mobbdev 1.2.29 → 1.2.33

package/dist/index.mjs

@@ -851,12 +851,15 @@ var init_client_generates = __esm({
 }
     `;
     AnalyzeCommitForExtensionAiBlameDocument = `
-    mutation AnalyzeCommitForExtensionAIBlame($repositoryURL: String!, $commitSha: String!, $organizationId: String!, $commitTimestamp: Timestamp) {
+    mutation AnalyzeCommitForExtensionAIBlame($repositoryURL: String!, $commitSha: String!, $organizationId: String!, $commitTimestamp: Timestamp, $commitAuthor: GitIdentityInput, $commitCommitter: GitIdentityInput, $commitCoAuthors: [GitIdentityInput!]) {
   analyzeCommitForAIBlame(
     repositoryURL: $repositoryURL
     commitSha: $commitSha
     organizationId: $organizationId
     commitTimestamp: $commitTimestamp
+    commitAuthor: $commitAuthor
+    commitCommitter: $commitCommitter
+    commitCoAuthors: $commitCoAuthors
   ) {
     __typename
     ... on ProcessAIBlameFinalResult {
@@ -2689,6 +2692,217 @@ var init_configs = __esm({
   }
 });
 
+// src/utils/blame/gitBlameTypes.ts
+import { z as z18 } from "zod";
+function parseCoAuthorValue(raw) {
+  const trimmed = raw.trim();
+  if (!trimmed) {
+    return null;
+  }
+  const openBracket = trimmed.lastIndexOf("<");
+  const closeBracket = trimmed.lastIndexOf(">");
+  if (openBracket === -1 || closeBracket === -1 || closeBracket < openBracket) {
+    return null;
+  }
+  const name = trimmed.slice(0, openBracket).trim();
+  const email = trimmed.slice(openBracket + 1, closeBracket).trim();
+  if (!name || !email) {
+    return null;
+  }
+  return { name, email };
+}
+function parseCommitLine(line) {
+  const parts = line.split("\0");
+  if (parts.length < 7) {
+    return null;
+  }
+  return {
+    sha: parts[0],
+    author: { name: parts[2], email: parts[1] },
+    committer: { name: parts[4], email: parts[3] },
+    coAuthors: parts.slice(7).map(parseCoAuthorValue).filter((v) => v !== null),
+    timestamp: parseInt(parts[5], 10),
+    message: parts[6]
+  };
+}
+var PrepareGitBlameMessageZ, PrepareGitBlameResponseMessageZ, CommitMetadataZ, LineToCommitMapZ, CommitMetadataMapZ, BlameInfoZ, LineRangeZ, PrContextZ, PrepareCommitBlameMessageZ, BlameLineInfoZ, FileBlameDataZ, ChunkFetchResultZ, FileBlameResponseEntryZ, CommitBlameDataZ, CommitInfoZ, GitIdentityZ, COMMIT_LOG_FORMAT, CommitDataZ, PrDiffDataZ, PrStatsZ, CommitsManifestZ, BlameLineEntryZ, BlameLinesDataZ, PrepareCommitBlameResponseMessageZ;
+var init_gitBlameTypes = __esm({
+  "src/utils/blame/gitBlameTypes.ts"() {
+    "use strict";
+    PrepareGitBlameMessageZ = z18.object({
+      reportId: z18.string(),
+      repoArchivePath: z18.string()
+    });
+    PrepareGitBlameResponseMessageZ = z18.object({
+      reportId: z18.string()
+    });
+    CommitMetadataZ = z18.object({
+      author: z18.string().optional(),
+      "author-mail": z18.string().optional(),
+      "author-time": z18.string().optional(),
+      "author-tz": z18.string().optional(),
+      committer: z18.string().optional(),
+      "committer-mail": z18.string().optional(),
+      "committer-time": z18.string().optional(),
+      "committer-tz": z18.string().optional(),
+      summary: z18.string().optional(),
+      filename: z18.string().optional()
+    });
+    LineToCommitMapZ = z18.record(z18.string(), z18.string());
+    CommitMetadataMapZ = z18.record(z18.string(), CommitMetadataZ);
+    BlameInfoZ = z18.object({
+      lineToCommit: LineToCommitMapZ,
+      commitMetadata: CommitMetadataMapZ
+    });
+    LineRangeZ = z18.object({
+      /** First line in chunk (1-indexed) */
+      start: z18.number(),
+      /** Last line in chunk (inclusive) */
+      end: z18.number()
+    });
+    PrContextZ = z18.object({
+      prNumber: z18.number(),
+      repositoryUrl: z18.string(),
+      organizationId: z18.string(),
+      userEmail: z18.string(),
+      source: z18.enum(["pr", "github"]),
+      githubContext: z18.object({
+        prNumber: z18.number(),
+        installationId: z18.number(),
+        repositoryURL: z18.string()
+      }).optional()
+    });
+    PrepareCommitBlameMessageZ = z18.object({
+      /** Commit blame request ID from database (for tracking and updating status) */
+      commitBlameRequestId: z18.string(),
+      /** Organization ID (for org-scoped caching) */
+      organizationId: z18.string(),
+      /** Full repository URL (e.g., https://github.com/org/repo) */
+      repositoryUrl: z18.string(),
+      /** Commit SHA to analyze (typically PR head commit) */
+      commitSha: z18.string(),
+      /** Authentication headers for repository access (e.g., GitHub token) */
+      extraHeaders: z18.record(z18.string(), z18.string()).default({}),
+      // --- PR analysis fields ---
+      /** Target branch name (from getPr() base.ref). When set, enables PR analysis mode. */
+      targetBranch: z18.string().optional(),
+      /** Context for triggering blame attribution analysis after SCM agent completes. */
+      prContext: PrContextZ.optional(),
+      /** User email for blame attribution analysis trigger context (used for both PR and single commit flows). */
+      userEmail: z18.string().optional()
+    });
+    BlameLineInfoZ = z18.object({
+      /** Line number as it appeared in the introducing commit */
+      originalLineNumber: z18.number(),
+      /** Commit SHA that introduced this line */
+      commitSha: z18.string(),
+      /** Author name for this line */
+      authorName: z18.string().optional(),
+      /** Author email for this line */
+      authorEmail: z18.string().optional()
+    }).nullable();
+    FileBlameDataZ = z18.array(BlameLineInfoZ);
+    ChunkFetchResultZ = z18.object({
+      filePath: z18.string(),
+      lines: z18.array(z18.number()),
+      data: FileBlameDataZ.nullable()
+    });
+    FileBlameResponseEntryZ = z18.object({
+      /** Chunk index (0 for small files, 0-N for large file chunks) */
+      chunkIndex: z18.number(),
+      /** Blame data array (1-indexed, index 0 is null) */
+      blameData: FileBlameDataZ
+    });
+    CommitBlameDataZ = z18.record(
+      z18.string(),
+      // fileName
+      z18.array(FileBlameResponseEntryZ)
+    );
+    CommitInfoZ = z18.object({
+      /** Number of parent commits (1 = normal commit, 2+ = merge commit, null = failed to determine) */
+      parentCount: z18.number().nullable()
+    });
+    GitIdentityZ = z18.object({
+      name: z18.string(),
+      email: z18.string()
+    });
+    COMMIT_LOG_FORMAT = "%H%x00%ae%x00%an%x00%ce%x00%cn%x00%at%x00%s%x00%(trailers:key=Co-authored-by,valueonly,separator=%x00)";
+    CommitDataZ = z18.object({
+      diff: z18.string(),
+      author: GitIdentityZ,
+      committer: GitIdentityZ,
+      coAuthors: z18.array(GitIdentityZ),
+      timestamp: z18.number(),
+      // Unix timestamp in seconds
+      message: z18.string().optional(),
+      parentCount: z18.number().nullable()
+    });
+    PrDiffDataZ = z18.object({
+      diff: z18.string()
+    });
+    PrStatsZ = z18.object({
+      additions: z18.number(),
+      deletions: z18.number()
+    });
+    CommitsManifestZ = z18.object({
+      commits: z18.array(z18.string())
+      // Array of commit SHAs in order
+    });
+    BlameLineEntryZ = z18.object({
+      file: z18.string(),
+      line: z18.number(),
+      originalCommitSha: z18.string(),
+      originalLineNumber: z18.number()
+    });
+    BlameLinesDataZ = z18.object({
+      lines: z18.array(BlameLineEntryZ)
+    });
+    PrepareCommitBlameResponseMessageZ = z18.object({
+      /** Commit blame request ID (matches request, used to update specific DB record) */
+      commitBlameRequestId: z18.string(),
+      /** Organization ID (matches request) */
+      organizationId: z18.string(),
+      /** Repository URL (matches request) */
+      repositoryUrl: z18.string(),
+      /** Commit SHA analyzed (matches request) */
+      commitSha: z18.string(),
+      /** Processing status */
+      status: z18.enum(["success", "failure"]),
+      /** Error message (only present if status is 'failure') */
+      error: z18.string().optional(),
+      /**
+       * Blame data for all processed files/chunks.
+       * Empty dictionary if status is 'failure'.
+       * Contains line mappings as arrays if status is 'success'.
+       */
+      blameData: CommitBlameDataZ,
+      /**
+       * Info about each commit referenced in the blame data plus the head commit.
+       * Keyed by commit SHA, deduplicated.
+       * Empty dictionary if status is 'failure'.
+       */
+      commits: z18.record(z18.string(), CommitInfoZ).default({}),
+      // --- New PR diff computation response fields ---
+      /** S3 paths for commit-level data (commitSha → S3 key). Present in PR analysis mode and single commit mode. */
+      commitDataS3Paths: z18.record(z18.string(), z18.string()).optional(),
+      /** S3 key for PR diff JSON. Present in PR analysis mode. */
+      prDiffS3Path: z18.string().optional(),
+      /** S3 key for commits manifest. Present in PR analysis mode. */
+      commitsManifestS3Path: z18.string().optional(),
+      /** S3 key for per-line targeted blame data. Present in PR analysis mode. */
+      blameLinesS3Path: z18.string().optional(),
+      /** S3 key for PR stats (additions/deletions). Present in PR analysis mode. */
+      prStatsS3Path: z18.string().optional(),
+      /** PR context passed through from request for response handler. */
+      prContext: PrContextZ.optional(),
+      /** PR title from the request metadata (passed through). */
+      prTitle: z18.string().optional(),
+      /** User email passed through from request for single commit blame attribution analysis trigger. */
+      userEmail: z18.string().optional()
+    });
+  }
+});
+
 // src/features/analysis/scm/services/ExcludedDirs.ts
 var EXCLUDED_DIRS;
 var init_ExcludedDirs = __esm({
@@ -3361,6 +3575,7 @@ var init_GitService = __esm({
   "src/features/analysis/scm/services/GitService.ts"() {
     "use strict";
     init_configs();
+    init_gitBlameTypes();
     init_urlParser2();
     init_FileUtils();
     MAX_COMMIT_DIFF_SIZE_BYTES = 3 * 1024 * 1024;
@@ -3857,7 +4072,7 @@ ${rootContent}`;
           const DIFF_DELIMITER = "---MOBB_DIFF_START---";
           const output = await this.git.show([
             commitSha,
-            `--format=%cI%n${DIFF_DELIMITER}`,
+            `--format=${COMMIT_LOG_FORMAT}%n${DIFF_DELIMITER}`,
             "--patch"
           ]);
           const delimiterIndex = output.indexOf(DIFF_DELIMITER);
@@ -3878,16 +4093,16 @@ ${rootContent}`;
             });
             return null;
           }
-          const metadataLines = metadataOutput.trim().split("\n");
-          if (metadataLines.length < 1 || !metadataLines[0]) {
+          const metadataLine = metadataOutput.trim();
+          const parsed = parseCommitLine(metadataLine);
+          if (!parsed) {
             this.log("[GitService] Unexpected metadata format", "warning", {
               commitSha,
-              metadataLines
+              metadataLine
             });
             return null;
           }
-          const timestampStr = metadataLines[0];
-          const timestamp = new Date(timestampStr);
+          const timestamp = new Date(parsed.timestamp * 1e3);
           this.log("[GitService] Local commit data retrieved", "debug", {
             commitSha,
             diffSizeBytes,
@@ -3895,7 +4110,10 @@ ${rootContent}`;
           });
           return {
             diff,
-            timestamp
+            timestamp,
+            author: parsed.author,
+            committer: parsed.committer,
+            coAuthors: parsed.coAuthors
           };
         } catch (error) {
           const errorMessage = `Failed to get local commit data: ${error.message}`;
@@ -7357,6 +7575,9 @@ var AdoSCMLib = class extends SCMLib {
   async getSubmitRequestMetadata(_submitRequestId) {
     throw new Error("getSubmitRequestMetadata not implemented for ADO");
   }
+  async getPrFiles(_prNumber) {
+    throw new Error("getPrFiles not implemented for ADO");
+  }
   async searchSubmitRequests(_params) {
     throw new Error("searchSubmitRequests not implemented for ADO");
   }
@@ -7381,34 +7602,34 @@ import querystring2 from "querystring";
 import * as bitbucketPkgNode from "bitbucket";
 import bitbucketPkg from "bitbucket";
 import Debug2 from "debug";
-import { z as z19 } from "zod";
+import { z as z20 } from "zod";
 
