mobbdev 1.2.1 → 1.2.3

package/README.md

@@ -175,6 +175,24 @@ Here is a simple example of a command line that will run Bugsy in your pipeline:
 npx mobbdev analyze --ci --scan-file $SAST_RESULTS_FILENAME --repo $CI_PROJECT_URL --ref $CI_COMMIT_REF_NAME --api-key $MOBB_API_KEY
 ```
 
+### Polling Mode
+
+By default, Bugsy uses WebSocket connections for real-time status updates during analysis. However, some proxy environments or firewalls may block WebSocket connections. In these cases, you can use the `--polling` flag to use HTTP polling instead:
+
+```shell
+npx mobbdev analyze --scan-file report.json --repo https://github.com/org/repo --polling
+```
+
+**When to use `--polling`:**
+- Your network blocks WebSocket connections (ws:// or wss://)
+- You're behind a corporate proxy that doesn't support WebSocket
+- You experience connection timeouts with the default WebSocket mode
+
+**Polling characteristics:**
+- Polling interval: 5 seconds
+- Timeout: 30 minutes
+- Slightly higher latency compared to WebSocket mode, but works in restricted environments
+
 ## Contribution
 
 Install the dependencies and run the tests:

package/dist/args/commands/upload_ai_blame.d.mts

@@ -21,7 +21,7 @@ type Logger = {
     error: (msg: string, data?: unknown) => void;
 };
 declare const PromptItemZ: z.ZodObject<{
-    type: z.ZodEnum<["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]>;
+    type: z.ZodEnum<["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING", "MCP_TOOL_CALL"]>;
     attachedFiles: z.ZodOptional<z.ZodArray<z.ZodObject<{
         relativePath: z.ZodString;
         startLine: z.ZodOptional<z.ZodNumber>;
@@ -50,30 +50,28 @@ declare const PromptItemZ: z.ZodObject<{
         result: z.ZodString;
         rawArguments: z.ZodOptional<z.ZodString>;
         accepted: z.ZodOptional<z.ZodBoolean>;
+        mcpServer: z.ZodOptional<z.ZodString>;
+        mcpToolName: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING";
-    tool?: {
-        name: string;
-        parameters: string;
-        result: string;
-        accepted?: boolean | undefined;
-        rawArguments?: string | undefined;
-    } | undefined;
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -82,17 +80,19 @@ declare const PromptItemZ: z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
-}, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING";
+    text?: string | undefined;
     tool?: {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
     } | undefined;
+}, {
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -101,10 +101,20 @@ declare const PromptItemZ: z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
+    text?: string | undefined;
+    tool?: {
+        name: string;
+        parameters: string;
+        result: string;
+        rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
+    } | undefined;
 }>;
 type PromptItem = z.infer<typeof PromptItemZ>;
 declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
-    type: z.ZodEnum<["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]>;
+    type: z.ZodEnum<["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING", "MCP_TOOL_CALL"]>;
     attachedFiles: z.ZodOptional<z.ZodArray<z.ZodObject<{
         relativePath: z.ZodString;
         startLine: z.ZodOptional<z.ZodNumber>;
@@ -133,30 +143,28 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         result: z.ZodString;
         rawArguments: z.ZodOptional<z.ZodString>;
         accepted: z.ZodOptional<z.ZodBoolean>;
+        mcpServer: z.ZodOptional<z.ZodString>;
+        mcpToolName: z.ZodOptional<z.ZodString>;
     }, "strip", z.ZodTypeAny, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
     }, {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
     }>>;
 }, "strip", z.ZodTypeAny, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING";
-    tool?: {
-        name: string;
-        parameters: string;
-        result: string;
-        accepted?: boolean | undefined;
-        rawArguments?: string | undefined;
-    } | undefined;
