mobbdev 1.1.19 → 1.1.23

package/dist/args/commands/upload_ai_blame.d.mts

@@ -8,13 +8,12 @@ declare enum AiBlameInferenceType {
 }
 
 type SanitizationCounts = {
-    pii: {
+    detections: {
         total: number;
         high: number;
         medium: number;
         low: number;
     };
-    secrets: number;
 };
 
 declare const PromptItemZ: z.ZodObject<{
@@ -190,9 +189,11 @@ type UploadAiBlameOptions = {
     model?: string[];
     toolName?: string[];
     blameType?: AiBlameInferenceType[];
+    sessionId?: string[];
     'ai-response-at'?: string[];
     'tool-name'?: string[];
     'blame-type'?: AiBlameInferenceType[];
+    'session-id'?: string[];
 };
 declare function uploadAiBlameBuilder(args: Yargs.Argv<unknown>): Yargs.Argv<UploadAiBlameOptions>;
 type UploadAiBlameResult = {
@@ -208,6 +209,7 @@ declare function uploadAiBlameHandlerFromExtension(args: {
     tool: string;
     responseTime: string;
     blameType?: AiBlameInferenceType;
+    sessionId?: string;
 }): Promise<UploadAiBlameResult>;
 declare function uploadAiBlameHandler(args: UploadAiBlameOptions, exitOnError?: boolean): Promise<void>;
 

package/dist/args/commands/upload_ai_blame.mjs

@@ -79,7 +79,7 @@ var init_FileUtils = __esm({
 import fs4 from "fs";
 import ignore from "ignore";
 import * as path5 from "path";
-import { simpleGit } from "simple-git";
+import { simpleGit as simpleGit2 } from "simple-git";
 var init_GitService = __esm({
   "src/features/analysis/scm/services/GitService.ts"() {
     "use strict";
@@ -2203,6 +2203,7 @@ function getDirName() {
 var debug = Debug("mobbdev:constants");
 dotenv.config({ path: path2.join(getModuleRootDir(), ".env") });
 var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
+var DEFAULT_WEB_APP_URL = "https://app.mobb.ai";
 var scmFriendlyText = {
   ["Ado" /* Ado */]: "Azure DevOps",
   ["Bitbucket" /* Bitbucket */]: "Bitbucket",
@@ -2229,13 +2230,16 @@ var scannerToVulnerabilityReportVendorEnum = {
 };
 var SupportedScannersZ = z8.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
 var envVariablesSchema = z8.object({
-  WEB_APP_URL: z8.string(),
-  API_URL: z8.string(),
-  HASURA_ACCESS_KEY: z8.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z8.string(),
+  // These have safe defaults for production - the VS Code extension passes explicit URLs
+  WEB_APP_URL: z8.string().optional().default(DEFAULT_WEB_APP_URL),
+  API_URL: z8.string().optional().default(DEFAULT_API_URL),
+  // These are only needed for local development with Hasura
+  HASURA_ACCESS_KEY: z8.string().optional().default(""),
+  LOCAL_GRAPHQL_ENDPOINT: z8.string().optional().default(""),
+  // Proxy settings
   HTTP_PROXY: z8.string().optional().default(""),
   HTTPS_PROXY: z8.string().optional().default("")
-}).required();
+});
 var envVariables = envVariablesSchema.parse(process.env);
 debug("config %o", envVariables);
 var WEB_APP_URL = envVariables.WEB_APP_URL;
@@ -2371,6 +2375,9 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
   process.exit(1);
 }
 
+// src/utils/gitUtils.ts
+import simpleGit from "simple-git";
+
 // src/utils/index.ts
 var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
 var CliError = class extends Error {
@@ -4722,10 +4729,12 @@ var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
     __publicField(this, "_clientSdk");
+    __publicField(this, "_apiUrl");
     __publicField(this, "_auth");
     debug6(`init with  ${args}`);
     this._auth = args;
-    this._client = new GraphQLClient(API_URL, {
+    this._apiUrl = args.apiUrl || API_URL;
