mobbdev 1.0.90 → 1.0.92

package/dist/index.mjs

@@ -7,15 +7,15 @@ var __export = (target, all) => {
 var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
 
 // src/index.ts
-import Debug21 from "debug";
+import Debug20 from "debug";
 import { hideBin } from "yargs/helpers";
 
 // src/args/commands/convert_to_sarif.ts
-import fs4 from "fs";
+import fs5 from "fs";
 
 // src/commands/convert_to_sarif.ts
-import fs3 from "fs";
-import path3 from "path";
+import fs4 from "fs";
+import path5 from "path";
 
 // src/commands/fpr_stream_parser.ts
 import fs from "fs";
@@ -408,6 +408,7 @@ var IssueType_Enum = /* @__PURE__ */ ((IssueType_Enum2) => {
   IssueType_Enum2["MissingEqualsOrHashcode"] = "MISSING_EQUALS_OR_HASHCODE";
   IssueType_Enum2["MissingHstsHeader"] = "MISSING_HSTS_HEADER";
   IssueType_Enum2["MissingSslMinversion"] = "MISSING_SSL_MINVERSION";
+  IssueType_Enum2["MissingWhitespace"] = "MISSING_WHITESPACE";
   IssueType_Enum2["ModifiedDefaultParam"] = "MODIFIED_DEFAULT_PARAM";
   IssueType_Enum2["NonFinalPublicStaticField"] = "NON_FINAL_PUBLIC_STATIC_FIELD";
   IssueType_Enum2["NonReadonlyField"] = "NON_READONLY_FIELD";
@@ -1472,7 +1473,8 @@ var issueTypeMap = {
   ["AVOID_IDENTITY_COMPARISON_CACHED_TYPES" /* AvoidIdentityComparisonCachedTypes */]: "Avoid Identity Comparison of Cached Types",
   ["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: "Avoid Builtin Shadowing",
   ["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: "Improper String Formatting",
-  ["TAR_SLIP" /* TarSlip */]: "Tar Slip"
+  ["TAR_SLIP" /* TarSlip */]: "Tar Slip",
+  ["MISSING_WHITESPACE" /* MissingWhitespace */]: "Missing Whitespace"
 };
 var issueTypeZ = z5.nativeEnum(IssueType_Enum);
 var getIssueTypeFriendlyString = (issueType) => {
@@ -2206,7 +2208,8 @@ var fixDetailsData = {
   ["AVOID_BUILTIN_SHADOWING" /* AvoidBuiltinShadowing */]: void 0,
   ["IMPROPER_STRING_FORMATTING" /* ImproperStringFormatting */]: void 0,
   ["WILDCARD_IMPORTS" /* WildcardImports */]: void 0,
-  ["TAR_SLIP" /* TarSlip */]: void 0
+  ["TAR_SLIP" /* TarSlip */]: void 0,
+  ["MISSING_WHITESPACE" /* MissingWhitespace */]: void 0
 };
 
 // src/features/analysis/scm/shared/src/commitDescriptionMarkup.ts
@@ -3632,6 +3635,15 @@ var vulnerabilities12 = {
 };
 var js_default = vulnerabilities12;
 
+// src/features/analysis/scm/shared/src/storedQuestionData/python/duplicatedStrings.ts
+var duplicatedStrings2 = {
+  constantName: {
+    content: () => "New constant name",
+    description: () => "",
+    guidance: () => ""
+  }
+};
+
 // src/features/analysis/scm/shared/src/storedQuestionData/python/logForging.ts
 var logForging5 = {
   isHtmlDisplay: {
@@ -3676,7 +3688,8 @@ var vulnerabilities13 = {
   ["CSRF" /* Csrf */]: csrf2,
   ["LOG_FORGING" /* LogForging */]: logForging5,
   ["OPEN_REDIRECT" /* OpenRedirect */]: openRedirect2,
-  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3
+  ["UNCHECKED_LOOP_CONDITION" /* UncheckedLoopCondition */]: uncheckedLoopCondition3,
+  ["DUPLICATED_STRINGS" /* DuplicatedStrings */]: duplicatedStrings2
 };
 var python_default2 = vulnerabilities13;
 
@@ -4658,7 +4671,7 @@ async function getAdoSdk(params) {
       const url = new URL(repoUrl);
       const origin2 = url.origin.toLowerCase().endsWith(".visualstudio.com") ? DEFUALT_ADO_ORIGIN : url.origin.toLowerCase();
       const params2 = `path=/&versionDescriptor[versionOptions]=0&versionDescriptor[versionType]=commit&versionDescriptor[version]=${branch}&resolveLfs=true&$format=zip&api-version=5.0&download=true`;
-      const path12 = [
+      const path13 = [
         prefixPath,
         owner,
         projectName,
@@ -4669,7 +4682,7 @@ async function getAdoSdk(params) {
         "items",
         "items"
       ].filter(Boolean).join("/");
-      return new URL(`${path12}?${params2}`, origin2).toString();
+      return new URL(`${path13}?${params2}`, origin2).toString();
     },
     async getAdoBranchList({ repoUrl }) {
       try {
@@ -4892,103 +4905,596 @@ async function getAdoRepoList({
 // src/features/analysis/scm/ado/AdoSCMLib.ts
 import { setTimeout as setTimeout2 } from "timers/promises";
 
-// src/features/analysis/scm/scmSubmit/index.ts
+// src/features/analysis/scm/git/GitService.ts
+import * as path2 from "path";
 import { simpleGit } from "simple-git";
-var isValidBranchName = async (branchName) => {
-  const git = simpleGit();
-  try {
-    const res = await git.raw(["check-ref-format", "--branch", branchName]);
-    if (res) {
+
+// src/features/analysis/scm/FileUtils.ts
+import fs2 from "fs";
+import { isBinary } from "istextorbinary";
+import path from "path";
+var EXCLUDED_FILE_PATTERNS = [
+  // ... (copy the full array from FilePacking.ts)
+  ".json",
+  ".yaml",
+  ".yml",
+  ".toml",
+  ".ini",
+  ".conf",
+  ".config",
+  ".xml",
+  ".env",
+  ".md",
+  ".txt",
+  ".rst",
+  ".adoc",
+  ".lock",
+  ".png",
+  ".jpg",
+  ".jpeg",
+  ".gif",
+  ".svg",
+  ".ico",
+  ".webp",
+  ".bmp",
+  ".tiff",
+  ".ttf",
+  ".otf",
+  ".woff",
+  ".woff2",
+  ".eot",
+  ".zip",
+  ".tar",
+  ".gz",
+  ".rar",
+  ".7z",
+  ".log",
+  ".db",
+  ".sqlite",
+  ".sql",
+  ".pem",
+  ".crt",
+  ".key",
+  ".p12",
+  ".pfx",
+  ".editorconfig",
+  ".sublime-project",
+  ".sublime-workspace",
+  ".DS_Store",
+  "Thumbs.db",
+  ".lcov",
+  ".exe",
+  ".dll",
+  ".so",
+  ".dylib",
+  ".class",
+  ".pyc",
+  ".pyo",
+  ".o",
+  ".obj",
+  ".min.js",
+  ".min.css",
+  ".min.html",
+  ".test.js",
+  ".test.ts",
+  ".test.jsx",
+  ".test.tsx",
+  ".spec.js",
+  ".spec.ts",
+  ".spec.jsx",
+  ".spec.tsx",
+  ".d.ts",
+  ".bundle.js",
+  ".chunk.js",
+  "dockerfile",
+  "jenkinsfile",
+  "go.sum",
+  ".gitignore",
+  ".gitattributes",
+  ".gitmodules",
+  ".gitkeep",
+  ".keep",
+  ".hgignore",
+  ".nvmrc",
+  ".node-version",
+  ".npmrc",
+  ".yarnrc",
+  ".pnpmfile.cjs",
+  ".ruby-version",
+  ".python-version",
+  ".rvmrc",
+  ".rbenv-version",
+  ".gvmrc",
+  "makefile",
+  "rakefile",
+  "gulpfile.js",
+  "gruntfile.js",
+  "webpack.config.js",
+  "webpack.config.ts",
+  "rollup.config.js",
+  "vite.config.js",
+  "vite.config.ts",
+  "next.config.js",
+  "nuxt.config.js",
+  "tailwind.config.js",
+  "postcss.config.js",
+  ".babelrc",
+  ".babelrc.js",
+  ".swcrc",
+  ".browserslistrc",
+  "jest.config.js",
+  "jest.config.ts",
+  "vitest.config.js",
+  "karma.conf.js",
+  "protractor.conf.js",
+  "cypress.config.js",
+  "playwright.config.js",
+  ".nycrc",
+  ".c8rc",
+  ".eslintrc",
+  ".eslintrc.js",
+  ".prettierrc",
+  ".prettierrc.js",
+  ".stylelintrc",
+  ".stylelintrc.js",
+  "pipfile",
+  "gemfile",
+  "go.mod",
+  "project.clj",
+  "setup.py",
+  "setup.cfg",
+  "manifest.in",
+  ".pythonrc",
+  "readme",
+  "changelog",
+  "authors",
+  "contributors",
+  "license",
+  "notice",
+  "copyright",
+  ".htaccess"
+];
+var FileUtils = class {
+  static isExcludedFileType(filepath) {
+    const basename = path.basename(filepath).toLowerCase();
+    if (basename === ".env" || basename.startsWith(".env.")) {
+      return true;
+    }
+    if (EXCLUDED_FILE_PATTERNS.some((pattern) => basename.endsWith(pattern))) {
       return true;
     }
     return false;
-  } catch (e) {
-    return false;
-  }
-};
-
-// src/features/analysis/scm/scm.ts
-var SCMLib = class {
-  constructor(url, accessToken, scmOrg) {
-    __publicField(this, "url");
-    __publicField(this, "accessToken");
-    __publicField(this, "scmOrg");
-    this.accessToken = accessToken;
-    this.url = url;
-    this.scmOrg = scmOrg;
   }
-  async getUrlWithCredentials() {
-    if (!this.url) {
-      console.error("no url for getUrlWithCredentials()");
-      throw new Error("no url");
+  static shouldPackFile(filepath, maxFileSize = 1024 * 1024 * 5) {
+    const absoluteFilepath = path.resolve(filepath);
+    if (this.isExcludedFileType(filepath)) return false;
+    if (!fs2.existsSync(absoluteFilepath)) return false;
+    if (fs2.lstatSync(absoluteFilepath).size > maxFileSize) return false;
+    let data;
+    try {
+      data = fs2.readFileSync(absoluteFilepath);
+    } catch {
+      return false;
     }
-    const trimmedUrl = this.url.trim().replace(/\/$/, "");
-    const accessToken = this.getAccessToken();
-    if (!accessToken) {
-      return trimmedUrl;
+    if (isBinary(null, data)) return false;
+    return true;
+  }
+  static getAllFiles(dir, rootDir) {
+    const root = rootDir || dir;
+    const results = [];
+    const relativeDepth = path.relative(root, dir).split(path.sep).length;
+    if (relativeDepth > 20) {
+      return [];
     }
-    if (this.scmLibType === "ADO" /* ADO */) {
-      const { host, protocol, pathname } = new URL(trimmedUrl);
-      return `${protocol}//${accessToken}@${host}${pathname}`;
+    if (results.length > 1e5) {
+      return [];
     }
-    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
-    const username = await this._getUsernameForAuthUrl();
-    return buildAuthorizedRepoUrl({
-      url: finalUrl,
-      username,
-      password: accessToken
-    });
-  }
-  getAccessToken() {
-    return this.accessToken || "";
-  }
-  getUrl() {
-    return this.url;
-  }
-  getName() {
-    if (!this.url) {
-      return "";
+    try {
+      fs2.accessSync(dir, fs2.constants.R_OK);
+    } catch {
+      return [];
     }
-    return this.url.split("/").at(-1) || "";
-  }
-  _validateAccessToken() {
-    if (!this.accessToken) {
-      console.error("no access token");
-      throw new Error("no access token");
+    const items = fs2.readdirSync(dir);
+    for (const item of items) {
+      const fullPath = path.join(dir, item);
+      try {
+        fs2.accessSync(fullPath, fs2.constants.R_OK);
+      } catch {
+        continue;
+      }
+      const stat = fs2.statSync(fullPath);
+      if (stat.isDirectory()) {
+        results.push(...this.getAllFiles(fullPath, root));
+      } else {
+        results.push({
+          name: item,
+          fullPath,
+          relativePath: path.relative(root, fullPath),
+          time: stat.mtime.getTime(),
+          isFile: true
+        });
+      }
     }
+    return results;
   }
-  static async getIsValidBranchName(branchName) {
-    return isValidBranchName(branchName);
-  }
-  _validateAccessTokenAndUrl() {
-    this._validateAccessToken();
-    this._validateUrl();
-  }
-  _validateUrl() {
-    if (!this.url) {
-      console.error("no url");
-      throw new InvalidRepoUrlError("no url");
-    }
+  static getLastChangedFiles(dir, maxFileSize = 1024 * 1024 * 5, count = 10) {
+    if (!fs2.existsSync(dir) || !fs2.lstatSync(dir).isDirectory()) return [];
+    const files = this.getAllFiles(dir);
+    return files.filter((file) => this.shouldPackFile(file.fullPath, maxFileSize)).sort((a, b) => b.time - a.time).slice(0, count).map((file) => file.relativePath);
   }
 };
 