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -165,17 +173,19 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
-}, {
-    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING";
+    text?: string | undefined;
     tool?: {
         name: string;
         parameters: string;
         result: string;
-        accepted?: boolean | undefined;
         rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
     } | undefined;
+}, {
+    type: "USER_PROMPT" | "AI_RESPONSE" | "TOOL_EXECUTION" | "AI_THINKING" | "MCP_TOOL_CALL";
     date?: Date | undefined;
-    text?: string | undefined;
     attachedFiles?: {
         relativePath: string;
         startLine?: number | undefined;
@@ -184,6 +194,16 @@ declare const PromptItemArrayZ: z.ZodArray<z.ZodObject<{
         inputCount: number;
         outputCount: number;
     } | undefined;
+    text?: string | undefined;
+    tool?: {
+        name: string;
+        parameters: string;
+        result: string;
+        rawArguments?: string | undefined;
+        accepted?: boolean | undefined;
+        mcpServer?: string | undefined;
+        mcpToolName?: string | undefined;
+    } | undefined;
 }>, "many">;
 type PromptItemArray = z.infer<typeof PromptItemArrayZ>;
 type UploadAiBlameOptions = {

package/dist/args/commands/upload_ai_blame.mjs

@@ -6401,6 +6401,61 @@ var GQLClient = class {
       }
     );
   }
+  async pollForAnalysisState(params) {
+    const { analysisId, callbackStates, callback, timeoutInMs } = params;
+    const startTime = Date.now();
+    const maxDuration = timeoutInMs ?? 30 * 60 * 1e3;
+    const pollingIntervalSec = REPORT_STATE_CHECK_DELAY / 1e3;
+    debug6(
+      `[pollForAnalysisState] Starting polling for analysis ${analysisId}, target states: ${callbackStates.join(", ")}, interval: ${pollingIntervalSec}s`
+    );
+    let isPolling = true;
+    let pollCount = 0;
+    while (isPolling) {
+      pollCount++;
+      const elapsedSec = Math.round((Date.now() - startTime) / 1e3);
+      if (Date.now() - startTime > maxDuration) {
+        debug6(
+          `[pollForAnalysisState] Timeout expired after ${pollCount} polls (${elapsedSec}s)`
+        );
+        throw new ReportDigestError(
+          `Polling timeout expired for analysis: ${analysisId} with timeout: ${maxDuration}ms`,
+          `Analysis timed out after ${Math.round(maxDuration / 6e4)} minutes. Please try again or check the Mobb platform for status.`
+        );
+      }
+      debug6(
+        `[pollForAnalysisState] Poll #${pollCount} (elapsed: ${elapsedSec}s) - fetching analysis state...`
+      );
+      const analysis = await this.getAnalysis(analysisId);
+      debug6(
+        `[pollForAnalysisState] Poll #${pollCount} - current state: ${analysis.state}`
+      );
+      if (!analysis.state || analysis.state === "Failed" /* Failed */) {
+        const errorMessage = analysis.failReason || `Analysis failed with id: ${analysis.id}`;
+        debug6(`[pollForAnalysisState] Analysis failed: ${errorMessage}`);
+        throw new ReportDigestError(errorMessage, analysis.failReason ?? "");
+      }
+      if (callbackStates.includes(analysis.state)) {
+        debug6(
+          `[pollForAnalysisState] Target state reached: ${analysis.state} after ${pollCount} polls (${elapsedSec}s)`
+        );
+        await callback(analysis.id);
+        isPolling = false;
+        return {
+          analysis: {
+            id: analysis.id,
+            state: analysis.state,
+            failReason: analysis.failReason
+          }
+        };
+      }
+      debug6(
+        `[pollForAnalysisState] State ${analysis.state} not in target states, waiting ${pollingIntervalSec}s before next poll...`
+      );
+      await sleep(REPORT_STATE_CHECK_DELAY);
+    }
+    throw new Error(`Unexpected end of polling for analysis: ${analysisId}`);
+  }
   async getFixReportsByRepoUrl({ repoUrl }) {
     const res = await this._clientSdk.GetFixReportsByRepoUrl({
       repoUrl
@@ -7061,7 +7116,14 @@ var defaultLogger = {
   }
 };
