mobbdev 1.2.27 → 1.2.29

package/dist/index.mjs

@@ -3908,7 +3908,7 @@ ${rootContent}`;
 });
 
 // src/index.ts
-import Debug19 from "debug";
+import Debug20 from "debug";
 import { hideBin } from "yargs/helpers";
 
 // src/args/yargs.ts
@@ -6244,6 +6244,23 @@ function parseLinearTicket(url, name) {
   const title = titleSlug.replace(/-/g, " ");
   return { name, title, url };
 }
+function isLinearBotComment(comment) {
+  if (!comment.author) return false;
+  const login = comment.author.login.toLowerCase();
+  if (login === "linear[bot]" || login === "linear") return true;
+  if (comment.author.type === "Bot" && login.includes("linear")) return true;
+  return false;
+}
+function extractLinearTicketsFromComments(comments) {
+  const tickets = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (const comment of comments) {
+    if (isLinearBotComment(comment)) {
+      tickets.push(...extractLinearTicketsFromBody(comment.body || "", seen));
+    }
+  }
+  return tickets;
+}
 var userNamePattern = /^(https?:\/\/)([^@]+@)?([^/]+\/.+)$/;
 var sshPattern = /^git@([\w.-]+):([\w./-]+)$/;
 function normalizeUrl(repoUrl) {
@@ -7127,11 +7144,11 @@ var SCMLib = class {
   }
   /**
    * Extract Linear ticket links from PR/MR comments.
-   * Default implementation returns empty array - subclasses can override.
+   * Uses shared isLinearBotComment() for unified bot detection across all providers.
    * Public so it can be reused by backend services.
    */
-  extractLinearTicketsFromComments(_comments) {
-    return [];
+  extractLinearTicketsFromComments(comments) {
+    return extractLinearTicketsFromComments(comments);
   }
   _validateAccessTokenAndUrl() {
     this._validateAccessToken();
@@ -8832,7 +8849,7 @@ function determinePrStatus(state, isDraft) {
       return isDraft ? "DRAFT" /* Draft */ : "ACTIVE" /* Active */;
   }
 }
-var GithubSCMLib = class _GithubSCMLib extends SCMLib {
+var GithubSCMLib = class extends SCMLib {
   // we don't always need a url, what's important is that we have an access token
   constructor(url, accessToken, scmOrg) {
     super(url, accessToken, scmOrg);
@@ -9304,27 +9321,6 @@ var GithubSCMLib = class _GithubSCMLib extends SCMLib {
       commentIds
     };
   }
-  /**
-   * Extract Linear ticket links from pre-fetched comments (pure function, no API calls)
-   * Instance method that overrides base class - can also be called statically for backwards compatibility.
-   */
-  extractLinearTicketsFromComments(comments) {
-    return _GithubSCMLib._extractLinearTicketsFromCommentsImpl(comments);
-  }
-  /**
-   * Static implementation for backwards compatibility and reuse.
-   * Called by both the instance method and direct static calls.
-   */
-  static _extractLinearTicketsFromCommentsImpl(comments) {
-    const tickets = [];
-    const seen = /* @__PURE__ */ new Set();
-    for (const comment of comments) {
-      if (comment.author?.login === "linear[bot]" || comment.author?.type === "Bot") {
-        tickets.push(...extractLinearTicketsFromBody(comment.body || "", seen));
-      }
-    }
-    return tickets;
-  }
 };
 
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -9814,7 +9810,7 @@ async function getGitlabMrDataBatch({
           const comments = notes.map((note) => ({
             author: note.author ? {
               login: note.author.username,
-              type: note.author.username.endsWith("[bot]") || note.author.username.toLowerCase() === "linear" ? "Bot" : "User"
+              type: note.author.username.endsWith("[bot]") ? "Bot" : "User"
             } : null,
             body: note.body
           }));
@@ -10443,23 +10439,6 @@ var GitlabSCMLib = class extends SCMLib {
       accessToken: this.accessToken
     });
   }
-  /**
-   * Extract Linear ticket links from pre-fetched comments (pure function, no API calls).
-   * Linear bot uses the same comment format on GitLab as on GitHub.
-   * Bot username may be 'linear' or 'linear[bot]' on GitLab.
-   */
-  extractLinearTicketsFromComments(comments) {
-    const tickets = [];
-    const seen = /* @__PURE__ */ new Set();
-    for (const comment of comments) {
-      const authorLogin = comment.author?.login?.toLowerCase() || "";
-      const isLinearBot = authorLogin === "linear" || authorLogin === "linear[bot]" || comment.author?.type === "Bot" && authorLogin.includes("linear");
-      if (isLinearBot) {
-        tickets.push(...extractLinearTicketsFromBody(comment.body || "", seen));
-      }
-    }
-    return tickets;
-  }
 };
 
 // src/features/analysis/scm/scmFactory.ts
@@ -11490,7 +11469,7 @@ import path9 from "path";
 import { env as env2 } from "process";
 import { pipeline } from "stream/promises";
 import chalk6 from "chalk";
-import Debug18 from "debug";
+import Debug19 from "debug";
 import extract from "extract-zip";
 import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
@@ -11500,7 +11479,7 @@ import { z as z29 } from "zod";
 
 // src/commands/handleMobbLogin.ts
 import chalk3 from "chalk";
-import Debug6 from "debug";
+import Debug7 from "debug";
 
 // src/commands/AuthManager.ts
 import crypto from "crypto";
@@ -11508,10 +11487,8 @@ import os from "os";
 import open from "open";
 
 // src/features/analysis/graphql/gql.ts
-import fetchOrig from "cross-fetch";
-import Debug5 from "debug";
+import Debug6 from "debug";
 import { GraphQLClient } from "graphql-request";
-import { HttpsProxyAgent } from "https-proxy-agent";
 import { v4 as uuidv4 } from "uuid";
 