-// src/features/analysis/scm/ado/AdoSCMLib.ts
-async function initAdoSdk(params) {
-  const { url, accessToken, scmOrg } = params;
-  const adoClientParams = await getAdoClientParams({
-    tokenOrg: scmOrg,
-    accessToken,
-    url
-  });
-  return getAdoSdk(adoClientParams);
-}
-var AdoSCMLib = class extends SCMLib {
-  constructor(url, accessToken, scmOrg) {
-    super(url, accessToken, scmOrg);
-    __publicField(this, "_adoSdkPromise");
-    this._adoSdkPromise = initAdoSdk({ accessToken, url, scmOrg });
-  }
-  async getAdoSdk() {
+// src/features/analysis/scm/git/GitService.ts
+var GitService = class {
+  constructor(repositoryPath, log2) {
+    __publicField(this, "git");
+    __publicField(this, "repositoryPath");
+    __publicField(this, "log");
+    const noopLog = (_message, _level, _data) => {
+    };
+    this.log = log2 || noopLog;
+    this.git = simpleGit(repositoryPath, { binary: "git" });
+    this.repositoryPath = repositoryPath;
+    this.log("Git service initialized", "debug", { repositoryPath });
+  }
+  /**
+   * Validates that the path is a valid git repository
+   */
+  async validateRepository() {
+    this.log("Validating git repository", "debug");
+    try {
+      const isRepo = await this.git.checkIsRepo();
+      if (!isRepo) {
+        const error = "Path is not a valid git repository";
+        this.log(error, "error");
+        return { isValid: false, error };
+      }
+      this.log("Git repository validation successful", "debug");
+      return { isValid: true };
+    } catch (error) {
+      const errorMessage = `Failed to verify git repository: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      return { isValid: false, error: errorMessage };
+    }
+  }
+  /**
+   * Gets the current git status and returns changed files
+   */
+  async getChangedFiles() {
+    this.log("Getting git status", "debug");
+    try {
+      const status = await this.git.status();
+      const gitRoot = await this.git.revparse(["--show-toplevel"]);
+      const relativePathFromGitRoot = path2.relative(
+        gitRoot,
+        this.repositoryPath
+      );
+      const files = status.files.map((file) => {
+        const gitRelativePath = file.path;
+        if (relativePathFromGitRoot === "") {
+          return gitRelativePath;
+        }
+        if (gitRelativePath.startsWith(relativePathFromGitRoot + "/")) {
+          return gitRelativePath.substring(relativePathFromGitRoot.length + 1);
+        }
+        return path2.relative(
+          this.repositoryPath,
+          path2.join(gitRoot, gitRelativePath)
+        );
+      });
+      this.log("Git status retrieved", "info", {
+        fileCount: files.length,
+        files: files.slice(0, 10),
+        // Log first 10 files to avoid spam
+        gitRoot,
+        workingDir: this.repositoryPath,
+        relativePathFromGitRoot
+      });
+      return { files, status };
+    } catch (error) {
+      const errorMessage = `Failed to get git status: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      throw new Error(errorMessage);
+    }
+  }
+  /**
+   * Gets git repository information including remote URL, current commit hash, and branch name
+   */
+  async getGitInfo() {
+    this.log("Getting git repository information", "debug");
+    try {
+      const [repoUrl, hash, reference] = await Promise.all([
+        this.git.getConfig("remote.origin.url"),
+        this.git.revparse(["HEAD"]),
+        this.git.revparse(["--abbrev-ref", "HEAD"])
+      ]);
+      let normalizedRepoUrl = repoUrl.value || "";
+      if (normalizedRepoUrl.endsWith(".git")) {
+        normalizedRepoUrl = normalizedRepoUrl.slice(0, -".git".length);
+      }
+      if (normalizedRepoUrl.startsWith("git@github.com:")) {
+        normalizedRepoUrl = normalizedRepoUrl.replace(
+          "git@github.com:",
+          "https://github.com/"
+        );
+      }
+      this.log("Git repository information retrieved", "debug", {
+        repoUrl: normalizedRepoUrl,
+        hash,
+        reference
+      });
+      return {
+        repoUrl: normalizedRepoUrl,
+        hash,
+        reference
+      };
+    } catch (error) {
+      const errorMessage = `Failed to get git repository information: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      throw new Error(errorMessage);
+    }
+  }
+  /**
+   * Validates if a branch name is valid according to git's rules
+   */
+  async isValidBranchName(branchName) {
+    this.log("Validating branch name", "debug", { branchName });
+    try {
+      const result = await this.git.raw([
+        "check-ref-format",
+        "--branch",
+        branchName
+      ]);
+      const isValid = Boolean(result);
+      this.log("Branch name validation result", "debug", {
+        branchName,
+        isValid
+      });
+      return isValid;
+    } catch (error) {
+      this.log("Branch name validation failed", "debug", { branchName, error });
+      return false;
+    }
+  }
+  /**
+   * Gets the current branch name
+   */
+  async getCurrentBranch() {
+    this.log("Getting current branch name", "debug");
+    try {
+      const branch = await this.git.revparse(["--abbrev-ref", "HEAD"]);
+      this.log("Current branch retrieved", "debug", { branch });
+      return branch;
+    } catch (error) {
+      const errorMessage = `Failed to get current branch: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      throw new Error(errorMessage);
+    }
+  }
+  /**
+   * Gets the current commit hash
+   */
+  async getCurrentCommitHash() {
+    this.log("Getting current commit hash", "debug");
+    try {
+      const hash = await this.git.revparse(["HEAD"]);
+      this.log("Current commit hash retrieved", "debug", { hash });
+      return hash;
+    } catch (error) {
+      const errorMessage = `Failed to get current commit hash: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      throw new Error(errorMessage);
+    }
+  }
+  /**
+   * Gets the remote repository URL
+   */
+  async getRemoteUrl() {
+    this.log("Getting remote repository URL", "debug");
+    try {
+      const remoteUrl = await this.git.getConfig("remote.origin.url");
+      const url = remoteUrl.value || "";
+      let normalizedUrl = url;
+      if (normalizedUrl.endsWith(".git")) {
+        normalizedUrl = normalizedUrl.slice(0, -".git".length);
+      }
+      if (normalizedUrl.startsWith("git@github.com:")) {
+        normalizedUrl = normalizedUrl.replace(
+          "git@github.com:",
+          "https://github.com/"
+        );
+      }
+      this.log("Remote repository URL retrieved", "debug", {
+        url: normalizedUrl
+      });
+      return normalizedUrl;
+    } catch (error) {
+      const errorMessage = `Failed to get remote repository URL: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      throw new Error(errorMessage);
+    }
+  }
+  /**
+   * Gets the 10 most recently changed files based on commit history
+   */
+  async getRecentlyChangedFiles() {
+    this.log(
+      "Getting the 10 most recently changed files from commit history",
+      "debug"
+    );
+    try {
+      const gitRoot = await this.git.revparse(["--show-toplevel"]);
+      const relativePathFromGitRoot = path2.relative(
+        gitRoot,
+        this.repositoryPath
+      );
+      const fileSet = /* @__PURE__ */ new Set();
+      const files = [];
+      let commitsProcessed = 0;
+      const logResult = await this.git.log({
+        maxCount: 100,
+        // Get last 100 commits - should be enough to find 10 unique files
+        format: {
+          hash: "%H",
+          date: "%ai",
+          message: "%s",
+          //the field name author_name can't follow the naming convention as we are using the git log command
+          // eslint-disable-next-line @typescript-eslint/naming-convention
+          author_name: "%an"
+        }
+      });
+      for (const commit of logResult.all) {
+        if (files.length >= 10) {
+          break;
+        }
+        commitsProcessed++;
+        try {
+          const filesOutput = await this.git.show([
+            "--name-only",
+            "--pretty=format:",
+            commit.hash
+          ]);
+          const commitFiles = filesOutput.split("\n").filter((file) => file.trim() !== "");
+          for (const file of commitFiles) {
+            if (files.length >= 10) {
+              break;
+            }
+            const gitRelativePath = file.trim();
+            let adjustedPath;
+            if (relativePathFromGitRoot === "") {
+              adjustedPath = gitRelativePath;
+            } else if (gitRelativePath.startsWith(relativePathFromGitRoot + "/")) {
+              adjustedPath = gitRelativePath.substring(
+                relativePathFromGitRoot.length + 1
+              );
+            } else {
+              adjustedPath = path2.relative(
+                this.repositoryPath,
+                path2.join(gitRoot, gitRelativePath)
+              );
+            }
+            this.log(`Considering file: ${adjustedPath}`, "debug");
+            if (!fileSet.has(adjustedPath) && FileUtils.shouldPackFile(path2.join(gitRoot, gitRelativePath))) {
+              fileSet.add(adjustedPath);
+              files.push(adjustedPath);
+            }
+          }
+        } catch (showError) {
+          this.log(`Could not get files for commit ${commit.hash}`, "debug", {
+            error: showError
+          });
+        }
+      }
+      this.log("Recently changed files retrieved", "info", {
+        fileCount: files.length,
+        commitsProcessed,
+        totalCommitsAvailable: logResult.all.length,
+        files: files.slice(0, 10),
+        // Log the files (should be all of them since we limit to 10)
+        gitRoot,
+        workingDir: this.repositoryPath,
+        relativePathFromGitRoot
+      });
+      return {
+        files,
+        commitCount: commitsProcessed
+      };
+    } catch (error) {
+      const errorMessage = `Failed to get recently changed files: ${error.message}`;
+      this.log(errorMessage, "error", { error });
+      throw new Error(errorMessage);
+    }
+  }
+};
+
+// src/features/analysis/scm/scmSubmit/index.ts
+var isValidBranchName = async (branchName) => {
+  const gitService = new GitService(process.cwd());
+  return gitService.isValidBranchName(branchName);
+};
+
+// src/features/analysis/scm/scm.ts
+var SCMLib = class {
+  constructor(url, accessToken, scmOrg) {
+    __publicField(this, "url");
+    __publicField(this, "accessToken");
+    __publicField(this, "scmOrg");
+    this.accessToken = accessToken;
+    this.url = url;
+    this.scmOrg = scmOrg;
+  }
+  async getUrlWithCredentials() {
+    if (!this.url) {
+      console.error("no url for getUrlWithCredentials()");
+      throw new Error("no url");
+    }
+    const trimmedUrl = this.url.trim().replace(/\/$/, "");
+    const accessToken = this.getAccessToken();
+    if (!accessToken) {
+      return trimmedUrl;
+    }
+    if (this.scmLibType === "ADO" /* ADO */) {
+      const { host, protocol, pathname } = new URL(trimmedUrl);
+      return `${protocol}//${accessToken}@${host}${pathname}`;
+    }
+    const finalUrl = this.scmLibType === "GITLAB" /* GITLAB */ ? `${trimmedUrl}.git` : trimmedUrl;
+    const username = await this._getUsernameForAuthUrl();
+    return buildAuthorizedRepoUrl({
+      url: finalUrl,
+      username,
+      password: accessToken
+    });
+  }
+  getAccessToken() {
+    return this.accessToken || "";
+  }
+  getUrl() {
+    return this.url;
+  }
+  getName() {
+    if (!this.url) {
+      return "";
+    }
+    return this.url.split("/").at(-1) || "";
+  }
+  _validateAccessToken() {
+    if (!this.accessToken) {
+      console.error("no access token");
+      throw new Error("no access token");
+    }
+  }
+  static async getIsValidBranchName(branchName) {
+    return isValidBranchName(branchName);
+  }
+  _validateAccessTokenAndUrl() {
+    this._validateAccessToken();
+    this._validateUrl();
+  }
+  _validateUrl() {
+    if (!this.url) {
+      console.error("no url");
+      throw new InvalidRepoUrlError("no url");
+    }
+  }
+};
+
+// src/features/analysis/scm/ado/AdoSCMLib.ts
+async function initAdoSdk(params) {
+  const { url, accessToken, scmOrg } = params;
+  const adoClientParams = await getAdoClientParams({
+    tokenOrg: scmOrg,
+    accessToken,
+    url
+  });
+  return getAdoSdk(adoClientParams);
+}
+var AdoSCMLib = class extends SCMLib {
+  constructor(url, accessToken, scmOrg) {
+    super(url, accessToken, scmOrg);
+    __publicField(this, "_adoSdkPromise");
+    this._adoSdkPromise = initAdoSdk({ accessToken, url, scmOrg });
+  }
+  async getAdoSdk() {
     if (!this._adoSdkPromise) {
       console.error("ado sdk was not initialized");
       throw new InvalidAccessTokenError("ado sdk was not initialized");
@@ -6127,14 +6633,14 @@ function getGithubSdk(params = {}) {
       };
     },
     async getGithubBlameRanges(params2) {
-      const { ref, gitHubUrl, path: path12 } = params2;
+      const { ref, gitHubUrl, path: path13 } = params2;
       const { owner, repo } = parseGithubOwnerAndRepo(gitHubUrl);
       const res = await octokit.graphql(
         GET_BLAME_DOCUMENT,
         {
           owner,
           repo,
-          path: path12,
+          path: path13,
           ref
         }
       );
@@ -6440,11 +6946,11 @@ var GithubSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path12) {
+  async getRepoBlameRanges(ref, path13) {
     this._validateUrl();
     return await this.githubSdk.getGithubBlameRanges({
       ref,
-      path: path12,
+      path: path13,
       gitHubUrl: this.url
     });
   }
@@ -6846,13 +7352,13 @@ function parseGitlabOwnerAndRepo(gitlabUrl) {
   const { organization, repoName, projectPath } = parsingResult;
   return { owner: organization, repo: repoName, projectPath };
 }
-async function getGitlabBlameRanges({ ref, gitlabUrl, path: path12 }, options) {
+async function getGitlabBlameRanges({ ref, gitlabUrl, path: path13 }, options) {
   const { projectPath } = parseGitlabOwnerAndRepo(gitlabUrl);
   const api2 = getGitBeaker({
     url: gitlabUrl,
     gitlabAuthToken: options?.gitlabAuthToken
   });
-  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path12, ref);
+  const resp = await api2.RepositoryFiles.allFileBlames(projectPath, path13, ref);
   let lineNumber = 1;
   return resp.filter((range) => range.lines).map((range) => {
     const oldLineNumber = lineNumber;
@@ -7028,10 +7534,10 @@ var GitlabSCMLib = class extends SCMLib {
       markdownComment: comment
     });
   }
-  async getRepoBlameRanges(ref, path12) {
+  async getRepoBlameRanges(ref, path13) {
     this._validateUrl();
     return await getGitlabBlameRanges(
-      { ref, path: path12, gitlabUrl: this.url },
+      { ref, path: path13, gitlabUrl: this.url },
       {
         url: this.url,
         gitlabAuthToken: this.accessToken
@@ -7234,13 +7740,13 @@ __export(utils_exports, {
 });
 
