mobbdev 1.2.27 → 1.2.28

package/dist/args/commands/upload_ai_blame.mjs

@@ -7347,8 +7347,8 @@ var openRedaction = new OpenRedaction({
     "MONERO_ADDRESS",
     "RIPPLE_ADDRESS",
     // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
+    // Removed MEDICAL_RECORD_NUMBER - too broad, "MR" prefix matches "Merge Request" in SCM contexts (e.g. "MR branches" → "MR br****es")
     "NHS_NUMBER",
-    "MEDICAL_RECORD_NUMBER",
     "AUSTRALIAN_MEDICARE",
     "HEALTH_PLAN_NUMBER",
     "PATIENT_ID",
@@ -7392,10 +7392,10 @@ var openRedaction = new OpenRedaction({
     "DOCKER_AUTH",
     "KUBERNETES_SECRET",
     // Government & Legal
+    // Removed CLIENT_ID - too broad, "client" is ubiquitous in code (npm packages like @scope/client-*, class names like ClientSdkOptions)
     "POLICE_REPORT_NUMBER",
     "IMMIGRATION_NUMBER",
-    "COURT_REPORTER_LICENSE",
-    "CLIENT_ID"
+    "COURT_REPORTER_LICENSE"
   ]
 });
 function maskString(str, showStart = 2, showEnd = 2) {
@@ -7418,6 +7418,15 @@ async function sanitizeDataWithCounts(obj) {
         ...piiDetections.low
       ];
       for (const detection of allDetections) {
+        if (detection.type === "CREDIT_CARD") {
+          const start = detection.position[0];
+          const end = detection.position[1];
+          const charBefore = (start > 0 ? str[start - 1] : "") ?? "";
+          const charAfter = str[end] ?? "";
+          if (charBefore === "." || charBefore >= "0" && charBefore <= "9" || charAfter >= "0" && charAfter <= "9") {
+            continue;
+          }
+        }
         counts.detections.total++;
         if (detection.severity === "high") counts.detections.high++;
         else if (detection.severity === "medium") counts.detections.medium++;

package/dist/index.mjs

@@ -6244,6 +6244,23 @@ function parseLinearTicket(url, name) {
   const title = titleSlug.replace(/-/g, " ");
   return { name, title, url };
 }
+function isLinearBotComment(comment) {
+  if (!comment.author) return false;
+  const login = comment.author.login.toLowerCase();
+  if (login === "linear[bot]" || login === "linear") return true;
+  if (comment.author.type === "Bot" && login.includes("linear")) return true;
+  return false;
+}
+function extractLinearTicketsFromComments(comments) {
+  const tickets = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const comment of comments) {
+    if (isLinearBotComment(comment)) {
+      tickets.push(...extractLinearTicketsFromBody(comment.body || "", seen));
+    }
+  }
+  return tickets;
+}
 var userNamePattern = /^(https?:\/\/)([^@]+@)?([^/]+\/.+)$/;
 var sshPattern = /^git@([\w.-]+):([\w./-]+)$/;
 function normalizeUrl(repoUrl) {
@@ -7127,11 +7144,11 @@ var SCMLib = class {
   }
   /**
    * Extract Linear ticket links from PR/MR comments.
-   * Default implementation returns empty array - subclasses can override.
+   * Uses shared isLinearBotComment() for unified bot detection across all providers.
    * Public so it can be reused by backend services.
    */
-  extractLinearTicketsFromComments(_comments) {
-    return [];
+  extractLinearTicketsFromComments(comments) {
+    return extractLinearTicketsFromComments(comments);
   }
   _validateAccessTokenAndUrl() {
     this._validateAccessToken();
@@ -8832,7 +8849,7 @@ function determinePrStatus(state, isDraft) {
       return isDraft ? "DRAFT" /* Draft */ : "ACTIVE" /* Active */;
   }
 }
-var GithubSCMLib = class _GithubSCMLib extends SCMLib {
+var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
   constructor(url, accessToken, scmOrg) {
     super(url, accessToken, scmOrg);
@@ -9304,27 +9321,6 @@ var GithubSCMLib = class _GithubSCMLib extends SCMLib {
       commentIds
     };
   }
-  /**
-   * Extract Linear ticket links from pre-fetched comments (pure function, no API calls)
-   * Instance method that overrides base class - can also be called statically for backwards compatibility.
-   */
-  extractLinearTicketsFromComments(comments) {
-    return _GithubSCMLib._extractLinearTicketsFromCommentsImpl(comments);
-  }
-  /**
-   * Static implementation for backwards compatibility and reuse.
-   * Called by both the instance method and direct static calls.
-   */
-  static _extractLinearTicketsFromCommentsImpl(comments) {
-    const tickets = [];
-    const seen = /* @__PURE__ */ new Set();
-    for (const comment of comments) {
-      if (comment.author?.login === "linear[bot]" || comment.author?.type === "Bot") {
-        tickets.push(...extractLinearTicketsFromBody(comment.body || "", seen));
-      }
-    }
-    return tickets;
-  }
 };
 