 // src/features/analysis/scm/bitbucket/validation.ts
-import { z as z18 } from "zod";
-var BitbucketAuthResultZ = z18.object({
-  access_token: z18.string(),
-  token_type: z18.string(),
-  refresh_token: z18.string()
+import { z as z19 } from "zod";
+var BitbucketAuthResultZ = z19.object({
+  access_token: z19.string(),
+  token_type: z19.string(),
+  refresh_token: z19.string()
 });
 
 // src/features/analysis/scm/bitbucket/bitbucket.ts
 var debug2 = Debug2("scm:bitbucket");
 var BITBUCKET_HOSTNAME = "bitbucket.org";
-var TokenExpiredErrorZ = z19.object({
-  status: z19.number(),
-  error: z19.object({
-    type: z19.string(),
-    error: z19.object({
-      message: z19.string()
+var TokenExpiredErrorZ = z20.object({
+  status: z20.number(),
+  error: z20.object({
+    type: z20.string(),
+    error: z20.object({
+      message: z20.string()
     })
   })
 });
 var BITBUCKET_ACCESS_TOKEN_URL = `https://${BITBUCKET_HOSTNAME}/site/oauth2/access_token`;
 var MAX_BITBUCKET_PR_BODY_LENGTH = 32768;
-var BitbucketParseResultZ = z19.object({
-  organization: z19.string(),
-  repoName: z19.string(),
-  hostname: z19.literal(BITBUCKET_HOSTNAME)
+var BitbucketParseResultZ = z20.object({
+  organization: z20.string(),
+  repoName: z20.string(),
+  hostname: z20.literal(BITBUCKET_HOSTNAME)
 });
 function parseBitbucketOrganizationAndRepo(bitbucketUrl) {
   const parsedGitHubUrl = normalizeUrl(bitbucketUrl);
@@ -7468,7 +7689,7 @@ function getBitbucketSdk(params) {
       if (!res.data.values) {
         return [];
       }
-      return res.data.values.filter((branch) => !!branch.name).map((branch) => z19.string().parse(branch.name));
+      return res.data.values.filter((branch) => !!branch.name).map((branch) => z20.string().parse(branch.name));
     },
     async getIsUserCollaborator(params2) {
       const { repoUrl } = params2;
@@ -7583,7 +7804,7 @@ function getBitbucketSdk(params) {
       return GetReferenceResultZ.parse({
         sha: tagRes.data.target?.hash,
         type: "TAG" /* TAG */,
-        date: new Date(z19.string().parse(tagRes.data.target?.date))
+        date: new Date(z20.string().parse(tagRes.data.target?.date))
       });
     },
     async getBranchRef(params2) {
@@ -7591,7 +7812,7 @@ function getBitbucketSdk(params) {
       return GetReferenceResultZ.parse({
         sha: getBranchRes.target?.hash,
         type: "BRANCH" /* BRANCH */,
-        date: new Date(z19.string().parse(getBranchRes.target?.date))
+        date: new Date(z20.string().parse(getBranchRes.target?.date))
       });
     },
     async getCommitRef(params2) {
@@ -7599,13 +7820,13 @@ function getBitbucketSdk(params) {
       return GetReferenceResultZ.parse({
         sha: getCommitRes.hash,
         type: "COMMIT" /* COMMIT */,
-        date: new Date(z19.string().parse(getCommitRes.date))
+        date: new Date(z20.string().parse(getCommitRes.date))
       });
     },
     async getDownloadUrl({ url, sha }) {
       this.getReferenceData({ ref: sha, url });
       const repoRes = await this.getRepo({ repoUrl: url });
-      const parsedRepoUrl = z19.string().url().parse(repoRes.links?.html?.href);
+      const parsedRepoUrl = z20.string().url().parse(repoRes.links?.html?.href);
       return `${parsedRepoUrl}/get/${sha}.zip`;
     },
     async getPullRequest(params2) {
@@ -7670,7 +7891,7 @@ async function validateBitbucketParams(params) {
 }
 async function getUsersWorkspacesSlugs(bitbucketClient) {
   const res = await bitbucketClient.workspaces.getWorkspaces({});
-  return res.data.values?.map((v) => z19.string().parse(v.slug));
+  return res.data.values?.map((v) => z20.string().parse(v.slug));
 }
 async function getAllUsersRepositories(bitbucketClient) {
   const userWorkspacesSlugs = await getUsersWorkspacesSlugs(bitbucketClient);
@@ -7698,10 +7919,10 @@ async function getRepositoriesByWorkspace(bitbucketClient, { workspaceSlug }) {
 