 // src/utils/dirname.ts
-import path from "path";
+import path3 from "path";
 import { fileURLToPath } from "url";
 function getDirName() {
-  return path.dirname(fileURLToPath(import.meta.url));
+  return path3.dirname(fileURLToPath(import.meta.url));
 }
 function getTopLevelDirName(fullPath) {
-  return path.parse(fullPath).name;
+  return path3.parse(fullPath).name;
 }
 
 // src/utils/keypress.ts
@@ -7303,15 +7809,15 @@ function Spinner({ ci = false } = {}) {
 }
 
 // src/utils/check_node_version.ts
-import fs2 from "fs";
-import path2 from "path";
+import fs3 from "fs";
+import path4 from "path";
 import semver from "semver";
 function getPackageJson() {
-  let manifestPath = path2.join(getDirName(), "../package.json");
-  if (!fs2.existsSync(manifestPath)) {
-    manifestPath = path2.join(getDirName(), "../../package.json");
+  let manifestPath = path4.join(getDirName(), "../package.json");
+  if (!fs3.existsSync(manifestPath)) {
+    manifestPath = path4.join(getDirName(), "../../package.json");
   }
-  return JSON.parse(fs2.readFileSync(manifestPath, "utf8"));
+  return JSON.parse(fs3.readFileSync(manifestPath, "utf8"));
 }
 var packageJson = getPackageJson();
 if (!semver.satisfies(process.version, packageJson.engines.node)) {
@@ -7354,12 +7860,12 @@ async function convertFprToSarif(inputFilePath, outputFilePath, codePathPatterns
     unsafeCleanup: true
   });
   try {
-    const auditFvdlPath = path3.join(tmpObj.name, "audit.fvdl");
+    const auditFvdlPath = path5.join(tmpObj.name, "audit.fvdl");
     await zipIn.extract("audit.fvdl", auditFvdlPath);
     const auditFvdlSaxParser = initSaxParser(auditFvdlPath);
     const vulnerabilityParser = new VulnerabilityParser(
       auditFvdlSaxParser.parser,
-      path3.join(tmpObj.name, "vulns.json")
+      path5.join(tmpObj.name, "vulns.json")
     );
     const unifiedNodePoolParser = new UnifiedNodePoolParser(
       auditFvdlSaxParser.parser
@@ -7370,14 +7876,14 @@ async function convertFprToSarif(inputFilePath, outputFilePath, codePathPatterns
     let auditMetadataParser = null;
     await auditFvdlSaxParser.parse();
     if ("audit.xml" in zipInEntries) {
-      const auditXmlPath = path3.join(tmpObj.name, "audit.xml");
+      const auditXmlPath = path5.join(tmpObj.name, "audit.xml");
       await zipIn.extract("audit.xml", auditXmlPath);
       const auditXmlSaxParser = initSaxParser(auditXmlPath);
       auditMetadataParser = new AuditMetadataParser(auditXmlSaxParser.parser);
       await auditXmlSaxParser.parse();
     }
     await zipIn.close();
-    const writer = fs3.createWriteStream(outputFilePath);
+    const writer = fs4.createWriteStream(outputFilePath);
     writer.write(`{
   "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
   "version": "2.1.0",
@@ -7482,15 +7988,15 @@ function fortifyNodesToSarifLocations(nodes, unifiedNodePoolParser) {
 import chalk2 from "chalk";
 
 // src/constants.ts
-import path4 from "path";
+import path6 from "path";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import chalk from "chalk";
 import Debug4 from "debug";
 import * as dotenv from "dotenv";
 import { z as z24 } from "zod";
 var debug4 = Debug4("mobbdev:constants");
-var __dirname = path4.dirname(fileURLToPath2(import.meta.url));
-dotenv.config({ path: path4.join(__dirname, "../.env") });
+var __dirname = path6.dirname(fileURLToPath2(import.meta.url));
+dotenv.config({ path: path6.join(__dirname, "../.env") });
 var scmFriendlyText = {
   ["Ado" /* Ado */]: "Azure DevOps",
   ["Bitbucket" /* Bitbucket */]: "Bitbucket",
@@ -7711,7 +8217,7 @@ function convertToSarifBuilder(args) {
   ).help().demandOption(["input-file-path", "input-file-format", "output-file-path"]);
 }
 async function validateConvertToSarifOptions(args) {
-  if (!fs4.existsSync(args.inputFilePath)) {
+  if (!fs5.existsSync(args.inputFilePath)) {
     throw new CliError(
       "\nError: --input-file-path flag should point to an existing file"
     );
@@ -7737,16 +8243,16 @@ import chalk10 from "chalk";
 import yargs from "yargs/yargs";
 
 // src/args/commands/analyze.ts
-import fs7 from "fs";
+import fs8 from "fs";
 
 // src/commands/index.ts
 import crypto from "crypto";
 import os from "os";
 
 // src/features/analysis/index.ts
-import fs6 from "fs";
+import fs7 from "fs";
 import fsPromises from "fs/promises";
-import path7 from "path";
+import path9 from "path";
 import { env as env2 } from "process";
 import { pipeline } from "stream/promises";
 import chalk5 from "chalk";
@@ -8030,7 +8536,7 @@ async function postIssueComment(params) {
     fpDescription
   } = params;
   const {
-    path: path12,
+    path: path13,
     startLine,
     vulnerabilityReportIssue: {
       vulnerabilityReportIssueTags,
@@ -8045,7 +8551,7 @@ async function postIssueComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path12,
+    path: path13,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -8079,7 +8585,7 @@ async function postFixComment(params) {
     scanner
   } = params;
   const {
-    path: path12,
+    path: path13,
     startLine,
     vulnerabilityReportIssue: { fixId, vulnerabilityReportIssueTags, category },
     vulnerabilityReportIssueId
@@ -8097,7 +8603,7 @@ async function postFixComment(params) {
 Refresh the page in order to see the changes.`,
     pull_number: pullRequest,
     commit_id: commitSha,
-    path: path12,
+    path: path13,
     line: startLine
   });
   const commentId = commentRes.data.id;
@@ -8376,54 +8882,37 @@ async function handleAutoPr(params) {
 
 // src/features/analysis/git.ts
 import Debug10 from "debug";
-import { simpleGit as simpleGit2 } from "simple-git";
 var debug10 = Debug10("mobbdev:git");
-var GIT_NOT_INITIALIZED_ERROR_MESSAGE = "not a git repository";
 async function getGitInfo(srcDirPath) {
   debug10("getting git info for %s", srcDirPath);
-  const git = simpleGit2({
-    baseDir: srcDirPath,
-    maxConcurrentProcesses: 1,
-    trimmed: true
-  });
-  let repoUrl = "";
-  let hash = "";
-  let reference = "";
+  const gitService = new GitService(srcDirPath);
   try {
-    repoUrl = (await git.getConfig("remote.origin.url")).value || "";
-    hash = await git.revparse(["HEAD"]) || "";
-    reference = await git.revparse(["--abbrev-ref", "HEAD"]) || "";
+    const validationResult = await gitService.validateRepository();
+    if (!validationResult.isValid) {
+      debug10("folder is not a git repo");
+      return {
+        success: false,
+        hash: void 0,
+        reference: void 0,
+        repoUrl: void 0
+      };
+    }
+    const gitInfo = await gitService.getGitInfo();
+    return {
+      success: true,
+      ...gitInfo
+    };
   } catch (e) {
     if (e instanceof Error) {
       debug10("failed to run git %o", e);
       if (e.message.includes(" spawn ")) {
         debug10("git cli not installed");
-      } else if (e.message.includes(GIT_NOT_INITIALIZED_ERROR_MESSAGE)) {
-        debug10("folder is not a git repo");
-        return {
-          success: false,
-          hash: void 0,
-          reference: void 0,
-          repoUrl: void 0
-        };
       } else {
         throw e;
       }
     }
     throw e;
   }
-  if (repoUrl.endsWith(".git")) {
-    repoUrl = repoUrl.slice(0, -".git".length);
-  }
-  if (repoUrl.startsWith("git@github.com:")) {
-    repoUrl = repoUrl.replace("git@github.com:", "https://github.com/");
-  }
-  return {
-    success: true,
-    repoUrl,
-    hash,
-    reference
-  };
 }
 
 // src/features/analysis/graphql/gql.ts
@@ -8439,6 +8928,7 @@ import Debug11 from "debug";
 import { createClient } from "graphql-ws";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import WebSocket from "ws";
+var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
 var debug11 = Debug11("mobbdev:subscribe");
 var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
 function createWSClient(options) {
@@ -8470,10 +8960,11 @@ function subscribe(query, variables, callback, wsClientOptions) {
   return new Promise((resolve, reject) => {
     let timer = null;
     const { timeoutInMs = SUBSCRIPTION_TIMEOUT_MS } = wsClientOptions;
+    const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL;
     const client = createWSClient({
       ...wsClientOptions,
       websocket: WebSocket,
-      url: API_URL.replace("http", "ws")
+      url: API_URL2.replace("http", "ws")
     });
     const unsubscribe = client.subscribe(
       { query, variables },
@@ -8936,13 +9427,13 @@ var GQLClient = class {
 };
 