 // src/mcp/core/Errors.ts
@@ -11586,6 +11563,71 @@ var _ReportDigestError = class _ReportDigestError extends Error {
 __publicField(_ReportDigestError, "defaultMessage", "\u{1F575}\uFE0F\u200D\u2642\uFE0F Digesting report failed. Please verify that the file provided is of a valid supported report format.");
 var ReportDigestError = _ReportDigestError;
 
+// src/utils/proxy.ts
+import fetchOrig from "cross-fetch";
+import Debug5 from "debug";
+import { HttpsProxyAgent } from "https-proxy-agent";
+
+// src/utils/url.ts
+function httpToWsUrl(url) {
+  const parsed = new URL(url);
+  parsed.protocol = parsed.protocol === "https:" ? "wss:" : "ws:";
+  return parsed.toString();
+}
+
+// src/utils/proxy.ts
+var debug6 = Debug5("mobbdev:proxy");
+function getHttpProxy() {
+  return process.env["HTTPS_PROXY"] || process.env["HTTP_PROXY"] || "";
+}
+function getHttpProxyOnly() {
+  return process.env["HTTP_PROXY"] || "";
+}
+function getProxyAgent(url) {
+  try {
+    const parsedUrl = new URL(url);
+    const hostname = parsedUrl.hostname.toLowerCase();
+    if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1" || hostname === "[::1]") {
+      debug6("Skipping proxy for localhost URL: %s", url);
+      return void 0;
+    }
+    const noProxy = process.env["NO_PROXY"] || process.env["no_proxy"];
+    if (noProxy) {
+      const noProxyList = noProxy.split(",").map((h) => h.trim().toLowerCase());
+      if (noProxyList.includes(hostname) || noProxyList.includes("*")) {
+        debug6("Skipping proxy due to NO_PROXY for: %s", url);
+        return void 0;
+      }
+    }
+    const isHttp = parsedUrl.protocol === "http:";
+    const isHttps = parsedUrl.protocol === "https:";
+    const proxy = isHttps ? getHttpProxy() : isHttp ? getHttpProxyOnly() : null;
+    if (proxy) {
+      debug6("Using proxy %s", proxy);
+      debug6("Proxy agent %o", proxy);
+      return new HttpsProxyAgent(proxy);
+    }
+  } catch (err) {
+    debug6(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return void 0;
+}
+var fetchWithProxy = (url, options = {}) => {
+  try {
+    const agent = getProxyAgent(url.toString());
+    if (agent) {
+      return fetchOrig(url, {
+        ...options,
+        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
+        agent
+      });
+    }
+  } catch (err) {
+    debug6(`Skipping proxy for ${url}. Reason: ${err.message}`);
+  }
+  return fetchOrig(url, options);
+};
+
 // src/utils/subscribe/subscribe.ts
 import { createClient } from "graphql-ws";
 import WebsocketNode from "isomorphic-ws";
@@ -11614,11 +11656,11 @@ function getGraphQlHeaders(options) {
 }
 
 // src/utils/subscribe/subscribe.ts
-var DEFAULT_API_URL2 = "https://api.mobb.ai/v1/graphql";
+var DEFAULT_API_URL2 = "wss://api.mobb.ai/v1/graphql";
 var SUBSCRIPTION_TIMEOUT_MS = 30 * 60 * 1e3;
 function createWSClient(options) {
-  const url = options.url || (process.env["API_URL"] || DEFAULT_API_URL2).replace("http", "ws");
-  const websocketImpl = options.websocket || (typeof WebSocket !== "undefined" ? WebSocket : WebsocketNode);
+  const url = options.url || (process.env["API_URL"] ? httpToWsUrl(process.env["API_URL"]) : DEFAULT_API_URL2);
+  const websocketImpl = options.websocket || WebsocketNode;
   const CustomWebSocket = options.proxyAgent ? (
     // biome-ignore lint/suspicious/noExplicitAny: Dynamic WebSocket extension requires any cast for cross-platform compatibility
     class extends websocketImpl {
@@ -11782,63 +11824,19 @@ var GetVulByNodesMetadataZ = z25.object({
 });
 