 var PromptItemZ = z26.object({
-  type: z26.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
+  type: z26.enum([
+    "USER_PROMPT",
+    "AI_RESPONSE",
+    "TOOL_EXECUTION",
+    "AI_THINKING",
+    "MCP_TOOL_CALL"
+    // MCP (Model Context Protocol) tool invocation
+  ]),
   attachedFiles: z26.array(
     z26.object({
       relativePath: z26.string(),
@@ -7079,7 +7141,12 @@ var PromptItemZ = z26.object({
     parameters: z26.string(),
     result: z26.string(),
     rawArguments: z26.string().optional(),
-    accepted: z26.boolean().optional()
+    accepted: z26.boolean().optional(),
+    // MCP-specific fields (only populated for MCP_TOOL_CALL type)
+    mcpServer: z26.string().optional(),
+    // MCP server name (e.g., "datadog", "mobb-mcp")
+    mcpToolName: z26.string().optional()
+    // MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
   }).optional()
 });
 var PromptItemArrayZ = z26.array(PromptItemZ);

package/dist/index.mjs

@@ -11524,6 +11524,13 @@ var convertToSarifCodePathPatternsOption = {
   type: "string",
   array: true
 };
+var pollingOption = {
+  describe: chalk2.bold(
+    "Use HTTP polling instead of WebSocket for status updates. Useful for proxy environments or firewalls that block WebSocket connections. Polling interval: 5 seconds, timeout: 30 minutes."
+  ),
+  type: "boolean",
+  default: false
+};
 
 // src/args/commands/convert_to_sarif.ts
 function convertToSarifBuilder(args) {
@@ -12236,6 +12243,61 @@ var GQLClient = class {
       }
     );
   }
+  async pollForAnalysisState(params) {
+    const { analysisId, callbackStates, callback, timeoutInMs } = params;
+    const startTime = Date.now();
+    const maxDuration = timeoutInMs ?? 30 * 60 * 1e3;
+    const pollingIntervalSec = REPORT_STATE_CHECK_DELAY / 1e3;
+    debug6(
+      `[pollForAnalysisState] Starting polling for analysis ${analysisId}, target states: ${callbackStates.join(", ")}, interval: ${pollingIntervalSec}s`
+    );
+    let isPolling = true;
+    let pollCount = 0;
+    while (isPolling) {
+      pollCount++;
+      const elapsedSec = Math.round((Date.now() - startTime) / 1e3);
+      if (Date.now() - startTime > maxDuration) {
+        debug6(
+          `[pollForAnalysisState] Timeout expired after ${pollCount} polls (${elapsedSec}s)`
+        );
+        throw new ReportDigestError(
+          `Polling timeout expired for analysis: ${analysisId} with timeout: ${maxDuration}ms`,
+          `Analysis timed out after ${Math.round(maxDuration / 6e4)} minutes. Please try again or check the Mobb platform for status.`
+        );
+      }
+      debug6(
+        `[pollForAnalysisState] Poll #${pollCount} (elapsed: ${elapsedSec}s) - fetching analysis state...`
+      );
+      const analysis = await this.getAnalysis(analysisId);
+      debug6(
+        `[pollForAnalysisState] Poll #${pollCount} - current state: ${analysis.state}`
+      );
+      if (!analysis.state || analysis.state === "Failed" /* Failed */) {
+        const errorMessage = analysis.failReason || `Analysis failed with id: ${analysis.id}`;
+        debug6(`[pollForAnalysisState] Analysis failed: ${errorMessage}`);
+        throw new ReportDigestError(errorMessage, analysis.failReason ?? "");
+      }
+      if (callbackStates.includes(analysis.state)) {
+        debug6(
+          `[pollForAnalysisState] Target state reached: ${analysis.state} after ${pollCount} polls (${elapsedSec}s)`
+        );
+        await callback(analysis.id);
+        isPolling = false;
+        return {
+          analysis: {
+            id: analysis.id,
+            state: analysis.state,
+            failReason: analysis.failReason
+          }
+        };
+      }
+      debug6(
+        `[pollForAnalysisState] State ${analysis.state} not in target states, waiting ${pollingIntervalSec}s before next poll...`
+      );
+      await sleep(REPORT_STATE_CHECK_DELAY);
+    }
+    throw new Error(`Unexpected end of polling for analysis: ${analysisId}`);
+  }
   async getFixReportsByRepoUrl({ repoUrl }) {