 // src/features/analysis/pack.ts
-import fs5 from "fs";
-import path5 from "path";
+import fs6 from "fs";
+import path7 from "path";
 import AdmZip from "adm-zip";
 import Debug13 from "debug";
 import { globby } from "globby";
-import { isBinary } from "istextorbinary";
-import { simpleGit as simpleGit3 } from "simple-git";
+import { isBinary as isBinary2 } from "istextorbinary";
+import { simpleGit as simpleGit2 } from "simple-git";
 import { parseStringPromise } from "xml2js";
 import { z as z28 } from "zod";
 var debug13 = Debug13("mobbdev:pack");
@@ -8971,7 +9462,7 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
   debug13("pack folder %s", srcDirPath);
   let git = void 0;
   try {
-    git = simpleGit3({
+    git = simpleGit2({
       baseDir: srcDirPath,
       maxConcurrentProcesses: 1,
       trimmed: true
@@ -9003,23 +9494,23 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
   const zip = new AdmZip();
   debug13("compressing files");
   for (const filepath of filepaths) {
-    const absFilepath = path5.join(srcDirPath, filepath.toString());
+    const absFilepath = path7.join(srcDirPath, filepath.toString());
     if (!isIncludeAllFiles) {
       vulnFiles = vulnFiles.concat(getManifestFilesSuffixes());
       if (!endsWithAny(
-        absFilepath.toString().replaceAll(path5.win32.sep, path5.posix.sep),
+        absFilepath.toString().replaceAll(path7.win32.sep, path7.posix.sep),
         vulnFiles
       )) {
         debug13("ignoring %s because it is not a vulnerability file", filepath);
         continue;
       }
     }
-    if (fs5.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
+    if (fs6.lstatSync(absFilepath).size > MAX_FILE_SIZE) {
       debug13("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
-    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs5.readFileSync(absFilepath);
-    if (isBinary(null, data)) {
+    const data = git ? await git.showBuffer([`HEAD:./${filepath}`]) : fs6.readFileSync(absFilepath);
+    if (isBinary2(null, data)) {
       debug13("ignoring %s because is seems to be a binary file", filepath);
       continue;
     }
@@ -9139,16 +9630,16 @@ function createSpawn({ args, processPath, name, cwd }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug21 = Debug14(`mobbdev:${name}`);
+  const debug20 = Debug14(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
     const onData = (chunk) => {
-      debug21(`chunk received from ${name} std ${chunk}`);
+      debug20(`chunk received from ${name} std ${chunk}`);
       out += chunk;
     };
     if (!childProcess?.stdout || !childProcess?.stderr) {
-      debug21(`unable to fork ${name}`);
+      debug20(`unable to fork ${name}`);
       reject(new Error(`unable to fork ${name}`));
     }
     childProcess.stdout?.on("data", onData);
@@ -9158,11 +9649,11 @@ function createChildProcess({ childProcess, name }, options) {
       childProcess.stderr?.pipe(process2.stderr);
     }
     childProcess.on("exit", (code) => {
-      debug21(`${name} exit code ${code}`);
+      debug20(`${name} exit code ${code}`);
       resolve({ message: out, code });
     });
     childProcess.on("error", (err) => {
-      debug21(`${name} error %o`, err);
+      debug20(`${name} error %o`, err);
       reject(err);
     });
   });
@@ -9174,12 +9665,12 @@ import Debug15 from "debug";
 import { existsSync } from "fs";
 import { createSpinner as createSpinner2 } from "nanospinner";
 import { type } from "os";
-import path6 from "path";
+import path8 from "path";
 var debug14 = Debug15("mobbdev:checkmarx");
 var require2 = createRequire(import.meta.url);
 var getCheckmarxPath = () => {
-  const os2 = type();
-  const cxFileName = os2 === "Windows_NT" ? "cx.exe" : "cx";
+  const os3 = type();
+  const cxFileName = os3 === "Windows_NT" ? "cx.exe" : "cx";
   try {
     return require2.resolve(`.bin/${cxFileName}`);
   } catch (e) {
@@ -9234,9 +9725,9 @@ async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectN
     await startCheckmarxConfigationPrompt();
     await validateCheckamxCredentials();
   }
-  const extension = path6.extname(reportPath);
-  const filePath = path6.dirname(reportPath);
-  const fileName = path6.basename(reportPath, extension);
+  const extension = path8.extname(reportPath);
+  const filePath = path8.dirname(reportPath);
+  const fileName = path8.basename(reportPath, extension);
   const checkmarxCommandArgs = getCheckmarxCommandArgs({
     repoPath: repositoryRoot,
     branch,
@@ -9305,8 +9796,8 @@ async function forkSnyk(args, { display }) {
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
   debug15("get snyk report start %s %s", reportPath, repoRoot);
-  const config4 = await forkSnyk(["config"], { display: false });
-  const { message: configMessage } = config4;
+  const config5 = await forkSnyk(["config"], { display: false });
+  const { message: configMessage } = config5;
   if (!configMessage.includes("api: ")) {
     const snykLoginSpinner = createSpinner3().start();
     if (!skipPrompts) {
@@ -9318,7 +9809,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug15("no token in the config %s", config4);
+    debug15("no token in the config %s", config5);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -9355,8 +9846,14 @@ async function uploadFile({
   file,
   url,
   uploadKey,
-  uploadFields
+  uploadFields,
+  logger: logger2
 }) {
+  const logInfo2 = logger2 || ((_message, _data) => {
+  });
+  logInfo2(`FileUpload: upload file start ${url}`);
+  logInfo2(`FileUpload: upload fields`, uploadFields);
+  logInfo2(`FileUpload: upload key ${uploadKey}`);
   debug16("upload file start %s", url);
   debug16("upload fields %o", uploadFields);
   debug16("upload key %s", uploadKey);
@@ -9369,9 +9866,11 @@ async function uploadFile({
   }
   if (typeof file === "string") {
     debug16("upload file from path %s", file);
+    logInfo2(`FileUpload: upload file from path ${file}`);
     form.append("file", await fileFrom(file));
   } else {
     debug16("upload file from buffer");
+    logInfo2(`FileUpload: upload file from buffer`);
     form.append("file", new File([file], "file"));
   }
   const agent = getProxyAgent(url);
@@ -9382,9 +9881,11 @@ async function uploadFile({
   });
   if (!response.ok) {
     debug16("error from S3 %s %s", response.body, response.status);
+    logInfo2(`FileUpload: error from S3 ${response.body} ${response.status}`);
     throw new Error(`Failed to upload the file: ${response.status}`);
   }
   debug16("upload file done");
+  logInfo2(`FileUpload: upload file done`);
 }
 
 // src/features/analysis/index.ts
@@ -9419,7 +9920,7 @@ async function downloadRepo({
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
   debug17("download repo %s %s %s", repoUrl, dirname);
-  const zipFilePath = path7.join(dirname, "repo.zip");
+  const zipFilePath = path9.join(dirname, "repo.zip");
   debug17("download URL: %s auth headers: %o", downloadUrl, authHeaders);
   const response = await fetch4(downloadUrl, {
     method: "GET",
@@ -9432,19 +9933,19 @@ async function downloadRepo({
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(`Can't access ${chalk5.bold(repoUrl)}`);
   }
-  const fileWriterStream = fs6.createWriteStream(zipFilePath);
+  const fileWriterStream = fs7.createWriteStream(zipFilePath);
   if (!response.body) {
     throw new Error("Response body is empty");
   }
   await pipeline(response.body, fileWriterStream);
   await extract(zipFilePath, { dir: dirname });
-  const repoRoot = fs6.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
+  const repoRoot = fs7.readdirSync(dirname, { withFileTypes: true }).filter((dirent) => dirent.isDirectory()).map((dirent) => dirent.name)[0];
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
   debug17("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
-  return path7.join(dirname, repoRoot);
+  return path9.join(dirname, repoRoot);
 }
 var getReportUrl = ({
   organizationId,
@@ -9554,7 +10055,7 @@ async function getReport(params, { skipPrompts }) {
     authHeaders: scm.getAuthHeaders(),
     downloadUrl
   });
-  const reportPath = path7.join(dirname, REPORT_DEFAULT_FILE_NAME);
+  const reportPath = path9.join(dirname, REPORT_DEFAULT_FILE_NAME);
   switch (scanner) {
     case "snyk":
       await getSnykReport(reportPath, repositoryRoot, { skipPrompts });
@@ -9930,7 +10431,7 @@ async function _zipAndUploadRepo({
   const zippingSpinner = createSpinner4("\u{1F4E6} Zipping repo").start();
   let zipBuffer;
   let gitInfo = { success: false };
-  if (srcFileStatus.isFile() && path7.extname(srcPath).toLowerCase() === ".fpr") {
+  if (srcFileStatus.isFile() && path9.extname(srcPath).toLowerCase() === ".fpr") {
     zipBuffer = await repackFpr(srcPath);
   } else {
     gitInfo = await getGitInfo(srcPath);
@@ -10277,7 +10778,7 @@ import chalk8 from "chalk";
 
 // src/args/validation.ts
 import chalk7 from "chalk";
-import path8 from "path";
+import path10 from "path";
 import { z as z30 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
@@ -10321,7 +10822,7 @@ function validateRepoUrl(args) {
 }
 var supportExtensions = [".json", ".xml", ".fpr", ".sarif"];
 function validateReportFileFormat(reportFile) {
-  if (!supportExtensions.includes(path8.extname(reportFile))) {
+  if (!supportExtensions.includes(path10.extname(reportFile))) {
     throw new CliError(
       `
 ${chalk7.bold(
@@ -10363,7 +10864,7 @@ function analyzeBuilder(yargs2) {
   ).help();
 }
 function validateAnalyzeOptions(argv) {
-  if (argv.f && !fs7.existsSync(argv.f)) {
+  if (argv.f && !fs8.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk8.bold(argv.f)}`);
   }
@@ -10416,6 +10917,7 @@ import {
 
 // src/mcp/Logger.ts
 var logglerUrl = "http://localhost:4444/log";
+var isTestEnvironment = process.env["VITEST"] || process.env["TEST"];
 var Logger = class {
   log(message, level = "info", data) {
     const logMessage = {
@@ -10424,13 +10926,15 @@ var Logger = class {
       message,
       data
     };
-    try {
-      fetch(logglerUrl, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(logMessage)
-      });
-    } catch (error) {
+    if (!isTestEnvironment) {
+      try {
+        fetch(logglerUrl, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify(logMessage)
+        });
+      } catch (error) {
+      }
     }
   }
 };
@@ -10439,775 +10943,150 @@ var logInfo = (message, data) => logger.log(message, "info", data);
 var logError = (message, data) => logger.log(message, "error", data);
 var logWarn = (message, data) => logger.log(message, "warn", data);
 var logDebug = (message, data) => logger.log(message, "debug", data);
-var Logger_default = logger.log;
+var log = logger.log;
 
