-  }) {
-    this._validateAccessTokenAndUrl();
-    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
-    return this.githubSdk.deleteGeneralPrComment({
-      owner,
-      repo,
-      comment_id: commentId
-    });
+  async createSubmitRequest(_params) {
+    console.warn("createSubmitRequest() returning empty string");
+    return "";
+  }
+  get scmLibType() {
+    console.warn("scmLibType returning GITHUB as default");
+    return "GITHUB" /* GITHUB */;
+  }
+  getAuthHeaders() {
+    console.warn("getAuthHeaders() returning empty object");
+    return {};
+  }
+  async getDownloadUrl(_sha) {
+    console.warn("getDownloadUrl() returning empty string");
+    return "";
+  }
+  async getIsRemoteBranch(_branch) {
+    console.warn("getIsRemoteBranch() returning false");
+    return false;
+  }
+  async validateParams() {
+    console.warn("validateParams() no-op");
+  }
+  async getRepoList(_scmOrg) {
+    console.warn("getRepoList() returning empty array");
+    return [];
+  }
+  async getBranchList() {
+    console.warn("getBranchList() returning empty array");
+    return [];
+  }
+  async getUsername() {
+    console.warn("getUsername() returning empty string");
+    return "";
+  }
+  async getSubmitRequestStatus(_scmSubmitRequestId) {
+    console.warn("getSubmitRequestStatus() returning ERROR");
+    return "error";
+  }
+  async getUserHasAccessToRepo() {
+    console.warn("getUserHasAccessToRepo() returning false");
+    return false;
+  }
+  async getRepoBlameRanges(_ref, _path) {
+    console.warn("getRepoBlameRanges() returning empty array");
+    return [];
+  }
+  async getReferenceData(_ref) {
+    console.warn("getReferenceData() returning null/empty defaults");
+    return {
+      type: "BRANCH" /* BRANCH */,
+      sha: "",
+      date: void 0
+    };
+  }
+  async getRepoDefaultBranch() {
+    console.warn("getRepoDefaultBranch() returning empty string");
+    return "";
+  }
+  async getSubmitRequestUrl(_submitRequestIdNumber) {
+    console.warn("getSubmitRequestUrl() returning empty string");
+    return "";
+  }
+  async getSubmitRequestId(_submitRequestUrl) {
+    console.warn("getSubmitRequestId() returning empty string");
+    return "";
+  }
+  async getCommitUrl(_commitId) {
+    console.warn("getCommitUrl() returning empty string");
+    return "";
+  }
+  async _getUsernameForAuthUrl() {
+    console.warn("_getUsernameForAuthUrl() returning empty string");
+    return "";
+  }
+  async addCommentToSubmitRequest(_submitRequestId, _comment) {
+    console.warn("addCommentToSubmitRequest() no-op");
   }
 };
 
+// src/features/analysis/scm/scmFactory.ts
+async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateExceptions = false } = {}) {
+  const trimmedUrl = url ? url.trim().replace(/\/$/, "").replace(/.git$/i, "") : void 0;
+  try {
+    switch (scmType) {
+      case "GITHUB" /* GITHUB */: {
+        const scm = new GithubSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.validateParams();
+        return scm;
+      }
+      case "GITLAB" /* GITLAB */: {
+        const scm = new GitlabSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.validateParams();
+        return scm;
+      }
+      case "ADO" /* ADO */: {
+        const scm = new AdoSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.getAdoSdk();
+        await scm.validateParams();
+        return scm;
+      }
+      case "BITBUCKET" /* BITBUCKET */: {
+        const scm = new BitbucketSCMLib(trimmedUrl, accessToken, scmOrg);
+        await scm.validateParams();
+        return scm;
+      }
+    }
+  } catch (e) {
+    if (e instanceof InvalidRepoUrlError && url) {
+      throw new RepoNoTokenAccessError(
+        "no access to repo",
+        scmLibScmTypeToScmType[z24.nativeEnum(ScmLibScmType).parse(scmType)]
+      );
+    }
+    console.error(`error validating scm: ${scmType} `, e);
+    if (propagateExceptions) {
+      throw e;
+    }
+  }
+  return new StubSCMLib(trimmedUrl, void 0, void 0);
+}
+
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
 import Debug7 from "debug";
 import parseDiff from "parse-diff";
@@ -7238,7 +7293,8 @@ function buildIssueCommentBody({
   projectId,
   analysisId,
   organizationId,
-  irrelevantIssueWithTags
+  irrelevantIssueWithTags,
+  fpDescription
 }) {
   const issueUrl = getIssueUrlWithRedirect({
     appBaseUrl: WEB_APP_URL,