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -9814,7 +9810,7 @@ async function getGitlabMrDataBatch({
           const comments = notes.map((note) => ({
             author: note.author ? {
               login: note.author.username,
-              type: note.author.username.endsWith("[bot]") || note.author.username.toLowerCase() === "linear" ? "Bot" : "User"
+              type: note.author.username.endsWith("[bot]") ? "Bot" : "User"
             } : null,
             body: note.body
           }));
@@ -10443,23 +10439,6 @@ var GitlabSCMLib = class extends SCMLib {
       accessToken: this.accessToken
     });
   }
-  /**
-   * Extract Linear ticket links from pre-fetched comments (pure function, no API calls).
-   * Linear bot uses the same comment format on GitLab as on GitHub.
-   * Bot username may be 'linear' or 'linear[bot]' on GitLab.
-   */
-  extractLinearTicketsFromComments(comments) {
-    const tickets = [];
-    const seen = /* @__PURE__ */ new Set();
-    for (const comment of comments) {
-      const authorLogin = comment.author?.login?.toLowerCase() || "";
-      const isLinearBot = authorLogin === "linear" || authorLogin === "linear[bot]" || comment.author?.type === "Bot" && authorLogin.includes("linear");
-      if (isLinearBot) {
-        tickets.push(...extractLinearTicketsFromBody(comment.body || "", seen));
-      }
-    }
-    return tickets;
-  }
 };
 
 // src/features/analysis/scm/scmFactory.ts
@@ -15050,8 +15029,8 @@ var openRedaction = new OpenRedaction({
     "MONERO_ADDRESS",
     "RIPPLE_ADDRESS",
     // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
+    // Removed MEDICAL_RECORD_NUMBER - too broad, "MR" prefix matches "Merge Request" in SCM contexts (e.g. "MR branches" → "MR br****es")
     "NHS_NUMBER",
-    "MEDICAL_RECORD_NUMBER",
     "AUSTRALIAN_MEDICARE",
     "HEALTH_PLAN_NUMBER",
     "PATIENT_ID",
@@ -15095,10 +15074,10 @@ var openRedaction = new OpenRedaction({
     "DOCKER_AUTH",
     "KUBERNETES_SECRET",
     // Government & Legal
+    // Removed CLIENT_ID - too broad, "client" is ubiquitous in code (npm packages like @scope/client-*, class names like ClientSdkOptions)
     "POLICE_REPORT_NUMBER",
     "IMMIGRATION_NUMBER",
-    "COURT_REPORTER_LICENSE",
-    "CLIENT_ID"
+    "COURT_REPORTER_LICENSE"
   ]
 });
 function maskString(str, showStart = 2, showEnd = 2) {
@@ -15121,6 +15100,15 @@ async function sanitizeDataWithCounts(obj) {
         ...piiDetections.low
       ];
       for (const detection of allDetections) {
+        if (detection.type === "CREDIT_CARD") {
+          const start = detection.position[0];
+          const end = detection.position[1];
+          const charBefore = (start > 0 ? str[start - 1] : "") ?? "";
+          const charAfter = str[end] ?? "";
+          if (charBefore === "." || charBefore >= "0" && charBefore <= "9" || charAfter >= "0" && charAfter <= "9") {
+            continue;
+          }
+        }
         counts.detections.total++;
         if (detection.severity === "high") counts.detections.high++;
         else if (detection.severity === "medium") counts.detections.medium++;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mobbdev",
-  "version": "1.2.27",
+  "version": "1.2.28",
   "description": "Automated secure code remediation tool",
   "repository": "git+https://github.com/mobb-dev/bugsy.git",
   "main": "dist/index.mjs",