-// src/mcp/core/ToolRegistry.ts
-var ToolRegistry = class {
-  constructor() {
-    __publicField(this, "tools", /* @__PURE__ */ new Map());
+// src/mcp/services/McpGQLClient.ts
+import crypto2 from "crypto";
+import os2 from "os";
+import Configstore3 from "configstore";
+import { GraphQLClient as GraphQLClient2 } from "graphql-request";
+import open4 from "open";
+import { v4 as uuidv42 } from "uuid";
+
+// src/mcp/constants.ts
+var DEFAULT_API_URL2 = "https://api.mobb.ai/v1/graphql";
+var API_KEY_HEADER_NAME2 = "x-mobb-key";
+
+// src/mcp/tools/fixVulnerabilities/errors/VulnerabilityFixErrors.ts
+var ApiConnectionError = class extends Error {
+  constructor(message = "Failed to connect to the API") {
+    super(message);
+    this.name = "ApiConnectionError";
   }
-  registerTool(tool) {
-    if (this.tools.has(tool.name)) {
-      logWarn(`Tool ${tool.name} is already registered, overwriting`, {
-        toolName: tool.name
-      });
-    }
-    this.tools.set(tool.name, tool);
-    logDebug(`Tool registered: ${tool.name}`, {
-      toolName: tool.name,
-      description: tool.definition.description
-    });
+};
+var CliLoginError = class extends Error {
+  constructor(message = "CLI login failed") {
+    super(message);
+    this.name = "CliLoginError";
   }
-  getTool(name) {
-    return this.tools.get(name);
+};
+var AuthenticationError = class extends Error {
+  constructor(message = "Authentication failed") {
+    super(message);
+    this.name = "AuthenticationError";
   }
-  getAllTools() {
-    return Array.from(this.tools.values()).map((tool) => tool.definition);
+};
+var NoFilesError = class extends Error {
+  constructor(message = "No files to fix") {
+    super(message);
+    this.name = "NoFilesError";
   }
-  getToolNames() {
-    return Array.from(this.tools.keys());
+};
+var GqlClientError = class extends Error {
+  constructor(message = "GraphQL client not initialized") {
+    super(message);
+    this.name = "GqlClientError";
   }
-  hasTool(name) {
-    return this.tools.has(name);
+};
+var FileProcessingError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FileProcessingError";
   }
-  getToolCount() {
-    return this.tools.size;
+};
+var ReportInitializationError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ReportInitializationError";
   }
 };
-
-// src/mcp/core/McpServer.ts
-var McpServer = class {
-  constructor(config4) {
-    __publicField(this, "server");
-    __publicField(this, "toolRegistry");
-    __publicField(this, "isEventHandlersSetup", false);
-    this.server = new Server(
-      {
-        name: config4.name,
-        version: config4.version
-      },
-      {
-        capabilities: {
-          tools: {}
-        }
-      }
-    );
-    this.toolRegistry = new ToolRegistry();
-    this.setupHandlers();
-    this.setupProcessEventHandlers();
-    logInfo("MCP server instance created", config4);
+var FileUploadError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FileUploadError";
   }
-  setupProcessEventHandlers() {
-    if (this.isEventHandlersSetup) {
-      logDebug("Process event handlers already setup, skipping");
-      return;
-    }
-    const signals = {
-      SIGINT: "MCP server interrupted",
-      SIGTERM: "MCP server terminated",
-      exit: "MCP server exiting",
-      uncaughtException: "Uncaught exception in MCP server",
-      unhandledRejection: "Unhandled promise rejection in MCP server",
-      warning: "Warning in MCP server"
-    };
-    Object.entries(signals).forEach(([signal, message]) => {
-      process.on(
-        signal,
-        (error) => {
-          if (error && signal !== "exit") {
-            logError(`${message}`, { error, signal });
-          } else {
-            logInfo(message, { signal });
-          }
-          if (signal === "SIGINT" || signal === "SIGTERM") {
-            process.exit(0);
-          }
-          if (signal === "uncaughtException") {
-            process.exit(1);
-          }
-        }
-      );
-    });
-    this.isEventHandlersSetup = true;
-    logDebug("Process event handlers registered");
+};
+var ScanError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ScanError";
   }
-  createShutdownPromise() {
-    return new Promise((resolve) => {
-      const cleanup = () => {
-        logInfo("Process shutdown initiated");
-        resolve();
-      };
-      process.once("SIGINT", cleanup);
-      process.once("SIGTERM", cleanup);
-    });
+};
+var FailedToGetApiTokenError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FailedToGetApiTokenError";
   }
-  setupHandlers() {
-    this.server.setRequestHandler(
-      ListToolsRequestSchema,
-      async (request) => {
-        logInfo("Received list_tools request", { params: request.params });
-        const tools = this.toolRegistry.getAllTools();
-        const response = { tools };
-        logInfo("Returning list_tools response", {
-          toolCount: tools.length,
-          toolNames: tools.map((t) => t.name),
-          response
-        });
-        return response;
-      }
-    );
-    this.server.setRequestHandler(
-      CallToolRequestSchema,
-      async (request) => {
-        const { name, arguments: args } = request.params;
-        logInfo(`Received call tool request for ${name}`, { name, args });
-        try {
-          const tool = this.toolRegistry.getTool(name);
-          if (!tool) {
-            const errorMsg = `Unknown tool: ${name}`;
-            logWarn(errorMsg, {
-              name,
-              availableTools: this.toolRegistry.getToolNames()
-            });
-            throw new Error(errorMsg);
+};
+
+// src/mcp/services/McpGQLClient.ts
+var LOGIN_MAX_WAIT2 = 10 * 1e3;
+var LOGIN_CHECK_DELAY2 = 1 * 1e3;
+var config4 = new Configstore3(packageJson.name, { apiToken: "" });
+var BROWSER_COOLDOWN_MS = 5e3;
+var lastBrowserOpenTime = 0;
+var McpGQLClient = class {
+  constructor(args) {
+    __publicField(this, "client");
+    __publicField(this, "clientSdk");
+    __publicField(this, "_auth");
+    this._auth = args;
+    const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL2;
+    this.client = new GraphQLClient2(API_URL2, {
+      headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME2]: args.apiKey || "" } : {
+        Authorization: `Bearer ${args.token}`
+      },
+      requestMiddleware: (request) => {
+        const requestId = uuidv42();
+        return {
+          ...request,
+          headers: {
+            ...request.headers,
+            "x-hasura-request-id": requestId
           }
-          logDebug(`Executing tool: ${name}`, { args });
-          const response = await tool.execute(args);
-          const serializedResponse = JSON.parse(JSON.stringify(response));
-          logInfo(`Tool ${name} executed successfully`, {
-            responseType: typeof response,
-            hasContent: !!serializedResponse.content
-          });
-          return serializedResponse;
-        } catch (error) {
-          const errorMessage = error instanceof Error ? error.message : String(error);
-          logError(`Error executing tool ${name}: ${errorMessage}`, {
-            error,
-            toolName: name,
-            args
-          });
-          throw error;
-        }
+        };
       }
-    );
-    logDebug("MCP server handlers registered");
-  }
-  registerTool(tool) {
-    this.toolRegistry.registerTool({
-      name: tool.name,
-      definition: tool.definition,
-      execute: tool.execute
     });
-    logDebug(`Tool registered: ${tool.name}`);
-  }
-  async start() {
-    try {
-      logDebug("Starting MCP server");
-      const transport = new StdioServerTransport();
-      await this.server.connect(transport);
-      logInfo("MCP server is running on stdin/stdout");
-      process.stdin.resume();
-      await this.createShutdownPromise();
-      await this.stop();
-    } catch (error) {
-      logError("Failed to start MCP server", { error });
-      throw error;
-    }
-  }
-  async stop() {
-    logInfo("MCP server shutting down");
+    this.clientSdk = getSdk(this.client);
   }
-};
-
-// src/mcp/services/GitService.ts
-import * as path9 from "path";
-import { simpleGit as simpleGit4 } from "simple-git";
-var GitService = class {
-  constructor(repositoryPath) {
-    __publicField(this, "git");
-    __publicField(this, "repositoryPath");
-    this.git = simpleGit4(repositoryPath, { binary: "git" });
-    this.repositoryPath = repositoryPath;
-    logDebug("Git service initialized", { repositoryPath });
+  getErrorContext() {
+    return {
+      endpoint: process.env["API_URL"] || DEFAULT_API_URL2,
+      apiKey: this._auth.type === "apiKey" ? this._auth.apiKey : "",
+      headers: {
+        [API_KEY_HEADER_NAME2]: this._auth.type === "apiKey" ? "[REDACTED]" : "undefined",
+        "x-hasura-request-id": "[DYNAMIC]"
+      }
+    };
   }
-  /**
-   * Validates that the path is a valid git repository
-   */
-  async validateRepository() {
-    logDebug("Validating git repository");
+  async verifyConnection() {
     try {
-      const isRepo = await this.git.checkIsRepo();
-      if (!isRepo) {
-        const error = "Path is not a valid git repository";
-        logError(error);
-        return { isValid: false, error };
+      logDebug("GraphQL: Calling Me query for connection verification");
+      const result = await this.clientSdk.Me();
+      logInfo("GraphQL: Me query successful", { result });
+      return true;
+    } catch (e) {
+      if (e?.toString().includes("FetchError")) {
+        logError("verify connection failed %o", e);
+        return false;
       }
-      logDebug("Git repository validation successful");
-      return { isValid: true };
-    } catch (error) {
-      const errorMessage = `Failed to verify git repository: ${error.message}`;
-      logError(errorMessage, { error });
-      return { isValid: false, error: errorMessage };
     }
+    return true;
   }
-  /**
-   * Gets the current git status and returns changed files
-   */
-  async getChangedFiles() {
-    logDebug("Getting git status");
+  async uploadS3BucketInfo() {
     try {
-      const status = await this.git.status();
-      const gitRoot = await this.git.revparse(["--show-toplevel"]);
-      const relativePathFromGitRoot = path9.relative(
-        gitRoot,
-        this.repositoryPath
-      );
-      const files = status.files.map((file) => {
-        const gitRelativePath = file.path;
-        if (relativePathFromGitRoot === "") {
-          return gitRelativePath;
-        }
-        if (gitRelativePath.startsWith(relativePathFromGitRoot + "/")) {
-          return gitRelativePath.substring(relativePathFromGitRoot.length + 1);
-        }
-        return path9.relative(
-          this.repositoryPath,
-          path9.join(gitRoot, gitRelativePath)
-        );
+      logDebug("GraphQL: Calling uploadS3BucketInfo mutation");
+      const result = await this.clientSdk.uploadS3BucketInfo({
+        fileName: "report.json"
       });
-      logInfo("Git status retrieved", {
-        fileCount: files.length,
-        files: files.slice(0, 10),
-        // Log first 10 files to avoid spam
-        gitRoot,
-        workingDir: this.repositoryPath,
-        relativePathFromGitRoot
+      logInfo("GraphQL: uploadS3BucketInfo successful", { result });
+      return result;
+    } catch (e) {
+      logError("GraphQL: uploadS3BucketInfo failed", {
+        error: e,
+        ...this.getErrorContext()
       });
-      return { files, status };
-    } catch (error) {
-      const errorMessage = `Failed to get git status: ${error.message}`;
-      logError(errorMessage, { error });
-      throw new Error(errorMessage);
-    }
-  }
-};
-
-// src/mcp/services/PathValidation.ts
-import fs8 from "fs";
-import path10 from "path";
-var PathValidation = class {
-  /**
-   * Validates a path for MCP usage - combines security and existence checks
-   */
-  async validatePath(inputPath) {
-    logDebug("Validating MCP path", { inputPath });
-    if (inputPath.includes("..")) {
-      const error = `Path contains path traversal patterns: ${inputPath}`;
-      logError(error);
-      return { isValid: false, error };
-    }
-    const normalizedPath = path10.normalize(inputPath);
-    if (normalizedPath.includes("..")) {
-      const error = `Normalized path contains path traversal patterns: ${inputPath}`;
-      logError(error);
-      return { isValid: false, error };
-    }
-    const decodedPath = decodeURIComponent(inputPath);
-    if (decodedPath.includes("..") || decodedPath !== inputPath) {
-      const error = `Path contains encoded traversal attempts: ${inputPath}`;
-      logError(error);
-      return { isValid: false, error };
-    }
-    if (inputPath.includes("\0") || inputPath.includes("\0")) {
-      const error = `Path contains dangerous characters: ${inputPath}`;
-      logError(error);
-      return { isValid: false, error };
-    }
-    logDebug("Path validation successful", { inputPath });
-    logDebug("Checking path existence", { inputPath });
-    try {
-      await fs8.promises.access(inputPath);
-      logDebug("Path exists and is accessible", { inputPath });
-      return { isValid: true };
-    } catch (error) {
-      const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
-      logError(errorMessage, { error });
-      return { isValid: false, error: errorMessage };
-    }
-  }
-};
-
-// src/mcp/services/FilePacking.ts
-import fs9 from "fs";
-import path11 from "path";
-import AdmZip2 from "adm-zip";
-import { isBinary as isBinary2 } from "istextorbinary";
-var MAX_FILE_SIZE2 = 1024 * 1024 * 5;
-var EXCLUDED_FILE_PATTERNS = [
-  // Configuration files
-  ".json",
-  ".yaml",
-  ".yml",
-  ".toml",
-  ".ini",
-  ".conf",
-  ".config",
-  ".xml",
-  ".env",
-  // Documentation
-  ".md",
-  ".txt",
-  ".rst",
-  ".adoc",
-  // Lock/dependency files
-  ".lock",
-  // Images and media
-  ".png",
-  ".jpg",
-  ".jpeg",
-  ".gif",
-  ".svg",
-  ".ico",
-  ".webp",
-  ".bmp",
-  ".tiff",
-  // Fonts
-  ".ttf",
-  ".otf",
-  ".woff",
-  ".woff2",
-  ".eot",
-  // Archives
-  ".zip",
-  ".tar",
-  ".gz",
-  ".rar",
-  ".7z",
-  // Logs and databases
-  ".log",
-  ".db",
-  ".sqlite",
-  ".sql",
-  // Certificates and keys
-  ".pem",
-  ".crt",
-  ".key",
-  ".p12",
-  ".pfx",
-  // IDE/Editor files
-  ".editorconfig",
-  ".sublime-project",
-  ".sublime-workspace",
-  // System files
-  ".DS_Store",
-  "Thumbs.db",
-  // Coverage reports
-  ".lcov",
-  // Compiled/binary files
-  ".exe",
-  ".dll",
-  ".so",
-  ".dylib",
-  ".class",
-  ".pyc",
-  ".pyo",
-  ".o",
-  ".obj",
-  // Minified files
-  ".min.js",
-  ".min.css",
-  ".min.html",
-  // Test files
-  ".test.js",
-  ".test.ts",
-  ".test.jsx",
-  ".test.tsx",
-  ".spec.js",
-  ".spec.ts",
-  ".spec.jsx",
-  ".spec.tsx",
-  // TypeScript declaration files
-  ".d.ts",
-  // Build/generated files
-  ".bundle.js",
-  ".chunk.js",
-  // Build/CI files (exact filenames)
-  "dockerfile",
-  "jenkinsfile",
-  // Lock files (ones without standard extensions)
-  "go.sum",
-  // Version control
-  ".gitignore",
-  ".gitattributes",
-  ".gitmodules",
-  ".gitkeep",
-  ".keep",
-  ".hgignore",
-  // Node.js specific
-  ".nvmrc",
-  ".node-version",
-  ".npmrc",
-  ".yarnrc",
-  ".pnpmfile.cjs",
-  // Language version files
-  ".ruby-version",
-  ".python-version",
-  ".rvmrc",
-  ".rbenv-version",
-  ".gvmrc",
-  // Build tools and task runners
-  "makefile",
-  "rakefile",
-  "gulpfile.js",
-  "gruntfile.js",
-  "webpack.config.js",
-  "webpack.config.ts",
-  "rollup.config.js",
-  "vite.config.js",
-  "vite.config.ts",
-  "next.config.js",
-  "nuxt.config.js",
-  "tailwind.config.js",
-  "postcss.config.js",
-  // JavaScript/TypeScript config
-  ".babelrc",
-  ".babelrc.js",
-  ".swcrc",
-  ".browserslistrc",
-  // Testing frameworks
-  "jest.config.js",
-  "jest.config.ts",
-  "vitest.config.js",
-  "karma.conf.js",
-  "protractor.conf.js",
-  "cypress.config.js",
-  "playwright.config.js",
-  ".nycrc",
-  ".c8rc",
-  // Linting/formatting configs
-  ".eslintrc",
-  ".eslintrc.js",
-  ".prettierrc",
-  ".prettierrc.js",
-  ".stylelintrc",
-  ".stylelintrc.js",
-  // Package manager configs (ones without standard extensions)
-  "pipfile",
-  "gemfile",
-  "go.mod",
-  "project.clj",
-  // Python specific
-  "setup.py",
-  "setup.cfg",
-  "manifest.in",
-  ".pythonrc",
-  // Documentation files (ones without standard extensions)
-  "readme",
-  "changelog",
-  "authors",
-  "contributors",
-  // License and legal (ones without standard extensions)
-  "license",
-  "notice",
-  "copyright",
-  // Web specific
-  ".htaccess"
-];
-var FilePacking = class {
-  isExcludedFileType(filepath) {
-    const basename = path11.basename(filepath).toLowerCase();
-    if (basename === ".env" || basename.startsWith(".env.")) {
-      return true;
-    }
-    if (EXCLUDED_FILE_PATTERNS.some((pattern) => basename.endsWith(pattern))) {
-      return true;
-    }
-    return false;
-  }
-  async packFiles(sourceDirectoryPath, filesToPack) {
-    logInfo(`FilePacking: packing files from ${sourceDirectoryPath}`);
-    const zip = new AdmZip2();
-    let packedFilesCount = 0;
-    logInfo("FilePacking: compressing files");
-    for (const filepath of filesToPack) {
-      const absoluteFilepath = path11.join(sourceDirectoryPath, filepath);
-      if (this.isExcludedFileType(filepath)) {
-        logInfo(
-          `FilePacking: ignoring ${filepath} because it is an excluded file type`
-        );
-        continue;
-      }
-      if (!fs9.existsSync(absoluteFilepath)) {
-        logInfo(`FilePacking: ignoring ${filepath} because it does not exist`);
-        continue;
-      }
-      if (fs9.lstatSync(absoluteFilepath).size > MAX_FILE_SIZE2) {
-        logInfo(
-          `FilePacking: ignoring ${filepath} because the size is > ${MAX_FILE_SIZE2 / (1024 * 1024)}MB`
-        );
-        continue;
-      }
-      let data;
-      try {
-        data = fs9.readFileSync(absoluteFilepath);
-      } catch (fsError) {
-        logInfo(
-          `FilePacking: failed to read ${filepath} from filesystem: ${fsError}`
-        );
-        continue;
-      }
-      if (isBinary2(null, data)) {
-        logInfo(
-          `FilePacking: ignoring ${filepath} because it seems to be a binary file`
-        );
-        continue;
-      }
-      zip.addFile(filepath, data);
-      packedFilesCount++;
-    }
-    const zipBuffer = zip.toBuffer();
-    logInfo(
-      `FilePacking: read ${packedFilesCount} source files. total size: ${zipBuffer.length} bytes`
-    );
-    logInfo("FilePacking: Files packed successfully");
-    return zipBuffer;
-  }
-};
-
-// src/mcp/services/FileUpload.ts
-import { HttpProxyAgent as HttpProxyAgent2 } from "http-proxy-agent";
-import { HttpsProxyAgent as HttpsProxyAgent3 } from "https-proxy-agent";
-var FileUpload = class {
-  getProxyAgent(url) {
-    const HTTPS_PROXY2 = process.env["HTTPS_PROXY"];
-    const HTTP_PROXY2 = process.env["HTTP_PROXY"];
-    try {
-      const parsedUrl = new URL(url);
-      const isHttp = parsedUrl.protocol === "http:";
-      const isHttps = parsedUrl.protocol === "https:";
-      const proxy = isHttps ? HTTPS_PROXY2 : isHttp ? HTTP_PROXY2 : null;
-      if (proxy) {
-        logInfo(`FileUpload: Using proxy ${proxy}`);
-        return isHttps ? new HttpsProxyAgent3(proxy) : new HttpProxyAgent2(proxy);
-      }
-    } catch (err) {
-      logInfo(
-        `FileUpload: Skipping proxy for ${url}. Reason: ${err.message}`
-      );
-    }
-    return void 0;
-  }
-  async uploadFile(options) {
-    const { file, url, uploadKey, uploadFields } = options;
-    logInfo(`FileUpload: upload file start ${url}`);
-    logInfo(`FileUpload: upload fields`, uploadFields);
-    logInfo(`FileUpload: upload key ${uploadKey}`);
-    const {
-      default: fetch5,
-      File: File2,
-      fileFrom: fileFrom2,
-      FormData: FormData2
-    } = await import("node-fetch");
-    const form = new FormData2();
-    Object.entries(uploadFields).forEach(([key, value]) => {
-      form.append(key, value);
-    });
-    if (!form.has("key")) {
-      form.append("key", uploadKey);
-    }
-    if (typeof file === "string") {
-      logInfo(`FileUpload: upload file from path ${file}`);
-      form.append("file", await fileFrom2(file));
-    } else {
-      logInfo(`FileUpload: upload file from buffer`);
-      form.append("file", new File2([file], "file"));
-    }
-    const agent = this.getProxyAgent(url);
-    const response = await fetch5(url, {
-      method: "POST",
-      body: form,
-      agent
-    });
-    if (!response.ok) {
-      logInfo(`FileUpload: error from S3 ${response.body} ${response.status}`);
-      throw new Error(`Failed to upload the file: ${response.status}`);
-    }
-    logInfo(`FileUpload: upload file done`);
-  }
-};
-
-// src/mcp/services/McpGQLClient.ts
-import { GraphQLClient as GraphQLClient2 } from "graphql-request";
-import { v4 as uuidv42 } from "uuid";
-
-// src/mcp/constants.ts
-var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
-var API_KEY_HEADER_NAME2 = "x-mobb-key";
-
-// src/mcp/services/Subscribe.ts
-import Debug20 from "debug";
-import { createClient as createClient2 } from "graphql-ws";
-import { HttpsProxyAgent as HttpsProxyAgent4 } from "https-proxy-agent";
-import WebSocket2 from "ws";
-var debug19 = Debug20("mobbdev:subscribe");
-var SUBSCRIPTION_TIMEOUT_MS2 = 30 * 60 * 1e3;
-function createWSClient2(options) {
-  const proxy = options.url.startsWith("wss://") && process.env["HTTPS_PROXY"] ? new HttpsProxyAgent4(process.env["HTTPS_PROXY"]) : options.url.startsWith("ws://") && process.env["HTTP_PROXY"] ? new HttpsProxyAgent4(process.env["HTTP_PROXY"]) : null;
-  debug19(
-    `Using proxy: ${proxy ? "yes" : "no"} with url: ${options.url} and with proxy: ${process.env["HTTP_PROXY"]} for the websocket connection`
-  );
-  const CustomWebSocket = class extends WebSocket2 {
-    constructor(address, protocols) {
-      super(address, protocols, proxy ? { agent: proxy } : void 0);
-    }
-  };
-  return createClient2({
-    //this is needed to prevent AWS from killing the connection
-    //currently our load balancer has a 29s idle timeout
-    keepAlive: 1e4,
-    url: options.url,
-    webSocketImpl: proxy ? CustomWebSocket : options.websocket || WebSocket2,
-    connectionParams: () => {
-      return {
-        headers: options.type === "apiKey" ? {
-          [API_KEY_HEADER_NAME2]: options.apiKey
-        } : { authorization: `Bearer ${options.token}` }
-      };
-    }
-  });
-}
-var Subscribe = class {
-  static subscribe(query, variables, callback, wsClientOptions) {
-    return new Promise((resolve, reject) => {
-      let timer = null;
-      const { timeoutInMs = SUBSCRIPTION_TIMEOUT_MS2 } = wsClientOptions;
-      const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL;