+    this._client = new GraphQLClient(this._apiUrl, {
       headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
@@ -5023,12 +5032,12 @@ var GQLClient = class {
             apiKey: this._auth.apiKey,
             type: "apiKey",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           } : {
             token: this._auth.token,
             type: "token",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           }
         );
       }
@@ -5114,29 +5123,37 @@ var configStore = getConfigStore();
 var debug7 = Debug6("mobbdev:commands");
 var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY = 5 * 1e3;
-var webLoginUrl = `${WEB_APP_URL}/cli-login`;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk2.bgBlue(
   "press any key to continue"
 )};`;
 async function getAuthenticatedGQLClient({
   inputApiKey = "",
-  isSkipPrompts = true
+  isSkipPrompts = true,
+  apiUrl,
+  webAppUrl
 }) {
   let gqlClient = new GQLClient({
     apiKey: inputApiKey || configStore.get("apiToken") || "",
-    type: "apiKey"
+    type: "apiKey",
+    apiUrl
   });
   gqlClient = await handleMobbLogin({
     inGqlClient: gqlClient,
-    skipPrompts: isSkipPrompts
+    skipPrompts: isSkipPrompts,
+    apiUrl,
+    webAppUrl
   });
   return gqlClient;
 }
 async function handleMobbLogin({
   inGqlClient,
   apiKey,
-  skipPrompts
+  skipPrompts,
+  apiUrl,
+  webAppUrl
 }) {
+  const resolvedWebAppUrl = webAppUrl || WEB_APP_URL;
+  const resolvedApiUrl = apiUrl || API_URL;
   const { createSpinner } = Spinner({ ci: skipPrompts });
   const isConnected = await inGqlClient.verifyApiConnection();
   if (!isConnected) {
@@ -5178,7 +5195,7 @@ async function handleMobbLogin({
   const loginId = await inGqlClient.createCliLogin({
     publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
   });
-  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+  const browserUrl = `${resolvedWebAppUrl}/cli-login/${loginId}?hostname=${os.hostname()}`;
   !skipPrompts && console.log(
     `If the page does not open automatically, kindly access it through ${browserUrl}.`
   );
@@ -5203,7 +5220,11 @@ async function handleMobbLogin({
     });
     throw new CliError();
   }
-  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
+  const newGqlClient = new GQLClient({
+    apiKey: newApiToken,
+    type: "apiKey",
+    apiUrl: resolvedApiUrl
+  });
   const loginSuccess = await newGqlClient.validateUserToken();
   if (loginSuccess) {
     debug7(`set api token ${newApiToken}`);
@@ -5272,8 +5293,6 @@ async function uploadFile({
 
 // src/utils/sanitize-sensitive-data.ts
 import { OpenRedaction } from "@openredaction/openredaction";
-import { spawn } from "child_process";
-import { installGitleaks } from "gitleaks-secret-scanner/lib/installer.js";
 var openRedaction = new OpenRedaction({
   patterns: [
     // Core Personal Data
@@ -5291,42 +5310,36 @@ var openRedaction = new OpenRedaction({
     "VISA_NUMBER",
     "VISA_MRZ",
     "TAX_ID",
-    // Financial Data
+    // Financial Data (removed SWIFT_BIC - too broad, matches bank code formats in variables)
     "CREDIT_CARD",
     "IBAN",
     "BANK_ACCOUNT_UK",
     "ROUTING_NUMBER_US",
-    "SWIFT_BIC",
     "CARD_TRACK1_DATA",
     "CARD_TRACK2_DATA",
     "CARD_EXPIRY",
     "CARD_AUTH_CODE",
-    // Cryptocurrency
-    "BITCOIN_ADDRESS",
+    // Cryptocurrency (removed BITCOIN_ADDRESS - too broad, matches hash-like strings)
     "ETHEREUM_ADDRESS",
     "LITECOIN_ADDRESS",
     "CARDANO_ADDRESS",
     "SOLANA_ADDRESS",
     "MONERO_ADDRESS",
     "RIPPLE_ADDRESS",
-    // Medical Data
