mobbdev 1.1.7 → 1.1.9

package/dist/args/commands/upload_ai_blame.mjs

@@ -736,7 +736,7 @@ var GetVulByNodesMetadataDocument = `
     where: {id: {_eq: $vulnerabilityReportId}}
   ) {
     vulnerabilityReportIssues(
-      where: {fixId: {_is_null: true}, category: {_in: [Irrelevant, FalsePositive, Filtered]}}
+      where: {fixId: {_is_null: true}, category: {_in: [Irrelevant, FalsePositive, Filtered]}, _not: {vulnerabilityReportIssueTags: {vulnerability_report_issue_tag_value: {_eq: SUPPRESSED}}}}
     ) {
       id
       safeIssueType

package/dist/index.mjs

@@ -1996,7 +1996,7 @@ var GetVulByNodesMetadataDocument = `
     where: {id: {_eq: $vulnerabilityReportId}}
   ) {
     vulnerabilityReportIssues(
-      where: {fixId: {_is_null: true}, category: {_in: [Irrelevant, FalsePositive, Filtered]}}
+      where: {fixId: {_is_null: true}, category: {_in: [Irrelevant, FalsePositive, Filtered]}, _not: {vulnerabilityReportIssueTags: {vulnerability_report_issue_tag_value: {_eq: SUPPRESSED}}}}
     ) {
       id
       safeIssueType
@@ -7512,6 +7512,61 @@ var GET_BLAME_DOCUMENT = `
         }
       }
     `;
+var GITHUB_GRAPHQL_FRAGMENTS = {
+  /**
+   * Fragment for fetching PR additions/deletions.
+   * Use with pullRequest(number: $n) alias.
+   */
+  PR_CHANGES: `
+    additions
+    deletions
+  `,
+  /**
+   * Fragment for fetching PR comments.
+   * Returns first 100 comments with author info.
+   */
+  PR_COMMENTS: `
+    comments(first: 100) {
+      nodes {
+        author {
+          login
+          __typename
+        }
+        body
+      }
+    }
+  `,
+  /**
+   * Fragment for fetching blame data.
+   * Use with object(expression: $ref) on Commit type.
+   */
+  BLAME_RANGES: `
+    blame(path: "$path") {
+      ranges {
+        startingLine
+        endingLine
+        commit {
+          oid
+          author {
+            user {
+              name
+              login
+              email
+            }
+          }
+        }
+      }
+    }
+  `,
+  /**
+   * Fragment for fetching commit timestamp.
+   * Use with object(oid: $sha) on Commit type.
+   */
+  COMMIT_TIMESTAMP: `
+    oid
+    committedDate
+  `
+};
 
 // src/features/analysis/scm/github/utils/encrypt_secret.ts
 import sodium from "libsodium-wrappers";
@@ -7649,6 +7704,36 @@ async function githubValidateParams(url, accessToken) {
 
 // src/features/analysis/scm/github/github.ts
 var MAX_GH_PR_BODY_LENGTH = 65536;
+async function executeBatchGraphQL(octokit, owner, repo, config2) {
+  const { items, aliasPrefix, buildFragment, extractResult } = config2;
+  if (items.length === 0) {
+    return /* @__PURE__ */ new Map();
+  }
+  const fragments = items.map((item, index) => buildFragment(item, index)).join("\n");
+  const query = `
+    query Batch${aliasPrefix}($owner: String!, $repo: String!) {
+      repository(owner: $owner, name: $repo) {
+        ${fragments}
+      }
+    }
+  `;
+  const response = await octokit.graphql(query, { owner, repo });
+  const result = /* @__PURE__ */ new Map();
+  items.forEach((item, index) => {
+    const data = response.repository[`${aliasPrefix}${index}`];
+    if (data) {
+      const extracted = extractResult(
+        data,
+        item,
+        index
+      );
+      if (extracted !== void 0) {
+        result.set(item, extracted);
+      }
+    }
+  });
+  return result;
+}
 function getGithubSdk(params = {}) {
   const octokit = getOctoKit(params);
   return {
@@ -8114,6 +8199,119 @@ function getGithubSdk(params = {}) {
         pull_number: params2.pull_number
       });
       return { data };
+    },
+    /**
+     * Batch fetch additions/deletions for multiple PRs via GraphQL.