     const res = await this._clientSdk.GetFixReportsByRepoUrl({
       repoUrl
@@ -12636,7 +12698,8 @@ var debug8 = Debug7("mobbdev:index");
 async function sendReport({
   spinner,
   submitVulnerabilityReportVariables,
-  gqlClient
+  gqlClient,
+  polling
 }) {
   try {
     const submitRes = await gqlClient.submitVulnerabilityReport(
@@ -12647,19 +12710,32 @@ async function sendReport({
       throw new Error("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
     }
     spinner.update({ text: progressMassages.processingVulnerabilityReport });
-    await gqlClient.subscribeToAnalysis({
-      subscribeToAnalysisParams: {
-        analysisId: submitRes.submitVulnerabilityReport.fixReportId
-      },
-      callback: () => spinner.update({
-        text: "\u2699\uFE0F Vulnerability report processed successfully"
-      }),
-      callbackStates: [
-        "Digested" /* Digested */,
-        "Finished" /* Finished */
-      ],
-      timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+    const callback = (_analysisId) => spinner.update({
+      text: "\u2699\uFE0F Vulnerability report processed successfully"
     });
+    const callbackStates = [
+      "Digested" /* Digested */,
+      "Finished" /* Finished */
+    ];
+    if (polling) {
+      debug8("[sendReport] Using POLLING mode for analysis state updates");
+      await gqlClient.pollForAnalysisState({
+        analysisId: submitRes.submitVulnerabilityReport.fixReportId,
+        callback,
+        callbackStates,
+        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+      });
+    } else {
+      debug8("[sendReport] Using WEBSOCKET mode for analysis state updates");
+      await gqlClient.subscribeToAnalysis({
+        subscribeToAnalysisParams: {
+          analysisId: submitRes.submitVulnerabilityReport.fixReportId
+        },
+        callback,
+        callbackStates,
+        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+      });
+    }
     return submitRes;
   } catch (e) {
     spinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
@@ -13197,44 +13273,57 @@ async function handleAutoPr(params) {
     commitDirectly,
     prId,
     createSpinner: createSpinner5,
-    createOnePr
+    createOnePr,
+    polling
   } = params;
   const createAutoPrSpinner = createSpinner5(
     "\u{1F504} Waiting for the analysis to finish before initiating automatic pull request creation"
   ).start();
-  return await gqlClient.subscribeToAnalysis({
-    subscribeToAnalysisParams: {
-      analysisId
-    },
-    callback: async (analysisId2) => {
-      const autoPrAnalysisRes = await gqlClient.autoPrAnalysis({
-        analysisId: analysisId2,
-        commitDirectly,
-        prId,
-        prStrategy: createOnePr ? "CONDENSE" /* Condense */ : "SPREAD" /* Spread */
+  const callback = async (analysisId2) => {
+    const autoPrAnalysisRes = await gqlClient.autoPrAnalysis({
+      analysisId: analysisId2,
+      commitDirectly,
+      prId,
+      prStrategy: createOnePr ? "CONDENSE" /* Condense */ : "SPREAD" /* Spread */
+    });
+    debug12("auto pr analysis res %o", autoPrAnalysisRes);
+    if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
+      createAutoPrSpinner.error({
+        text: `\u{1F504} Automatic pull request failed - ${autoPrAnalysisRes.autoPrAnalysis.error}`
       });
-      debug12("auto pr analysis res %o", autoPrAnalysisRes);
-      if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
-        createAutoPrSpinner.error({
-          text: `\u{1F504} Automatic pull request failed - ${autoPrAnalysisRes.autoPrAnalysis.error}`
-        });
-        return;
-      }
-      if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrSuccess") {
-        const { appliedAutoPrIssueTypes } = autoPrAnalysisRes.autoPrAnalysis;
-        if (appliedAutoPrIssueTypes.length === 0) {
-          createAutoPrSpinner.success({
-            text: "\u{1F504} Automatic pull request did not find any new fixes to open a pull request for"
-          });
-          return;
-        }
+      return;
+    }