+    // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
     "NHS_NUMBER",
     "MEDICAL_RECORD_NUMBER",
     "AUSTRALIAN_MEDICARE",
     "HEALTH_PLAN_NUMBER",
-    "PRESCRIPTION_NUMBER",
     "PATIENT_ID",
-    // Communications
+    // Communications (removed EMERGENCY_CONTACT, ADDRESS_PO_BOX, ZIP_CODE_US - too broad)
     "PHONE_US",
     "PHONE_UK",
     "PHONE_UK_MOBILE",
     "PHONE_INTERNATIONAL",
     "PHONE_LINE_NUMBER",
-    "EMERGENCY_CONTACT",
     "ADDRESS_STREET",
-    "ADDRESS_PO_BOX",
     "POSTCODE_UK",
-    "ZIP_CODE_US",
     // Network & Technical
     "IPV4",
     "IPV6",
@@ -5367,63 +5380,6 @@ var openRedaction = new OpenRedaction({
     "CLIENT_ID"
   ]
 });
-var gitleaksBinaryPath = null;
-async function initializeGitleaks() {
-  try {
-    gitleaksBinaryPath = await installGitleaks({ version: "8.27.2" });
-    return gitleaksBinaryPath;
-  } catch {
-    return null;
-  }
-}
-var gitleaksInitPromise = initializeGitleaks();
-async function detectSecretsWithGitleaks(text) {
-  const secrets = /* @__PURE__ */ new Set();
-  const binaryPath = gitleaksBinaryPath || await gitleaksInitPromise;
-  if (!binaryPath) {
-    return secrets;
-  }
-  return new Promise((resolve) => {
-    const gitleaks = spawn(
-      binaryPath,
-      [
-        "detect",
-        "--pipe",
-        "--no-banner",
-        "--exit-code",
-        "0",
-        "--report-format",
-        "json"
-      ],
-      {
-        stdio: ["pipe", "pipe", "ignore"]
-      }
-    );
-    let output = "";
-    gitleaks.stdout.on("data", (data) => {
-      output += data.toString();
-    });
-    gitleaks.on("close", () => {
-      try {
-        const findings = JSON.parse(output);
-        if (Array.isArray(findings)) {
-          for (const finding of findings) {
-            if (finding.Secret) {
-              secrets.add(finding.Secret);
-            }
-          }
-        }
-      } catch {
-      }
-      resolve(secrets);
-    });
-    gitleaks.on("error", () => {
-      resolve(secrets);
-    });
-    gitleaks.stdin.write(text);
-    gitleaks.stdin.end();
-  });
-}
 function maskString(str, showStart = 2, showEnd = 2) {
   if (str.length <= showStart + showEnd) {
     return "*".repeat(str.length);
@@ -5432,8 +5388,7 @@ function maskString(str, showStart = 2, showEnd = 2) {
 }
 async function sanitizeDataWithCounts(obj) {
   const counts = {
-    pii: { total: 0, high: 0, medium: 0, low: 0 },
-    secrets: 0
+    detections: { total: 0, high: 0, medium: 0, low: 0 }
   };
   const sanitizeString = async (str) => {
     let result = str;
@@ -5445,20 +5400,14 @@ async function sanitizeDataWithCounts(obj) {
         ...piiDetections.low
       ];
       for (const detection of allDetections) {
-        counts.pii.total++;
-        if (detection.severity === "high") counts.pii.high++;
-        else if (detection.severity === "medium") counts.pii.medium++;
-        else if (detection.severity === "low") counts.pii.low++;
+        counts.detections.total++;
+        if (detection.severity === "high") counts.detections.high++;
+        else if (detection.severity === "medium") counts.detections.medium++;
+        else if (detection.severity === "low") counts.detections.low++;
         const masked = maskString(detection.value);
         result = result.replaceAll(detection.value, masked);
       }
     }
-    const secrets = await detectSecretsWithGitleaks(result);
-    counts.secrets += secrets.size;
-    for (const secret of secrets) {
-      const masked = maskString(secret);
-      result = result.replaceAll(secret, masked);