+     * Uses GITHUB_GRAPHQL_FRAGMENTS.PR_CHANGES for the field selection.
+     */
+    async getPrAdditionsDeletionsBatch(params2) {
+      return executeBatchGraphQL(octokit, params2.owner, params2.repo, {
+        items: params2.prNumbers,
+        aliasPrefix: "pr",
+        buildFragment: (prNumber, index) => `
+          pr${index}: pullRequest(number: ${prNumber}) {
+            ${GITHUB_GRAPHQL_FRAGMENTS.PR_CHANGES}
+          }`,
+        extractResult: (data) => {
+          const prData = data;
+          if (prData.additions !== void 0 && prData.deletions !== void 0) {
+            return {
+              additions: prData.additions,
+              deletions: prData.deletions
+            };
+          }
+          return void 0;
+        }
+      });
+    },
+    /**
+     * Batch fetch comments for multiple PRs via GraphQL.
+     * Uses GITHUB_GRAPHQL_FRAGMENTS.PR_COMMENTS for the field selection.
+     */
+    async getPrCommentsBatch(params2) {
+      return executeBatchGraphQL(octokit, params2.owner, params2.repo, {
+        items: params2.prNumbers,
+        aliasPrefix: "pr",
+        buildFragment: (prNumber, index) => `
+          pr${index}: pullRequest(number: ${prNumber}) {
+            ${GITHUB_GRAPHQL_FRAGMENTS.PR_COMMENTS}
+          }`,
+        extractResult: (data) => {
+          const prData = data;
+          if (prData.comments?.nodes) {
+            return prData.comments.nodes.map((node) => ({
+              author: node.author ? { login: node.author.login, type: node.author.__typename } : null,
+              body: node.body
+            }));
+          }
+          return void 0;
+        }
+      });
+    },
+    /**
+     * Batch fetch blame data for multiple files via GraphQL.
+     * Field selection matches GITHUB_GRAPHQL_FRAGMENTS.BLAME_RANGES pattern.
+     */
+    async getBlameBatch(params2) {
+      return executeBatchGraphQL(octokit, params2.owner, params2.repo, {
+        items: params2.filePaths,
+        aliasPrefix: "file",
+        buildFragment: (path22, index) => `
+          file${index}: object(expression: "${params2.ref}") {
+            ... on Commit {
+              blame(path: "${path22}") {
+                ranges {
+                  startingLine
+                  endingLine
+                  commit {
+                    oid
+                  }
+                }
+              }
+            }
+          }`,
+        extractResult: (data) => {
+          const fileData = data;
+          if (fileData.blame?.ranges) {
+            return fileData.blame.ranges.map((range) => ({
+              startingLine: range.startingLine,
+              endingLine: range.endingLine,
+              commitSha: range.commit.oid,
+              // This is an urgent fix. We need to later remove these fields from the return type and propagate the change.
+              email: "",
+              name: "",
+              login: ""
+            }));
+          }
+          return void 0;
+        }
+      });
+    },
+    /**
+     * Batch fetch commit timestamps for multiple commits via GraphQL.
+     * Uses GITHUB_GRAPHQL_FRAGMENTS.COMMIT_TIMESTAMP for the field selection.