 // src/features/analysis/graphql/gql.ts
-var debug6 = Debug5("mobbdev:gql");
+var debug7 = Debug6("mobbdev:gql");
 var API_KEY_HEADER_NAME = "x-mobb-key";
 var REPORT_STATE_CHECK_DELAY = 5 * 1e3;
-function getProxyAgent(url) {
-  try {
-    const parsedUrl = new URL(url);
-    const hostname = parsedUrl.hostname.toLowerCase();
-    if (hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1" || hostname === "[::1]") {
-      debug6("Skipping proxy for localhost URL: %s", url);
-      return void 0;
-    }
-    const noProxy = process.env["NO_PROXY"] || process.env["no_proxy"];
-    if (noProxy) {
-      const noProxyList = noProxy.split(",").map((h) => h.trim().toLowerCase());
-      if (noProxyList.includes(hostname) || noProxyList.includes("*")) {
-        debug6("Skipping proxy due to NO_PROXY for: %s", url);
-        return void 0;
-      }
-    }
-    const isHttp = parsedUrl.protocol === "http:";
-    const isHttps = parsedUrl.protocol === "https:";
-    const proxy = isHttps ? HTTPS_PROXY || HTTP_PROXY : isHttp ? HTTP_PROXY : null;
-    if (proxy) {
-      debug6("Using proxy %s", proxy);
-      debug6("Proxy agent %o", proxy);
-      return new HttpsProxyAgent(proxy);
-    }
-  } catch (err) {
-    debug6(`Skipping proxy for ${url}. Reason: ${err.message}`);
-  }
-  return void 0;
-}
-var fetchWithProxy = (url, options = {}) => {
-  try {
-    const agent = getProxyAgent(url.toString());
-    if (agent) {
-      return fetchOrig(url, {
-        ...options,
-        // @ts-expect-error Node-fetch doesn't type 'agent', but it's valid
-        agent
-      });
-    }
-  } catch (err) {
-    debug6(`Skipping proxy for ${url}. Reason: ${err.message}`);
-  }
-  return fetchOrig(url, options);
-};
 var GQLClient = class {
   constructor(args) {
     __publicField(this, "_client");
     __publicField(this, "_clientSdk");
     __publicField(this, "_apiUrl");
     __publicField(this, "_auth");
-    debug6(`init with  ${args}`);
+    debug7(`init with  ${args}`);
     this._auth = args;
     this._apiUrl = args.apiUrl || API_URL;
-    debug6(
+    debug7(
       "GQLClient constructor: resolved apiUrl=%s (from param: %s)",
       this._apiUrl,
       args.apiUrl || "fallback to API_URL constant"
@@ -11850,7 +11848,7 @@ var GQLClient = class {
       fetch: fetchWithProxy,
       requestMiddleware: (request) => {
         const requestId = uuidv4();
-        debug6(
+        debug7(
           `sending API request with id: ${requestId} and with request: ${request.body}`
         );
         return {
@@ -11887,7 +11885,7 @@ var GQLClient = class {
       await this.getUserInfo();
     } catch (e) {
       if (e?.toString().startsWith("FetchError")) {
-        debug6("verify connection failed %o", e);
+        debug7("verify connection failed %o", e);
         return false;
       }
     }
@@ -11899,7 +11897,7 @@ var GQLClient = class {
     try {
       info = await this.getUserInfo();
     } catch (e) {
-      debug6("verify token failed %o", e);
+      debug7("verify token failed %o", e);
       return false;
     }
     return info?.email || true;
@@ -11960,7 +11958,7 @@ var GQLClient = class {
     try {
       await this._clientSdk.CreateCommunityUser();
     } catch (e) {
-      debug6("create community user failed %o", e);
+      debug7("create community user failed %o", e);
     }
   }
   async updateScmToken(args) {
@@ -12140,11 +12138,13 @@ var GQLClient = class {
           this._auth.type === "apiKey" ? {
             apiKey: this._auth.apiKey,
             type: "apiKey",
+            url: httpToWsUrl(this._apiUrl),
             timeoutInMs: params.timeoutInMs,
             proxyAgent: getProxyAgent(this._apiUrl)
           } : {
             token: this._auth.token,
             type: "token",
+            url: httpToWsUrl(this._apiUrl),
             timeoutInMs: params.timeoutInMs,
             proxyAgent: getProxyAgent(this._apiUrl)
           }
@@ -12157,7 +12157,7 @@ var GQLClient = class {
     const startTime = Date.now();
     const maxDuration = timeoutInMs ?? 30 * 60 * 1e3;
     const pollingIntervalSec = REPORT_STATE_CHECK_DELAY / 1e3;
-    debug6(
+    debug7(
       `[pollForAnalysisState] Starting polling for analysis ${analysisId}, target states: ${callbackStates.join(", ")}, interval: ${pollingIntervalSec}s`
     );
     let isPolling = true;
@@ -12166,7 +12166,7 @@ var GQLClient = class {
       pollCount++;
       const elapsedSec = Math.round((Date.now() - startTime) / 1e3);
       if (Date.now() - startTime > maxDuration) {
-        debug6(
+        debug7(
           `[pollForAnalysisState] Timeout expired after ${pollCount} polls (${elapsedSec}s)`
         );
         throw new ReportDigestError(
@@ -12174,20 +12174,20 @@ var GQLClient = class {
           `Analysis timed out after ${Math.round(maxDuration / 6e4)} minutes. Please try again or check the Mobb platform for status.`
         );
       }
-      debug6(
+      debug7(
         `[pollForAnalysisState] Poll #${pollCount} (elapsed: ${elapsedSec}s) - fetching analysis state...`
       );
       const analysis = await this.getAnalysis(analysisId);
-      debug6(
+      debug7(
         `[pollForAnalysisState] Poll #${pollCount} - current state: ${analysis.state}`
       );
       if (!analysis.state || analysis.state === "Failed" /* Failed */) {
         const errorMessage = analysis.failReason || `Analysis failed with id: ${analysis.id}`;
-        debug6(`[pollForAnalysisState] Analysis failed: ${errorMessage}`);
+        debug7(`[pollForAnalysisState] Analysis failed: ${errorMessage}`);
         throw new ReportDigestError(errorMessage, analysis.failReason ?? "");
       }
       if (callbackStates.includes(analysis.state)) {
-        debug6(
+        debug7(
           `[pollForAnalysisState] Target state reached: ${analysis.state} after ${pollCount} polls (${elapsedSec}s)`
         );
         await callback(analysis.id);
@@ -12200,7 +12200,7 @@ var GQLClient = class {
           }
         };
       }
-      debug6(
+      debug7(
         `[pollForAnalysisState] State ${analysis.state} not in target states, waiting ${pollingIntervalSec}s before next poll...`
       );
       await sleep(REPORT_STATE_CHECK_DELAY);
@@ -12489,7 +12489,7 @@ var AuthManager = class {
 };
 