-    }
     return result;
   };
   const sanitizeRecursive = async (data) => {
@@ -5569,7 +5518,8 @@ async function uploadAiBlameHandlerFromExtension(args) {
     model: [],
     toolName: [],
     aiResponseAt: [],
-    blameType: []
+    blameType: [],
+    sessionId: []
   };
   let promptsCounts;
   let inferenceCounts;
@@ -5602,6 +5552,9 @@ async function uploadAiBlameHandlerFromExtension(args) {
       uploadArgs.toolName.push(args.tool);
       uploadArgs.aiResponseAt.push(args.responseTime);
       uploadArgs.blameType.push(args.blameType || "CHAT" /* Chat */);
+      if (args.sessionId) {
+        uploadArgs.sessionId.push(args.sessionId);
+      }
       await uploadAiBlameHandler(uploadArgs, false);
     });
   });
@@ -5619,6 +5572,7 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
   const tools = args.toolName || args["tool-name"] || [];
   const responseTimes = args.aiResponseAt || args["ai-response-at"] || [];
   const blameTypes = args.blameType || args["blame-type"] || [];
+  const sessionIds = args.sessionId || args["session-id"] || [];
   if (prompts.length !== inferences.length) {
     const errorMsg = "prompt and inference must have the same number of entries";
     console.error(chalk3.red(errorMsg));
@@ -5654,14 +5608,18 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: tools[i],
       blameType: blameTypes[i] || "CHAT" /* Chat */,
       computerName,
-      userName
+      userName,
+      sessionId: sessionIds[i]
     });
   }
   const authenticatedClient = await getAuthenticatedGQLClient({
     isSkipPrompts: true
   });
+  const initSessions = sessions.map(
+    ({ sessionId: _sessionId, ...rest }) => rest
+  );
   const sanitizedSessions = await sanitizeData(
-    sessions
+    initSessions
   );
   const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
     sessions: sanitizedSessions
@@ -5707,7 +5665,8 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: s.toolName,
       blameType: s.blameType,
       computerName: s.computerName,
-      userName: s.userName
+      userName: s.userName,
+      sessionId: s.sessionId
     };
   });
   const sanitizedFinalizeSessions = await sanitizeData(

package/dist/index.mjs

@@ -9863,6 +9863,7 @@ var utils_exports = {};
 __export(utils_exports, {
   CliError: () => CliError,
   Spinner: () => Spinner,
+  createGitWithLogging: () => createGitWithLogging,
   getDirName: () => getDirName,
   getModuleRootDir: () => getModuleRootDir,
   getTopLevelDirName: () => getTopLevelDirName,
@@ -9990,6 +9991,53 @@ if (!semver.satisfies(process.version, packageJson.engines.node)) {
   process.exit(1);
 }
 
+// src/utils/gitUtils.ts
+import simpleGit2 from "simple-git";
+var defaultLogger = {
+  info: (data, msg) => {
+    if (msg) {
+      const sanitizedMsg = String(msg).replace(/\n|\r/g, "");
+      console.log(`[GIT] ${sanitizedMsg}`, data);
+    } else {
+      console.log("[GIT]", data);
+    }
+  }
+};
+function createGitWithLogging(dirName, logger2 = defaultLogger) {
+  return simpleGit2(dirName, {
+    maxConcurrentProcesses: 6
+  }).outputHandler((bin, stdout2, stderr2) => {
+    const callID = Math.random();
+    logger2.info({ callID, bin }, "Start git CLI call");
+    const errChunks = [];
+    const outChunks = [];
+    let isStdoutClosed = false;
+    let isStderrClosed = false;
+    stderr2.on("data", (data) => errChunks.push(data.toString("utf8")));
+    stdout2.on("data", (data) => outChunks.push(data.toString("utf8")));
+    function logData() {
+      if (!isStderrClosed || !isStdoutClosed) {