-      const client = createWSClient2({
-        ...wsClientOptions,
-        websocket: WebSocket2,
-        url: API_URL2.replace("http", "ws")
-      });
-      const unsubscribe = client.subscribe(
-        { query, variables },
-        {
-          next: (data) => {
-            function callbackResolve(data2) {
-              unsubscribe();
-              if (timer) {
-                clearTimeout(timer);
-              }
-              resolve(data2);
-            }
-            function callbackReject(data2) {
-              unsubscribe();
-              if (timer) {
-                clearTimeout(timer);
-              }
-              reject(data2);
-            }
-            if (!data.data) {
-              reject(
-                new Error(
-                  `Broken data object from graphQL subscribe: ${JSON.stringify(
-                    data
-                  )} for query: ${query}`
-                )
-              );
-            } else {
-              callback(callbackResolve, callbackReject, data.data);
-            }
-          },
-          error: (error) => {
-            if (timer) {
-              clearTimeout(timer);
-            }
-            reject(error);
-          },
-          complete: () => {
-            return;
-          }
-        }
-      );
-      if (typeof timeoutInMs === "number") {
-        timer = setTimeout(() => {
-          unsubscribe();
-          reject(
-            new Error(
-              `Timeout expired for graphQL subscribe query: ${query} with timeout: ${timeoutInMs}`
-            )
-          );
-        }, timeoutInMs);
-      }
-    });
-  }
-};
-var subscribe2 = Subscribe.subscribe;
-
-// src/mcp/services/McpGQLClient.ts
-var McpGQLClient = class {
-  constructor(args) {
-    __publicField(this, "client");
-    __publicField(this, "clientSdk");
-    __publicField(this, "apiKey");
-    __publicField(this, "apiUrl");
-    const API_URL2 = process.env["API_URL"] || DEFAULT_API_URL;
-    this.apiKey = args.apiKey;
-    this.apiUrl = API_URL2;
-    this.client = new GraphQLClient2(API_URL2, {
-      headers: { [API_KEY_HEADER_NAME2]: args.apiKey || "" },
-      requestMiddleware: (request) => {
-        const requestId = uuidv42();
-        return {
-          ...request,
-          headers: {
-            ...request.headers,
-            "x-hasura-request-id": requestId
-          }
-        };
-      }
-    });
-    this.clientSdk = getSdk(this.client);
-  }
-  getErrorContext() {
-    return {
-      endpoint: this.apiUrl,
-      headers: {
-        [API_KEY_HEADER_NAME2]: this.apiKey ? "[REDACTED]" : "undefined",
-        "x-hasura-request-id": "[DYNAMIC]"
-      }
-    };
-  }
-  async verifyConnection() {
-    try {
-      logDebug("GraphQL: Calling Me query for connection verification");
-      const result = await this.clientSdk.Me();
-      logInfo("GraphQL: Me query successful", { result });
-      return true;
-    } catch (e) {
-      logError("GraphQL: Me query failed", {
-        error: e,
-        ...this.getErrorContext()
-      });
-      if (e?.toString().startsWith("FetchError")) {
-        console.error("Connection verification failed:", e);
-      }
-      return false;
-    }
-  }
-  async uploadS3BucketInfo() {
-    try {
-      logDebug("GraphQL: Calling uploadS3BucketInfo mutation");
-      const result = await this.clientSdk.uploadS3BucketInfo({
-        fileName: "report.json"
-      });
-      logInfo("GraphQL: uploadS3BucketInfo successful", { result });
-      return result;
-    } catch (e) {
-      logError("GraphQL: uploadS3BucketInfo failed", {
-        error: e,
-        ...this.getErrorContext()
-      });
-      throw e;
+      throw e;
     }
   }
   async getAnalysis(analysisId) {
@@ -11253,7 +11132,7 @@ var McpGQLClient = class {
         params: params.subscribeToAnalysisParams
       });
       const { callbackStates } = params;
-      const result = await subscribe2(
+      const result = await subscribe(
         GetAnalysisSubscriptionDocument,
         params.subscribeToAnalysisParams,
         async (resolve, reject, data) => {
@@ -11267,92 +11146,489 @@ var McpGQLClient = class {
             reject(new Error(`Analysis failed with id: ${data.analysis?.id}`));
             return;
           }
-          if (callbackStates.includes(data.analysis?.state)) {
-            logInfo("GraphQL: Analysis state matches callback states", {
-              analysisId: data.analysis.id,
-              state: data.analysis.state,
-              callbackStates
-            });
-            await params.callback(data.analysis.id);
-            resolve(data);
+          if (callbackStates.includes(data.analysis?.state)) {
+            logInfo("GraphQL: Analysis state matches callback states", {
+              analysisId: data.analysis.id,
+              state: data.analysis.state,
+              callbackStates
+            });
+            await params.callback(data.analysis.id);
+            resolve(data);
+          }
+        },
+        this._auth.type === "apiKey" ? {
+          apiKey: this._auth.apiKey,
+          type: "apiKey",
+          timeoutInMs: params.timeoutInMs
+        } : {
+          token: this._auth.token,
+          type: "token",
+          timeoutInMs: params.timeoutInMs
+        }
+      );
+      logInfo("GraphQL: GetAnalysis subscription completed", { result });
+      return result;
+    } catch (e) {
+      logError("GraphQL: GetAnalysis subscription failed", {
+        error: e,
+        params: params.subscribeToAnalysisParams,
+        ...this.getErrorContext()
+      });
+      throw e;
+    }
+  }
+  async getProjectId() {
+    try {
+      const projectName = "MCP Scans";
+      logDebug("GraphQL: Calling getOrgAndProjectId query", { projectName });
+      const getOrgAndProjectIdResult = await this.clientSdk.getOrgAndProjectId({
+        filters: {},
+        limit: 1
+      });
+      logInfo("GraphQL: getOrgAndProjectId successful", {
+        result: getOrgAndProjectIdResult
+      });
+      const [organizationToOrganizationRole] = getOrgAndProjectIdResult.organization_to_organization_role;
+      if (!organizationToOrganizationRole) {
+        throw new Error("Organization not found");
+      }
+      const { organization: org } = organizationToOrganizationRole;
+      const project = projectName ? org?.projects.find((project2) => project2.name === projectName) ?? null : org?.projects[0];
+      if (project?.id) {
+        logInfo("GraphQL: Found existing project", {
+          projectId: project.id,
+          projectName
+        });
+        return project.id;
+      }
+      logDebug("GraphQL: Project not found, creating new project", {
+        organizationId: org.id,
+        projectName
+      });
+      const createdProject = await this.clientSdk.CreateProject({
+        organizationId: org.id,
+        projectName
+      });
+      logInfo("GraphQL: CreateProject successful", { result: createdProject });
+      return createdProject.createProject.projectId;
+    } catch (e) {
+      logError("GraphQL: getProjectId failed", {
+        error: e,
+        ...this.getErrorContext()
+      });
+      throw e;
+    }
+  }
+  async getReportFixes(fixReportId) {
+    try {
+      logDebug("GraphQL: Calling GetMCPFixes query", { fixReportId });
+      const res = await this.clientSdk.GetMCPFixes({ fixReportId });
+      logInfo("GraphQL: GetMCPFixes successful", {
+        result: res,
+        fixCount: res.fix?.length || 0
+      });
+      return res.fix;
+    } catch (e) {
+      logError("GraphQL: GetMCPFixes failed", {
+        error: e,
+        fixReportId,
+        ...this.getErrorContext()
+      });
+      throw e;
+    }
+  }
+  async getUserInfo() {
+    const { me } = await this.clientSdk.Me();
+    return me;
+  }
+  async verifyToken() {
+    logDebug("verifying token");
+    try {
+      await this.clientSdk.CreateCommunityUser();
+      const info = await this.getUserInfo();
+      logDebug("token verified");
+      return info?.email || true;
+    } catch (e) {
+      logError("verify token failed");
+      return false;
+    }
+  }
+  async createCliLogin(variables) {
+    try {
+      const res = await this.clientSdk.CreateCliLogin(variables, {
+        // We may have outdated API key in the config storage. Avoid using it for the login request.
+        [API_KEY_HEADER_NAME2]: ""
+      });
+      const loginId = res.insert_cli_login_one?.id || "";
+      if (!loginId) {
+        logError("create cli login failed - no login ID returned");
+        return "";
+      }
+      return loginId;
+    } catch (e) {
+      logError("create cli login failed", { error: e });
+      return "";
+    }
+  }
+  async getEncryptedApiToken(variables) {
+    try {
+      const res = await this.clientSdk.GetEncryptedApiToken(variables, {
+        // We may have outdated API key in the config storage. Avoid using it for the login request.
+        [API_KEY_HEADER_NAME2]: ""
+      });
+      return res?.cli_login_by_pk?.encryptedApiToken || null;
+    } catch (e) {
+      logError("get encrypted api token failed", { error: e });
+      return null;
+    }
+  }
+};
+async function openBrowser(url) {
+  const now = Date.now();
+  if (!process.env["TEST"] && now - lastBrowserOpenTime < BROWSER_COOLDOWN_MS) {
+    logDebug(`browser cooldown active, skipping open for ${url}`);
+    return;
+  }
+  logDebug(`opening browser url ${url}`);
+  await open4(url);
+  lastBrowserOpenTime = now;
+}
+async function getMcpGQLClient() {
+  logDebug("getting config", { apiToken: config4.get("apiToken") });
+  const inGqlClient = new McpGQLClient({
+    apiKey: config4.get("apiToken") || process.env["API_KEY"] || "",
+    type: "apiKey"
+  });
+  const isConnected = await inGqlClient.verifyConnection();
+  if (!isConnected) {
+    throw new ApiConnectionError("Error: failed to connect to the API");
+  }
+  const userVerify = await inGqlClient.verifyToken();
+  if (userVerify) {
+    return inGqlClient;
+  }
+  const { publicKey, privateKey } = crypto2.generateKeyPairSync("rsa", {
+    modulusLength: 2048
+  });
+  logDebug("creating cli login");
+  const loginId = await inGqlClient.createCliLogin({
+    publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
+  });
+  if (!loginId) {
+    throw new CliLoginError("Error: createCliLogin failed");
+  }
+  logDebug(`cli login created ${loginId}`);
+  const webLoginUrl2 = `${WEB_APP_URL}/cli-login`;
+  const browserUrl = `${webLoginUrl2}/${loginId}?hostname=${os2.hostname()}`;
+  logDebug(`opening browser url ${browserUrl}`);
+  await openBrowser(browserUrl);
+  logDebug(`waiting for login to complete`);
+  let newApiToken = null;
+  for (let i = 0; i < LOGIN_MAX_WAIT2 / LOGIN_CHECK_DELAY2; i++) {
+    const encryptedApiToken = await inGqlClient.getEncryptedApiToken({
+      loginId
+    });
+    if (encryptedApiToken) {
+      logDebug("encrypted API token received");
+      newApiToken = crypto2.privateDecrypt(privateKey, Buffer.from(encryptedApiToken, "base64")).toString("utf-8");
+      logDebug("API token decrypted");
+      break;
+    }
+    await sleep(LOGIN_CHECK_DELAY2);
+  }
+  if (!newApiToken) {
+    throw new FailedToGetApiTokenError(
+      "Error: failed to get encrypted api token"
+    );
+  }
+  const newGqlClient = new McpGQLClient({ apiKey: newApiToken, type: "apiKey" });
+  const loginSuccess = await newGqlClient.verifyToken();
+  if (loginSuccess) {
+    logDebug("set api token %s", newApiToken);
+    config4.set("apiToken", newApiToken);
+  } else {
+    throw new AuthenticationError("Something went wrong, API token is invalid.");
+  }
+  return newGqlClient;
+}
+
+// src/mcp/core/ToolRegistry.ts
+var ToolRegistry = class {
+  constructor() {
+    __publicField(this, "tools", /* @__PURE__ */ new Map());
+  }
+  registerTool(tool) {
+    if (this.tools.has(tool.name)) {
+      logWarn(`Tool ${tool.name} is already registered, overwriting`, {
+        toolName: tool.name
+      });
+    }
+    this.tools.set(tool.name, tool);
+    logDebug(`Tool registered: ${tool.name}`, {
+      toolName: tool.name,
+      description: tool.definition.description
+    });
+  }
+  getTool(name) {
+    return this.tools.get(name);
+  }
+  getAllTools() {
+    return Array.from(this.tools.values()).map((tool) => tool.definition);
+  }
+  getToolNames() {
+    return Array.from(this.tools.keys());
+  }
+  hasTool(name) {
+    return this.tools.has(name);
+  }
+  getToolCount() {
+    return this.tools.size;
+  }
+};
+
+// src/mcp/core/McpServer.ts
+var McpServer = class {
+  constructor(config5) {
+    __publicField(this, "server");
+    __publicField(this, "toolRegistry");
+    __publicField(this, "isEventHandlersSetup", false);
+    this.server = new Server(
+      {
+        name: config5.name,
+        version: config5.version
+      },
+      {
+        capabilities: {
+          tools: {}
+        }
+      }
+    );
+    this.toolRegistry = new ToolRegistry();
+    this.setupHandlers();
+    this.setupProcessEventHandlers();
+    logInfo("MCP server instance created", config5);
+  }
+  setupProcessEventHandlers() {
+    if (this.isEventHandlersSetup) {
+      logDebug("Process event handlers already setup, skipping");
+      return;
+    }
+    const signals = {
+      SIGINT: "MCP server interrupted",
+      SIGTERM: "MCP server terminated",
+      exit: "MCP server exiting",
+      uncaughtException: "Uncaught exception in MCP server",
+      unhandledRejection: "Unhandled promise rejection in MCP server",
+      warning: "Warning in MCP server"
+    };
+    Object.entries(signals).forEach(([signal, message]) => {
+      process.on(
+        signal,
+        (error) => {
+          if (error && signal !== "exit") {
+            logError(`${message}`, { error, signal });
+          } else {
+            logInfo(message, { signal });
+          }
+          if (signal === "SIGINT" || signal === "SIGTERM") {
+            process.exit(0);
+          }
+          if (signal === "uncaughtException") {
+            process.exit(1);
           }
-        },
-        {
-          apiKey: this.apiKey,
-          type: "apiKey",
-          timeoutInMs: params.timeoutInMs
         }
       );
-      logInfo("GraphQL: GetAnalysis subscription completed", { result });
-      return result;
-    } catch (e) {
-      logError("GraphQL: GetAnalysis subscription failed", {
-        error: e,
-        params: params.subscribeToAnalysisParams,
-        ...this.getErrorContext()
-      });
-      throw e;
+    });
+    this.isEventHandlersSetup = true;
+    logDebug("Process event handlers registered");
+  }
+  createShutdownPromise() {
+    return new Promise((resolve) => {
+      const cleanup = () => {
+        logInfo("Process shutdown initiated");
+        resolve();
+      };
+      process.once("SIGINT", cleanup);
+      process.once("SIGTERM", cleanup);
+    });
+  }
+  async handleListToolsRequest(request) {
+    logInfo("Received list_tools request", { params: request.params });
+    try {
+      await getMcpGQLClient();
+    } catch (error) {
+      logError("Failed to get MCPGQLClient", { error });
+      const authError = new Error(
+        "Please authorize this client by visiting: https://mobb.ai"
+      );
+      authError.name = "AuthorizationRequired";
+      throw authError;
     }
+    const tools = this.toolRegistry.getAllTools();
+    return {
+      tools: tools.map((tool) => ({
+        name: tool.name,
+        display_name: tool.name,
+        description: tool.description || "",
+        inputSchema: {
+          type: "object",
+          properties: tool.inputSchema.properties || {},
+          required: tool.inputSchema.required || []
+        }
+      }))
+    };
   }
-  async getProjectId() {
+  async handleCallToolRequest(request) {
+    const { name, arguments: args } = request.params;
+    logInfo(`Received call tool request for ${name}`, { name, args });
     try {
-      const projectName = "MCP Scans";
-      logDebug("GraphQL: Calling getOrgAndProjectId query", { projectName });
-      const getOrgAndProjectIdResult = await this.clientSdk.getOrgAndProjectId({
-        filters: {},
-        limit: 1
-      });
-      logInfo("GraphQL: getOrgAndProjectId successful", {
-        result: getOrgAndProjectIdResult
-      });
-      const [organizationToOrganizationRole] = getOrgAndProjectIdResult.organization_to_organization_role;
-      if (!organizationToOrganizationRole) {
-        throw new Error("Organization not found");
-      }
-      const { organization: org } = organizationToOrganizationRole;
-      const project = projectName ? org?.projects.find((project2) => project2.name === projectName) ?? null : org?.projects[0];
-      if (project?.id) {
-        logInfo("GraphQL: Found existing project", {
-          projectId: project.id,
-          projectName
+      const tool = this.toolRegistry.getTool(name);
+      if (!tool) {
+        const errorMsg = `Unknown tool: ${name}`;
+        logWarn(errorMsg, {
+          name,
+          availableTools: this.toolRegistry.getToolNames()
         });
-        return project.id;
+        throw new Error(errorMsg);
       }
-      logDebug("GraphQL: Project not found, creating new project", {
-        organizationId: org.id,
-        projectName
-      });
-      const createdProject = await this.clientSdk.CreateProject({
-        organizationId: org.id,
-        projectName
+      logDebug(`Executing tool: ${name}`, { args });
+      const response = await tool.execute(args);
+      const serializedResponse = JSON.parse(JSON.stringify(response));
+      logInfo(`Tool ${name} executed successfully`, {
+        responseType: typeof response,
+        hasContent: !!serializedResponse.content
       });
-      logInfo("GraphQL: CreateProject successful", { result: createdProject });
-      return createdProject.createProject.projectId;
-    } catch (e) {
-      logError("GraphQL: getProjectId failed", {
-        error: e,
-        ...this.getErrorContext()
+      return serializedResponse;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logError(`Error executing tool ${name}: ${errorMessage}`, {
+        error,
+        toolName: name,
+        args
       });
-      throw e;
+      throw error;
     }
   }
-  async getReportFixes(fixReportId) {
+  setupHandlers() {
+    this.server.setRequestHandler(
+      ListToolsRequestSchema,
+      (request) => this.handleListToolsRequest(request)
+    );
+    this.server.setRequestHandler(
+      CallToolRequestSchema,
+      (request) => this.handleCallToolRequest(request)
+    );
+    logDebug("MCP server handlers registered");
+  }
+  registerTool(tool) {
+    this.toolRegistry.registerTool({
+      name: tool.name,
+      definition: tool.definition,
+      execute: tool.execute
+    });
+    logDebug(`Tool registered: ${tool.name}`);
+  }
+  async start() {
     try {
-      logDebug("GraphQL: Calling GetMCPFixes query", { fixReportId });
-      const res = await this.clientSdk.GetMCPFixes({ fixReportId });
-      logInfo("GraphQL: GetMCPFixes successful", {
-        result: res,
-        fixCount: res.fix?.length || 0
-      });
-      return res.fix;
-    } catch (e) {
-      logError("GraphQL: GetMCPFixes failed", {
-        error: e,
-        fixReportId,
-        ...this.getErrorContext()
-      });
-      throw e;
+      logDebug("Starting MCP server");
+      const transport = new StdioServerTransport();
+      await this.server.connect(transport);
+      logInfo("MCP server is running on stdin/stdout");
+      process.stdin.resume();
+      await this.createShutdownPromise();
+      await this.stop();
+    } catch (error) {
+      logError("Failed to start MCP server", { error });
+      throw error;
+    }
+  }
+  async stop() {
+    logInfo("MCP server shutting down");
+  }
+};
+
+// src/mcp/services/PathValidation.ts
+import fs9 from "fs";
+import path11 from "path";
+var PathValidation = class {
+  /**
+   * Validates a path for MCP usage - combines security and existence checks
+   */
+  async validatePath(inputPath) {
+    logDebug("Validating MCP path", { inputPath });
+    if (inputPath.includes("..")) {
+      const error = `Path contains path traversal patterns: ${inputPath}`;
+      logError(error);
+      return { isValid: false, error };
+    }
+    const normalizedPath = path11.normalize(inputPath);
+    if (normalizedPath.includes("..")) {
+      const error = `Normalized path contains path traversal patterns: ${inputPath}`;
+      logError(error);
+      return { isValid: false, error };
+    }
+    const decodedPath = decodeURIComponent(inputPath);
+    if (decodedPath.includes("..") || decodedPath !== inputPath) {
+      const error = `Path contains encoded traversal attempts: ${inputPath}`;
+      logError(error);
+      return { isValid: false, error };
+    }
+    if (inputPath.includes("\0") || inputPath.includes("\0")) {
+      const error = `Path contains dangerous characters: ${inputPath}`;
+      logError(error);
+      return { isValid: false, error };
+    }
+    logDebug("Path validation successful", { inputPath });
+    logDebug("Checking path existence", { inputPath });
+    try {
+      await fs9.promises.access(inputPath);
+      logDebug("Path exists and is accessible", { inputPath });
+      return { isValid: true };
+    } catch (error) {
+      const errorMessage = `Path does not exist or is not accessible: ${inputPath}`;
+      logError(errorMessage, { error });
+      return { isValid: false, error: errorMessage };
+    }
+  }
+};
+
+// src/mcp/services/FilePacking.ts
+import fs10 from "fs";
+import path12 from "path";
+import AdmZip2 from "adm-zip";
+var MAX_FILE_SIZE2 = 1024 * 1024 * 5;
+var FilePacking = class {
+  async packFiles(sourceDirectoryPath, filesToPack) {
+    logInfo(`FilePacking: packing files from ${sourceDirectoryPath}`);
+    const zip = new AdmZip2();
+    let packedFilesCount = 0;
+    logInfo("FilePacking: compressing files");
+    for (const filepath of filesToPack) {
+      const absoluteFilepath = path12.join(sourceDirectoryPath, filepath);
+      if (!FileUtils.shouldPackFile(absoluteFilepath, MAX_FILE_SIZE2)) {
+        logInfo(
+          `FilePacking: ignoring ${filepath} because it is excluded or invalid`
+        );
+        continue;
+      }
+      let data;
+      try {
+        data = fs10.readFileSync(absoluteFilepath);
+      } catch (fsError) {
+        logInfo(
+          `FilePacking: failed to read ${filepath} from filesystem: ${fsError}`
+        );
+        continue;
+      }
+      zip.addFile(filepath, data);
+      packedFilesCount++;
     }
+    const zipBuffer = zip.toBuffer();
+    logInfo(
+      `FilePacking: read ${packedFilesCount} source files. total size: ${zipBuffer.length} bytes`
+    );
+    logInfo("FilePacking: Files packed successfully");
+    return zipBuffer;
   }
 };
 