 // src/commands/handleMobbLogin.ts
-var debug7 = Debug6("mobbdev:commands");
+var debug8 = Debug7("mobbdev:commands");
 var LOGIN_MAX_WAIT2 = 10 * 60 * 1e3;
 var LOGIN_CHECK_DELAY2 = 5 * 1e3;
 var MOBB_LOGIN_REQUIRED_MSG = `\u{1F513} Login to Mobb is Required, you will be redirected to our login page, once the authorization is complete return to this prompt, ${chalk3.bgBlue(
@@ -12501,7 +12501,7 @@ async function getAuthenticatedGQLClient({
   apiUrl,
   webAppUrl
 }) {
-  debug7(
+  debug8(
     "getAuthenticatedGQLClient called with: apiUrl=%s, webAppUrl=%s",
     apiUrl || "undefined",
     webAppUrl || "undefined"
@@ -12524,7 +12524,7 @@ async function handleMobbLogin({
   webAppUrl,
   loginContext
 }) {
-  debug7(
+  debug8(
     "handleMobbLogin: resolved URLs - apiUrl=%s (from param: %s), webAppUrl=%s (from param: %s)",
     apiUrl || "fallback",
     apiUrl || "fallback",
@@ -12543,7 +12543,7 @@ async function handleMobbLogin({
       return authManager.getGQLClient();
     }
   } catch (error) {
-    debug7("Authentication check failed:", error);
+    debug8("Authentication check failed:", error);
   }
   if (apiKey) {
     createSpinner5().start().error({
@@ -12590,10 +12590,10 @@ async function handleMobbLogin({
 }
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-import Debug10 from "debug";
+import Debug11 from "debug";
 
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
-import Debug9 from "debug";
+import Debug10 from "debug";
 import parseDiff from "parse-diff";
 import { z as z27 } from "zod";
 
@@ -12605,9 +12605,9 @@ function keyBy(array, keyBy2) {
 }
 
 // src/features/analysis/utils/send_report.ts
-import Debug7 from "debug";
+import Debug8 from "debug";
 init_client_generates();
-var debug8 = Debug7("mobbdev:index");
+var debug9 = Debug8("mobbdev:index");
 async function sendReport({
   spinner,
   submitVulnerabilityReportVariables,
@@ -12619,7 +12619,7 @@ async function sendReport({
       submitVulnerabilityReportVariables
     );
     if (submitRes.submitVulnerabilityReport.__typename !== "VulnerabilityReport") {
-      debug8("error submit vul report %s", submitRes);
+      debug9("error submit vul report %s", submitRes);
       throw new Error("\u{1F575}\uFE0F\u200D\u2642\uFE0F Mobb analysis failed");
     }
     spinner.update({ text: progressMassages.processingVulnerabilityReport });
@@ -12631,7 +12631,7 @@ async function sendReport({
       "Finished" /* Finished */
     ];
     if (polling) {
-      debug8("[sendReport] Using POLLING mode for analysis state updates");
+      debug9("[sendReport] Using POLLING mode for analysis state updates");
       await gqlClient.pollForAnalysisState({
         analysisId: submitRes.submitVulnerabilityReport.fixReportId,
         callback,
@@ -12639,7 +12639,7 @@ async function sendReport({
         timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
       });
     } else {
-      debug8("[sendReport] Using WEBSOCKET mode for analysis state updates");
+      debug9("[sendReport] Using WEBSOCKET mode for analysis state updates");
       await gqlClient.subscribeToAnalysis({
         subscribeToAnalysisParams: {
           analysisId: submitRes.submitVulnerabilityReport.fixReportId
@@ -12682,10 +12682,10 @@ var scannerToFriendlyString = {
 };
 
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
-import Debug8 from "debug";
+import Debug9 from "debug";
 import { z as z26 } from "zod";
 init_client_generates();
-var debug9 = Debug8("mobbdev:handle-finished-analysis");
+var debug10 = Debug9("mobbdev:handle-finished-analysis");
 var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
 function buildFixCommentBody({
   fix,
@@ -12744,7 +12744,7 @@ function buildFixCommentBody({
     safeIssueType: z26.nativeEnum(IssueType_Enum)
   }).safeParse(fix);
   if (!validFixParseRes.success) {
-    debug9(
+    debug10(
       `fix ${fixId} has custom issue type or language, therefore the commit description will not be added`,
       validFixParseRes.error
     );
@@ -12808,7 +12808,7 @@ ${issuePageLink}`;
 }
 
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
-var debug10 = Debug9("mobbdev:handle-finished-analysis");
+var debug11 = Debug10("mobbdev:handle-finished-analysis");
 function calculateRanges(integers) {
   if (integers.length === 0) {
     return [];
@@ -12842,7 +12842,7 @@ function deleteAllPreviousComments({
     try {
       return scm.deleteComment({ comment_id: comment.id });
     } catch (e) {
-      debug10("delete comment failed %s", e);
+      debug11("delete comment failed %s", e);
       return Promise.resolve();
     }
   });
@@ -12858,7 +12858,7 @@ function deleteAllPreviousGeneralPrComments(params) {
     try {
       return scm.deleteGeneralPrComment({ commentId: comment.id });
     } catch (e) {
-      debug10("delete comment failed %s", e);
+      debug11("delete comment failed %s", e);
       return Promise.resolve();
     }
   });
@@ -13002,7 +13002,7 @@ async function postAnalysisInsightComment(params) {
     fixablePrVuls,
     nonFixablePrVuls
   } = prVulenrabilities;
-  debug10({
+  debug11({
     fixablePrVuls,
     nonFixablePrVuls,
     vulnerabilitiesOutsidePr,
@@ -13057,7 +13057,7 @@ ${contactUsMarkdown}`;
 }
 
 // src/features/analysis/add_fix_comments_for_pr/add_fix_comments_for_pr.ts
-var debug11 = Debug10("mobbdev:handle-finished-analysis");
+var debug12 = Debug11("mobbdev:handle-finished-analysis");
 async function addFixCommentsForPr({
   analysisId,
   scm: _scm,
@@ -13069,7 +13069,7 @@ async function addFixCommentsForPr({
   }
   const scm = _scm;
   const getAnalysisRes = await gqlClient.getAnalysis(analysisId);
-  debug11("getAnalysis %o", getAnalysisRes);
+  debug12("getAnalysis %o", getAnalysisRes);
   const {
     vulnerabilityReport: {
       projectId,
@@ -13179,8 +13179,8 @@ ${contextString}` : description;
 