+    if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrSuccess") {
+      const { appliedAutoPrIssueTypes } = autoPrAnalysisRes.autoPrAnalysis;
+      if (appliedAutoPrIssueTypes.length === 0) {
         createAutoPrSpinner.success({
-          text: `\u{1F504} Automatic pull request creation initiated successfully for the following issue types: ${appliedAutoPrIssueTypes}`
+          text: "\u{1F504} Automatic pull request did not find any new fixes to open a pull request for"
         });
+        return;
       }
-    },
-    callbackStates: ["Finished" /* Finished */]
-  });
+      createAutoPrSpinner.success({
+        text: `\u{1F504} Automatic pull request creation initiated successfully for the following issue types: ${appliedAutoPrIssueTypes}`
+      });
+    }
+  };
+  const callbackStates = ["Finished" /* Finished */];
+  if (polling) {
+    debug12("[handleAutoPr] Using POLLING mode for analysis state updates");
+    return await gqlClient.pollForAnalysisState({
+      analysisId,
+      callback,
+      callbackStates
+    });
+  } else {
+    debug12("[handleAutoPr] Using WEBSOCKET mode for analysis state updates");
+    return await gqlClient.subscribeToAnalysis({
+      subscribeToAnalysisParams: {
+        analysisId
+      },
+      callback,
+      callbackStates
+    });
+  }
 }
 
 // src/features/analysis/git.ts
@@ -13987,7 +14076,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     autoPr,
     createOnePr,
     commitDirectly,
-    pullRequest
+    pullRequest,
+    polling
   } = params;
   debug18("start %s %s", dirname, repo);
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
@@ -14099,7 +14189,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     repoUrl: repo,
     sha,
     reference,
-    shouldScan
+    shouldScan,
+    polling
   });
   uploadReportSpinner.success({ text: "\u{1F4C1} Report uploaded successfully" });
   const mobbSpinner = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
@@ -14117,7 +14208,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
       pullRequest: params.pullRequest,
       scanSource: _getScanSource(command, ci),
       scanContext: ScanContext.BUGSY
-    }
+    },
+    polling
   });
   if (sendReportRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
     mobbSpinner.error({ text: "\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed" });
@@ -14133,7 +14225,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
       commitDirectly,
       prId: pullRequest,
       createSpinner: createSpinner5,
-      createOnePr
+      createOnePr,
+      polling
     });
   }
   await askToOpenAnalysis();
@@ -14143,7 +14236,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
       githubActionToken,
       analysisId: reportUploadInfo.fixReportId,
       scanner,
-      gqlClient
+      gqlClient,
+      polling
     });
   }
   return reportUploadInfo.fixReportId;
@@ -14238,7 +14332,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
         projectId,
         command,
         ci,
-        shouldScan: shouldScan2
+        shouldScan: shouldScan2,
+        polling
       });
       const res = await _zipAndUploadRepo({
         srcPath,
@@ -14261,7 +14356,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
         projectId,
         command,
         ci,
-        shouldScan: shouldScan2
+        shouldScan: shouldScan2,
+        polling
       });
     }
     const mobbSpinner2 = createSpinner5("\u{1F575}\uFE0F\u200D\u2642\uFE0F Initiating Mobb analysis").start();
@@ -14279,7 +14375,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
           pullRequest: params.pullRequest,
           experimentalEnabled: !!experimentalEnabled,
           scanContext: ScanContext.BUGSY
-        }
+        },
+        polling
       });
       if (command === "review") {
         await waitForAnaysisAndReviewPr({
@@ -14287,7 +14384,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
           githubActionToken,
           analysisId: reportUploadInfo.fixReportId,
           scanner,