 // src/features/analysis/scm/bitbucket/BitbucketSCMLib.ts
 import { setTimeout as setTimeout3 } from "timers/promises";
-import { z as z20 } from "zod";
+import { z as z21 } from "zod";
 function getUserAndPassword(token) {
   const [username, password] = token.split(":");
-  const safePasswordAndUsername = z20.object({ username: z20.string(), password: z20.string() }).parse({ username, password });
+  const safePasswordAndUsername = z21.object({ username: z21.string(), password: z21.string() }).parse({ username, password });
   return {
     username: safePasswordAndUsername.username,
     password: safePasswordAndUsername.password
@@ -7773,7 +7994,7 @@ var BitbucketSCMLib = class extends SCMLib {
         return { username, password, authType };
       }
       case "token": {
-        return { authType, token: z20.string().parse(this.accessToken) };
+        return { authType, token: z21.string().parse(this.accessToken) };
       }
       case "public":
         return { authType };
@@ -7787,7 +8008,7 @@ var BitbucketSCMLib = class extends SCMLib {
           ...params,
           repoUrl: this.url
         });
-        return String(z20.number().parse(pullRequestRes.id));
+        return String(z21.number().parse(pullRequestRes.id));
       } catch (e) {
         console.warn(
           `error creating pull request for BB. Try number ${String(i + 1).replace(/\n|\r/g, "")}`,
@@ -7872,7 +8093,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getUsername() {
     this._validateAccessToken();
     const res = await this.bitbucketSdk.getUser();
-    return z20.string().parse(res["username"]);
+    return z21.string().parse(res["username"]);
   }
   async getSubmitRequestStatus(_scmSubmitRequestId) {
     this._validateAccessTokenAndUrl();
@@ -7898,7 +8119,7 @@ var BitbucketSCMLib = class extends SCMLib {
   async getRepoDefaultBranch() {
     this._validateUrl();
     const repoRes = await this.bitbucketSdk.getRepo({ repoUrl: this.url });
-    return z20.string().parse(repoRes.mainbranch?.name);
+    return z21.string().parse(repoRes.mainbranch?.name);
   }
   getSubmitRequestUrl(submitRequestId) {
     this._validateUrl();
@@ -7936,6 +8157,9 @@ var BitbucketSCMLib = class extends SCMLib {
   async getSubmitRequestMetadata(_submitRequestId) {
     throw new Error("getSubmitRequestMetadata not implemented for Bitbucket");
   }
+  async getPrFiles(_prNumber) {
+    throw new Error("getPrFiles not implemented for Bitbucket");
+  }
   async searchSubmitRequests(_params) {
     throw new Error("searchSubmitRequests not implemented for Bitbucket");
   }
@@ -7964,7 +8188,7 @@ var REPORT_DEFAULT_FILE_NAME = "report.json";
 init_env();
 
 // src/features/analysis/scm/github/GithubSCMLib.ts
-import { z as z21 } from "zod";
+import { z as z22 } from "zod";
 init_client_generates();
 
 // src/features/analysis/scm/utils/cursorValidation.ts
@@ -8949,7 +9173,7 @@ var GithubSCMLib = class extends SCMLib {
       owner,
       repo
     });
-    return z21.string().parse(prRes.data);
+    return z22.string().parse(prRes.data);
   }
   async getRepoList(_scmOrg) {
     this._validateAccessToken();
@@ -9137,6 +9361,19 @@ var GithubSCMLib = class extends SCMLib {
       headCommitSha: pr.head.sha
     };
   }
+  async getPrFiles(prNumber) {
+    this._validateAccessTokenAndUrl();
+    const { owner, repo } = parseGithubOwnerAndRepo(this.url);
+    const filesRes = await this.githubSdk.listPRFiles({
+      owner,
+      repo,
+      pull_number: prNumber
+    });
+    return filesRes.data.filter((file) => {
+      const status = file.status;
+      return status === "added" || status === "modified" || status === "renamed" && file.changes > 0 || status === "copied" && file.changes > 0;
+    }).map((file) => file.filename);
+  }
   /**
    * Override searchSubmitRequests to use GitHub's Search API for efficient pagination.
    * This is much faster than fetching all PRs and filtering in-memory.
@@ -9402,11 +9639,11 @@ var contextLogger = {
 init_env();
 
 // src/features/analysis/scm/gitlab/types.ts
-import { z as z22 } from "zod";
-var GitlabAuthResultZ = z22.object({
-  access_token: z22.string(),
-  token_type: z22.string(),
-  refresh_token: z22.string()
+import { z as z23 } from "zod";
+var GitlabAuthResultZ = z23.object({
+  access_token: z23.string(),
+  token_type: z23.string(),
+  refresh_token: z23.string()
 });
 
 // src/features/analysis/scm/gitlab/gitlab.ts
@@ -10273,6 +10510,9 @@ var GitlabSCMLib = class extends SCMLib {
       headCommitSha: mr.sha
     };
   }
+  async getPrFiles(_prNumber) {
+    throw new Error("getPrFiles not implemented for GitLab");
+  }
   async searchSubmitRequests(params) {
     this._validateAccessTokenAndUrl();
     const page = parseCursorSafe(params.cursor, 1);
@@ -10442,7 +10682,7 @@ var GitlabSCMLib = class extends SCMLib {
 };
 
 // src/features/analysis/scm/scmFactory.ts
-import { z as z23 } from "zod";
+import { z as z24 } from "zod";
 