 // src/features/analysis/auto_pr_handler.ts
 init_client_generates();
-import Debug11 from "debug";
-var debug12 = Debug11("mobbdev:handleAutoPr");
+import Debug12 from "debug";
+var debug13 = Debug12("mobbdev:handleAutoPr");
 async function handleAutoPr(params) {
   const {
     gqlClient,
@@ -13201,7 +13201,7 @@ async function handleAutoPr(params) {
       prId,
       prStrategy: createOnePr ? "CONDENSE" /* Condense */ : "SPREAD" /* Spread */
     });
-    debug12("auto pr analysis res %o", autoPrAnalysisRes);
+    debug13("auto pr analysis res %o", autoPrAnalysisRes);
     if (autoPrAnalysisRes.autoPrAnalysis?.__typename === "AutoPrError") {
       createAutoPrSpinner.error({
         text: `\u{1F504} Automatic pull request failed - ${autoPrAnalysisRes.autoPrAnalysis.error}`
@@ -13223,14 +13223,14 @@ async function handleAutoPr(params) {
   };
   const callbackStates = ["Finished" /* Finished */];
   if (polling) {
-    debug12("[handleAutoPr] Using POLLING mode for analysis state updates");
+    debug13("[handleAutoPr] Using POLLING mode for analysis state updates");
     return await gqlClient.pollForAnalysisState({
       analysisId,
       callback,
       callbackStates
     });
   } else {
-    debug12("[handleAutoPr] Using WEBSOCKET mode for analysis state updates");
+    debug13("[handleAutoPr] Using WEBSOCKET mode for analysis state updates");
     return await gqlClient.subscribeToAnalysis({
       subscribeToAnalysisParams: {
         analysisId
@@ -13243,15 +13243,15 @@ async function handleAutoPr(params) {
 
 // src/features/analysis/git.ts
 init_GitService();
-import Debug12 from "debug";
-var debug13 = Debug12("mobbdev:git");
+import Debug13 from "debug";
+var debug14 = Debug13("mobbdev:git");
 async function getGitInfo(srcDirPath) {
-  debug13("getting git info for %s", srcDirPath);
+  debug14("getting git info for %s", srcDirPath);
   const gitService = new GitService(srcDirPath);
   try {
     const validationResult = await gitService.validateRepository();
     if (!validationResult.isValid) {
-      debug13("folder is not a git repo");
+      debug14("folder is not a git repo");
       return {
         success: false,
         hash: void 0,
@@ -13266,9 +13266,9 @@ async function getGitInfo(srcDirPath) {
     };
   } catch (e) {
     if (e instanceof Error) {
-      debug13("failed to run git %o", e);
+      debug14("failed to run git %o", e);
       if (e.message.includes(" spawn ")) {
-        debug13("git cli not installed");
+        debug14("git cli not installed");
       } else {
         throw e;
       }
@@ -13282,13 +13282,13 @@ init_configs();
 import fs9 from "fs";
 import path7 from "path";
 import AdmZip from "adm-zip";
-import Debug13 from "debug";
+import Debug14 from "debug";
 import { globby } from "globby";
 import { isBinary as isBinary2 } from "istextorbinary";
 import { simpleGit as simpleGit3 } from "simple-git";
 import { parseStringPromise } from "xml2js";
 import { z as z28 } from "zod";
-var debug14 = Debug13("mobbdev:pack");
+var debug15 = Debug14("mobbdev:pack");
 var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z28.object({
   properties: z28.object({
     entry: z28.array(
@@ -13310,7 +13310,7 @@ function getManifestFilesSuffixes() {
   return ["package.json", "pom.xml"];
 }
 async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
-  debug14("pack folder %s", srcDirPath);
+  debug15("pack folder %s", srcDirPath);
   let git = void 0;
   try {
     git = simpleGit3({
@@ -13320,13 +13320,13 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
     });
     await git.status();
   } catch (e) {
-    debug14("failed to run git %o", e);
+    debug15("failed to run git %o", e);
     git = void 0;
     if (e instanceof Error) {
       if (e.message.includes(" spawn ")) {
-        debug14("git cli not installed");
+        debug15("git cli not installed");
       } else if (e.message.includes("not a git repository")) {
-        debug14("folder is not a git repo");
+        debug15("folder is not a git repo");
       } else {
         throw e;
       }
@@ -13341,9 +13341,9 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
     followSymbolicLinks: false,
     dot: true
   });
-  debug14("files found %d", filepaths.length);
+  debug15("files found %d", filepaths.length);
   const zip = new AdmZip();
-  debug14("compressing files");
+  debug15("compressing files");
   for (const filepath of filepaths) {
     const absFilepath = path7.join(srcDirPath, filepath.toString());
     if (!isIncludeAllFiles) {
@@ -13352,12 +13352,12 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
         absFilepath.toString().replaceAll(path7.win32.sep, path7.posix.sep),
         vulnFiles
       )) {
-        debug14("ignoring %s because it is not a vulnerability file", filepath);
+        debug15("ignoring %s because it is not a vulnerability file", filepath);
         continue;
       }
     }
     if (fs9.lstatSync(absFilepath).size > MCP_MAX_FILE_SIZE) {
-      debug14("ignoring %s because the size is > 5MB", filepath);
+      debug15("ignoring %s because the size is > 5MB", filepath);
       continue;
     }
     let data;
@@ -13371,16 +13371,16 @@ async function pack(srcDirPath, vulnFiles, isIncludeAllFiles = false) {
       data = fs9.readFileSync(absFilepath);
     }
     if (isBinary2(null, data)) {
-      debug14("ignoring %s because is seems to be a binary file", filepath);
+      debug15("ignoring %s because is seems to be a binary file", filepath);
       continue;
     }
     zip.addFile(filepath.toString(), data);
   }
-  debug14("get zip file buffer");
+  debug15("get zip file buffer");
   return zip.toBuffer();
 }
 async function repackFpr(fprPath) {
-  debug14("repack fpr file %s", fprPath);
+  debug15("repack fpr file %s", fprPath);
   const zipIn = new AdmZip(fprPath);
   const zipOut = new AdmZip();
   const mappingXML = zipIn.readAsText("src-archive/index.xml", "utf-8");
@@ -13395,7 +13395,7 @@ async function repackFpr(fprPath) {
       zipOut.addFile(realPath, buf);
     }
   }
-  debug14("get repacked zip file buffer");
+  debug15("get repacked zip file buffer");
   return zipOut.toBuffer();
 }
 