@@ -7253,9 +7309,10 @@ function buildIssueCommentBody({
   const subTitle = getCommitIssueDescription({
     issueType,
     vendor: scannerToVulnerability_Report_Vendor_Enum[scanner],
-    irrelevantIssueWithTags
+    irrelevantIssueWithTags,
+    fpDescription
   });
-  const issuePageLink = `[Learn more and fine tune the issue](${issueUrl})`;
+  const issuePageLink = `[Learn more about this issue](${issueUrl})`;
   return `${title}
 ${subTitle}
 ${issuePageLink}`;
@@ -7326,7 +7383,8 @@ async function postIssueComment(params) {
     scm,
     commitSha,
     pullRequest,
-    scanner
+    scanner,
+    fpDescription
   } = params;
   const {
     path: path8,
@@ -7357,7 +7415,8 @@ Refresh the page in order to see the changes.`,
     scanner,
     projectId,
     analysisId,
-    organizationId
+    organizationId,
+    fpDescription
   });
   return await scm.updatePrComment({
     body: commentBody,
@@ -7570,33 +7629,49 @@ async function addFixCommentsForPr({
         });
       }
     ),
-    ...irrelevantVulnerabilityReportIssues.map((vulnerabilityReportIssue) => {
-      return vulnerabilityReportIssue.codeNodes.map(
-        (vulnerabilityReportIssueCodeNode) => {
-          return postIssueComment({
-            vulnerabilityReportIssueCodeNode: {
-              path: vulnerabilityReportIssueCodeNode.path,
-              startLine: vulnerabilityReportIssueCodeNode.startLine,
-              vulnerabilityReportIssue: {
-                fixId: "",
-                safeIssueType: vulnerabilityReportIssue.safeIssueType,
-                vulnerabilityReportIssueTags: vulnerabilityReportIssue.vulnerabilityReportIssueTags,
-                category: vulnerabilityReportIssue.category
-              },
-              vulnerabilityReportIssueId: vulnerabilityReportIssue.id
-            },
-            projectId,
-            analysisId,
-            organizationId,
-            fixesById,
-            scm,
-            pullRequest,
-            scanner,
-            commitSha
+    ...irrelevantVulnerabilityReportIssues.map(
+      async (vulnerabilityReportIssue) => {
+        let fpDescription = null;
+        if (vulnerabilityReportIssue.fpId) {
+          const fpRes = await gqlClient.getFalsePositive({
+            fpId: vulnerabilityReportIssue.fpId
           });
+          const parsedFpRes = await FalsePositivePartsZ.parseAsync(
+            fpRes?.getFalsePositive
+          );
+          const { description, contextString } = getParsedFalsePositiveMessage(parsedFpRes);
+          fpDescription = contextString ? `${description}
+
+${contextString}` : description;
         }
-      );
-    }),
+        return vulnerabilityReportIssue.codeNodes.map(
+          (vulnerabilityReportIssueCodeNode) => {
+            return postIssueComment({
+              vulnerabilityReportIssueCodeNode: {
+                path: vulnerabilityReportIssueCodeNode.path,
+                startLine: vulnerabilityReportIssueCodeNode.startLine,
+                vulnerabilityReportIssue: {
+                  fixId: "",
+                  safeIssueType: vulnerabilityReportIssue.safeIssueType,
+                  vulnerabilityReportIssueTags: vulnerabilityReportIssue.vulnerabilityReportIssueTags,
+                  category: vulnerabilityReportIssue.category
+                },
+                vulnerabilityReportIssueId: vulnerabilityReportIssue.id
+              },
+              projectId,
+              analysisId,
+              organizationId,
+              fixesById,
+              scm,
+              pullRequest,
+              scanner,
+              commitSha,
+              fpDescription
+            });
+          }
+        );
+      }
+    ),
     postAnalysisInsightComment({
       prVulenrabilities,
       pullRequest,
@@ -7827,6 +7902,7 @@ var VulnerabilityReportIssueNoFixCodeNodeZ = z27.object({
       fixId: z27.string().nullable(),
       category: ValidCategoriesZ,
       safeIssueType: z27.string(),
+      fpId: z27.string().uuid().nullable(),
       codeNodes: z27.array(
         z27.object({
           path: z27.string(),
@@ -8190,6 +8266,9 @@ var GQLClient = class {
   async getReferenceData(args) {
     return this._clientSdk.gitReference(args);
   }
+  async getFalsePositive(args) {
+    return this._clientSdk.getFalsePositive(args);
+  }
 };
 
 // src/features/analysis/pack.ts