 // src/features/analysis/scm/StubSCMLib.ts
 var StubSCMLib = class extends SCMLib {
@@ -10534,6 +10774,10 @@ var StubSCMLib = class extends SCMLib {
   async getSubmitRequestMetadata(_submitRequestId) {
     throw new Error("getSubmitRequestMetadata() not implemented");
   }
+  async getPrFiles(_prNumber) {
+    console.warn("getPrFiles() returning empty array");
+    return [];
+  }
   async getPullRequestMetrics(_prNumber) {
     console.warn("getPullRequestMetrics() returning empty object");
     throw new Error("getPullRequestMetrics() not implemented");
@@ -10579,7 +10823,7 @@ async function createScmLib({ url, accessToken, scmType, scmOrg }, { propagateEx
     if (e instanceof InvalidRepoUrlError && url) {
       throw new RepoNoTokenAccessError(
         "no access to repo",
-        scmLibScmTypeToScmType[z23.nativeEnum(ScmLibScmType).parse(scmType)]
+        scmLibScmTypeToScmType[z24.nativeEnum(ScmLibScmType).parse(scmType)]
       );
     }
     console.error(`error validating scm: ${scmType} `, e);
@@ -11169,7 +11413,7 @@ import path6 from "path";
 import chalk from "chalk";
 import Debug4 from "debug";
 import * as dotenv from "dotenv";
-import { z as z24 } from "zod";
+import { z as z25 } from "zod";
 var debug5 = Debug4("mobbdev:constants");
 var runtimeConfigPath = path6.join(
   getModuleRootDir(),
@@ -11214,17 +11458,17 @@ var scannerToVulnerabilityReportVendorEnum = {
   [SCANNERS.Semgrep]: "semgrep" /* Semgrep */,
   [SCANNERS.Datadog]: "datadog" /* Datadog */
 };
-var SupportedScannersZ = z24.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
-var envVariablesSchema = z24.object({
+var SupportedScannersZ = z25.enum([SCANNERS.Checkmarx, SCANNERS.Snyk]);
+var envVariablesSchema = z25.object({
   // These have safe defaults for production - the VS Code extension passes explicit URLs
-  WEB_APP_URL: z24.string().optional().default(DEFAULT_WEB_APP_URL),
-  API_URL: z24.string().optional().default(DEFAULT_API_URL),
+  WEB_APP_URL: z25.string().optional().default(DEFAULT_WEB_APP_URL),
+  API_URL: z25.string().optional().default(DEFAULT_API_URL),
   // These are only needed for local development with Hasura
-  HASURA_ACCESS_KEY: z24.string().optional().default(""),
-  LOCAL_GRAPHQL_ENDPOINT: z24.string().optional().default(""),
+  HASURA_ACCESS_KEY: z25.string().optional().default(""),
+  LOCAL_GRAPHQL_ENDPOINT: z25.string().optional().default(""),
   // Proxy settings
-  HTTP_PROXY: z24.string().optional().default(""),
-  HTTPS_PROXY: z24.string().optional().default("")
+  HTTP_PROXY: z25.string().optional().default(""),
+  HTTPS_PROXY: z25.string().optional().default("")
 });
 var envVariables = envVariablesSchema.parse(process.env);
 debug5("config %o", envVariables);
@@ -11475,7 +11719,7 @@ import { createSpinner as createSpinner4 } from "nanospinner";
 import fetch4 from "node-fetch";
 import open3 from "open";
 import tmp2 from "tmp";
-import { z as z29 } from "zod";
+import { z as z30 } from "zod";
 
 // src/commands/handleMobbLogin.ts
 import chalk3 from "chalk";
@@ -11763,62 +12007,62 @@ init_client_generates();
 
 // src/features/analysis/graphql/types.ts
 init_client_generates();
-import { z as z25 } from "zod";
-var VulnerabilityReportIssueCodeNodeZ = z25.object({
-  vulnerabilityReportIssueId: z25.string(),
-  path: z25.string(),
-  startLine: z25.number(),
-  vulnerabilityReportIssue: z25.object({
-    fixId: z25.string(),
-    category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
-    safeIssueType: z25.string(),
-    vulnerabilityReportIssueTags: z25.array(
-      z25.object({
-        tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+import { z as z26 } from "zod";
+var VulnerabilityReportIssueCodeNodeZ = z26.object({
+  vulnerabilityReportIssueId: z26.string(),
+  path: z26.string(),
+  startLine: z26.number(),
+  vulnerabilityReportIssue: z26.object({
+    fixId: z26.string(),
+    category: z26.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
+    safeIssueType: z26.string(),
+    vulnerabilityReportIssueTags: z26.array(
+      z26.object({
+        tag: z26.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
       })
     )
   })
 });
-var VulnerabilityReportIssueNoFixCodeNodeZ = z25.object({
-  vulnerabilityReportIssues: z25.array(
-    z25.object({
-      id: z25.string(),
-      fixId: z25.string().nullable(),
-      category: z25.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
-      safeIssueType: z25.string(),
-      fpId: z25.string().uuid().nullable(),
-      codeNodes: z25.array(
-        z25.object({
-          path: z25.string(),
-          startLine: z25.number()
+var VulnerabilityReportIssueNoFixCodeNodeZ = z26.object({
+  vulnerabilityReportIssues: z26.array(
+    z26.object({
+      id: z26.string(),
+      fixId: z26.string().nullable(),
+      category: z26.nativeEnum(Vulnerability_Report_Issue_Category_Enum),
+      safeIssueType: z26.string(),
+      fpId: z26.string().uuid().nullable(),
+      codeNodes: z26.array(
+        z26.object({
+          path: z26.string(),
+          startLine: z26.number()
         })
       ),
-      vulnerabilityReportIssueTags: z25.array(
-        z25.object({
-          tag: z25.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
+      vulnerabilityReportIssueTags: z26.array(
+        z26.object({
+          tag: z26.nativeEnum(Vulnerability_Report_Issue_Tag_Enum)
         })
       )
     })
   )
 });
-var GetVulByNodesMetadataZ = z25.object({
-  vulnerabilityReportIssueCodeNodes: z25.array(VulnerabilityReportIssueCodeNodeZ),
-  nonFixablePrVuls: z25.object({
-    aggregate: z25.object({
-      count: z25.number()
+var GetVulByNodesMetadataZ = z26.object({
+  vulnerabilityReportIssueCodeNodes: z26.array(VulnerabilityReportIssueCodeNodeZ),
+  nonFixablePrVuls: z26.object({
+    aggregate: z26.object({
+      count: z26.number()
     })
   }),
-  fixablePrVuls: z25.object({
-    aggregate: z25.object({
-      count: z25.number()
+  fixablePrVuls: z26.object({
+    aggregate: z26.object({
+      count: z26.number()
     })
   }),
-  totalScanVulnerabilities: z25.object({
-    aggregate: z25.object({
-      count: z25.number()
+  totalScanVulnerabilities: z26.object({
+    aggregate: z26.object({
+      count: z26.number()
     })
   }),
-  irrelevantVulnerabilityReportIssue: z25.array(
+  irrelevantVulnerabilityReportIssue: z26.array(
     VulnerabilityReportIssueNoFixCodeNodeZ
   )
 });
@@ -12595,7 +12839,7 @@ import Debug11 from "debug";
 // src/features/analysis/add_fix_comments_for_pr/utils/utils.ts
 import Debug10 from "debug";
 import parseDiff from "parse-diff";
-import { z as z27 } from "zod";
+import { z as z28 } from "zod";
 
 // src/features/analysis/utils/by_key.ts
 function keyBy(array, keyBy2) {
@@ -12683,7 +12927,7 @@ var scannerToFriendlyString = {
 