@@ -13466,7 +13466,7 @@ async function snykArticlePrompt() {
 // src/features/analysis/scanners/checkmarx.ts
 import { createRequire } from "module";
 import chalk4 from "chalk";
-import Debug15 from "debug";
+import Debug16 from "debug";
 import { existsSync } from "fs";
 import { createSpinner as createSpinner2 } from "nanospinner";
 import { type } from "os";
@@ -13478,7 +13478,7 @@ var cxOperatingSystemSupportMessage = `Your operating system does not support ch
 
 // src/utils/child_process.ts
 import cp from "child_process";
-import Debug14 from "debug";
+import Debug15 from "debug";
 import * as process2 from "process";
 function createFork({ args, processPath, name }, options) {
   const child = cp.fork(processPath, args, {
@@ -13496,16 +13496,16 @@ function createSpawn({ args, processPath, name, cwd }, options) {
   return createChildProcess({ childProcess: child, name }, options);
 }
 function createChildProcess({ childProcess, name }, options) {
-  const debug20 = Debug14(`mobbdev:${name}`);
+  const debug21 = Debug15(`mobbdev:${name}`);
   const { display } = options;
   return new Promise((resolve, reject) => {
     let out = "";
     const onData = (chunk) => {
-      debug20(`chunk received from ${name} std ${chunk}`);
+      debug21(`chunk received from ${name} std ${chunk}`);
       out += chunk;
     };
     if (!childProcess?.stdout || !childProcess?.stderr) {
-      debug20(`unable to fork ${name}`);
+      debug21(`unable to fork ${name}`);
       reject(new Error(`unable to fork ${name}`));
     }
     childProcess.stdout?.on("data", onData);
@@ -13515,18 +13515,18 @@ function createChildProcess({ childProcess, name }, options) {
       childProcess.stderr?.pipe(process2.stderr);
     }
     childProcess.on("exit", (code) => {
-      debug20(`${name} exit code ${code}`);
+      debug21(`${name} exit code ${code}`);
       resolve({ message: out, code });
     });
     childProcess.on("error", (err) => {
-      debug20(`${name} error %o`, err);
+      debug21(`${name} error %o`, err);
       reject(err);
     });
   });
 }
 
 // src/features/analysis/scanners/checkmarx.ts
-var debug15 = Debug15("mobbdev:checkmarx");
+var debug16 = Debug16("mobbdev:checkmarx");
 var moduleUrl;
 if (typeof __filename !== "undefined") {
   moduleUrl = __filename;
@@ -13585,14 +13585,14 @@ function validateCheckmarxInstallation() {
   existsSync(getCheckmarxPath());
 }
 async function forkCheckmarx(args, { display }) {
-  debug15("fork checkmarx with args %o %s", args.join(" "), display);
+  debug16("fork checkmarx with args %o %s", args.join(" "), display);
   return createSpawn(
     { args, processPath: getCheckmarxPath(), name: "checkmarx" },
     { display }
   );
 }
 async function getCheckmarxReport({ reportPath, repositoryRoot, branch, projectName }, { skipPrompts = false }) {
-  debug15("get checkmarx report start %s %s", reportPath, repositoryRoot);
+  debug16("get checkmarx report start %s %s", reportPath, repositoryRoot);
   const { code: loginCode } = await forkCheckmarx(VALIDATE_COMMAND, {
     display: false
   });
@@ -13660,10 +13660,10 @@ async function validateCheckamxCredentials() {
 // src/features/analysis/scanners/snyk.ts
 import { createRequire as createRequire2 } from "module";
 import chalk5 from "chalk";
-import Debug16 from "debug";
+import Debug17 from "debug";
 import { createSpinner as createSpinner3 } from "nanospinner";
 import open2 from "open";
-var debug16 = Debug16("mobbdev:snyk");
+var debug17 = Debug17("mobbdev:snyk");
 var moduleUrl2;
 if (typeof __filename !== "undefined") {
   moduleUrl2 = __filename;
@@ -13685,13 +13685,13 @@ if (typeof __filename !== "undefined") {
 var costumeRequire2 = createRequire2(moduleUrl2);
 var SNYK_PATH = costumeRequire2.resolve("snyk/bin/snyk");
 var SNYK_ARTICLE_URL = "https://docs.snyk.io/scan-using-snyk/snyk-code/configure-snyk-code#enable-snyk-code";
-debug16("snyk executable path %s", SNYK_PATH);
+debug17("snyk executable path %s", SNYK_PATH);
 async function forkSnyk(args, { display }) {
-  debug16("fork snyk with args %o %s", args, display);
+  debug17("fork snyk with args %o %s", args, display);
   return createFork({ args, processPath: SNYK_PATH, name: "snyk" }, { display });
 }
 async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
-  debug16("get snyk report start %s %s", reportPath, repoRoot);
+  debug17("get snyk report start %s %s", reportPath, repoRoot);
   const config2 = await forkSnyk(["config"], { display: false });
   const { message: configMessage } = config2;
   if (!configMessage.includes("api: ")) {
@@ -13705,7 +13705,7 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     snykLoginSpinner.update({
       text: "\u{1F513} Waiting for Snyk login to complete"
     });
-    debug16("no token in the config %s", config2);
+    debug17("no token in the config %s", config2);
     await forkSnyk(["auth"], { display: true });
     snykLoginSpinner.success({ text: "\u{1F513} Login to Snyk Successful" });
   }
@@ -13715,12 +13715,12 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
     { display: true }
   );
   if (scanOutput.includes("Snyk Code is not supported for org")) {
-    debug16("snyk code is not enabled %s", scanOutput);
+    debug17("snyk code is not enabled %s", scanOutput);
     snykSpinner.error({ text: "\u{1F50D} Snyk configuration needed" });
     const answer = await snykArticlePrompt();
-    debug16("answer %s", answer);
+    debug17("answer %s", answer);
     if (answer) {
-      debug16("opening the browser");
+      debug17("opening the browser");
       await open2(SNYK_ARTICLE_URL);
     }
     console.log(
@@ -13738,9 +13738,9 @@ async function getSnykReport(reportPath, repoRoot, { skipPrompts = false }) {
 init_client_generates();
 