@@ -11480,6 +11756,85 @@ ${fix2.patch || "No patch available"}
 - If any patch fails, continue with the others and report issues at the end
   `;
 };
+var failedToConnectToApiPrompt = `# CONNECTION ERROR: FAILED TO REACH MOBB API
+
+## ANALYSIS SUMMARY
+- **Status:** \u274C Failed
+- **Issue Type:** Connection Error
+- **Error Details:** Unable to establish connection to the Mobb API service
+
+## TROUBLESHOOTING STEPS FOR THE USER
+
+The Mobb security scanning service is currently not reachable. This may be due to:
+
+1. **Missing or invalid authentication credentials**
+   - Ensure the \`API_KEY\` environment variable is properly set with your valid Mobb authentication token
+   - Example: \`export API_KEY=your_mobb_api_key_here\`
+
+2. **Incorrect API endpoint configuration**
+   - Check if the \`API_URL\` environment variable needs to be set to the correct Mobb service endpoint
+   - Example: \`export API_URL=https://api.mobb.ai/graphql\`
+
+3. **Network connectivity issues**
+   - Verify your internet connection is working properly
+   - Check if any firewall or proxy settings might be blocking the connection
+
+4. **Service outage**
+   - The Mobb service might be temporarily unavailable
+   - Please try again later or check the Mobb status page
+
+## NEXT STEPS
+
+Please resolve the connection issue using the steps above and try running the security scan again.
+
+For additional assistance, please:
+- Visit the Mobb documentation at https://docs.mobb.ai
+- Contact Mobb support at support@mobb.ai
+
+`;
+var failedToAuthenticatePrompt = `# AUTHENTICATION ERROR: MOBB LOGIN REQUIRED
+
+## ANALYSIS SUMMARY
+- **Status:** \u274C Failed
+- **Issue Type:** Authentication Error
+- **Error Details:** Unable to authenticate with the Mobb service
+
+## AUTHENTICATION REQUIRED
+
+The Mobb security scanning service requires authentication before it can analyze your code for vulnerabilities. You need to:
+
+1. **Login and authorize access to Mobb**
+   - A browser window should have opened to complete the authentication process
+   - If no browser window opened, please run the command again
+
+2. **Create a Mobb account if you don't have one**
+   - If you don't already have a Mobb account, you'll need to sign up
+   - Visit https://app.mobb.ai/auth/signup to create your free account
+   - Use your work email for easier team collaboration
+
+3. **Authorization flow**
+   - After logging in, you'll be asked to authorize the CLI tool
+   - This creates a secure token that allows the CLI to access Mobb services
+   - You only need to do this once per device
+
+## TROUBLESHOOTING
+
+If you're experiencing issues with authentication:
+
+- Ensure you have an active internet connection
+- Check that you can access https://app.mobb.ai in your browser
+- Try running the command again with the \`--debug\` flag for more detailed output
+- Make sure your browser isn't blocking pop-ups from the authentication window
+
+## NEXT STEPS
+
+Please complete the authentication process and try running the security scan again.
+
+For additional assistance, please:
+- Visit the Mobb documentation at https://docs.mobb.ai/cli/authentication
+- Contact Mobb support at support@mobb.ai
+
+`;
 