+     */
+    async getCommitsBatch(params2) {
+      return executeBatchGraphQL(octokit, params2.owner, params2.repo, {
+        items: params2.commitShas,
+        aliasPrefix: "commit",
+        buildFragment: (sha, index) => `
+          commit${index}: object(oid: "${sha}") {
+            ... on Commit {
+              ${GITHUB_GRAPHQL_FRAGMENTS.COMMIT_TIMESTAMP}
+            }
+          }`,
+        extractResult: (data) => {
+          const commitData = data;
+          if (commitData.oid && commitData.committedDate) {
+            return {
+              sha: commitData.oid,
+              timestamp: new Date(commitData.committedDate)
+            };
+          }
+          return void 0;
+        }
+      });
     }
   };
 }
@@ -8382,7 +8580,7 @@ var GithubSCMLib = class extends SCMLib {
       comment_id: commentId
     });
   }
-  async getCommitDiff(commitSha) {
+  async getCommitDiff(commitSha, options) {
     this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
     const { commit, diff } = await this.githubSdk.getCommitWithDiff({
@@ -8393,43 +8591,49 @@ var GithubSCMLib = class extends SCMLib {
     const commitTimestamp = commit.commit.committer?.date ? new Date(commit.commit.committer.date) : new Date(commit.commit.author?.date || Date.now());
     let parentCommits;
     if (commit.parents && commit.parents.length > 0) {
+      if (options?.parentCommitTimestamps) {
+        parentCommits = commit.parents.map((p) => options.parentCommitTimestamps.get(p.sha)).filter((p) => p !== void 0);
+      } else {
+        try {
+          parentCommits = await Promise.all(
+            commit.parents.map(async (parent) => {
+              const parentCommit = await this.githubSdk.getCommit({
+                owner,
+                repo,
+                commitSha: parent.sha
+              });
+              const parentTimestamp = parentCommit.data.committer?.date ? new Date(parentCommit.data.committer.date) : new Date(Date.now());
+              return {
+                sha: parent.sha,
+                timestamp: parentTimestamp
+              };
+            })
+          );
+        } catch (error) {
+          console.error("Failed to fetch parent commit timestamps", {
+            error,
+            commitSha,
+            owner,
+            repo
+          });
+          parentCommits = void 0;
+        }
+      }
+    }
+    let repositoryCreatedAt = options?.repositoryCreatedAt;
+    if (repositoryCreatedAt === void 0) {
       try {
-        parentCommits = await Promise.all(
-          commit.parents.map(async (parent) => {
-            const parentCommit = await this.githubSdk.getCommit({
-              owner,
-              repo,
-              commitSha: parent.sha
-            });
-            const parentTimestamp = parentCommit.data.committer?.date ? new Date(parentCommit.data.committer.date) : new Date(Date.now());
-            return {
-              sha: parent.sha,
-              timestamp: parentTimestamp
-            };
-          })
-        );
+        const repoData = await this.githubSdk.getRepository({ owner, repo });
+        repositoryCreatedAt = repoData.data.created_at ? new Date(repoData.data.created_at) : void 0;
       } catch (error) {
-        console.error("Failed to fetch parent commit timestamps", {
+        console.error("Failed to fetch repository creation date", {
           error,
-          commitSha,
           owner,
           repo
         });
-        parentCommits = void 0;
+        repositoryCreatedAt = void 0;
       }
     }
-    let repositoryCreatedAt;
-    try {
-      const repoData = await this.githubSdk.getRepository({ owner, repo });
-      repositoryCreatedAt = repoData.data.created_at ? new Date(repoData.data.created_at) : void 0;
-    } catch (error) {
-      console.error("Failed to fetch repository creation date", {
-        error,
-        owner,
-        repo
-      });
-      repositoryCreatedAt = void 0;
-    }