 // src/features/analysis/upload-file.ts
-import Debug17 from "debug";
+import Debug18 from "debug";
 import fetch3, { File, fileFrom, FormData } from "node-fetch";
-var debug17 = Debug17("mobbdev:upload-file");
+var debug18 = Debug18("mobbdev:upload-file");
 async function uploadFile({
   file,
   url,
@@ -13753,9 +13753,9 @@ async function uploadFile({
   logInfo2(`FileUpload: upload file start ${url}`);
   logInfo2(`FileUpload: upload fields`, uploadFields);
   logInfo2(`FileUpload: upload key ${uploadKey}`);
-  debug17("upload file start %s", url);
-  debug17("upload fields %o", uploadFields);
-  debug17("upload key %s", uploadKey);
+  debug18("upload file start %s", url);
+  debug18("upload fields %o", uploadFields);
+  debug18("upload key %s", uploadKey);
   const form = new FormData();
   Object.entries(uploadFields).forEach(([key, value]) => {
     form.append(key, value);
@@ -13764,11 +13764,11 @@ async function uploadFile({
     form.append("key", uploadKey);
   }
   if (typeof file === "string") {
-    debug17("upload file from path %s", file);
+    debug18("upload file from path %s", file);
     logInfo2(`FileUpload: upload file from path ${file}`);
     form.append("file", await fileFrom(file));
   } else {
-    debug17("upload file from buffer");
+    debug18("upload file from buffer");
     logInfo2(`FileUpload: upload file from buffer`);
     form.append("file", new File([new Uint8Array(file)], "file"));
   }
@@ -13779,11 +13779,11 @@ async function uploadFile({
     agent
   });
   if (!response.ok) {
-    debug17("error from S3 %s %s", response.body, response.status);
+    debug18("error from S3 %s %s", response.body, response.status);
     logInfo2(`FileUpload: error from S3 ${response.body} ${response.status}`);
     throw new Error(`Failed to upload the file: ${response.status}`);
   }
-  debug17("upload file done");
+  debug18("upload file done");
   logInfo2(`FileUpload: upload file done`);
 }
 