 // src/mcp/tools/fixVulnerabilities/VulnerabilityFixService.ts
 var VUL_REPORT_DIGEST_TIMEOUT_MS2 = 1e3 * 60 * 5;
@@ -11487,15 +11842,12 @@ var VulnerabilityFixService = class {
   constructor() {
     __publicField(this, "gqlClient");
     __publicField(this, "filePacking");
-    __publicField(this, "fileUpload");
     this.filePacking = new FilePacking();
-    this.fileUpload = new FileUpload();
   }
   async processVulnerabilities(fileList, repositoryPath) {
     try {
       this.validateFiles(fileList);
-      const apiKey = this.validateApiKey();
-      this.gqlClient = await this.initializeGqlClient(apiKey);
+      this.gqlClient = await this.initializeGqlClient();
       const repoUploadInfo = await this.initializeReport();
       const zipBuffer = await this.packFiles(fileList, repositoryPath);
       await this.uploadFiles(zipBuffer, repoUploadInfo);
@@ -11507,6 +11859,12 @@ var VulnerabilityFixService = class {
       const fixes = await this.getReportFixes(repoUploadInfo.fixReportId);
       return fixesPrompt(fixes);
     } catch (error) {
+      if (error instanceof ApiConnectionError || error instanceof CliLoginError) {
+        return failedToConnectToApiPrompt;
+      }
+      if (error instanceof AuthenticationError || error instanceof FailedToGetApiTokenError) {
+        return failedToAuthenticatePrompt;
+      }
       const message = error.message;
       logError("Vulnerability processing failed", { error: message });
       throw error;
@@ -11514,30 +11872,22 @@ var VulnerabilityFixService = class {
   }
   validateFiles(fileList) {
     if (fileList.length === 0) {
-      throw new Error("No files to fix");
-    }
-  }
-  validateApiKey() {
-    const apiKey = process.env["API_KEY"];
-    if (!apiKey) {
-      throw new Error("API_KEY environment variable is not set");
+      throw new NoFilesError();
     }
-    return apiKey;
   }
-  async initializeGqlClient(apiKey) {
-    const gqlClient = new McpGQLClient({
-      apiKey,
-      type: "apiKey"
-    });
+  async initializeGqlClient() {
+    const gqlClient = await getMcpGQLClient();
     const isConnected = await gqlClient.verifyConnection();
     if (!isConnected) {
-      throw new Error("Failed to connect to the API. Please check your API_KEY");
+      throw new ApiConnectionError(
+        "Failed to connect to the API. Please check your API_KEY"
+      );
     }
     return gqlClient;
   }
   async initializeReport() {
     if (!this.gqlClient) {
-      throw new Error("GraphQL client not initialized");
+      throw new GqlClientError();
     }
     try {
       const {
@@ -11547,7 +11897,9 @@ var VulnerabilityFixService = class {
       return repoUploadInfo;
     } catch (error) {
       const message = error.message;
-      throw new Error(`Error initializing report: ${message}`);
+      throw new ReportInitializationError(
+        `Error initializing report: ${message}`
+      );
     }
   }
   async packFiles(fileList, repositoryPath) {
@@ -11560,15 +11912,15 @@ var VulnerabilityFixService = class {
       return zipBuffer;
     } catch (error) {
       const message = error.message;
-      throw new Error(`Error packing files: ${message}`);
+      throw new FileProcessingError(`Error packing files: ${message}`);
     }
   }
   async uploadFiles(zipBuffer, repoUploadInfo) {
     if (!repoUploadInfo) {
-      throw new Error("Upload info is required");
+      throw new FileUploadError("Upload info is required");
     }
     try {
-      await this.fileUpload.uploadFile({
+      await uploadFile({
         file: zipBuffer,
         url: repoUploadInfo.url,
         uploadFields: JSON.parse(repoUploadInfo.uploadFieldsJSON),
@@ -11577,12 +11929,14 @@ var VulnerabilityFixService = class {
       logInfo("File uploaded successfully");
     } catch (error) {
       logError("File upload failed", { error: error.message });
-      throw new Error(`Failed to upload the file: ${error.message}`);
+      throw new FileUploadError(
+        `Failed to upload the file: ${error.message}`
+      );
     }
   }
   async getProjectId() {
     if (!this.gqlClient) {
-      throw new Error("GraphQL client not initialized");
+      throw new GqlClientError();
     }
     const projectId = await this.gqlClient.getProjectId();
     logInfo("Project ID retrieved", { projectId });
@@ -11590,7 +11944,7 @@ var VulnerabilityFixService = class {
   }
   async runScan(params) {
     if (!this.gqlClient) {
-      throw new Error("GraphQL client not initialized");
+      throw new GqlClientError();
     }
     const { fixReportId, projectId } = params;
     logInfo("Starting scan", { fixReportId, projectId });
@@ -11609,7 +11963,7 @@ var VulnerabilityFixService = class {
       logError("Vulnerability report submission failed", {
         response: submitRes
       });
-      throw new Error("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
+      throw new ScanError("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
     }
     logInfo("Vulnerability report submitted successfully", {
       analysisId: submitRes.submitVulnerabilityReport.fixReportId
@@ -11628,7 +11982,7 @@ var VulnerabilityFixService = class {
   }
   async getReportFixes(fixReportId) {
     if (!this.gqlClient) {
-      throw new Error("GraphQL client not initialized");
+      throw new GqlClientError();
     }
     const fixes = await this.gqlClient.getReportFixes(fixReportId);
     logInfo("Fixes retrieved", { fixCount: fixes.length });
@@ -11665,18 +12019,48 @@ var FixVulnerabilitiesTool = class {
         `Invalid path: potential security risk detected in path: ${pathValidationResult.error}`
       );
     }
-    const gitService = new GitService(args.path);
+    const gitService = new GitService(args.path, log);
     const gitValidation = await gitService.validateRepository();
+    let files = [];
     if (!gitValidation.isValid) {
-      throw new Error(gitValidation.error || "Git repository validation failed");
+      logDebug(
+        "Git repository validation failed, using all files in the repository",
+        {
+          path: args.path
+        }
+      );
+      files = FileUtils.getLastChangedFiles(args.path);
+      logDebug("Found files in the repository", {
+        files,
+        fileCount: files.length
+      });
+    } else {
+      const gitResult = await gitService.getChangedFiles();
+      files = gitResult.files;
+      if (files.length === 0) {
+        const recentResult = await gitService.getRecentlyChangedFiles();
+        files = recentResult.files;
+        logDebug(
+          "No changes found, using recently changed files from git history",
+          {
+            files,
+            fileCount: files.length,
+            commitsChecked: recentResult.commitCount
+          }
+        );
+      } else {
+        logDebug("Found changed files in the git repository", {
+          files,
+          fileCount: files.length
+        });
+      }
     }
-    const gitResult = await gitService.getChangedFiles();
-    if (gitResult.files.length === 0) {
+    if (files.length === 0) {
       return {
         content: [
           {
             type: "text",
-            text: "No changed files found in the git repository. The vulnerability scanner analyzes modified, added, or staged files. Make some changes to your code and try again."
+            text: "No changed files found in the repository. The vulnerability scanner analyzes modified, added, or staged files. Make some changes to your code and try again."
           }
         ]
       };
@@ -11684,7 +12068,7 @@ var FixVulnerabilitiesTool = class {
     try {
       const vulnerabilityFixService = new VulnerabilityFixService();
       const fixResult = await vulnerabilityFixService.processVulnerabilities(
-        gitResult.files,
+        files,
         args.path
       );
       const result = {
@@ -11697,7 +12081,7 @@ var FixVulnerabilitiesTool = class {
       };
       logInfo("Tool execution completed successfully", {
         resultLength: fixResult.length,
-        fileCount: gitResult.files.length,
+        fileCount: files.length,
         result
       });
       return result;
@@ -11770,7 +12154,7 @@ var mcpHandler = async (_args) => {
 };
 
 // src/args/commands/review.ts
-import fs10 from "fs";
+import fs11 from "fs";
 import chalk9 from "chalk";
 function reviewBuilder(yargs2) {
   return yargs2.option("f", {
@@ -11807,7 +12191,7 @@ function reviewBuilder(yargs2) {
   ).help();
 }
 function validateReviewOptions(argv) {
-  if (!fs10.existsSync(argv.f)) {
+  if (!fs11.existsSync(argv.f)) {
     throw new CliError(`
 Can't access ${chalk9.bold(argv.f)}`);
   }
@@ -11945,13 +12329,13 @@ var parseArgs = async (args) => {
 };
 
 // src/index.ts
-var debug20 = Debug21("mobbdev:index");
+var debug19 = Debug20("mobbdev:index");
 async function run() {
   return parseArgs(hideBin(process.argv));
 }
 (async () => {
   try {
-    debug20("Bugsy CLI v%s running...", packageJson.version);
+    debug19("Bugsy CLI v%s running...", packageJson.version);
     await run();
     process.exit(0);
   } catch (err) {