+        return;
+      }
+      const logObj = {
+        callID,
+        bin,
+        err: `${errChunks.join("").slice(0, 200)}...`,
+        out: `${outChunks.join("").slice(0, 200)}...`
+      };
+      logger2.info(logObj, "git log output");
+    }
+    stderr2.on("close", () => {
+      isStderrClosed = true;
+      logData();
+    });
+    stdout2.on("close", () => {
+      isStdoutClosed = true;
+      logData();
+    });
+  });
+}
+
 // src/utils/index.ts
 var sleep = (ms = 2e3) => new Promise((r) => setTimeout(r, ms));
 var CliError = class extends Error {
@@ -10390,6 +10438,7 @@ import { z as z24 } from "zod";
 var debug5 = Debug4("mobbdev:constants");
 dotenv.config({ path: path6.join(getModuleRootDir(), ".env") });
 var DEFAULT_API_URL = "https://api.mobb.ai/v1/graphql";
+var DEFAULT_WEB_APP_URL = "https://app.mobb.ai";
 var scmFriendlyText = {
   ["Ado" /* Ado */]: "Azure DevOps",
   ["Bitbucket" /* Bitbucket */]: "Bitbucket",
@@ -10416,13 +10465,16 @@ var scannerToVulnerabilityReportVendorEnum = {
 };
 var SupportedScannersZ = z24.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
 var envVariablesSchema = z24.object({
-  WEB_APP_URL: z24.string(),
-  API_URL: z24.string(),
-  HASURA_ACCESS_KEY: z24.string(),
-  LOCAL_GRAPHQL_ENDPOINT: z24.string(),
+  // These have safe defaults for production - the VS Code extension passes explicit URLs
+  WEB_APP_URL: z24.string().optional().default(DEFAULT_WEB_APP_URL),
+  API_URL: z24.string().optional().default(DEFAULT_API_URL),
+  // These are only needed for local development with Hasura
+  HASURA_ACCESS_KEY: z24.string().optional().default(""),
+  LOCAL_GRAPHQL_ENDPOINT: z24.string().optional().default(""),
+  // Proxy settings
   HTTP_PROXY: z24.string().optional().default(""),
   HTTPS_PROXY: z24.string().optional().default("")
-}).required();
+});
 var envVariables = envVariablesSchema.parse(process.env);
 debug5("config %o", envVariables);
 var mobbAscii = `
@@ -10475,9 +10527,9 @@ var errorMessages = {
   )} is needed if you're adding an SCM token`
 };
 var progressMassages = {
-  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report proccessed successfully",
-  processingVulnerabilityReport: "\u2699\uFE0F  Proccessing vulnerability report",
-  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Proccessing vulnerability report"
+  processingVulnerabilityReportSuccess: "\u2699\uFE0F  Vulnerability report processed successfully",
+  processingVulnerabilityReport: "\u2699\uFE0F  Processing vulnerability report",
+  processingVulnerabilityReportFailed: "\u2699\uFE0F  Error Processing vulnerability report"
 };
 var VUL_REPORT_DIGEST_TIMEOUT_MS = 1e3 * 60 * 30;
 
@@ -10977,10 +11029,12 @@ var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
     __publicField(this, "_clientSdk");
+    __publicField(this, "_apiUrl");
     __publicField(this, "_auth");
     debug6(`init with  ${args}`);
     this._auth = args;
-    this._client = new GraphQLClient(API_URL, {
+    this._apiUrl = args.apiUrl || API_URL;
+    this._client = new GraphQLClient(this._apiUrl, {
       headers: args.type === "apiKey" ? { [API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
@@ -11278,12 +11332,12 @@ var GQLClient = class {
             apiKey: this._auth.apiKey,
             type: "apiKey",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           } : {
             token: this._auth.token,
             type: "token",
             timeoutInMs: params.timeoutInMs,
-            proxyAgent: getProxyAgent(API_URL)
+            proxyAgent: getProxyAgent(this._apiUrl)