@@ -13818,9 +13818,9 @@ async function downloadRepo({
 }) {
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   const repoSpinner = createSpinner5("\u{1F4BE} Downloading Repo").start();
-  debug18("download repo %s %s %s", repoUrl, dirname);
+  debug19("download repo %s %s %s", repoUrl, dirname);
   const zipFilePath = path9.join(dirname, "repo.zip");
-  debug18("download URL: %s auth headers: %o", downloadUrl, authHeaders);
+  debug19("download URL: %s auth headers: %o", downloadUrl, authHeaders);
   const response = await fetch4(downloadUrl, {
     method: "GET",
     headers: {
@@ -13828,7 +13828,7 @@ async function downloadRepo({
     }
   });
   if (!response.ok) {
-    debug18("SCM zipball request failed %s %s", response.body, response.status);
+    debug19("SCM zipball request failed %s %s", response.body, response.status);
     repoSpinner.error({ text: "\u{1F4BE} Repo download failed" });
     throw new Error(`Can't access ${chalk6.bold(repoUrl)}`);
   }
@@ -13842,7 +13842,7 @@ async function downloadRepo({
   if (!repoRoot) {
     throw new Error("Repo root not found");
   }
-  debug18("repo root %s", repoRoot);
+  debug19("repo root %s", repoRoot);
   repoSpinner.success({ text: "\u{1F4BE} Repo downloaded successfully" });
   return path9.join(dirname, repoRoot);
 }
@@ -13851,7 +13851,7 @@ var getReportUrl = ({
   projectId,
   fixReportId
 }) => `${WEB_APP_URL}/organization/${organizationId}/project/${projectId}/report/${fixReportId}`;
-var debug18 = Debug18("mobbdev:index");
+var debug19 = Debug19("mobbdev:index");
 async function runAnalysis(params, options) {
   const tmpObj = tmp2.dirSync({
     unsafeCleanup: true
@@ -13997,7 +13997,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     pullRequest,
     polling
   } = params;
-  debug18("start %s %s", dirname, repo);
+  debug19("start %s %s", dirname, repo);
   const { createSpinner: createSpinner5 } = Spinner2({ ci });
   skipPrompts = skipPrompts || ci;
   const gqlClient = await getAuthenticatedGQLClient({
@@ -14066,8 +14066,8 @@ async function _scan(params, { skipPrompts = false } = {}) {
     );
   }
   const { sha } = getReferenceDataRes.gitReference;
-  debug18("project id %s", projectId);
-  debug18("default branch %s", reference);
+  debug19("project id %s", projectId);
+  debug19("default branch %s", reference);
   if (command === "scan") {
     reportPath = await getReport(
       {
@@ -14395,7 +14395,7 @@ async function _digestReport({
       text: progressMassages.processingVulnerabilityReportSuccess
     });
     if (polling) {
-      debug18(
+      debug19(
         "[_digestReport] Using POLLING mode for analysis state updates (--polling flag enabled)"
       );
       console.log(
@@ -14410,7 +14410,7 @@ async function _digestReport({
         timeoutInMs: VUL_REPORT_DIGEST_TIMEOUT_MS
       });
     } else {
-      debug18(
+      debug19(
         "[_digestReport] Using WEBSOCKET mode for analysis state updates (default)"
       );
       console.log(
@@ -14474,7 +14474,7 @@ async function waitForAnaysisAndReviewPr({
     });
   };
   if (polling) {
-    debug18(
+    debug19(
       "[waitForAnaysisAndReviewPr] Using POLLING mode for analysis state updates"
     );
     console.log(
@@ -14488,7 +14488,7 @@ async function waitForAnaysisAndReviewPr({
       callbackStates: ["Finished" /* Finished */]
     });
   } else {
-    debug18(
+    debug19(
       "[waitForAnaysisAndReviewPr] Using WEBSOCKET mode for analysis state updates"
     );
     console.log(
@@ -15050,8 +15050,8 @@ var openRedaction = new OpenRedaction({
     "MONERO_ADDRESS",
     "RIPPLE_ADDRESS",
     // Medical Data (removed PRESCRIPTION_NUMBER - too broad, matches words containing "ription")
+    // Removed MEDICAL_RECORD_NUMBER - too broad, "MR" prefix matches "Merge Request" in SCM contexts (e.g. "MR branches" → "MR br****es")
     "NHS_NUMBER",
-    "MEDICAL_RECORD_NUMBER",
     "AUSTRALIAN_MEDICARE",
     "HEALTH_PLAN_NUMBER",
     "PATIENT_ID",
@@ -15095,10 +15095,10 @@ var openRedaction = new OpenRedaction({
     "DOCKER_AUTH",
     "KUBERNETES_SECRET",
     // Government & Legal
+    // Removed CLIENT_ID - too broad, "client" is ubiquitous in code (npm packages like @scope/client-*, class names like ClientSdkOptions)
     "POLICE_REPORT_NUMBER",
     "IMMIGRATION_NUMBER",
-    "COURT_REPORTER_LICENSE",
-    "CLIENT_ID"
+    "COURT_REPORTER_LICENSE"
   ]
 });
 function maskString(str, showStart = 2, showEnd = 2) {
@@ -15121,6 +15121,15 @@ async function sanitizeDataWithCounts(obj) {
         ...piiDetections.low
       ];
       for (const detection of allDetections) {
+        if (detection.type === "CREDIT_CARD") {
+          const start = detection.position[0];
+          const end = detection.position[1];
+          const charBefore = (start > 0 ? str[start - 1] : "") ?? "";
+          const charAfter = str[end] ?? "";
+          if (charBefore === "." || charBefore >= "0" && charBefore <= "9" || charAfter >= "0" && charAfter <= "9") {
+            continue;
+          }
+        }
         counts.detections.total++;
         if (detection.severity === "high") counts.detections.high++;
         else if (detection.severity === "medium") counts.detections.medium++;
@@ -16103,7 +16112,6 @@ var log = logger.log.bind(logger);
 // src/mcp/services/McpGQLClient.ts
 import crypto3 from "crypto";
 import { GraphQLClient as GraphQLClient2 } from "graphql-request";
-import { HttpsProxyAgent as HttpsProxyAgent2 } from "https-proxy-agent";
 import { v4 as uuidv42 } from "uuid";
 init_client_generates();
 init_configs();
@@ -16318,23 +16326,6 @@ var McpAuthService = class {
 };
 
 // src/mcp/services/McpGQLClient.ts
-function getProxyAgent2(url) {
-  try {
-    const parsedUrl = new URL(url);
-    const isHttp = parsedUrl.protocol === "http:";
-    const isHttps = parsedUrl.protocol === "https:";
-    const proxy = isHttps ? HTTPS_PROXY || HTTP_PROXY : isHttp ? HTTP_PROXY : null;
-    if (proxy) {
-      logDebug("[GraphQL] Using proxy for websocket subscriptions", { proxy });
-      return new HttpsProxyAgent2(proxy);
-    }
-  } catch (err) {
-    logDebug(`[GraphQL] Skipping proxy for ${url}`, {
-      error: err.message
-    });
-  }
-  return void 0;
-}
 var McpGQLClient = class {
   constructor(args) {
     __publicField(this, "client");
@@ -16351,6 +16342,7 @@ var McpGQLClient = class {
       headers: args.type === "apiKey" ? { [MCP_API_KEY_HEADER_NAME]: args.apiKey || "" } : {
         Authorization: `Bearer ${args.token}`
       },
+      fetch: fetchWithProxy,
       requestMiddleware: (request) => {
         const requestId = uuidv42();
         return {
@@ -16533,13 +16525,15 @@ var McpGQLClient = class {
             this._auth.type === "apiKey" ? {
               apiKey: this._auth.apiKey,
               type: "apiKey",
+              url: httpToWsUrl(this.apiUrl),
               timeoutInMs: params.timeoutInMs,
-              proxyAgent: getProxyAgent2(this.apiUrl)
+              proxyAgent: getProxyAgent(this.apiUrl)
             } : {
               token: this._auth.token,
               type: "token",
+              url: httpToWsUrl(this.apiUrl),
               timeoutInMs: params.timeoutInMs,
-              proxyAgent: getProxyAgent2(this.apiUrl)
+              proxyAgent: getProxyAgent(this.apiUrl)
             }
           );
         }
@@ -24732,13 +24726,13 @@ var parseArgs = async (args) => {
 };
 
 // src/index.ts
-var debug19 = Debug19("mobbdev:index");
+var debug20 = Debug20("mobbdev:index");
 async function run() {
   return parseArgs(hideBin(process.argv));
 }
 (async () => {
   try {
-    debug19("Bugsy CLI v%s running...", packageJson.version);
+    debug20("Bugsy CLI v%s running...", packageJson.version);
     await run();
     process.exit(0);
   } catch (err) {