     return {
       diff,
       commitTimestamp,
@@ -8445,15 +8649,37 @@ var GithubSCMLib = class extends SCMLib {
     this._validateAccessTokenAndUrl();
     const { owner, repo } = parseGithubOwnerAndRepo(this.url);
     const prNumber = Number(submitRequestId);
-    const [prRes, commitsRes, filesRes] = await Promise.all([
+    const [prRes, commitsRes, filesRes, repoData] = await Promise.all([
       this.githubSdk.getPr({ owner, repo, pull_number: prNumber }),
       this.githubSdk.getPrCommits({ owner, repo, pull_number: prNumber }),
-      this.githubSdk.listPRFiles({ owner, repo, pull_number: prNumber })
+      this.githubSdk.listPRFiles({ owner, repo, pull_number: prNumber }),
+      this.githubSdk.getRepository({ owner, repo })
     ]);
     const pr = prRes.data;
-    const prDiff = await this.getPrDiff({ pull_number: prNumber });
+    const repositoryCreatedAt = repoData.data.created_at ? new Date(repoData.data.created_at) : void 0;
+    const allParentShas = /* @__PURE__ */ new Set();
+    for (const commit of commitsRes.data) {
+      if (commit.parents) {
+        for (const parent of commit.parents) {
+          allParentShas.add(parent.sha);
+        }
+      }
+    }
+    const [parentCommitTimestamps, prDiff] = await Promise.all([
+      this.githubSdk.getCommitsBatch({
+        owner,
+        repo,
+        commitShas: Array.from(allParentShas)
+      }),
+      this.getPrDiff({ pull_number: prNumber })
+    ]);
     const commits = await Promise.all(
-      commitsRes.data.map((commit) => this.getCommitDiff(commit.sha))
+      commitsRes.data.map(
+        (commit) => this.getCommitDiff(commit.sha, {
+          repositoryCreatedAt,
+          parentCommitTimestamps
+        })
+      )
     );
     const diffLines = await this._attributeLinesViaBlame(
       pr.head.ref,
@@ -8480,104 +8706,83 @@ var GithubSCMLib = class extends SCMLib {
     this._validateAccessToken();
     const { owner, repo } = parseGithubOwnerAndRepo(repoUrl);
     const pullsRes = await this.githubSdk.getRepoPullRequests({ owner, repo });
-    const submitRequests = await Promise.all(
-      pullsRes.data.map(async (pr) => {
-        let status = "open";
-        if (pr.state === "closed") {
-          status = pr.merged_at ? "merged" : "closed";
-        } else if (pr.draft) {
-          status = "draft";
-        }
-        const [tickets, changedLines] = await Promise.all([
-          this._extractLinearTicketsFromPR(owner, repo, pr.number),
-          this._calculateChangedLinesFromPR(owner, repo, pr.number)
-        ]);
-        return {
-          submitRequestId: String(pr.number),
-          submitRequestNumber: pr.number,
-          title: pr.title,
-          status,
-          sourceBranch: pr.head.ref,
-          targetBranch: pr.base.ref,
-          authorName: pr.user?.name || pr.user?.login,
-          authorEmail: pr.user?.email || void 0,
-          createdAt: new Date(pr.created_at),
-          updatedAt: new Date(pr.updated_at),
-          description: pr.body || void 0,
-          tickets,
-          changedLines
-        };
-      })
-    );
+    const prNumbers = pullsRes.data.map((pr) => pr.number);
+    const [additionsDeletionsMap, commentsMap] = await Promise.all([
+      this.githubSdk.getPrAdditionsDeletionsBatch({ owner, repo, prNumbers }),
+      this.githubSdk.getPrCommentsBatch({ owner, repo, prNumbers })
+    ]);
+    const submitRequests = pullsRes.data.map((pr) => {
+      let status = "open";
+      if (pr.state === "closed") {
+        status = pr.merged_at ? "merged" : "closed";
+      } else if (pr.draft) {
+        status = "draft";
+      }
+      const changedLinesData = additionsDeletionsMap.get(pr.number);
+      const changedLines = changedLinesData ? {
+        added: changedLinesData.additions,
+        removed: changedLinesData.deletions
+      } : { added: 0, removed: 0 };
+      const comments = commentsMap.get(pr.number) || [];