           }
         );
       }
@@ -11369,29 +11423,37 @@ var configStore = getConfigStore();
 var debug7 = Debug6("mobbdev:commands");
 var LOGIN_MAX_WAIT = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY = 5 * 1e3;
-var webLoginUrl = `${WEB_APP_URL}/cli-login`;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk3.bgBlue(
   "press any key to continue"
 )};`;
 async function getAuthenticatedGQLClient({
   inputApiKey = "",
-  isSkipPrompts = true
+  isSkipPrompts = true,
+  apiUrl,
+  webAppUrl
 }) {
   let gqlClient = new GQLClient({
     apiKey: inputApiKey || configStore.get("apiToken") || "",
-    type: "apiKey"
+    type: "apiKey",
+    apiUrl
   });
   gqlClient = await handleMobbLogin({
     inGqlClient: gqlClient,
-    skipPrompts: isSkipPrompts
+    skipPrompts: isSkipPrompts,
+    apiUrl,
+    webAppUrl
   });
   return gqlClient;
 }
 async function handleMobbLogin({
   inGqlClient,
   apiKey,
-  skipPrompts
+  skipPrompts,
+  apiUrl,
+  webAppUrl
 }) {
+  const resolvedWebAppUrl = webAppUrl || WEB_APP_URL;
+  const resolvedApiUrl = apiUrl || API_URL;
   const { createSpinner: createSpinner5 } = Spinner({ ci: skipPrompts });
   const isConnected = await inGqlClient.verifyApiConnection();
   if (!isConnected) {
@@ -11433,7 +11495,7 @@ async function handleMobbLogin({
   const loginId = await inGqlClient.createCliLogin({
     publicKey: publicKey.export({ format: "pem", type: "pkcs1" }).toString()
   });
-  const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os.hostname()}`;
+  const browserUrl = `${resolvedWebAppUrl}/cli-login/${loginId}?hostname=${os.hostname()}`;
   !skipPrompts && console.log(
     `If the page does not open automatically, kindly access it through ${browserUrl}.`
   );
@@ -11458,7 +11520,11 @@ async function handleMobbLogin({
     });
     throw new CliError();
   }
-  const newGqlClient = new GQLClient({ apiKey: newApiToken, type: "apiKey" });
+  const newGqlClient = new GQLClient({
+    apiKey: newApiToken,
+    type: "apiKey",
+    apiUrl: resolvedApiUrl
+  });
   const loginSuccess = await newGqlClient.validateUserToken();
   if (loginSuccess) {
     debug7(`set api token ${newApiToken}`);
@@ -12141,7 +12207,7 @@ import AdmZip from "adm-zip";
 import Debug13 from "debug";
 import { globby } from "globby";
 import { isBinary as isBinary2 } from "istextorbinary";
-import { simpleGit as simpleGit2 } from "simple-git";
+import { simpleGit as simpleGit3 } from "simple-git";
 import { parseStringPromise } from "xml2js";
 import { z as z28 } from "zod";
 var debug14 = Debug13("mobbdev:pack");
@@ -12169,7 +12235,7 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
   debug14("pack folder %s", srcDirPath);
   let git = void 0;
   try {
-    git = simpleGit2({
+    git = simpleGit3({
       baseDir: srcDirPath,
       maxConcurrentProcesses: 1,
       trimmed: true
@@ -13561,8 +13627,6 @@ import z31 from "zod";
 
 // src/utils/sanitize-sensitive-data.ts
 import { OpenRedaction } from "@openredaction/openredaction";
-import { spawn } from "child_process";
-import { installGitleaks } from "gitleaks-secret-scanner/lib/installer.js";
 var openRedaction = new OpenRedaction({
   patterns: [
     // Core Personal Data
@@ -13580,42 +13644,36 @@ var openRedaction = new OpenRedaction({
     "VISA_NUMBER",
     "VISA_MRZ",
     "TAX_ID",
-    // Financial Data
+    // Financial Data (removed SWIFT_BIC - too broad, matches bank code formats in variables)
     "CREDIT_CARD",
     "IBAN",
     "BANK_ACCOUNT_UK",
     "ROUTING_NUMBER_US",
-    "SWIFT_BIC",
