mobbdev 1.1.19 → 1.1.21

package/dist/args/commands/upload_ai_blame.mjs

@@ -2203,6 +2203,7 @@ function getDirName() {
 var debug = Debug("mobbdev:constants");
 dotenv.config({ path: path2.join(getModuleRootDir(), ".env") });
 var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
+var DEFAULT_WEB_APP_URL = "https://app.mobb.ai";
 var scmFriendlyText = {
   ["Ado" /* Ado */]: "Azure DevOps",
   ["Bitbucket" /* Bitbucket */]: "Bitbucket",
@@ -2229,13 +2230,16 @@ var scannerToVulnerabilityReportVendorEnum = {
 };
 var SupportedScannersZ = z8.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
 var envVariablesSchema = z8.object({
-  WEB_APP_URL: z8.string(),
-  API_URL: z8.string(),
-  HASURA_ACCESS_KEY: z8.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z8.string(),
+  // These have safe defaults for production - the VS Code extension passes explicit URLs
+  WEB_APP_URL: z8.string().optional().default(DEFAULT_WEB_APP_URL),
+  API_URL: z8.string().optional().default(DEFAULT_API_URL),
+  // These are only needed for local development with Hasura
+  HASURA_ACCESS_KEY: z8.string().optional().default(""),
+  LOCAL_GRAPHQL_ENDPOINT: z8.string().optional().default(""),
+  // Proxy settings
   HTTP_PROXY: z8.string().optional().default(""),
   HTTPS_PROXY: z8.string().optional().default("")
-}).required();
+});
 var envVariables = envVariablesSchema.parse(process.env);
 debug("config %o", envVariables);
 var WEB_APP_URL = envVariables.WEB_APP_URL;
@@ -4722,10 +4726,12 @@ var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
     __publicField(this, "_clientSdk");
+    __publicField(this, "_apiUrl");
     __publicField(this, "_auth");
     debug6(`init with  ${args}`);
     this._auth = args;
-    this._client = new GraphQLClient(API_URL, {
+    this._apiUrl = args.apiUrl || API_URL;
+    this._client = new GraphQLClient(this._apiUrl, {
       headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
@@ -5023,12 +5029,12 @@ var GQLClient = class {
             apiKey: this._auth.apiKey,
             type: "apiKey",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           } : {
             token: this._auth.token,
             type: "token",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           }
         );
       }
@@ -5114,29 +5120,37 @@ var configStore = getConfigStore();
 var debug7 = Debug6("mobbdev:commands");
 var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY = 5 * 1e3;
-var webLoginUrl = `${WEB_APP_URL}/cli-login`;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk2.bgBlue(
   "press any key to continue"
 )};`;
 async function getAuthenticatedGQLClient({
   inputApiKey = "",
-  isSkipPrompts = true
+  isSkipPrompts = true,
+  apiUrl,
+  webAppUrl
 }) {
   let gqlClient = new GQLClient({
     apiKey: inputApiKey || configStore.get("apiToken") || "",
-    type: "apiKey"
+    type: "apiKey",
+    apiUrl
   });
   gqlClient = await handleMobbLogin({
     inGqlClient: gqlClient,
-    skipPrompts: isSkipPrompts
+    skipPrompts: isSkipPrompts,
+    apiUrl,
+    webAppUrl
   });
   return gqlClient;
 }
 async function handleMobbLogin({
   inGqlClient,
   apiKey,
-  skipPrompts
+  skipPrompts,
+  apiUrl,
+  webAppUrl
 }) {
+  const resolvedWebAppUrl = webAppUrl || WEB_APP_URL;
+  const resolvedApiUrl = apiUrl || API_URL;
   const { createSpinner } = Spinner({ ci: skipPrompts });
   const isConnected = await inGqlClient.verifyApiConnection();
   if (!isConnected) {
@@ -5178,7 +5192,7 @@ async function handleMobbLogin({
   const loginId = await inGqlClient.createCliLogin({
     publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
   });
-  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+  const browserUrl = `${resolvedWebAppUrl}/cli-login/${loginId}?hostname=${os.hostname()}`;
   !skipPrompts && console.log(
     `If the page does not open automatically, kindly access it through ${browserUrl}.`
   );
@@ -5203,7 +5217,11 @@ async function handleMobbLogin({
     });
     throw new CliError();
   }
-  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
+  const newGqlClient = new GQLClient({
+    apiKey: newApiToken,
+    type: "apiKey",
+    apiUrl: resolvedApiUrl
+  });