+      const tickets = this._extractLinearTicketsFromComments(comments);
+      return {
+        submitRequestId: String(pr.number),
+        submitRequestNumber: pr.number,
+        title: pr.title,
+        status,
+        sourceBranch: pr.head.ref,
+        targetBranch: pr.base.ref,
+        authorName: pr.user?.name || pr.user?.login,
+        authorEmail: pr.user?.email || void 0,
+        createdAt: new Date(pr.created_at),
+        updatedAt: new Date(pr.updated_at),
+        description: pr.body || void 0,
+        tickets,
+        changedLines
+      };
+    });
     return submitRequests;
   }
-  async _extractLinearTicketsFromPR(owner, repo, prNumber) {
-    try {
-      const commentsRes = await this.githubSdk.getGeneralPrComments({
-        owner,
-        repo,
-        issue_number: prNumber
-      });
-      const tickets = [];
-      for (const comment of commentsRes.data) {
-        if (comment.user?.login === "linear[bot]" || comment.user?.type === "Bot") {
-          const htmlLinkPattern = /<a href="(https:\/\/linear\.app\/[^"]+)">([A-Z]+-\d+)<\/a>/g;
-          let match;
-          while ((match = htmlLinkPattern.exec(comment.body || "")) !== null) {
-            const url = match[1];
-            const name = match[2];
-            if (!name || !url) {
-              continue;
-            }
-            const urlParts = url.split("/");
-            const titleSlug = urlParts[urlParts.length - 1] || "";
-            const title = titleSlug.replace(/-/g, " ");
-            tickets.push({ name, title, url });
-          }
-          const markdownLinkPattern = /\[([A-Z]+-\d+)\]\((https:\/\/linear\.app\/[^)]+)\)/g;
-          while ((match = markdownLinkPattern.exec(comment.body || "")) !== null) {
-            const name = match[1];
-            const url = match[2];
-            if (tickets.some((t) => t.name === name && t.url === url)) {
-              continue;
-            }
-            if (!name || !url) {
-              continue;
-            }
-            const urlParts = url.split("/");
-            const titleSlug = urlParts[urlParts.length - 1] || "";
-            const title = titleSlug.replace(/-/g, " ");
-            tickets.push({ name, title, url });
+  /**
+   * Parse a Linear ticket from URL and name
+   * Returns null if invalid or missing data
+   */
+  _parseLinearTicket(url, name) {
+    if (!name || !url) return null;
+    const urlParts = url.split("/");
+    const titleSlug = urlParts[urlParts.length - 1] || "";
+    const title = titleSlug.replace(/-/g, " ");
+    return { name, title, url };
+  }
+  /**
+   * Extract Linear ticket links from pre-fetched comments (pure function, no API calls)
+   */
+  _extractLinearTicketsFromComments(comments) {
+    const tickets = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const comment of comments) {
+      if (comment.author?.login === "linear[bot]" || comment.author?.type === "Bot") {
+        const body = comment.body || "";
+        const htmlPattern = /<a href="(https:\/\/linear\.app\/[^"]+)">([A-Z]+-\d+)<\/a>/g;
+        let match;
+        while ((match = htmlPattern.exec(body)) !== null) {
+          const ticket = this._parseLinearTicket(match[1], match[2]);
+          if (ticket && !seen.has(`${ticket.name}|${ticket.url}`)) {
+            seen.add(`${ticket.name}|${ticket.url}`);
+            tickets.push(ticket);
           }
         }
-      }
-      return tickets;
-    } catch (error) {
-      return [];
-    }
-  }
-  async _calculateChangedLinesFromPR(owner, repo, prNumber) {
-    try {
-      const diffRes = await this.githubSdk.getPrDiff({
-        owner,
-        repo,
-        pull_number: prNumber
-      });
-      const diff = z21.string().parse(diffRes.data);
-      let added = 0;
-      let removed = 0;
-      const lines = diff.split("\n");
-      for (const line of lines) {
-        if (line.startsWith("+") && !line.startsWith("+++")) {
-          added++;
-        } else if (line.startsWith("-") && !line.startsWith("---")) {