 // src/features/analysis/add_fix_comments_for_pr/utils/buildCommentBody.ts
 import Debug9 from "debug";
-import { z as z26 } from "zod";
+import { z as z27 } from "zod";
 init_client_generates();
 var debug10 = Debug9("mobbdev:handle-finished-analysis");
 var getCommitFixButton = (commitUrl) => `<a href="${commitUrl}"><img src=${COMMIT_FIX_SVG}></a>`;
@@ -12737,11 +12981,11 @@ function buildFixCommentBody({
   });
   const issueType = getIssueTypeFriendlyString(fix.safeIssueType);
   const title = `# ${MobbIconMarkdown} ${issueType} fix is ready`;
-  const validFixParseRes = z26.object({
+  const validFixParseRes = z27.object({
     patchAndQuestions: PatchAndQuestionsZ,
-    safeIssueLanguage: z26.nativeEnum(IssueLanguage_Enum),
-    severityText: z26.nativeEnum(Vulnerability_Severity_Enum),
-    safeIssueType: z26.nativeEnum(IssueType_Enum)
+    safeIssueLanguage: z27.nativeEnum(IssueLanguage_Enum),
+    severityText: z27.nativeEnum(Vulnerability_Severity_Enum),
+    safeIssueType: z27.nativeEnum(IssueType_Enum)
   }).safeParse(fix);
   if (!validFixParseRes.success) {
     debug10(
@@ -12975,7 +13219,7 @@ async function getRelevantVulenrabilitiesFromDiff(params) {
     });
     const lineAddedRanges = calculateRanges(fileNumbers);
     const fileFilter = {
-      path: z27.string().parse(file.to),
+      path: z28.string().parse(file.to),
       ranges: lineAddedRanges.map(([startLine, endLine]) => ({
         endLine,
         startLine
@@ -13287,15 +13531,15 @@ import { globby } from "globby";
 import { isBinary as isBinary2 } from "istextorbinary";
 import { simpleGit as simpleGit3 } from "simple-git";
 import { parseStringPromise } from "xml2js";
-import { z as z28 } from "zod";
+import { z as z29 } from "zod";
 var debug15 = Debug14("mobbdev:pack");
-var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z28.object({
-  properties: z28.object({
-    entry: z28.array(
-      z28.object({
-        _: z28.string(),
-        $: z28.object({
-          key: z28.string()
+var FPR_SOURCE_CODE_FILE_MAPPING_SCHEMA = z29.object({
+  properties: z29.object({
+    entry: z29.array(
+      z29.object({
+        _: z29.string(),
+        $: z29.object({
+          key: z29.string()
         })
       })
     )
@@ -14117,7 +14361,7 @@ async function _scan(params, { skipPrompts = false } = {}) {
     spinner: mobbSpinner,
     submitVulnerabilityReportVariables: {
       fixReportId: reportUploadInfo.fixReportId,
-      repoUrl: z29.string().parse(repo),
+      repoUrl: z30.string().parse(repo),
       reference,
       projectId,
       vulnerabilityReportFileName: shouldScan ? void 0 : REPORT_DEFAULT_FILE_NAME,
@@ -14450,9 +14694,9 @@ async function waitForAnaysisAndReviewPr({
   gqlClient,
   polling
 }) {
-  const params = z29.object({
-    repo: z29.string().url(),
-    githubActionToken: z29.string()
+  const params = z30.object({
+    repo: z30.string().url(),
+    githubActionToken: z30.string()
   }).parse({ repo, githubActionToken });
   const scm = await createScmLib(
     {
@@ -14470,7 +14714,7 @@ async function waitForAnaysisAndReviewPr({
       analysisId: analysisId2,
       gqlClient,
       scm,
-      scanner: z29.nativeEnum(SCANNERS).parse(scanner)
+      scanner: z30.nativeEnum(SCANNERS).parse(scanner)
     });
   };
   if (polling) {
@@ -14784,7 +15028,7 @@ async function scanSkill(options) {
 // src/args/validation.ts
 import chalk8 from "chalk";
 import path11 from "path";
-import { z as z30 } from "zod";
+import { z as z31 } from "zod";
 function throwRepoUrlErrorMessage({
   error,
   repoUrl,
@@ -14801,11 +15045,11 @@ Example:
   )}`;
   throw new CliError(formattedErrorMessage);
 }
-var UrlZ = z30.string({
+var UrlZ = z31.string({
   invalid_type_error: `is not a valid ${Object.values(ScmType).join("/ ")} URL`
 });
 function validateOrganizationId(organizationId) {
-  const orgIdValidation = z30.string().uuid().nullish().safeParse(organizationId);
+  const orgIdValidation = z31.string().uuid().nullish().safeParse(organizationId);
   if (!orgIdValidation.success) {
     throw new CliError(`organizationId: ${organizationId} is not a valid UUID`);
   }
@@ -14913,7 +15157,7 @@ async function analyzeHandler(args) {
 }
 
 // src/features/claude_code/data_collector.ts
-import { z as z32 } from "zod";
+import { z as z33 } from "zod";
 
 // src/args/commands/upload_ai_blame.ts
 import fsPromises3 from "fs/promises";
@@ -14921,7 +15165,7 @@ import * as os3 from "os";
 import path12 from "path";
 import chalk10 from "chalk";
 import { withFile } from "tmp-promise";
-import z31 from "zod";
+import z32 from "zod";
 init_client_generates();
 init_GitService();
 init_urlParser2();
@@ -15020,7 +15264,8 @@ import { OpenRedaction } from "@openredaction/openredaction";
 var openRedaction = new OpenRedaction({
   patterns: [
     // Core Personal Data
-    "EMAIL",
+    // Removed EMAIL - causes false positives in code/test snippets (e.g. --author="Eve Author <eve@example.com>")
+    // Prefer false negatives over false positives for this use case.
     "SSN",
     "NATIONAL_INSURANCE_UK",
     "DATE_OF_BIRTH",
@@ -15035,7 +15280,8 @@ var openRedaction = new OpenRedaction({
     "VISA_MRZ",
     "TAX_ID",
     // Financial Data (removed SWIFT_BIC, CARD_AUTH_CODE - too broad, causing false positives with authentication words)
-    "CREDIT_CARD",
+    // Removed CREDIT_CARD - causes false positives on zero-filled UUIDs (e.g. '00000000-0000-0000-0000-000000000000')
+    // Prefer false negatives over false positives for this use case.
     "IBAN",
     "BANK_ACCOUNT_UK",
     "ROUTING_NUMBER_US",
@@ -15121,15 +15367,6 @@ async function sanitizeDataWithCounts(obj) {
         ...piiDetections.low
       ];
       for (const detection of allDetections) {
-        if (detection.type === "CREDIT_CARD") {
-          const start = detection.position[0];
-          const end = detection.position[1];
-          const charBefore = (start > 0 ? str[start - 1] : "") ?? "";
-          const charAfter = str[end] ?? "";
-          if (charBefore === "." || charBefore >= "0" && charBefore <= "9" || charAfter >= "0" && charAfter <= "9") {
-            continue;
-          }
-        }
         counts.detections.total++;
         if (detection.severity === "high") counts.detections.high++;
         else if (detection.severity === "medium") counts.detections.medium++;
@@ -15182,8 +15419,8 @@ var defaultLogger2 = {
     }
   }
 };
-var PromptItemZ = z31.object({
-  type: z31.enum([
+var PromptItemZ = z32.object({
+  type: z32.enum([
     "USER_PROMPT",
     "AI_RESPONSE",
     "TOOL_EXECUTION",
@@ -15191,32 +15428,32 @@ var PromptItemZ = z31.object({
     "MCP_TOOL_CALL"
     // MCP (Model Context Protocol) tool invocation
   ]),
-  attachedFiles: z31.array(
-    z31.object({
-      relativePath: z31.string(),
-      startLine: z31.number().optional()
+  attachedFiles: z32.array(
+    z32.object({
+      relativePath: z32.string(),
+      startLine: z32.number().optional()
     })
   ).optional(),
-  tokens: z31.object({
-    inputCount: z31.number(),
-    outputCount: z31.number()
+  tokens: z32.object({
+    inputCount: z32.number(),
+    outputCount: z32.number()
   }).optional(),
-  text: z31.string().optional(),
-  date: z31.date().optional(),
-  tool: z31.object({
-    name: z31.string(),
-    parameters: z31.string(),
-    result: z31.string(),
-    rawArguments: z31.string().optional(),
-    accepted: z31.boolean().optional(),
+  text: z32.string().optional(),
+  date: z32.date().optional(),
+  tool: z32.object({
+    name: z32.string(),
+    parameters: z32.string(),
+    result: z32.string(),
+    rawArguments: z32.string().optional(),
+    accepted: z32.boolean().optional(),
     // MCP-specific fields (only populated for MCP_TOOL_CALL type)
-    mcpServer: z31.string().optional(),
+    mcpServer: z32.string().optional(),
     // MCP server name (e.g., "datadog", "mobb-mcp")
-    mcpToolName: z31.string().optional()
+    mcpToolName: z32.string().optional()
     // MCP tool name without prefix (e.g., "scan_and_fix_vulnerabilities")
   }).optional()
 });
-var PromptItemArrayZ = z31.array(PromptItemZ);
+var PromptItemArrayZ = z32.array(PromptItemZ);
 async function getRepositoryUrl() {
   try {
     const gitService = new GitService(process.cwd());
@@ -15606,46 +15843,46 @@ async function parseTranscriptAndCreateTrace(transcriptPath, hookData, inference
 }
 