-          gqlClient
+          gqlClient,
+          polling
         });
       }
     } catch (e) {
@@ -14304,7 +14402,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
         commitDirectly,
         prId: pullRequest,
         createSpinner: createSpinner5,
-        createOnePr
+        createOnePr,
+        polling
       });
     }
     await askToOpenAnalysis();
@@ -14352,7 +14451,8 @@ async function _digestReport({
   repoUrl,
   sha,
   reference,
-  shouldScan
+  shouldScan,
+  polling
 }) {
   const digestSpinner = createSpinner4(
     progressMassages.processingVulnerabilityReport
@@ -14369,19 +14469,46 @@ async function _digestReport({
         shouldScan
       }
     );
-    await gqlClient.subscribeToAnalysis({
-      subscribeToAnalysisParams: {
-        analysisId: fixReportId
-      },
-      callback: () => digestSpinner.update({
-        text: progressMassages.processingVulnerabilityReportSuccess
-      }),
-      callbackStates: [
-        "Digested" /* Digested */,
-        "Finished" /* Finished */
-      ],
-      timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+    const callbackStates = [
+      "Digested" /* Digested */,
+      "Finished" /* Finished */
+    ];
+    const callback = (_analysisId) => digestSpinner.update({
+      text: progressMassages.processingVulnerabilityReportSuccess
     });
+    if (polling) {
+      debug18(
+        "[_digestReport] Using POLLING mode for analysis state updates (--polling flag enabled)"
+      );
+      console.log(
+        chalk6.cyan(
+          "\u{1F504} [Polling Mode] Using HTTP polling instead of WebSocket for status updates"
+        )
+      );
+      await gqlClient.pollForAnalysisState({
+        analysisId: fixReportId,
+        callback,
+        callbackStates,
+        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+      });
+    } else {
+      debug18(
+        "[_digestReport] Using WEBSOCKET mode for analysis state updates (default)"
+      );
+      console.log(
+        chalk6.cyan(
+          "\u{1F50C} [WebSocket Mode] Using WebSocket subscription for status updates"
+        )
+      );
+      await gqlClient.subscribeToAnalysis({
+        subscribeToAnalysisParams: {
+          analysisId: fixReportId
+        },
+        callback,
+        callbackStates,
+        timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
+      });
+    }
     const vulnFiles = await gqlClient.getVulnerabilityReportPaths(
       vulnerabilityReportId
     );
@@ -14402,7 +14529,8 @@ async function waitForAnaysisAndReviewPr({
   githubActionToken,
   analysisId,
   scanner,
-  gqlClient
+  gqlClient,
+  polling
 }) {
   const params = z29.object({
     repo: z29.string().url(),
@@ -14419,20 +14547,45 @@ async function waitForAnaysisAndReviewPr({
       propagateExceptions: true
     }
   );
-  await gqlClient.subscribeToAnalysis({
-    subscribeToAnalysisParams: {
-      analysisId
-    },
-    callback: (analysisId2) => {
-      return addFixCommentsForPr({
-        analysisId: analysisId2,
-        gqlClient,
-        scm,
-        scanner: z29.nativeEnum(SCANNERS).parse(scanner)
-      });
-    },
-    callbackStates: ["Finished" /* Finished */]
-  });
+  const callback = (analysisId2) => {
+    return addFixCommentsForPr({
+      analysisId: analysisId2,
+      gqlClient,
+      scm,
+      scanner: z29.nativeEnum(SCANNERS).parse(scanner)
+    });
+  };
+  if (polling) {
+    debug18(
+      "[waitForAnaysisAndReviewPr] Using POLLING mode for analysis state updates"
+    );
+    console.log(
+      chalk6.cyan(
+        "\u{1F504} [Polling Mode] Waiting for analysis completion using HTTP polling"
+      )
+    );
+    await gqlClient.pollForAnalysisState({
+      analysisId,
+      callback,
+      callbackStates: ["Finished" /* Finished */]
+    });
+  } else {
+    debug18(
+      "[waitForAnaysisAndReviewPr] Using WEBSOCKET mode for analysis state updates"
+    );
+    console.log(
+      chalk6.cyan(
+        "\u{1F50C} [WebSocket Mode] Waiting for analysis completion using WebSocket"