-          removed++;
+        const markdownPattern = /\[([A-Z]+-\d+)\]\((https:\/\/linear\.app\/[^)]+)\)/g;
+        while ((match = markdownPattern.exec(body)) !== null) {
+          const ticket = this._parseLinearTicket(match[2], match[1]);
+          if (ticket && !seen.has(`${ticket.name}|${ticket.url}`)) {
+            seen.add(`${ticket.name}|${ticket.url}`);
+            tickets.push(ticket);
+          }
         }
       }
-      return { added, removed };
-    } catch (error) {
-      return { added: 0, removed: 0 };
     }
+    return tickets;
   }
   /**
    * Optimized helper to parse added line numbers from a unified diff patch
@@ -8605,48 +8810,59 @@ var GithubSCMLib = class extends SCMLib {
     return addedLines;
   }
   /**
-   * Attribute lines in a single file to their commits using blame
+   * Process blame data for a single file to attribute lines to commits
+   * Uses pre-fetched blame data instead of making API calls
    */
-  async _attributeFileLines(file, headRef, prCommitShas) {
-    try {
-      const blame = await this.getRepoBlameRanges(headRef, file.filename);
-      const addedLines = this._parseAddedLinesFromPatch(file.patch);
-      const addedLinesSet = new Set(addedLines);
-      const fileAttributions = [];
-      for (const blameRange of blame) {
-        if (!prCommitShas.has(blameRange.commitSha)) {
-          continue;
-        }
-        for (let lineNum = blameRange.startingLine; lineNum <= blameRange.endingLine; lineNum++) {
-          if (addedLinesSet.has(lineNum)) {
-            fileAttributions.push({
-              file: file.filename,
-              line: lineNum,
-              commitSha: blameRange.commitSha
-            });
-          }
+  _processFileBlameSafe(file, blameData, prCommitShas) {
+    const addedLines = this._parseAddedLinesFromPatch(file.patch);
+    const addedLinesSet = new Set(addedLines);
+    const fileAttributions = [];
+    for (const blameRange of blameData) {
+      if (!prCommitShas.has(blameRange.commitSha)) {
+        continue;
+      }
+      for (let lineNum = blameRange.startingLine; lineNum <= blameRange.endingLine; lineNum++) {
+        if (addedLinesSet.has(lineNum)) {
+          fileAttributions.push({
+            file: file.filename,
+            line: lineNum,
+            commitSha: blameRange.commitSha
+          });
         }
       }
-      return fileAttributions;
-    } catch (error) {
-      return [];
     }
+    return fileAttributions;
   }
   /**
    * Optimized helper to attribute PR lines to commits using blame API
-   * Parallel blame queries for minimal API call time
+   * Batch blame queries for minimal API call time (1 call instead of M calls)
    */
   async _attributeLinesViaBlame(headRef, changedFiles, prCommits) {
     const prCommitShas = new Set(prCommits.map((c) => c.commitSha));
     const filesWithAdditions = changedFiles.filter(
       (file) => file.patch?.includes("\n+")
     );
-    const attributions = await Promise.all(
-      filesWithAdditions.map(
-        (file) => this._attributeFileLines(file, headRef, prCommitShas)
-      )
-    );
-    return attributions.flat();
+    if (filesWithAdditions.length === 0) {
+      return [];
+    }
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const blameMap = await this.githubSdk.getBlameBatch({
+      owner,
+      repo,
+      ref: headRef,
+      filePaths: filesWithAdditions.map((f) => f.filename)
+    });
+    const allAttributions = [];
+    for (const file of filesWithAdditions) {
+      const blameData = blameMap.get(file.filename) || [];
+      const fileAttributions = this._processFileBlameSafe(
+        file,
+        blameData,
+        prCommitShas
+      );
+      allAttributions.push(...fileAttributions);
+    }
+    return allAttributions;
   }
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.1.7",
+  "version": "1.1.9",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",