 // src/features/claude_code/data_collector.ts
-var StructuredPatchItemSchema = z32.object({
-  oldStart: z32.number(),
-  oldLines: z32.number(),
-  newStart: z32.number(),
-  newLines: z32.number(),
-  lines: z32.array(z32.string())
+var StructuredPatchItemSchema = z33.object({
+  oldStart: z33.number(),
+  oldLines: z33.number(),
+  newStart: z33.number(),
+  newLines: z33.number(),
+  lines: z33.array(z33.string())
 });
-var EditToolInputSchema = z32.object({
-  file_path: z32.string(),
-  old_string: z32.string(),
-  new_string: z32.string()
+var EditToolInputSchema = z33.object({
+  file_path: z33.string(),
+  old_string: z33.string(),
+  new_string: z33.string()
 });
-var WriteToolInputSchema = z32.object({
-  file_path: z32.string(),
-  content: z32.string()
+var WriteToolInputSchema = z33.object({
+  file_path: z33.string(),
+  content: z33.string()
 });
-var EditToolResponseSchema = z32.object({
-  filePath: z32.string(),
-  oldString: z32.string().optional(),
-  newString: z32.string().optional(),
-  originalFile: z32.string().optional(),
-  structuredPatch: z32.array(StructuredPatchItemSchema),
-  userModified: z32.boolean().optional(),
-  replaceAll: z32.boolean().optional()
+var EditToolResponseSchema = z33.object({
+  filePath: z33.string(),
+  oldString: z33.string().optional(),
+  newString: z33.string().optional(),
+  originalFile: z33.string().optional(),
+  structuredPatch: z33.array(StructuredPatchItemSchema),
+  userModified: z33.boolean().optional(),
+  replaceAll: z33.boolean().optional()
 });
-var WriteToolResponseSchema = z32.object({
-  type: z32.string().optional(),
-  filePath: z32.string(),
-  content: z32.string().optional(),
-  structuredPatch: z32.array(z32.any()).optional()
+var WriteToolResponseSchema = z33.object({
+  type: z33.string().optional(),
+  filePath: z33.string(),
+  content: z33.string().optional(),
+  structuredPatch: z33.array(z33.any()).optional()
 });
-var HookDataSchema = z32.object({
-  session_id: z32.string(),
-  transcript_path: z32.string(),
-  cwd: z32.string(),
-  permission_mode: z32.string().optional(),
-  hook_event_name: z32.literal("PostToolUse"),
-  tool_name: z32.enum(["Edit", "Write"]),
-  tool_input: z32.union([EditToolInputSchema, WriteToolInputSchema]),
-  tool_response: z32.union([EditToolResponseSchema, WriteToolResponseSchema])
+var HookDataSchema = z33.object({
+  session_id: z33.string(),
+  transcript_path: z33.string(),
+  cwd: z33.string(),
+  permission_mode: z33.string().optional(),
+  hook_event_name: z33.literal("PostToolUse"),
+  tool_name: z33.enum(["Edit", "Write"]),
+  tool_input: z33.union([EditToolInputSchema, WriteToolInputSchema]),
+  tool_response: z33.union([EditToolResponseSchema, WriteToolResponseSchema])
 });
 async function readStdinData() {
   return new Promise((resolve, reject) => {
@@ -16118,131 +16355,131 @@ init_configs();
 