   const loginSuccess = await newGqlClient.validateUserToken();
   if (loginSuccess) {
     debug7(`set api token ${newApiToken}`);
@@ -5291,42 +5309,36 @@ var openRedaction = new OpenRedaction({
     "VISA_NUMBER",
     "VISA_MRZ",
     "TAX_ID",
-    // Financial Data
+    // Financial Data (removed SWIFT_BIC - too broad, matches bank code formats in variables)
     "CREDIT_CARD",
     "IBAN",
     "BANK_ACCOUNT_UK",
     "ROUTING_NUMBER_US",
-    "SWIFT_BIC",
     "CARD_TRACK1_DATA",
     "CARD_TRACK2_DATA",
     "CARD_EXPIRY",
     "CARD_AUTH_CODE",
-    // Cryptocurrency
-    "BITCOIN_ADDRESS",
+    // Cryptocurrency (removed BITCOIN_ADDRESS - too broad, matches hash-like strings)
     "ETHEREUM_ADDRESS",
     "LITECOIN_ADDRESS",
     "CARDANO_ADDRESS",
     "SOLANA_ADDRESS",
     "MONERO_ADDRESS",
     "RIPPLE_ADDRESS",
-    // Medical Data
+    // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
     "NHS_NUMBER",
     "MEDICAL_RECORD_NUMBER",
     "AUSTRALIAN_MEDICARE",
     "HEALTH_PLAN_NUMBER",
-    "PRESCRIPTION_NUMBER",
     "PATIENT_ID",
-    // Communications
+    // Communications (removed EMERGENCY_CONTACT, ADDRESS_PO_BOX, ZIP_CODE_US - too broad)
     "PHONE_US",
     "PHONE_UK",
     "PHONE_UK_MOBILE",
     "PHONE_INTERNATIONAL",
     "PHONE_LINE_NUMBER",
-    "EMERGENCY_CONTACT",
     "ADDRESS_STREET",
-    "ADDRESS_PO_BOX",
     "POSTCODE_UK",
-    "ZIP_CODE_US",
     // Network & Technical
     "IPV4",
     "IPV6",

package/dist/index.mjs

@@ -10390,6 +10390,7 @@ import { z as z24 } from "zod";
 var debug5 = Debug4("mobbdev:constants");
 dotenv.config({ path: path6.join(getModuleRootDir(), ".env") });
 var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
+var DEFAULT_WEB_APP_URL = "https://app.mobb.ai";
 var scmFriendlyText = {
   ["Ado" /* Ado */]: "Azure DevOps",
   ["Bitbucket" /* Bitbucket */]: "Bitbucket",
@@ -10416,13 +10417,16 @@ var scannerToVulnerabilityReportVendorEnum = {
 };
 var SupportedScannersZ = z24.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
 var envVariablesSchema = z24.object({
-  WEB_APP_URL: z24.string(),
-  API_URL: z24.string(),
-  HASURA_ACCESS_KEY: z24.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z24.string(),
+  // These have safe defaults for production - the VS Code extension passes explicit URLs
+  WEB_APP_URL: z24.string().optional().default(DEFAULT_WEB_APP_URL),
+  API_URL: z24.string().optional().default(DEFAULT_API_URL),
+  // These are only needed for local development with Hasura
+  HASURA_ACCESS_KEY: z24.string().optional().default(""),
+  LOCAL_GRAPHQL_ENDPOINT: z24.string().optional().default(""),
+  // Proxy settings
   HTTP_PROXY: z24.string().optional().default(""),
   HTTPS_PROXY: z24.string().optional().default("")
-}).required();
+});
 var envVariables = envVariablesSchema.parse(process.env);
 debug5("config %o", envVariables);
 var mobbAscii = `
@@ -10475,9 +10479,9 @@ var errorMessages = {
   )} is needed if you're adding an SCM token`
 };
 var progressMassages = {
-  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
-  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
-  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
+  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report processed successfully",
+  processingVulnerabilityReport: "\u2699\uFE0F  Processing vulnerability report",
+  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Processing vulnerability report"
 };
 var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
@@ -10977,10 +10981,12 @@ var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
     __publicField(this, "_clientSdk");
+    __publicField(this, "_apiUrl");
     __publicField(this, "_auth");
     debug6(`init with  ${args}`);
     this._auth = args;
-    this._client = new GraphQLClient(API_URL, {
+    this._apiUrl = args.apiUrl || API_URL;
+    this._client = new GraphQLClient(this._apiUrl, {
       headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
@@ -11278,12 +11284,12 @@ var GQLClient = class {
             apiKey: this._auth.apiKey,
             type: "apiKey",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           } : {
             token: this._auth.token,