+      )
+    );
+    await gqlClient.subscribeToAnalysis({
+      subscribeToAnalysisParams: {
+        analysisId
+      },
+      callback,
+      callbackStates: ["Finished" /* Finished */]
+    });
+  }
 }
 
 // src/commands/index.ts
@@ -14447,7 +14600,8 @@ async function review(params, { skipPrompts = true } = {}) {
     pullRequest,
     githubToken,
     scanner,
-    srcPath
+    srcPath,
+    polling
   } = params;
   await runAnalysis(
     {
@@ -14463,7 +14617,8 @@ async function review(params, { skipPrompts = true } = {}) {
       githubToken,
       scanner,
       command: "review",
-      srcPath
+      srcPath,
+      polling
     },
     { skipPrompts }
   );
@@ -14481,7 +14636,8 @@ async function analyze({
   autoPr,
   createOnePr,
   commitDirectly,
-  pullRequest
+  pullRequest,
+  polling
 }, { skipPrompts = false } = {}) {
   !ci && await showWelcomeMessage(skipPrompts);
   await runAnalysis(
@@ -14499,7 +14655,8 @@ async function analyze({
       autoPr,
       commitDirectly,
       pullRequest,
-      createOnePr
+      createOnePr,
+      polling
     },
     { skipPrompts }
   );
@@ -14639,7 +14796,7 @@ function analyzeBuilder(yargs2) {
     describe: chalk8.bold("Number of the pull request"),
     type: "number",
     demandOption: false
-  }).example(
+  }).option("polling", pollingOption).example(
     "npx mobbdev@latest analyze -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>",
     "analyze an existing repository"
   ).help();
@@ -14948,7 +15105,14 @@ var defaultLogger2 = {
   }
 };
 var PromptItemZ = z31.object({
-  type: z31.enum(["USER_PROMPT", "AI_RESPONSE", "TOOL_EXECUTION", "AI_THINKING"]),
+  type: z31.enum([
+    "USER_PROMPT",
+    "AI_RESPONSE",
+    "TOOL_EXECUTION",
+    "AI_THINKING",
+    "MCP_TOOL_CALL"
+    // MCP (Model Context Protocol) tool invocation
+  ]),
   attachedFiles: z31.array(
     z31.object({
       relativePath: z31.string(),
@@ -14966,7 +15130,12 @@ var PromptItemZ = z31.object({
     parameters: z31.string(),
     result: z31.string(),
     rawArguments: z31.string().optional(),
-    accepted: z31.boolean().optional()
+    accepted: z31.boolean().optional(),
+    // MCP-specific fields (only populated for MCP_TOOL_CALL type)
+    mcpServer: z31.string().optional(),
+    // MCP server name (e.g., "datadog", "mobb-mcp")
+    mcpToolName: z31.string().optional()
+    // MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
   }).optional()
 });
 var PromptItemArrayZ = z31.array(PromptItemZ);
@@ -23845,7 +24014,7 @@ function reviewBuilder(yargs2) {
     ),
     type: "string",
     demandOption: false
-  }).example(
+  }).option("polling", pollingOption).example(
     "npx mobbdev@latest review -r https://github.com/WebGoat/WebGoat -f <your_vulnerability_report_path>  --ch <pr_last_commit>   --pr <pr_number> --ref <pr_branch_name>  --api-key <api_key> --src-path <your_repo_path>",
     "add fixes to your pr"
   ).help();
@@ -23865,7 +24034,7 @@ async function reviewHandler(args) {
 
 // src/args/commands/scan.ts
 function scanBuilder(args) {
-  return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("scanner", scannerOptions).option("org", organizationIdOptions).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("cx-project-name", projectNameOption).option("auto-pr", autoPrOption).example(
+  return args.coerce("scanner", (arg) => arg.toLowerCase()).option("repo", repoOption).option("ref", refOption).option("scanner", scannerOptions).option("org", organizationIdOptions).option("mobb-project-name", mobbProjectNameOption).option("y", yesOption).option("ci", ciOption).option("api-key", apiKeyOption).option("cx-project-name", projectNameOption).option("auto-pr", autoPrOption).option("polling", pollingOption).example(
     "npx mobbdev@latest scan -r https://github.com/WebGoat/WebGoat",
     "Scan an existing repository"
   ).help();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.2.1",
+  "version": "1.2.3",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",