 // src/mcp/types.ts
 init_client_generates();
-import { z as z33 } from "zod";
-var ScanAndFixVulnerabilitiesToolSchema = z33.object({
-  path: z33.string()
+import { z as z34 } from "zod";
+var ScanAndFixVulnerabilitiesToolSchema = z34.object({
+  path: z34.string()
 });
-var VulnerabilityReportIssueTagSchema = z33.object({
-  vulnerability_report_issue_tag_value: z33.nativeEnum(
+var VulnerabilityReportIssueTagSchema = z34.object({
+  vulnerability_report_issue_tag_value: z34.nativeEnum(
     Vulnerability_Report_Issue_Tag_Enum
   )
 });
-var VulnerabilityReportIssueSchema = z33.object({
-  category: z33.any().optional().nullable(),
-  parsedIssueType: z33.nativeEnum(IssueType_Enum).nullable().optional(),
-  parsedSeverity: z33.nativeEnum(Vulnerability_Severity_Enum).nullable().optional(),
-  vulnerabilityReportIssueTags: z33.array(VulnerabilityReportIssueTagSchema)
+var VulnerabilityReportIssueSchema = z34.object({
+  category: z34.any().optional().nullable(),
+  parsedIssueType: z34.nativeEnum(IssueType_Enum).nullable().optional(),
+  parsedSeverity: z34.nativeEnum(Vulnerability_Severity_Enum).nullable().optional(),
+  vulnerabilityReportIssueTags: z34.array(VulnerabilityReportIssueTagSchema)
 });
-var SharedStateSchema = z33.object({
-  __typename: z33.literal("fix_shared_state").optional(),
-  id: z33.any(),
+var SharedStateSchema = z34.object({
+  __typename: z34.literal("fix_shared_state").optional(),
+  id: z34.any(),
   // GraphQL uses `any` type for UUID
-  downloadedBy: z33.array(z33.any().nullable()).optional().nullable()
+  downloadedBy: z34.array(z34.any().nullable()).optional().nullable()
 });
-var UnstructuredFixExtraContextSchema = z33.object({
-  __typename: z33.literal("UnstructuredFixExtraContext").optional(),
-  key: z33.string(),
-  value: z33.any()
+var UnstructuredFixExtraContextSchema = z34.object({
+  __typename: z34.literal("UnstructuredFixExtraContext").optional(),
+  key: z34.string(),
+  value: z34.any()
   // GraphQL JSON type
 });
-var FixExtraContextResponseSchema = z33.object({
-  __typename: z33.literal("FixExtraContextResponse").optional(),
-  extraContext: z33.array(UnstructuredFixExtraContextSchema),
-  fixDescription: z33.string()
+var FixExtraContextResponseSchema = z34.object({
+  __typename: z34.literal("FixExtraContextResponse").optional(),
+  extraContext: z34.array(UnstructuredFixExtraContextSchema),
+  fixDescription: z34.string()
 });
-var FixDataSchema = z33.object({
-  __typename: z33.literal("FixData"),
-  patch: z33.string(),
-  patchOriginalEncodingBase64: z33.string(),
+var FixDataSchema = z34.object({
+  __typename: z34.literal("FixData"),
+  patch: z34.string(),
+  patchOriginalEncodingBase64: z34.string(),
   extraContext: FixExtraContextResponseSchema
 });
-var GetFixNoFixErrorSchema = z33.object({
-  __typename: z33.literal("GetFixNoFixError")
+var GetFixNoFixErrorSchema = z34.object({
+  __typename: z34.literal("GetFixNoFixError")
 });
-var PatchAndQuestionsSchema = z33.union([FixDataSchema, GetFixNoFixErrorSchema]);
-var McpFixSchema = z33.object({
-  __typename: z33.literal("fix").optional(),
-  id: z33.any(),
+var PatchAndQuestionsSchema = z34.union([FixDataSchema, GetFixNoFixErrorSchema]);
+var McpFixSchema = z34.object({
+  __typename: z34.literal("fix").optional(),
+  id: z34.any(),
   // GraphQL uses `any` type for UUID
-  confidence: z33.number(),
-  safeIssueType: z33.string().nullable(),
-  severityText: z33.string().nullable(),
-  gitBlameLogin: z33.string().nullable().optional(),
+  confidence: z34.number(),
+  safeIssueType: z34.string().nullable(),
+  severityText: z34.string().nullable(),
+  gitBlameLogin: z34.string().nullable().optional(),
   // Optional in GraphQL
-  severityValue: z33.number().nullable(),
-  vulnerabilityReportIssues: z33.array(VulnerabilityReportIssueSchema),
+  severityValue: z34.number().nullable(),
+  vulnerabilityReportIssues: z34.array(VulnerabilityReportIssueSchema),
   sharedState: SharedStateSchema.nullable().optional(),
   // Optional in GraphQL
   patchAndQuestions: PatchAndQuestionsSchema,
   // Additional field added by the client
-  fixUrl: z33.string().optional()
+  fixUrl: z34.string().optional()
 });
-var FixAggregateSchema = z33.object({
-  __typename: z33.literal("fix_aggregate").optional(),
-  aggregate: z33.object({
-    __typename: z33.literal("fix_aggregate_fields").optional(),
-    count: z33.number()
+var FixAggregateSchema = z34.object({
+  __typename: z34.literal("fix_aggregate").optional(),
+  aggregate: z34.object({
+    __typename: z34.literal("fix_aggregate_fields").optional(),
+    count: z34.number()
   }).nullable()
 });
-var VulnerabilityReportIssueAggregateSchema = z33.object({
-  __typename: z33.literal("vulnerability_report_issue_aggregate").optional(),
-  aggregate: z33.object({
-    __typename: z33.literal("vulnerability_report_issue_aggregate_fields").optional(),
-    count: z33.number()
+var VulnerabilityReportIssueAggregateSchema = z34.object({
+  __typename: z34.literal("vulnerability_report_issue_aggregate").optional(),
+  aggregate: z34.object({
+    __typename: z34.literal("vulnerability_report_issue_aggregate_fields").optional(),
+    count: z34.number()
   }).nullable()
 });
-var RepoSchema = z33.object({
-  __typename: z33.literal("repo").optional(),
-  originalUrl: z33.string()
+var RepoSchema = z34.object({
+  __typename: z34.literal("repo").optional(),
+  originalUrl: z34.string()
 });
-var ProjectSchema = z33.object({
-  id: z33.any(),
+var ProjectSchema = z34.object({
+  id: z34.any(),
   // GraphQL uses `any` type for UUID
-  organizationId: z33.any()
+  organizationId: z34.any()
   // GraphQL uses `any` type for UUID
 });
-var VulnerabilityReportSchema = z33.object({
-  scanDate: z33.any().nullable(),
+var VulnerabilityReportSchema = z34.object({
+  scanDate: z34.any().nullable(),
   // GraphQL uses `any` type for timestamp
-  vendor: z33.string(),
+  vendor: z34.string(),
   // GraphQL generates as string, not enum
-  projectId: z33.any().optional(),
+  projectId: z34.any().optional(),
   // GraphQL uses `any` type for UUID
   project: ProjectSchema,
   totalVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema,
   notFixableVulnerabilityReportIssuesCount: VulnerabilityReportIssueAggregateSchema
 });
-var FixReportSummarySchema = z33.object({
-  __typename: z33.literal("fixReport").optional(),
-  id: z33.any(),
+var FixReportSummarySchema = z34.object({
+  __typename: z34.literal("fixReport").optional(),
+  id: z34.any(),
   // GraphQL uses `any` type for UUID
-  createdOn: z33.any(),
+  createdOn: z34.any(),
   // GraphQL uses `any` type for timestamp
   repo: RepoSchema.nullable(),
-  issueTypes: z33.any().nullable(),
+  issueTypes: z34.any().nullable(),
   // GraphQL uses `any` type for JSON
   CRITICAL: FixAggregateSchema,
   HIGH: FixAggregateSchema,
   MEDIUM: FixAggregateSchema,
   LOW: FixAggregateSchema,
-  fixes: z33.array(McpFixSchema),
-  userFixes: z33.array(McpFixSchema).optional(),
+  fixes: z34.array(McpFixSchema),
+  userFixes: z34.array(McpFixSchema).optional(),
   // Present in some responses but can be omitted
   filteredFixesCount: FixAggregateSchema,
   totalFixesCount: FixAggregateSchema,
   vulnerabilityReport: VulnerabilityReportSchema
 });
-var ExpiredReportSchema = z33.object({
-  __typename: z33.literal("fixReport").optional(),
-  id: z33.any(),
+var ExpiredReportSchema = z34.object({
+  __typename: z34.literal("fixReport").optional(),
+  id: z34.any(),
   // GraphQL uses `any` type for UUID
-  expirationOn: z33.any().nullable()
+  expirationOn: z34.any().nullable()
   // GraphQL uses `any` type for timestamp
 });
-var GetLatestReportByRepoUrlResponseSchema = z33.object({
-  __typename: z33.literal("query_root").optional(),
-  fixReport: z33.array(FixReportSummarySchema),
-  expiredReport: z33.array(ExpiredReportSchema)
+var GetLatestReportByRepoUrlResponseSchema = z34.object({
+  __typename: z34.literal("query_root").optional(),
+  fixReport: z34.array(FixReportSummarySchema),
+  expiredReport: z34.array(ExpiredReportSchema)
 });
 
 // src/mcp/services/McpAuthService.ts
@@ -18153,10 +18390,10 @@ var McpServer = class {
 };
 
 // src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
-import { z as z35 } from "zod";
+import { z as z36 } from "zod";
 
 // src/mcp/prompts/base/BasePrompt.ts
-import { z as z34 } from "zod";
+import { z as z35 } from "zod";
 var BasePrompt = class {
   getDefinition() {
     return {
@@ -18185,7 +18422,7 @@ var BasePrompt = class {
       const argsToValidate = args === void 0 ? {} : args;
       return this.argumentsValidationSchema.parse(argsToValidate);
     } catch (error) {
-      if (error instanceof z34.ZodError) {
+      if (error instanceof z35.ZodError) {
         const errorDetails = error.errors.map((e) => {
           const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
           const message = e.message === "Required" ? `Missing required argument '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
@@ -18214,8 +18451,8 @@ var BasePrompt = class {
 };
 
 // src/mcp/prompts/CheckForNewVulnerabilitiesPrompt.ts
-var CheckForNewVulnerabilitiesArgsSchema = z35.object({
-  path: z35.string().optional()
+var CheckForNewVulnerabilitiesArgsSchema = z36.object({
+  path: z36.string().optional()
 });
 var CheckForNewVulnerabilitiesPrompt = class extends BasePrompt {
   constructor() {
@@ -18460,9 +18697,9 @@ Call the \`check_for_new_available_fixes\` tool now${args?.path ? ` for ${args.p
 };
 
 // src/mcp/prompts/FullSecurityAuditPrompt.ts
-import { z as z36 } from "zod";
-var FullSecurityAuditArgsSchema = z36.object({
-  path: z36.string().optional()
+import { z as z37 } from "zod";
+var FullSecurityAuditArgsSchema = z37.object({
+  path: z37.string().optional()
 });
 var FullSecurityAuditPrompt = class extends BasePrompt {
   constructor() {
@@ -18913,9 +19150,9 @@ Begin the audit now${args?.path ? ` for ${args.path}` : ""}.
 };
 
 // src/mcp/prompts/ReviewAndFixCriticalPrompt.ts
-import { z as z37 } from "zod";
-var ReviewAndFixCriticalArgsSchema = z37.object({
-  path: z37.string().optional()
+import { z as z38 } from "zod";
+var ReviewAndFixCriticalArgsSchema = z38.object({
+  path: z38.string().optional()
 });
 var ReviewAndFixCriticalPrompt = class extends BasePrompt {
   constructor() {
@@ -19219,9 +19456,9 @@ Start by scanning${args?.path ? ` ${args.path}` : " the repository"} and priorit
 };
 
 // src/mcp/prompts/ScanRecentChangesPrompt.ts
-import { z as z38 } from "zod";
-var ScanRecentChangesArgsSchema = z38.object({
-  path: z38.string().optional()
+import { z as z39 } from "zod";
+var ScanRecentChangesArgsSchema = z39.object({
+  path: z39.string().optional()
 });
 var ScanRecentChangesPrompt = class extends BasePrompt {
   constructor() {
@@ -19432,9 +19669,9 @@ You now have the guidance needed to perform a fast, targeted security scan of re
 };
 