     "CARD_TRACK1_DATA",
     "CARD_TRACK2_DATA",
     "CARD_EXPIRY",
     "CARD_AUTH_CODE",
-    // Cryptocurrency
-    "BITCOIN_ADDRESS",
+    // Cryptocurrency (removed BITCOIN_ADDRESS - too broad, matches hash-like strings)
     "ETHEREUM_ADDRESS",
     "LITECOIN_ADDRESS",
     "CARDANO_ADDRESS",
     "SOLANA_ADDRESS",
     "MONERO_ADDRESS",
     "RIPPLE_ADDRESS",
-    // Medical Data
+    // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
     "NHS_NUMBER",
     "MEDICAL_RECORD_NUMBER",
     "AUSTRALIAN_MEDICARE",
     "HEALTH_PLAN_NUMBER",
-    "PRESCRIPTION_NUMBER",
     "PATIENT_ID",
-    // Communications
+    // Communications (removed EMERGENCY_CONTACT, ADDRESS_PO_BOX, ZIP_CODE_US - too broad)
     "PHONE_US",
     "PHONE_UK",
     "PHONE_UK_MOBILE",
     "PHONE_INTERNATIONAL",
     "PHONE_LINE_NUMBER",
-    "EMERGENCY_CONTACT",
     "ADDRESS_STREET",
-    "ADDRESS_PO_BOX",
     "POSTCODE_UK",
-    "ZIP_CODE_US",
     // Network & Technical
     "IPV4",
     "IPV6",
@@ -13656,63 +13714,6 @@ var openRedaction = new OpenRedaction({
     "CLIENT_ID"
   ]
 });
-var gitleaksBinaryPath = null;
-async function initializeGitleaks() {
-  try {
-    gitleaksBinaryPath = await installGitleaks({ version: "8.27.2" });
-    return gitleaksBinaryPath;
-  } catch {
-    return null;
-  }
-}
-var gitleaksInitPromise = initializeGitleaks();
-async function detectSecretsWithGitleaks(text) {
-  const secrets = /* @__PURE__ */ new Set();
-  const binaryPath = gitleaksBinaryPath || await gitleaksInitPromise;
-  if (!binaryPath) {
-    return secrets;
-  }
-  return new Promise((resolve) => {
-    const gitleaks = spawn(
-      binaryPath,
-      [
-        "detect",
-        "--pipe",
-        "--no-banner",
-        "--exit-code",
-        "0",
-        "--report-format",
-        "json"
-      ],
-      {
-        stdio: ["pipe", "pipe", "ignore"]
-      }
-    );
-    let output = "";
-    gitleaks.stdout.on("data", (data) => {
-      output += data.toString();
-    });
-    gitleaks.on("close", () => {
-      try {
-        const findings = JSON.parse(output);
-        if (Array.isArray(findings)) {
-          for (const finding of findings) {
-            if (finding.Secret) {
-              secrets.add(finding.Secret);
-            }
-          }
-        }
-      } catch {
-      }
-      resolve(secrets);
-    });
-    gitleaks.on("error", () => {
-      resolve(secrets);
-    });
-    gitleaks.stdin.write(text);
-    gitleaks.stdin.end();
-  });
-}
 function maskString(str, showStart = 2, showEnd = 2) {
   if (str.length <= showStart + showEnd) {
     return "*".repeat(str.length);
@@ -13721,8 +13722,7 @@ function maskString(str, showStart = 2, showEnd = 2) {
 }
 async function sanitizeDataWithCounts(obj) {
   const counts = {
-    pii: { total: 0, high: 0, medium: 0, low: 0 },
-    secrets: 0
+    detections: { total: 0, high: 0, medium: 0, low: 0 }
   };
   const sanitizeString = async (str) => {
     let result = str;
@@ -13734,20 +13734,14 @@ async function sanitizeDataWithCounts(obj) {
         ...piiDetections.low
       ];
       for (const detection of allDetections) {
-        counts.pii.total++;
-        if (detection.severity === "high") counts.pii.high++;
-        else if (detection.severity === "medium") counts.pii.medium++;
-        else if (detection.severity === "low") counts.pii.low++;
+        counts.detections.total++;
+        if (detection.severity === "high") counts.detections.high++;
+        else if (detection.severity === "medium") counts.detections.medium++;