             type: "token",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           }
         );
       }
@@ -11369,29 +11375,37 @@ var configStore = getConfigStore();
 var debug7 = Debug6("mobbdev:commands");
 var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY = 5 * 1e3;
-var webLoginUrl = `${WEB_APP_URL}/cli-login`;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk3.bgBlue(
   "press any key to continue"
 )};`;
 async function getAuthenticatedGQLClient({
   inputApiKey = "",
-  isSkipPrompts = true
+  isSkipPrompts = true,
+  apiUrl,
+  webAppUrl
 }) {
   let gqlClient = new GQLClient({
     apiKey: inputApiKey || configStore.get("apiToken") || "",
-    type: "apiKey"
+    type: "apiKey",
+    apiUrl
   });
   gqlClient = await handleMobbLogin({
     inGqlClient: gqlClient,
-    skipPrompts: isSkipPrompts
+    skipPrompts: isSkipPrompts,
+    apiUrl,
+    webAppUrl
   });
   return gqlClient;
 }
 async function handleMobbLogin({
   inGqlClient,
   apiKey,
-  skipPrompts
+  skipPrompts,
+  apiUrl,
+  webAppUrl
 }) {
+  const resolvedWebAppUrl = webAppUrl || WEB_APP_URL;
+  const resolvedApiUrl = apiUrl || API_URL;
   const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
   const isConnected = await inGqlClient.verifyApiConnection();
   if (!isConnected) {
@@ -11433,7 +11447,7 @@ async function handleMobbLogin({
   const loginId = await inGqlClient.createCliLogin({
     publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
   });
-  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+  const browserUrl = `${resolvedWebAppUrl}/cli-login/${loginId}?hostname=${os.hostname()}`;
   !skipPrompts && console.log(
     `If the page does not open automatically, kindly access it through ${browserUrl}.`
   );
@@ -11458,7 +11472,11 @@ async function handleMobbLogin({
     });
     throw new CliError();
   }
-  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
+  const newGqlClient = new GQLClient({
+    apiKey: newApiToken,
+    type: "apiKey",
+    apiUrl: resolvedApiUrl
+  });
   const loginSuccess = await newGqlClient.validateUserToken();
   if (loginSuccess) {
     debug7(`set api token ${newApiToken}`);
@@ -13580,42 +13598,36 @@ var openRedaction = new OpenRedaction({
     "VISA_NUMBER",
     "VISA_MRZ",
     "TAX_ID",
-    // Financial Data
+    // Financial Data (removed SWIFT_BIC - too broad, matches bank code formats in variables)
     "CREDIT_CARD",
     "IBAN",
     "BANK_ACCOUNT_UK",
     "ROUTING_NUMBER_US",
-    "SWIFT_BIC",
     "CARD_TRACK1_DATA",
     "CARD_TRACK2_DATA",
     "CARD_EXPIRY",
     "CARD_AUTH_CODE",
-    // Cryptocurrency
-    "BITCOIN_ADDRESS",
+    // Cryptocurrency (removed BITCOIN_ADDRESS - too broad, matches hash-like strings)
     "ETHEREUM_ADDRESS",
     "LITECOIN_ADDRESS",
     "CARDANO_ADDRESS",
     "SOLANA_ADDRESS",
     "MONERO_ADDRESS",
     "RIPPLE_ADDRESS",
-    // Medical Data
+    // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
     "NHS_NUMBER",
     "MEDICAL_RECORD_NUMBER",
     "AUSTRALIAN_MEDICARE",
     "HEALTH_PLAN_NUMBER",
-    "PRESCRIPTION_NUMBER",
     "PATIENT_ID",
-    // Communications
+    // Communications (removed EMERGENCY_CONTACT, ADDRESS_PO_BOX, ZIP_CODE_US - too broad)
     "PHONE_US",
     "PHONE_UK",
     "PHONE_UK_MOBILE",
     "PHONE_INTERNATIONAL",
     "PHONE_LINE_NUMBER",
-    "EMERGENCY_CONTACT",
     "ADDRESS_STREET",
-    "ADDRESS_PO_BOX",
     "POSTCODE_UK",
-    "ZIP_CODE_US",
     // Network & Technical
     "IPV4",
     "IPV6",
@@ -14799,8 +14811,8 @@ var McpAuthService = class {
       throw new CliLoginError("Error: createCliLogin failed");
     }
     logDebug(`cli login created ${loginId}`);
-    const webLoginUrl2 = `${WEB_APP_URL}/mvs-login`;
-    const browserUrl = `${webLoginUrl2}/${loginId}?hostname=${os4.hostname()}`;
+    const webLoginUrl = `${WEB_APP_URL}/mvs-login`;
+    const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os4.hostname()}`;
     await this.openBrowser(browserUrl, isBackgoundCall);
     logDebug(`waiting for login to complete`);
     let newApiToken = null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.1.19",
+  "version": "1.1.21",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",