 // src/mcp/prompts/ScanRepositoryPrompt.ts
-import { z as z39 } from "zod";
-var ScanRepositoryArgsSchema = z39.object({
-  path: z39.string().optional()
+import { z as z40 } from "zod";
+var ScanRepositoryArgsSchema = z40.object({
+  path: z40.string().optional()
 });
 var ScanRepositoryPrompt = class extends BasePrompt {
   constructor() {
@@ -19832,7 +20069,7 @@ import * as os11 from "os";
 import * as path18 from "path";
 
 // src/mcp/tools/checkForNewAvailableFixes/CheckForNewAvailableFixesTool.ts
-import { z as z42 } from "zod";
+import { z as z43 } from "zod";
 
 // src/mcp/services/PathValidation.ts
 import fs19 from "fs";
@@ -19908,7 +20145,7 @@ async function validatePath(inputPath) {
 }
 
 // src/mcp/tools/base/BaseTool.ts
-import { z as z40 } from "zod";
+import { z as z41 } from "zod";
 var BaseTool = class {
   getDefinition() {
     return {
@@ -19941,7 +20178,7 @@ var BaseTool = class {
     try {
       return this.inputValidationSchema.parse(args);
     } catch (error) {
-      if (error instanceof z40.ZodError) {
+      if (error instanceof z41.ZodError) {
         const errorDetails = error.errors.map((e) => {
           const fieldPath = e.path.length > 0 ? e.path.join(".") : "root";
           const message = e.message === "Required" ? `Missing required parameter '${fieldPath}'` : `Invalid value for '${fieldPath}': ${e.message}`;
@@ -20660,13 +20897,13 @@ init_client_generates();
 init_GitService();
 import fs21 from "fs";
 import path20 from "path";
-import { z as z41 } from "zod";
+import { z as z42 } from "zod";
 function extractPathFromPatch(patch) {
   const match = patch?.match(/diff --git a\/([^\s]+) b\//);
   return match?.[1] ?? null;
 }
 function parsedIssueTypeRes(issueType) {
-  return z41.nativeEnum(IssueType_Enum).safeParse(issueType);
+  return z42.nativeEnum(IssueType_Enum).safeParse(issueType);
 }
 var LocalMobbFolderService = class {
   /**
@@ -23363,8 +23600,8 @@ Example payload:
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z42.object({
-      path: z42.string().describe(
+    __publicField(this, "inputValidationSchema", z43.object({
+      path: z43.string().describe(
         "Full local path to the cloned git repository to check for new available fixes"
       )
     }));
@@ -23394,7 +23631,7 @@ Example payload:
 
 // src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesTool.ts
 init_GitService();
-import { z as z43 } from "zod";
+import { z as z44 } from "zod";
 
 // src/mcp/tools/fetchAvailableFixes/FetchAvailableFixesService.ts
 init_configs();
@@ -23537,16 +23774,16 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
       },
       required: ["path"]
     });
-    __publicField(this, "inputValidationSchema", z43.object({
-      path: z43.string().describe(
+    __publicField(this, "inputValidationSchema", z44.object({
+      path: z44.string().describe(
         "Full local path to the cloned git repository to check for available fixes"
       ),
-      offset: z43.number().optional().describe("Optional offset for pagination"),
-      limit: z43.number().optional().describe("Optional maximum number of fixes to return"),
-      fileFilter: z43.array(z43.string()).optional().describe(
+      offset: z44.number().optional().describe("Optional offset for pagination"),
+      limit: z44.number().optional().describe("Optional maximum number of fixes to return"),
+      fileFilter: z44.array(z44.string()).optional().describe(
         "Optional list of file paths relative to the path parameter to filter fixes by. INCOMPATIBLE with fetchFixesFromAnyFile"
       ),
-      fetchFixesFromAnyFile: z43.boolean().optional().describe(
+      fetchFixesFromAnyFile: z44.boolean().optional().describe(
         "Optional boolean to fetch fixes for all files. INCOMPATIBLE with fileFilter"
       )
     }));
@@ -23611,7 +23848,7 @@ Call this tool instead of ${MCP_TOOL_SCAN_AND_FIX_VULNERABILITIES} when you only
 };
 
 // src/mcp/tools/mcpChecker/mcpCheckerTool.ts
-import z44 from "zod";
+import z45 from "zod";
 
 // src/mcp/tools/mcpChecker/mcpCheckerService.ts
 var _McpCheckerService = class _McpCheckerService {
@@ -23672,7 +23909,7 @@ var McpCheckerTool = class extends BaseTool {
     __publicField(this, "displayName", "MCP Checker");
     // A detailed description to guide the LLM on when and how to invoke this tool.
     __publicField(this, "description", "Check the MCP servers running on this IDE against organization policies.");
-    __publicField(this, "inputValidationSchema", z44.object({}));
+    __publicField(this, "inputValidationSchema", z45.object({}));
     __publicField(this, "inputSchema", {
       type: "object",
       properties: {},
@@ -23698,7 +23935,7 @@ var McpCheckerTool = class extends BaseTool {
 };
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesTool.ts
-import z45 from "zod";
+import z46 from "zod";
 init_configs();
 
 // src/mcp/tools/scanAndFixVulnerabilities/ScanAndFixVulnerabilitiesService.ts
@@ -23886,17 +24123,17 @@ Example payload:
   "rescan": false
 }`);
     __publicField(this, "hasAuthentication", true);
-    __publicField(this, "inputValidationSchema", z45.object({
-      path: z45.string().describe(
+    __publicField(this, "inputValidationSchema", z46.object({
+      path: z46.string().describe(
         "Full local path to repository to scan and fix vulnerabilities"
       ),
-      offset: z45.number().optional().describe("Optional offset for pagination"),
-      limit: z45.number().optional().describe("Optional maximum number of results to return"),
-      maxFiles: z45.number().optional().describe(
+      offset: z46.number().optional().describe("Optional offset for pagination"),
+      limit: z46.number().optional().describe("Optional maximum number of results to return"),
+      maxFiles: z46.number().optional().describe(
         `Optional maximum number of files to scan (default: ${MCP_DEFAULT_MAX_FILES_TO_SCAN}). Increase for comprehensive scans of larger codebases or decrease for faster focused scans.`
       ),
-      rescan: z45.boolean().optional().describe("Optional whether to rescan the repository"),
-      scanRecentlyChangedFiles: z45.boolean().optional().describe(
+      rescan: z46.boolean().optional().describe("Optional whether to rescan the repository"),
+      scanRecentlyChangedFiles: z46.boolean().optional().describe(
         "Optional whether to automatically scan recently changed files when no changed files are found in git status. If false, the tool will prompt the user instead."
       )
     }));
@@ -24204,7 +24441,7 @@ async function addScmTokenHandler(args) {
 }
 
 // src/features/codeium_intellij/data_collector.ts
-import { z as z46 } from "zod";
+import { z as z47 } from "zod";
 init_client_generates();
 init_urlParser2();
 
@@ -24345,8 +24582,8 @@ function findRunningCodeiumLanguageServers() {
 }
 
 // src/features/codeium_intellij/data_collector.ts
-var HookDataSchema2 = z46.object({
-  trajectory_id: z46.string()
+var HookDataSchema2 = z47.object({
+  trajectory_id: z47.string()
 });
 async function processAndUploadHookData2() {
   const tracePayload = await getTraceDataForHook();
@@ -24425,7 +24662,7 @@ async function processChat(client, cascadeId) {
   let repositoryUrl;
   if (repoOrigin) {
     const parsed = parseScmURL(repoOrigin);
-    if (parsed?.scmType === "GitHub" /* GitHub */) {
+    if (parsed?.scmType === "GitHub" /* GitHub */ || parsed?.scmType === "GitLab" /* GitLab */) {
       repositoryUrl = parsed.canonicalUrl;
     }
   }