+        else if (detection.severity === "low") counts.detections.low++;
         const masked = maskString(detection.value);
         result = result.replaceAll(detection.value, masked);
       }
     }
-    const secrets = await detectSecretsWithGitleaks(result);
-    counts.secrets += secrets.size;
-    for (const secret of secrets) {
-      const masked = maskString(secret);
-      result = result.replaceAll(secret, masked);
-    }
     return result;
   };
   const sanitizeRecursive = async (data) => {
@@ -13858,7 +13852,8 @@ async function uploadAiBlameHandlerFromExtension(args) {
     model: [],
     toolName: [],
     aiResponseAt: [],
-    blameType: []
+    blameType: [],
+    sessionId: []
   };
   let promptsCounts;
   let inferenceCounts;
@@ -13891,6 +13886,9 @@ async function uploadAiBlameHandlerFromExtension(args) {
       uploadArgs.toolName.push(args.tool);
       uploadArgs.aiResponseAt.push(args.responseTime);
       uploadArgs.blameType.push(args.blameType || "CHAT" /* Chat */);
+      if (args.sessionId) {
+        uploadArgs.sessionId.push(args.sessionId);
+      }
       await uploadAiBlameHandler(uploadArgs, false);
     });
   });
@@ -13908,6 +13906,7 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
   const tools = args.toolName || args["tool-name"] || [];
   const responseTimes = args.aiResponseAt || args["ai-response-at"] || [];
   const blameTypes = args.blameType || args["blame-type"] || [];
+  const sessionIds = args.sessionId || args["session-id"] || [];
   if (prompts.length !== inferences.length) {
     const errorMsg = "prompt and inference must have the same number of entries";
     console.error(chalk9.red(errorMsg));
@@ -13943,14 +13942,18 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: tools[i],
       blameType: blameTypes[i] || "CHAT" /* Chat */,
       computerName,
-      userName
+      userName,
+      sessionId: sessionIds[i]
     });
   }
   const authenticatedClient = await getAuthenticatedGQLClient({
     isSkipPrompts: true
   });
+  const initSessions = sessions.map(
+    ({ sessionId: _sessionId, ...rest }) => rest
+  );
   const sanitizedSessions = await sanitizeData(
-    sessions
+    initSessions
   );
   const initRes = await authenticatedClient.uploadAIBlameInferencesInitRaw({
     sessions: sanitizedSessions
@@ -13996,7 +13999,8 @@ async function uploadAiBlameHandler(args, exitOnError = true) {
       toolName: s.toolName,
       blameType: s.blameType,
       computerName: s.computerName,
-      userName: s.userName
+      userName: s.userName,
+      sessionId: s.sessionId
     };
   });
   const sanitizedFinalizeSessions = await sanitizeData(
@@ -14799,8 +14803,8 @@ var McpAuthService = class {
       throw new CliLoginError("Error: createCliLogin failed");
     }
     logDebug(`cli login created ${loginId}`);
-    const webLoginUrl2 = `${WEB_APP_URL}/mvs-login`;
-    const browserUrl = `${webLoginUrl2}/${loginId}?hostname=${os4.hostname()}`;
+    const webLoginUrl = `${WEB_APP_URL}/mvs-login`;
+    const browserUrl = `${webLoginUrl}/${loginId}?hostname=${os4.hostname()}`;
     await this.openBrowser(browserUrl, isBackgoundCall);
     logDebug(`waiting for login to complete`);
     let newApiToken = null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.1.19",
+  "version": "1.1.23",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",
@@ -68,7 +68,6 @@
     "debug": "4.4.3",
     "dotenv": "16.6.1",
     "extract-zip": "2.0.1",
-    "gitleaks-secret-scanner": "1.2.2",
     "globby": "14.1.0",
     "graphql": "16.12.0",
     "graphql-request": "6.1.0",